Software Component Package Risk & Vulnerability Periodic Database
ID: 75F40124R00130Type: Special Notice
Overview

Buyer

HEALTH AND HUMAN SERVICES, DEPARTMENT OFFOOD AND DRUG ADMINISTRATIONFDA CENTER FOR DEVICES AND RADIOLOGICAL HEALTHSilver Spring, MD, 20993, USA

NAICS

Custom Computer Programming Services (541511)

PSC

SUPPORT- PROFESSIONAL: OTHER (R499)

Original Source

https://sam.gov/opp/a4c5b14a67354902af61fe7ccfb5cd57/view
Timeline
    Description

    The U.S. Food and Drug Administration (FDA) is seeking to award a firm fixed price purchase order for a Software Component Package Risk and Vulnerability Periodic Database to Dark Sky Technology, Inc. This procurement aims to enhance the cybersecurity of medical devices by acquiring a subscription service that reports known software vulnerabilities, which is critical for the FDA's Center for Devices and Radiological Health (CDRH) to effectively assess and mitigate risks associated with medical device software. The initiative is part of the FDA's response to the Food and Drug Omnibus Reform Act of 2022, emphasizing the importance of safeguarding public health in an evolving technological landscape. Interested parties can contact Brian Wodzisz at Brian.Wodzisz@fda.hhs.gov for further information, with the contract performance period extending up to five years.

