DA01--VA Server Enterprise Endpoint Security (VASEES) RFI (VA-25-00011736)
ID: 36C10B25Q0203Type: Sources Sought
Overview

Buyer

VETERANS AFFAIRS, DEPARTMENT OFVETERANS AFFAIRS, DEPARTMENT OFTECHNOLOGY ACQUISITION CENTER NJ (36C10B)EATONTOWN, NJ, 07724, USA

NAICS

Other Computer Related Services (541519)

PSC

IT AND TELECOM - BUSINESS APPLICATION/APPLICATION DEVELOPMENT SUPPORT SERVICES (LABOR) (DA01)

Original Source

https://sam.gov/opp/1105880ccd7b48f89dfa8d21a37ed43c/view
Timeline
    Description

    The Department of Veterans Affairs (VA) is seeking information from vendors regarding the VA Server Enterprise Endpoint Security (VASEES) system, aimed at enhancing cybersecurity measures for up to 750,000 devices. This Request for Information (RFI) invites vendors to provide insights into their capabilities for endpoint security solutions, including scalability, integration with existing systems, and operational support for 24/7 operations, while also addressing compliance with federal standards such as FedRAMP. Responses are due by March 20, 2025, and interested parties should submit their detailed information to Contract Specialist Dana Seeler at dana.seeler@va.gov, adhering to a 15-page limit and including relevant business details and proposed solutions.

