Software Bill of Materials (SBOM) Validation Comparison Set
ID: 75F40124P00413Type: Special Notice
Overview

Buyer

HEALTH AND HUMAN SERVICES, DEPARTMENT OFFOOD AND DRUG ADMINISTRATIONFDA CENTER FOR DEVICES AND RADIOLOGICAL HEALTHSilver Spring, MD, 20993, USA

NAICS

Custom Computer Programming Services (541511)

PSC

SUPPORT- PROFESSIONAL: OTHER (R499)

Original Source

https://sam.gov/opp/ff849ef9dc7e4be0b240e7656f75f7e8/view
Timeline
    Description

    The Department of Health and Human Services, specifically the Food and Drug Administration's Center for Devices and Radiological Health (CDRH), is seeking to award a firm fixed price purchase order to MedCrypt, Inc. for the development of a Software Bill of Materials (SBOM) Validation Comparison Dataset. The primary objective of this procurement is to enhance cybersecurity for medical devices by providing a continuously updated dataset of known vulnerabilities, which will aid in the analysis of risks and potential exploits associated with software components used in these devices. This initiative is crucial for ensuring the safety and efficacy of healthcare technologies, particularly in light of recent legislative mandates under the Food and Drug Omnibus Reform Act of 2022. Interested parties can contact Brian Wodzisz at Brian.Wodzisz@fda.hhs.gov for further information regarding this opportunity.

