DA01--Zero Trust Application Realtime Protection (ZARP) RFI (VA-25-00050847)
ID: 36C10B25R0189Type: Sources Sought
Overview

Buyer

VETERANS AFFAIRS, DEPARTMENT OFVETERANS AFFAIRS, DEPARTMENT OFTECHNOLOGY ACQUISITION CENTER NJ (36C10B)EATONTOWN, NJ, 07724, USA

NAICS

Other Computer Related Services (541519)

PSC

IT AND TELECOM - BUSINESS APPLICATION/APPLICATION DEVELOPMENT SUPPORT SERVICES (LABOR) (DA01)

Original Source

https://sam.gov/opp/24d81b6563c9481cb87b123117a8ab49/view
Timeline
    Description

    The Department of Veterans Affairs is seeking information through a Request for Information (RFI) for the Zero Trust Application Realtime Protection (ZARP) initiative, identified by solicitation number 36C10B25R0189. The objective is to enhance cybersecurity by implementing a robust Runtime Application Self-Protection (RASP) solution that safeguards between 1,000 to 1,500 applications against various threats, including data breaches and unauthorized access, while ensuring compliance with NIST standards. This initiative is critical for modernizing the VA's security framework and fostering a Zero Trust architecture, which is essential in addressing contemporary cybersecurity challenges. Interested vendors must submit their qualifications and responses by March 10, 2025, at noon Eastern Time, with inquiries directed to Contract Specialist Michael Berberich at michael.berberich@va.gov.

