Unpatched Security Flaws Openly Solicited by US Navy

4
Textonly version This is Google's cache of https://www.fbo.gov/? s=opportunity&mode=form&id=3dd32e729b697791350ab6c086210bf1&tab=core&_cview=0 . It is a snapshot of the page as it appeared on Jun 10, 2015 17:16:12 GMT. The current page could have changed in the meantime. Learn more Tip: To quickly find your search term on this page, press Ctrl+F or F (Mac) and use the find bar. Solicitation Number: N0018915T0245 Notice Type: Sources Sought Buyers: Login | Register Vendors: Login | Register Accessibility Original Synopsis Jun 10, 2015 12:32 pm Return To Opportunities List Watch This Opportunity Add Me To Interested Vendors Synopsis: Added: Jun 10, 2015 12:32 pm Sources sought for information and planning purposes to identify qualified and experienced sources for an anticipated firmfixed price contract or task order under NAICS code 511210, with a small business size standard of $27.5M. The Government requires contractor support, via subscription services to meet the increased demand to emulate current cyber threat actors and their capabilities. The Government is seeking a qualified vendor capable of producing operational exploit products that integrate with commonly used cyber security exploitation frameworks. The anticipated period of performance for an eventual contract, if awarded, is a 12 month base period and three 12 month option periods. Subject to FAR Clause 52.2153, entitled Solicitation for Information of Planning Purpose, this announcement constitutes a sources sought synopsis for written information only. This is not a solicitation announcement for proposals: a contract will not be awarded from of this announcement. This sources sought notice is not to be construed in any way as a commitment by the Government, nor will the Government pay for the information submitted in response. The Fleet Logistics Center, Norfolk, Virginia is seeking information on qualified and experienced sources for planning purposes in an effort to derive GENERAL INFORMATION Notice Type: Sources Sought Posted Date: June 10, 2015 Response Date: June 18, 2015 Archiving Policy: Automatic, on specified date Archive Date: July 3, 2015 Original Set Aside: N/A Set Aside: N/A Classification Code: 70 General purpose information technology equipment NAICS Code: 511 Publishing Industries (except Internet)/511210 Software Publishers 70Common Vulnerability Exploit Products Solicitation Number: N0018915T0245 Agency: Department of the Navy Office: Naval Supply Systems Command Location: NAVSUP Fleet Logistics Center Norfolk Notice Details Packages Interested Vendors List Print Link

Transcript of Unpatched Security Flaws Openly Solicited by US Navy

Page 1: Unpatched Security Flaws Openly Solicited by US Navy

6/12/2015 70--Common Vulnerability Exploit Products - Federal Business Opportunities: Opportunities

http://webcache.googleusercontent.com/search?q=cache:o7dfUzaTL6UJ:https://www.fbo.gov/%3Fs%3Dopportunity%26mode%3Dform%26id%3D3dd32e729b6977… 1/4

Text­only version

This is Google's cache of https://www.fbo.gov/?s=opportunity&mode=form&id=3dd32e729b697791350ab6c086210bf1&tab=core&_cview=0. It is a snapshot of the page as it appearedon Jun 10, 2015 17:16:12 GMT. The current page could have changed in the meantime. Learn moreTip: To quickly find your search term on this page, press Ctrl+F or ⌘­F (Mac) and use the find bar.

 

Solicitation Number:N0018915T0245

Notice Type:Sources Sought

Buyers: Login | Register  Vendors: Login | Register   Accessibility

Original SynopsisJun 10, 201512:32 pm

Return To Opportunities List   Watch This Opportunity  

Add Me To Interested Vendors

Synopsis:Added: Jun 10, 2015 12:32 pmSources sought for information and planning purposes to identify qualifiedand experienced sources for an anticipated firm­fixed price contract or taskorder under NAICS code 511210, with a small business size standard of$27.5M. The Government requires contractor support, via subscriptionservices to meet the increased demand to emulate current cyber threatactors and their capabilities. The Government is seeking a qualified vendorcapable of producing operational exploit products that integrate withcommonly used cyber security exploitation frameworks. The anticipatedperiod of performance for an eventual contract, if awarded, is a 12 monthbase period and three 12 month option periods.

Subject to FAR Clause 52.215­3, entitled Solicitation for Information ofPlanning Purpose, this announcement constitutes a sources sought synopsisfor written information only.

This is not a solicitation announcement for proposals: a contract will not beawarded from of this announcement. This sources sought notice is not to beconstrued in any way as a commitment by the Government, nor will theGovernment pay for the information submitted in response. 