    Point(s) of Contact
    Brian Wodzisz
    Brian.Wodzisz@fda.hhs.gov
    Files
    Title
    Posted
    JA_Redact.pdf
    The Food and Drug Administration's Center for Devices and Radiological Health (CDRH) is seeking a sole-source contract with MedCrypt for a unique data subscription service. This service will provide critical information on known vulnerabilities in software components used in medical devices, assisting in the development of an automated Software Bill of Materials (SBOM) analysis solution. The objective is to create a comprehensive resource that allows for the timely identification and evaluation of vulnerabilities, risks, and exploitations across the product lifecycle. CDRH aims to integrate this data into their existing systems to promote safer medical device usage, in line with new cybersecurity requirements established under the Food and Drug Omnibus Reform Act of 2022. The document emphasizes the singular qualifications of MedCrypt in managing the necessary alias data for effective comparison with vulnerability information, making their service essential for CDRH’s cybersecurity efforts. The acquisition is justified under the FAR due to the lack of available alternatives with the required capabilities. Proper procurement procedures, including market research and cost analysis, are in place to ensure fairness and compliance.
    SOL_RFP.pdf
    The FDA's Center for Devices and Radiological Health (CDRH) has issued a Request for Proposal (RFP) aimed at enhancing cybersecurity for medical devices. The objective is to develop a process for data analysis regarding known vulnerabilities, risks, and potential exploits in devices utilizing software, hardware, or firmware. To achieve this, the CDRH seeks a data provider who can supply a continuously updated dataset of vulnerabilities, complemented by a comparator file that standardizes software component identifiers for accurate analysis against received Software Bills of Materials (SBOMs). The project involves several tasks, including a kickoff meeting, dataset integration, automated data delivery, and anonymized analysis requests. Deliverables include test and final datasets, encrypted data submissions, and meeting summaries, all to be formatted according to specified standards. The contract type is Firm Fixed Price with a performance period of one year, with the potential for four subsequent option years. Services may be performed off-site or on the FDA premises. The RFP emphasizes the critical need for cybersecurity in medical devices, aligning with recent legislative mandates ensuring the safety and efficacy of healthcare technologies.
    Lifecycle
    Title
    Type
    Software Bill of Materials (SBOM) Validation Comparison Set
    Currently viewing
    Special Notice
    Similar Opportunities
    Software Component Package Risk & Vulnerability Periodic Database
    Active
    Health And Human Services, Department Of
    The U.S. Food and Drug Administration (FDA) is seeking to award a firm fixed price purchase order for a Software Component Package Risk and Vulnerability Periodic Database to Dark Sky Technology, Inc. This procurement aims to enhance the cybersecurity of medical devices by acquiring a subscription service that reports known software vulnerabilities, which is critical for the FDA's Center for Devices and Radiological Health (CDRH) to effectively assess and mitigate risks associated with medical device software. The initiative is part of the FDA's response to the Food and Drug Omnibus Reform Act of 2022, emphasizing the importance of safeguarding public health in an evolving technological landscape. Interested parties can contact Brian Wodzisz at Brian.Wodzisz@fda.hhs.gov for further information, with the contract performance period extending up to five years.
    DM: Prediction Model Software
    Active
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the Food and Drug Administration (FDA), is seeking advanced prediction model software to enhance product quality and efficiency within its Division of Product Quality and Research (DPQR). The software must be capable of mining large and complex datasets to identify critical quality parameters and optimize product performance at a molecular level, particularly in a high-performance computing (HPC) environment. This procurement is vital for addressing product quality issues in pharmaceutical manufacturing and ensuring compliance with FDA standards. Interested vendors should contact Allison Meads at allison.meads@fda.hhs.gov or Steven Gagnon at steven.gagnon@fda.hhs.gov for further details, as the contract will follow a firm fixed price model with specific deliverables and a performance period extending until installation and warranty completion.
    Software License and Device Warranty for Two Nanopore GridION Instruments
    Active
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the Food and Drug Administration (FDA), is seeking to procure a Software License and Device Warranty for two Nanopore GridION instruments, which are critical for the FDA's Next Generation Sequencing (NGS) initiatives focused on genomic data collection and analysis. The procurement aims to ensure optimal performance of these instruments through software and hardware updates, remote troubleshooting, and a return and replace policy for faulty devices, with a total cost of $25,000 for a one-year warranty and license renewal. This acquisition underscores the FDA's commitment to enhancing pathogen identification capabilities through advanced genomic technology, with the performance period set from September 28, 2024, to September 27, 2025, and the possibility of extending for three additional years, subject to funding. Interested vendors should submit their quotes electronically to Raphael Hall at raphael.hall@fda.hhs.gov by September 19, 2024, at 11:59 PM Eastern Standard Time.
    PRIMO Software Licensing
    Active
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the Food and Drug Administration (FDA), is seeking qualified small businesses to provide PRIMO Software Licensing and Maintenance Support Services. The procurement involves supplying 21 PRIMO software licenses for a base year, with two additional option years, to ensure the continuous operation of the FDA's CFSAN CAEMS system. This software is crucial for pharmacovigilance and regulatory compliance, enhancing the FDA's capabilities in monitoring food safety. Interested parties must submit their quotes by August 26, 2024, and are encouraged to contact Roosevelt Walker at roosevelt.walker@fda.hhs.gov for further details. The contract will be awarded as a firm-fixed-price purchase order, emphasizing compliance with federal acquisition regulations and accessibility standards.
    Engineering and Application Support Services
    Active
    Health And Human Services, Department Of