    Point(s) of Contact
    Dana SeelerContract Specialist
    dana.seeler@va.gov
    Files
    Title
    Posted
    36C10B25Q0203.docx
    The Department of Veterans Affairs has issued a Sources Sought Notice for the VA Server Enterprise Endpoint Security (VASEES) Request for Information (RFI) under solicitation number 36C10B25Q0203. The notice is aimed at gathering input from potential vendors regarding endpoint security solutions and associated services. The contracting office is located in Eatontown, NJ, and the deadline for responses is set for March 20, 2025, at 12:00 PM Eastern Time. The notice references attachments that encompass a draft Performance Work Statement (PWS) and a series of questions regarding the RFI. Additional documentation includes service level agreements and specific requirements for endpoint detection and response systems. This engagement appears to be part of the federal government's strategy to enhance cybersecurity measures for the VA’s IT infrastructure, reflecting increasing priorities on security and compliance in federal operations. The point of contact for inquiries is Contract Specialist Dana Seeler, whose email is provided for direct communication. Overall, this notice outlines the VA's intention to assess the market for potential solutions that fulfill its security objectives.
    Appendix A - VASEES SERVICE LEVEL AGREEMENTS RFI.pdf
    The VASEES Service Level Agreements (SLA) outline performance expectations for a contractor providing services to the VA. Key SLAs include a two-hour engineering response time, 24/7 network monitoring with a 15-minute outage notification, and a commitment to 99.9% service availability. Should service availability fall below this threshold, the VA can request service credits proportional to the level of non-compliance. The contractor is required to monitor system load and utilization to ensure efficiency, with specific thresholds for CPU and memory usage. Support response times vary by severity level: critical issues demand a 30-minute response, serious problems require one hour, moderate issues four hours, and minimal requests one day. Performance levels must be validated within 30 days of contract award, including routine testing and reporting to maintain compliance. The document emphasizes accountability, outlining how service credits will be structured if SLAs are not met, reinforcing the contract's terms while ensuring continuous support for VA operations. The SLA serves as a critical element in government contracts, ensuring that contractors uphold their obligations and provide reliable service to federal clients.
    Appendix B_EDR_EPP Reqs March 4 2025.xlsx
    The document outlines a Request for Proposal (RFP) for an Endpoint Protection Platform (EPP) designed for the Veterans Affairs (VA). It specifies general and operational requirements for a scalable, enterprise-grade host endpoint monitoring solution. Key features include FIPS 140-2 encryption for data security, modularity for component updates, and extensive application and network control capabilities. The solution must support various operating systems and integrate seamlessly with existing IT infrastructure, including SIEM and SOAR systems. Performance and operational metrics highlight the need for real-time threat analysis, malicious file containment, and data collection, ensuring minimal resource impact on host systems. Furthermore, the EPP solution should enable remote management capabilities, detailed reporting options, and adherence to federal compliance standards like NIST and 508 compliance. The focus on user access control, automated response to threats, and forensic investigation capabilities illustrates a comprehensive cybersecurity strategy, essential in protecting sensitive data and maintaining operational integrity across the VA's network. This RFP emphasizes the necessity for modern security solutions that can adapt to evolving threats while supporting the VA's mission to serve veterans effectively.
    PWS VASEES RFI.pdf
    The Performance Work Statement (PWS) outlines the Department of Veterans Affairs' (VA) requirement for the VA Server Enterprise Endpoint Security (VASEES) system, designed to deliver comprehensive cybersecurity for up to 750,000 physical, virtual, and cloud-hosted clients. The contractor is responsible for deploying a Software as a Service (SaaS) solution, obtaining necessary authorizations, and maintaining high levels of security through compliance with federal guidelines, including FISMA and FedRAMP standards. The scope includes project management, staffing plans, training, and operational support. Key deliverables encompass a detailed project management plan, continuous monitoring and maintenance of the VASEES solution, and training for VA personnel. The contractor must ensure documentation, help desk scripts, and support infrastructure are in place to facilitate effective user interaction with the system. The contract spans an initial twelve-month period, extendable over four additional years, allowing for incremental asset licensing and scalability. This PWS reflects the VA’s commitment to enhancing cybersecurity practices while adhering to federal regulations, ensuring the safe management of sensitive information across all VA operations.
    RFI QUESTIONS 36C10B25Q0203.pdf
    The Request for Information (RFI) for the VA Server Enterprise Endpoint Security (VASEES) is issued for planning purposes and does not obligate the government to procure any products or services. It invites vendors to provide insights regarding their capabilities specific to endpoint security solutions anticipated for the management of up to 750,000 devices. Interested vendors are instructed to submit detailed information within a 15-page limit, excluding marketing materials, and must include business size, NAICS codes, and a summary of their proposed solutions. Key areas of response include the scalability of technology, integration with existing cybersecurity systems, operational staffing plans to support 24/7 operations, and the readiness for FedRAMP certification. Vendors are also asked to outline pricing models and provide details about their experience with federal contracts. Responses are due by March 20, 2025, with submissions sent via email and marked for proprietary information. This RFI serves as a preparatory step for assessing market capabilities in achieving comprehensive endpoint protection for the VA's server enterprise.
    Lifecycle
    Title
    Type
    DA01--VA Server Enterprise Endpoint Security (VASEES) RFI (VA-25-00011736)
    Currently viewing
    Sources Sought
    Similar Opportunities
    DA01--Zero Trust Application Realtime Protection (ZARP) RFI (VA-25-00050847)
    Buyer not available
    The Department of Veterans Affairs is seeking information through a Request for Information (RFI) for the Zero Trust Application Realtime Protection (ZARP) initiative, identified by solicitation number 36C10B25R0189. The objective is to enhance cybersecurity by implementing a robust Runtime Application Self-Protection (RASP) solution that safeguards between 1,000 to 1,500 applications against various threats, including data breaches and unauthorized access, while ensuring compliance with NIST standards. This initiative is critical for modernizing the VA's security framework and fostering a Zero Trust architecture, which is essential in addressing contemporary cybersecurity challenges. Interested vendors must submit their qualifications and responses by March 10, 2025, at noon Eastern Time, with inquiries directed to Contract Specialist Michael Berberich at michael.berberich@va.gov.
    7A21--RFI Request - Minimum Data Set (MDS) - new requirement (VA-25-00019860)
    Buyer not available