    Point(s) of Contact
    Michael BerberichContract Specialist
    michael.berberich@va.gov
    Files
    Title
    Posted
    36C10B25R0189.docx
    The attached Request for Information (RFI) outlines the federal government’s intent to gather insights for prospective projects or procurements. It primarily aims to solicit expertise from vendors regarding their capabilities, innovative solutions, and best practices in response to identified challenges within specified sectors. Key features include a detailed description of the project scope, target outcomes, and stakeholder involvement. The document emphasizes the importance of industry input to shape effective program strategies and ensure efficient allocation of federal resources. Engaging with vendors through this RFI is crucial for understanding market dynamics and identifying potential partnership opportunities. Overall, this initiative reflects a strategic government approach to foster collaboration and enhance project effectiveness by leveraging external expertise.
    36C10B25R0189 0001_1.docx
    The document pertains to the Request for Information (RFI) regarding the Zero Trust Application Realtime Protection (ZARP), identified by solicitation number 36C10B25R0189 from the Department of Veterans Affairs. This RFI seeks to assess contractor capabilities for Zero Trust security applications, focusing on enhancing data protection and cybersecurity measures. The response deadline is set for March 10, 2025, at noon Eastern Time. The contracting office is located in Eatontown, NJ (ZIP code 07724), and the point of contact for inquiries is Contract Specialist Michael Berberich via his provided email. The document also notes the relevant product service code and NAICS code which classify the services sought. The response period for this RFI is archived for 30 days post-deadline, and there is no involvement of Recovery Act funds. Overall, the document outlines the framework and requirements for participating vendors in enhancing security protocols within the VA, emphasizing the importance of Zero Trust methodologies in modern cybersecurity practices.
    RFI-Zero Trust Application Questions and Answers_All.docx
    The document contains responses to a Request for Information (RFI) related to a Zero Trust application security initiative by the government, aiming to enhance cybersecurity through a robust Runtime Application Self-Protection (RASP) solution. Key details include an installation timeframe of 30 days post-award, an emphasis on supporting both Windows and Linux operating systems, and a requirement to protect 1,000 to 1,500 applications. The responses outline necessary integrations with existing security tools like Splunk, support for various programming languages, and compliance with NIST standards. The government expects comprehensive vendor-managed solutions, which may include on-premises, hybrid, or cloud deployments, and stresses the need for coordinated security measures across different technology layers. The RFI highlights a clear intention to assess proposals based on performance metrics, ongoing support, and integration capabilities while requiring a 6-month proof of concept within its environment. Overall, the initiative reflects the government's commitment to implementing a proactive cybersecurity framework aligning with modern security threats and compliance standards while fostering a Zero Trust architecture.
    RFI - Production Web Application Protection-SAM Final.docx
    The Department of Veterans Affairs is seeking information through a Request for Information (RFI) regarding a Zero Trust Application Realtime Protection (ZARP) solution. This initiative aims to safeguard applications from various threats, including data breaches and unauthorized access, by addressing vulnerabilities highlighted by the Open Worldwide Application Security Project (OWASP). The VA anticipates vendor feedback on critical elements such as contract type, pricing structure, feasibility, and performance requirements. Interested parties must provide a detailed submission outlining their qualifications, similar work experience, and responses to specific government requirements, including metrics for effectiveness, ongoing support, and training offerings. The solution must encompass both Web Application Firewall (WAF) and Runtime Application Self-Protection (RASP) attributes, supporting a range of programming languages and operating environments while ensuring minimal performance impact. Additionally, it should integrate seamlessly with existing VA security frameworks and comply with federal security standards. The RFI serves as a market research tool rather than a solicitation, without any financial obligation from the VA or entitlement to payment for responses, as the agency develops its acquisition strategy.
    Lifecycle
    Title
    Type
    DA01--Zero Trust Application Realtime Protection (ZARP) RFI (VA-25-00050847)
    Currently viewing
    Sources Sought
    Similar Opportunities
    DA01--VA Server Enterprise Endpoint Security (VASEES) RFI (VA-25-00011736)
    Buyer not available
    The Department of Veterans Affairs (VA) is seeking information from vendors regarding the VA Server Enterprise Endpoint Security (VASEES) system, aimed at enhancing cybersecurity measures for up to 750,000 devices. This Request for Information (RFI) invites vendors to provide insights into their capabilities for endpoint security solutions, including scalability, integration with existing systems, and operational support for 24/7 operations, while also addressing compliance with federal standards such as FedRAMP. Responses are due by March 20, 2025, and interested parties should submit their detailed information to Contract Specialist Dana Seeler at dana.seeler@va.gov, adhering to a 15-page limit and including relevant business details and proposed solutions.
    Tactical Data In Use Security
    Buyer not available
    The Department of Defense, specifically the U.S. Army Combat Capabilities Development Command (DEVCOM), is seeking information from businesses regarding Tactical Data in Use Security, with a focus on integrating Zero Trust (ZT) security capabilities into tactical network architectures. The objective is to enhance data protection against emerging cyber threats in operational environments that may experience denied, degraded, intermittent, or limited communications, moving away from traditional security models to a ZT approach that emphasizes continuous risk assessment and verification. Interested parties are invited to submit their capabilities and relevant technology information by March 19, 2025, with the understanding that this Request for Information (RFI) does not constitute a solicitation and that costs incurred will not be reimbursed. For further inquiries, respondents can contact Wendy Choi at usarmy.apg.devcom-c5isr.mbx.esi-bus-ops-acq-rfi@army.mil.
    7A21--Theradoc software See attached/within for details
    Buyer not available
    The Department of Veterans Affairs (VA) is seeking information from potential vendors for the procurement of TheraDoc software to support the Michael E. DeBakey VA Medical Center. This software package is designed to assist with pharmacy and infection control, and it requires ongoing support and maintenance. The VA aims to gather insights on vendor capabilities, including manufacturing origin, business size classification, and compliance with the Non-Manufacturer Rule, to inform its procurement strategy. Interested parties must submit their responses by March 17, 2025, at 16:00 Central Time, to Contracting Officer Steven A. Berkeley at Steven.berkeley@va.gov. This opportunity is part of the VA's efforts to enhance services for veterans and is not a solicitation for bids or proposals.