    The Food and Drug Administration (FDA) is seeking qualified small businesses to provide Engineering and Application Support Services aimed at modernizing its IT infrastructure and application environments. The procurement focuses on DevSecCXOps, Innovation, Modernization, and Engineering Services, with an emphasis on IT project management, infrastructure modernization, and operational support. This initiative is critical for enhancing the FDA's technological capabilities to ensure public health safety and streamline service delivery. Interested contractors must submit their responses by September 30, 2024, detailing their corporate profiles and relevant experience, with a projected contract value of up to $80 million. For further inquiries, potential bidders can contact Roosevelt Walker at roosevelt.walker@fda.hhs.gov.
    CFSAN Security Radio Upgrade & Security Communications Support Services
    Active
    Health And Human Services, Department Of
    The Department of Health and Human Services, through the Food and Drug Administration (FDA), is seeking proposals for the CFSAN Security Radio Upgrade & Security Communications Support Services contract. The primary objective is to enhance communication and emergency response capabilities at the College Park, Maryland campus by providing telecommunication devices, including 30 handheld radios with advanced features, and associated support services. This initiative is crucial for ensuring effective coordination, safety, and security during emergencies, while adhering to federal security requirements. Proposals are due by September 23, 2024, and interested parties can contact Matthew Tran at matthew.tran@fda.hhs.gov for further information.
    Facility Management System (FMS) Administration and Data Management
    Active
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the Food and Drug Administration (FDA), is seeking qualified vendors for the administration and data management of its Facility Management System (FMS), utilizing the ARCHIBUS software. The contractor will be responsible for providing ongoing FMS support, ensuring compliance with federal reporting requirements, maintaining data integrity, and offering user training and technical assistance. This initiative is crucial for managing the FDA's facilities efficiently in response to increasing service demands and regulatory requirements, with the contract anticipated to span from March 24, 2025, to March 23, 2030. Interested parties must submit their responses, including a Vendor Feedback Form, to Nicholas Bisher and Kimberly Pennix by September 23, 2024, at 2:00 PM EST, as this is a Sources Sought Notice and not a solicitation for proposals.
    FDA Library Digital Subscription Services and Support
    Active
    Health And Human Services, Department Of
    The Food and Drug Administration (FDA) is seeking qualified vendors to provide digital subscription services and support for its library resources, aimed at enhancing access to credible scientific information for its staff. The procurement involves establishing a Blanket Purchase Agreement that consolidates subscription management, covering renewals and purchases of journals, databases, and training materials, while ensuring these resources are accessible through a secure online tracking system. This initiative is crucial for maintaining an extensive and well-managed library that supports the FDA's public health mission, ensuring reliable access to critical information for its employees. Interested vendors should submit their capabilities statements by September 23, 2024, to Vivianna Diaz at Vivianna.Diaz@fda.hhs.gov, with a total funding allowance of $450,000 for unforeseen subscription changes over the contract period from January 1, 2025, to January 31, 2030.
    Amendment No. 1 -Notice of Intent to Award a Sole Source Contract – Radiation Protection Advancing Patient Safety
    Active
    Health And Human Services, Department Of
    The Department of Health and Human Services, specifically the Food and Drug Administration (FDA), intends to award a Sole Source contract to the National Council on Radiation Protection and Measurements (NCRP) for the project titled "Radiation Protection Advancing Patient Safety." The primary objective of this procurement is to obtain up to six well-sourced scientific analyses, reports, and recommendations on radiation safety, which will inform regulatory decision-making and policy development related to radiological medical devices and radiation-emitting electronic products. This initiative is crucial for enhancing patient safety by ensuring that radiation exposure is minimized and that the quality of patient care is improved. Interested parties must submit their capability statements to Bernice Nelson by September 19, 2024, with the contract being executed under simplified acquisition procedures and the NAICS code 541720, which has a small business size standard of $28 million.
    Gore Medical branded stents (Brand Name restriction)
    Active
    Health And Human Services, Department Of
    The Department of Health and Human Services, National Institutes of Health seeks to procure specific medical devices for use in interventional radiology procedures. These are brand-restricted items, with the National Institute of Health specifying Gore Medical branded stents. The scope of work involves supplying several variants of two medical devices: Viatorr Tips Endo CX and Viabahn BX Balloon Expander Endo. The Viatorr Tips are measured in millimeters and vary in length, while the Viabahn BX Balloon Expanders are used in catheterization procedures. The medical devices are intended for minimally invasive procedures. The bill of materials provided outlines the exact models and quantities sought. Offerors must provide the following: 1 unit of Model PTB8105275, ID 00733132635016 - 8-10mmX5cm/2cm 10Fr VIATORR TIPS ENDO CX 1 unit of Model PTB8107275, ID 00733132635030 - 8-10mmX7cm/2cm 10Fr VIATORR TIPS ENDO CX 1 unit of Model PTB8108275, ID 00733132635047 - 8-10mmX8cm/2cm 10Fr VIATORR TIPS ENDO CX 1 unit of Model BXB083901A, ID 00733132658718 - 8MMX39MM 7Fr 80CM Cath RP VIABAHN BX BALLOON EXP ENDO 1 unit of Model BXB085901A, ID 00733132658732 - 8MMX59MM 7Fr 80CM Cath RP VIABAHN BX BALLOON EXP ENDO Eligible applicants should be well-established surgical and medical instrument manufacturers (NAICS code 339112) with the ability to deliver the specified devices promptly. The evaluation of quotes will consider technical capability, price, and past performance. Quotes should be submitted to Lu Chang at lu-chang.lu@nih.gov by 5:00 PM EST on 08/01/2024, including the RFQ number (RFQ-CC-24-010258) in the subject line. Further inquiries can be directed to the same email address. This opportunity is a combined synopsis and solicitation issued under FAR Subpart 12.6. The resulting contract will be a firm fixed-price order.