    Point(s) of Contact
    Brian Wodzisz
    Brian.Wodzisz@fda.hhs.gov
    Files
    Title
    Posted
    JA_Redact.pdf
    The document serves as a justification for the Food and Drug Administration's (FDA) request for a sole-source contract with Dark Sky Technology, focusing on the acquisition of proprietary data to enhance medical device cybersecurity. Specifically, the FDA's Center for Devices and Radiological Health (CDRH) intends to obtain a subscription for a dataset that aids in the automation of Software Bill of Materials (SBOM) analysis, crucial for identifying and mitigating vulnerabilities in medical devices that utilize software. The contract will allow for ongoing integration of real-time data regarding software vulnerabilities, enabling the CDRH to efficiently assess and address cybersecurity risks associated with medical devices. The justification outlines the agency's need for unique data that is not available from other sources, demonstrating that Dark Sky Technology possesses specific intellectual property essential for meeting these requirements. The document acknowledges efforts made to solicit competitive offers, but concludes that no suitable alternatives can fulfill the agency's specific needs. Furthermore, it emphasizes the criticality of the requested data in safeguarding public health while adhering to recent legislative mandates on medical device cybersecurity. Ultimately, this acquisition is framed as an urgent necessity to maintain the safety and efficacy of medical devices in a rapidly evolving technological landscape.
    SOL_RFP.pdf
    The FDA's Center for Devices and Radiological Health (CDRH) has issued a Request for Proposal (RFP) aimed at enhancing the cybersecurity of medical devices, particularly those involving software. The initiative is driven by the need to identify and mitigate vulnerabilities present in software components of these devices, a responsibility underscored by the Food and Drug Omnibus Reform Act of 2022. The objective is to acquire a timely data subscription service for reporting known vulnerabilities, allowing for integration with CDRH's automated Software Bill of Materials analysis solution. The RFP outlines several tasks for the contractor, including the initial kickoff meeting, dataset tailoring, integration, and automated encryption of data for continuous evaluation of cybersecurity risks. Key deliverables will include a final dataset of known vulnerabilities, delivered daily, and protocols for secure data management. The contract is structured on a firm fixed price basis, with a performance period of up to five years, and encourages remote work due to ongoing flexibility post-COVID-19. This project is a crucial step in ensuring the safety and efficacy of medical devices amidst growing cybersecurity concerns.
    Lifecycle
    Title
    Type
    Software Component Package Risk & Vulnerability Periodic Database
    Currently viewing
    Special Notice
    Similar Opportunities
    Software Bill of Materials (SBOM) Validation Comparison Set
    Active
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the Food and Drug Administration's Center for Devices and Radiological Health (CDRH), is seeking to award a firm fixed price purchase order to MedCrypt, Inc. for the development of a Software Bill of Materials (SBOM) Validation Comparison Dataset. The primary objective of this procurement is to enhance cybersecurity for medical devices by providing a continuously updated dataset of known vulnerabilities, which will aid in the analysis of risks and potential exploits associated with software components used in these devices. This initiative is crucial for ensuring the safety and efficacy of healthcare technologies, particularly in light of recent legislative mandates under the Food and Drug Omnibus Reform Act of 2022. Interested parties can contact Brian Wodzisz at Brian.Wodzisz@fda.hhs.gov for further information regarding this opportunity.
    Engineering and Application Support Services
    Active
    Health And Human Services, Department Of
    The Food and Drug Administration (FDA) is seeking qualified small businesses to provide Engineering and Application Support Services aimed at modernizing its IT infrastructure and application environments. The procurement focuses on DevSecCXOps, Innovation, Modernization, and Engineering Services, with an emphasis on IT project management, infrastructure modernization, and operational support. This initiative is critical for enhancing the FDA's technological capabilities to ensure public health safety and streamline service delivery. Interested contractors must submit their responses by September 30, 2024, detailing their corporate profiles and relevant experience, with a projected contract value of up to $80 million. For further inquiries, potential bidders can contact Roosevelt Walker at roosevelt.walker@fda.hhs.gov.
    Facility Management System (FMS) Administration and Data Management
    Active
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the Food and Drug Administration (FDA), is seeking qualified vendors for the administration and data management of its Facility Management System (FMS), utilizing the ARCHIBUS software. The contractor will be responsible for providing ongoing FMS support, ensuring compliance with federal reporting requirements, maintaining data integrity, and offering user training and technical assistance. This initiative is crucial for managing the FDA's facilities efficiently in response to increasing service demands and regulatory requirements, with the contract anticipated to span from March 24, 2025, to March 23, 2030. Interested parties must submit their responses, including a Vendor Feedback Form, to Nicholas Bisher and Kimberly Pennix by September 23, 2024, at 2:00 PM EST, as this is a Sources Sought Notice and not a solicitation for proposals.
    DM: Prediction Model Software
    Active
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the Food and Drug Administration (FDA), is seeking advanced prediction model software to enhance product quality and efficiency within its Division of Product Quality and Research (DPQR). The software must be capable of mining large and complex datasets to identify critical quality parameters and optimize product performance at a molecular level, particularly in a high-performance computing (HPC) environment. This procurement is vital for addressing product quality issues in pharmaceutical manufacturing and ensuring compliance with FDA standards. Interested vendors should contact Allison Meads at allison.meads@fda.hhs.gov or Steven Gagnon at steven.gagnon@fda.hhs.gov for further details, as the contract will follow a firm fixed price model with specific deliverables and a performance period extending until installation and warranty completion.
    FDA Library Digital Subscription Services and Support
    Active
    Health And Human Services, Department Of
    The Food and Drug Administration (FDA) is seeking qualified vendors to provide digital subscription services and support for its library resources, aimed at enhancing access to credible scientific information for its staff. The procurement involves establishing a Blanket Purchase Agreement that consolidates subscription management, covering renewals and purchases of journals, databases, and training materials, while ensuring these resources are accessible through a secure online tracking system. This initiative is crucial for maintaining an extensive and well-managed library that supports the FDA's public health mission, ensuring reliable access to critical information for its employees. Interested vendors should submit their capabilities statements by September 23, 2024, to Vivianna Diaz at Vivianna.Diaz@fda.hhs.gov, with a total funding allowance of $450,000 for unforeseen subscription changes over the contract period from January 1, 2025, to January 31, 2030.
    Software License and Device Warranty for Two Nanopore GridION Instruments
    Active
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the Food and Drug Administration (FDA), is seeking to procure a Software License and Device Warranty for two Nanopore GridION instruments, which are critical for the FDA's Next Generation Sequencing (NGS) initiatives focused on genomic data collection and analysis. The procurement aims to ensure optimal performance of these instruments through software and hardware updates, remote troubleshooting, and a return and replace policy for faulty devices, with a total cost of $25,000 for a one-year warranty and license renewal. This acquisition underscores the FDA's commitment to enhancing pathogen identification capabilities through advanced genomic technology, with the performance period set from September 28, 2024, to September 27, 2025, and the possibility of extending for three additional years, subject to funding. Interested vendors should submit their quotes electronically to Raphael Hall at raphael.hall@fda.hhs.gov by September 19, 2024, at 11:59 PM Eastern Standard Time.
    PRIMO Software Licensing
    Active
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the Food and Drug Administration (FDA), is seeking qualified small businesses to provide PRIMO Software Licensing and Maintenance Support Services. The procurement involves supplying 21 PRIMO software licenses for a base year, with two additional option years, to ensure the continuous operation of the FDA's CFSAN CAEMS system. This software is crucial for pharmacovigilance and regulatory compliance, enhancing the FDA's capabilities in monitoring food safety. Interested parties must submit their quotes by August 26, 2024, and are encouraged to contact Roosevelt Walker at roosevelt.walker@fda.hhs.gov for further details. The contract will be awarded as a firm-fixed-price purchase order, emphasizing compliance with federal acquisition regulations and accessibility standards.
    CFSAN Security Radio Upgrade & Security Communications Support Services
    Active
    Health And Human Services, Department Of
    The Department of Health and Human Services, through the Food and Drug Administration (FDA), is seeking proposals for the CFSAN Security Radio Upgrade & Security Communications Support Services contract. The primary objective is to enhance communication and emergency response capabilities at the College Park, Maryland campus by providing telecommunication devices, including 30 handheld radios with advanced features, and associated support services. This initiative is crucial for ensuring effective coordination, safety, and security during emergencies, while adhering to federal security requirements. Proposals are due by September 23, 2024, and interested parties can contact Matthew Tran at matthew.tran@fda.hhs.gov for further information.
    Request for Information: Literature Search and Summarization Tools
    Active
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the Food and Drug Administration (FDA), is seeking information on literature search and summarization tools to enhance drug safety research. The FDA aims to identify commercial tools that utilize artificial intelligence, particularly natural language processing (NLP), to assist in the classification, summarization, and extraction of relevant medical literature, addressing challenges in evaluating adverse drug reactions. This Request for Information (RFI) is part of a market research initiative and does not constitute a solicitation for contracts; interested parties are encouraged to submit their responses by the specified deadline to Ian Weiss at ian.weiss@fda.hhs.gov, with a focus on the tool's capabilities, interoperability, and validation methods.
    FDIC's Splunk Cloud Subscription Maintenance
    Active
    Federal Deposit Insurance Corporation
    The Federal Deposit Insurance Corporation (FDIC) is seeking proposals for the maintenance and subscription services of Splunk Cloud, aimed at enhancing its data monitoring and analysis capabilities. The procurement focuses on obtaining various Splunk products and services that comply with federal standards, particularly to meet the Enterprise Logging requirements mandated by OMB M-21-31. This initiative is crucial for ensuring data security and operational efficiency within the FDIC, as it involves services such as cloud subscriptions, security analytics, and user behavior analytics. Interested vendors must submit their offers by October 16, 2024, at 12 PM EST, and direct any inquiries to Diamond Toles at ditoles@fdic.gov or by phone at 571-213-4018.