    The Department of Veterans Affairs (VA) is seeking vendors to support the implementation of the Information Quality Improvement and Evaluation Systems (iQIES) for its Geriatrics and Extended Care Program, as part of a Request for Information (RFI). This initiative aims to replace the outdated Legacy Minimum Data Set (MDS) system, which is crucial for evaluating the quality of care in VA Community Living Centers and State Veterans Homes. The new iQIES-VA system will facilitate data migration, customization for VA-specific needs, and compliance with clinical standards, while operating securely within an Amazon Web Services (AWS) environment. Interested parties must submit their capability responses by March 13, 2025, and are encouraged to provide detailed information regarding their experience with similar systems and security compliance, as generic marketing materials will not be accepted. For further inquiries, vendors can contact Contract Specialist Ivan Varela at ivan.varela@va.gov or (848) 377-5328.
    5836--Video Security Surveillance
    Buyer not available
    The Department of Veterans Affairs is seeking qualified vendors to provide Video Security Surveillance (VSS) equipment for the Greater Los Angeles Healthcare System under solicitation 36C26225Q0599. The procurement aims to expand and upgrade the existing VSS system across multiple facilities, enhancing safety and security for Veterans, staff, and the public through the integration of new technologies, including various camera installations and necessary infrastructure upgrades. This initiative is critical for maintaining a robust security system that complies with federal standards and ensures a safe environment for all stakeholders. Interested parties must submit a capabilities statement by March 17, 2025, detailing their qualifications and compliance with small business classifications, with further announcements to be published on SAM.gov or NASA's SEWP website. For inquiries, contact Contracting Officer Anthony Dela Cruz at anthony.delacruz@va.gov or 562-766-2284.
    R499--Veterans' Affairs Processing Automation (VPAS) Update to RFP release date and Point of Contact Information
    Buyer not available
    The Department of Veterans Affairs is seeking input from vendors for the Veterans' Affairs Processing Automation Services (VPAS) through a Request for Information (RFI) designated as 36C10D24Q0038. The objective of this procurement is to enhance benefits processing for U.S. veterans by gathering insights on efficient service models, including document digitization, data integration, and customer support services, as part of a managed service contract. This initiative is crucial for improving operational efficiencies and reducing claims backlogs, ultimately supporting the timely delivery of services to veterans. Interested parties are encouraged to submit their responses by March 3, 2024, and direct inquiries to VBA.Procurements@va.gov, with the RFP release anticipated in Q3/Q4 of the current fiscal year.
    J065--BASE 4OY LICENSE & SUPPORT SENSITRAC & INSTRUMENTRAC
    Buyer not available
    The Department of Veterans Affairs (VA) is seeking qualified suppliers to provide a licensing subscription and support services for the Censitrac and Instrumentrac software systems, which are utilized for surgical asset management across eight VA healthcare facilities in California, Arizona, and New Mexico. This opportunity includes a base year and four option years, with the VA aiming to gather information on potential vendors' capabilities, pricing, and business classifications under NAICS code 513210. The procurement is part of the VA's planning process to ensure effective asset management in healthcare settings, and interested parties must submit their responses by March 19, 2025, via email to the Contracting Officer, Anette Doan, at Anette.Doan@va.gov or by phone at 562-766-2200. This request for information does not constitute a formal solicitation for a contract.
    6350--Security System
    Buyer not available
    The Department of Veterans Affairs is seeking qualified sources for a security system at the Sussex Vet Center located in Georgetown, Delaware. The procurement aims to establish a system that deters unauthorized access, incorporating features such as alarm systems for doors and windows, as well as motion detectors in critical areas. This initiative is crucial for enhancing the safety and security of the facility. Interested vendors must submit their business classifications, capabilities, and relevant qualifications by March 17, 2025, to Contract Specialist McDaniel Brayboy III at mcdaniel.brayboy@va.gov or by phone at 916-841-7834. It is important to note that this notice is a request for information and does not constitute a solicitation for contract awards.
    7D20--EEG Acquisition PC Upgrade
    Buyer not available
    The Department of Veterans Affairs (VA) is seeking to award a sole-source contract for the acquisition of specific equipment and software upgrades for EEG workstations. The procurement includes a Windows 10 upgrade for five EEG workstations, the replacement of a PC for EEG 1200-R, remote IT system configuration, and installation services, with Nihon Kohden America, Inc. recognized as the sole authorized service provider for this equipment. This upgrade is critical for maintaining the functionality and efficiency of EEG services provided by the VA. Interested parties may submit proposals, but if no responses are received within seven days of the notice's publication, the VA will proceed with the contract without further notifications. The response deadline is set for March 10, 2025, and inquiries can be directed to Contract Specialist Mariangie Rios Vazquez at mariangie.riosvazquez@va.gov or by phone at 210-996-8816.
    DA10--678-25-2-177-0025 AudioCare Prefill Software
    Buyer not available
    The Department of Veterans Affairs is seeking qualified vendors to provide the AudioCare Prefill Software, aimed at enhancing prescription management at the Southern Arizona VA Healthcare System. This procurement is intended to address prescription refill delays that negatively impact patient care and increase operational costs, as the VA currently lacks an automatic refilling system. The selected contractor will be responsible for software installation, infrastructure setup, and integration with existing systems, with evaluations based on past performance, expertise, and pricing. Interested parties must respond by March 11, 2025, and provide detailed corporate information, capabilities, and relevant previous contracts, while ensuring they are registered in the System for Award Management (SAM). For inquiries, contact Contract Specialist Jose Espinoza at jose.espinoza3@va.gov.
    J065 | Viewpoint Software Support and Maintenance
    Buyer not available
    The Department of Veterans Affairs (VA) is seeking contractors to provide support and maintenance services for the Viewpoint Wireless Temperature Monitoring System, as outlined in a Sources Sought Announcement. The procurement aims to gather information on potential vendors who can deliver comprehensive service agreements, including hardware/software warranties, unlimited support, system monitoring, and on-site calibration of NIST probes for various healthcare facilities in Southern Nevada. This initiative is crucial for ensuring proper temperature management within VA healthcare settings, thereby maintaining safety and compliance with federal regulations. Interested parties must respond by February 26, 2025, at 1:00 PM Pacific Time, and are encouraged to contact Gary Christensen at gary.christensen@va.gov for further details.
    6530--RESIDENT GUARD SYSTEM, INSTALLATION, and TESTING
    Buyer not available
    The Department of Veterans Affairs (VA) is seeking businesses capable of providing the Accutech Resident Guard System, along with its installation and testing, at the VA San Diego Healthcare System. This Sources Sought Notice aims to assess vendor capabilities for installing the Resident Guard system across multiple floors of the facility, adhering to NFPA 99 safety standards and ensuring compliance with the Buy American Act. The information gathered will inform potential acquisition strategies, with responses due by March 13, 2025; interested vendors should contact Contracting Officer Lynn Pettit at Lynn.Pettit@va.gov or call 254-899-6001 for further details.