    R499--Veterans' Affairs Processing Automation (VPAS) Update to RFP release date and Point of Contact Information
    Buyer not available
    The Department of Veterans Affairs is seeking input from vendors for the Veterans' Affairs Processing Automation Services (VPAS) through a Request for Information (RFI) designated as 36C10D24Q0038. The objective of this procurement is to enhance benefits processing for U.S. veterans by gathering insights on efficient service models, including document digitization, data integration, and customer support services, as part of a managed service contract. This initiative is crucial for improving operational efficiencies and reducing claims backlogs, ultimately supporting the timely delivery of services to veterans. Interested parties are encouraged to submit their responses by March 3, 2024, and direct inquiries to VBA.Procurements@va.gov, with the RFP release anticipated in Q3/Q4 of the current fiscal year.
    7A21--RFI Request - Minimum Data Set (MDS) - new requirement (VA-25-00019860)
    Buyer not available
    The Department of Veterans Affairs (VA) is seeking vendors to support the implementation of the Information Quality Improvement and Evaluation Systems (iQIES) for its Geriatrics and Extended Care Program, as part of a Request for Information (RFI). This initiative aims to replace the outdated Legacy Minimum Data Set (MDS) system, which is crucial for evaluating the quality of care in VA Community Living Centers and State Veterans Homes. The new iQIES-VA system will facilitate data migration, customization for VA-specific needs, and compliance with clinical standards, while operating securely within an Amazon Web Services (AWS) environment. Interested parties must submit their capability responses by March 13, 2025, and are encouraged to provide detailed information regarding their experience with similar systems and security compliance, as generic marketing materials will not be accepted. For further inquiries, vendors can contact Contract Specialist Ivan Varela at ivan.varela@va.gov or (848) 377-5328.
    J065--BASE 4OY LICENSE & SUPPORT SENSITRAC & INSTRUMENTRAC
    Buyer not available
    The Department of Veterans Affairs (VA) is seeking qualified suppliers to provide a licensing subscription and support services for the Censitrac and Instrumentrac software systems, which are utilized for surgical asset management across eight VA healthcare facilities in California, Arizona, and New Mexico. This opportunity includes a base year and four option years, with the VA aiming to gather information on potential vendors' capabilities, pricing, and business classifications under NAICS code 513210. The procurement is part of the VA's planning process to ensure effective asset management in healthcare settings, and interested parties must submit their responses by March 19, 2025, via email to the Contracting Officer, Anette Doan, at Anette.Doan@va.gov or by phone at 562-766-2200. This request for information does not constitute a formal solicitation for a contract.
    DA10--678-25-2-177-0025 AudioCare Prefill Software
    Buyer not available
    The Department of Veterans Affairs is seeking qualified vendors to provide the AudioCare Prefill Software, aimed at enhancing prescription management at the Southern Arizona VA Healthcare System. This procurement is intended to address prescription refill delays that negatively impact patient care and increase operational costs, as the VA currently lacks an automatic refilling system. The selected contractor will be responsible for software installation, infrastructure setup, and integration with existing systems, with evaluations based on past performance, expertise, and pricing. Interested parties must respond by March 11, 2025, and provide detailed corporate information, capabilities, and relevant previous contracts, while ensuring they are registered in the System for Award Management (SAM). For inquiries, contact Contract Specialist Jose Espinoza at jose.espinoza3@va.gov.
    7A20--RFI - Budget Tracking Tool (BTT) Replacement Tool
    Buyer not available
    The Department of Veterans Affairs (VA) is seeking qualified vendors to provide a Software as a Service (SaaS) solution for the replacement of its Budget Tracking Tool (BTT). The objective of this procurement is to enhance financial and acquisition data tracking, improve transparency, and ensure compliance with federal regulations, particularly in managing Congressional appropriations and supporting the VA’s Planning, Programming, Budgeting, and Execution (PPBE) process. This initiative is crucial for the VA's commitment to leveraging technology to improve service delivery to veterans while adhering to standards such as the Federal Information Security Management Act (FISMA) and the Federal Financial Management Improvement Act (FFMIA). Interested parties must submit their responses by March 12, 2025, at 2:00 PM Eastern Time, to Contract Specialist Brianna Feaster at brianna.feaster@va.gov, with the opportunity structured for a base year and four options for scalability.
    6515--USP 797/800 Compliance Monitoring Subscription
    Buyer not available
    The Department of Veterans Affairs is seeking a contractor to provide a web-based software solution for compliance monitoring with USP Chapters 797 and 800, which govern sterile compounding practices. The software must cater to the needs of pharmacists and pharmacy technicians, featuring customizable task templates, training modules, alert notifications for overdue tasks, and comprehensive reporting capabilities, while ensuring compliance with federal security requirements. This contract, structured as a firm-fixed-price agreement, is set to commence in June 2025 for a base year with options for four additional years, and interested vendors are encouraged to express their interest by contacting Contract Specialist Emanuel Nevarez at emanuel.nevarez@va.gov by the response deadline of March 12, 2025.
    DA10-- Rauland - Responder 5 Nurse Call System Application software support service -
    Buyer not available
    The Department of Veterans Affairs is seeking proposals for an annual software support and maintenance contract for the Rauland Responder 5 Nurse Call System, specifically for the Audie L. Murphy Memorial Veterans Hospital in San Antonio, Texas. The contract requires the selected contractor to provide comprehensive technical support, including troubleshooting assistance within one hour of a request, available 24/7 throughout the year, with a base performance period from April 1, 2025, to March 31, 2026, and four optional renewal periods. This procurement is crucial for maintaining effective communication systems that support healthcare services for veterans, ensuring operational readiness and high standards of care. Interested parties, particularly Veteran-Owned Small Businesses, must submit their bids by March 11, 2025, and can contact Contract Specialist Justin Daniel at justin.daniel@va.gov for further information.