The Fleet Logistics Center, Norfolk, Virginia is seeking information onqualified and experienced sources for planning purposes in an effort to derive

GENERAL INFORMATION

Notice Type:Sources Sought

Posted Date:June 10, 2015

Response Date:June 18, 2015

Archiving Policy:Automatic, on specified date

Archive Date:July 3, 2015

Original Set Aside:N/A

Set Aside:N/A

Classification Code:70 ­­ General purpose informationtechnology equipment

NAICS Code:511 ­­ Publishing Industries (exceptInternet)/511210 ­­ SoftwarePublishers

70­­Common Vulnerability Exploit ProductsSolicitation Number: N0018915T0245Agency: Department of the NavyOffice: Naval Supply Systems CommandLocation: NAVSUP Fleet Logistics Center Norfolk

Notice Details Packages Interested Vendors List Print   Link

Page 2: Unpatched Security Flaws Openly Solicited by US Navy

6/12/2015 70--Common Vulnerability Exploit Products - Federal Business Opportunities: Opportunities

http://webcache.googleusercontent.com/search?q=cache:o7dfUzaTL6UJ:https://www.fbo.gov/%3Fs%3Dopportunity%26mode%3Dform%26id%3D3dd32e729b6977… 2/4

a contract vehicle that will provide qualified personnel to support theGovernment’s mission in the following functional areas:

This is a requirement to have access to vulnerability intelligence, exploitreports and operational exploit binaries affecting widely used and relied uponcommercial software.

­ These include but are not limited to Microsoft, Adobe, JAVA, EMC, Novell,IBM, Android, Apple, CISCO IOS, Linksys WRT, and Linux, and all others.

­ The vendor must be rated to Capability Maturity Model Integration (CMMI)Level 3 or greater.

­ The vendor shall provide the government with a proposed list of availablevulnerabilities, 0­day or N­day (no older than 6 months old). This list shouldbe updated quarterly and include intelligence and exploits affecting widelyused software. The government will select from the supplied list and directdevelopment of exploit binaries.

­ Completed products will be delivered to the government via securedelectronic means. Over a one year period, a minimum of 10 unique reportswith corresponding exploit binaries will be provided periodically (no less than2 per quarter) and designed to be operationally deployable upon delivery.

­ Based on the Government’s direction, the vendor will develop exploits forfuture released Common Vulnerabilities and Exposures (CVE’s).

­ Binaries must support configurable, custom, and/or governmentowned/provided payloads and suppress known network signatures fromproof of concept code that may be found in the wild.

­ Once a product is transferred from the vendor to the government, thegovernment maintains a perpetual license to use, modify or share at thebuyer’s discretion.

­ The vendor shall accept vulnerability data to include patch code, proof ofconcept code, or analytic white papers from the government to assist withproduct development. Products developed under these conditions will not beavailable to any other customer and will remain exclusively licensed to the

Page 3: Unpatched Security Flaws Openly Solicited by US Navy

6/12/2015 70--Common Vulnerability Exploit Products - Federal Business Opportunities: Opportunities

http://webcache.googleusercontent.com/search?q=cache:o7dfUzaTL6UJ:https://www.fbo.gov/%3Fs%3Dopportunity%26mode%3Dform%26id%3D3dd32e729b6977… 3/4

government.

­ All delivered products will be accompanied by documentation to includeexploit description, concept of operation and operator instructions.

­ Technical support shall be provided by the vendor to the government forpurposes of integrating, troubleshooting, bug fixes, feature enhancements,and OS and third party software compatibility testing. These services must beavailable Monday through Friday during normal working hours (0730 ESTthrough 1630 EST).

Reponses to this Sources Sought request shall include the followinginformation in this format: 

1. Company name, address, point of contact name, phone number, faxnumber and email address. 

2. Contractor and Government Entity (CAGE) Code. 

3. If the items can be solicited from a GSA schedule or existing MultipleAward Contract, provide the contract number.

4. Size of business ­ Large Business, Small Business, Small Disadvantaged,8(a), Hubzone, Woman­owned and/or Veteran­owned.

5. Capability statement displaying the contractor’s ability to successfullyprovide the subscription services detailed above. If past performanceinformation is provided, please include only relevant past performance on thesame/similar work within the last 3 years. Please also include in pastperformance information the contract numbers, dollar value, and period ofperformance for each contract referenced in the response to this sourcessought. 

6. Comments, questions and recommendations regarding contractor taskingdetailed in the PWS are encouraged.

7. Include any other supporting documentation deemed necessary. 

Documentation of technical expertise must be presented in sufficient detailfor the Government to determine that your company possesses thenecessary functional area expertise and experience to compete for thisacquisition.

Standard company brochures will not be reviewed. Submissions are not toexceed eight (8) typewritten pages, single­spaced, in no less than 10 fontsize. 

Page 4: Unpatched Security Flaws Openly Solicited by US Navy

6/12/2015 70--Common Vulnerability Exploit Products - Federal Business Opportunities: Opportunities

http://webcache.googleusercontent.com/search?q=cache:o7dfUzaTL6UJ:https://www.fbo.gov/%3Fs%3Dopportunity%26mode%3Dform%26id%3D3dd32e729b6977… 4/4

For Help: Federal Service Desk Accessibility

Responses should be emailed to Mr. David Biggs at [email protected] 4:00 PM ET on 18 June, 2015. Again, this is not a request for a proposal.Respondents will not be notified of the results. Please note the informationwithin this pre­solicitation synopsis will be updated and/or may change priorto an official synopsis/solicitation, if any, is issued.

Contracting Office Address:N00189 NAVSUP Fleet Logistics Center Norfolk 1968 Gilbert Street,Suite 600NORFOLK, VA

Point of Contact(s):Mr. David Biggs(757)443­1410

David Biggs

Return To Opportunities List   Watch This Opportunity  

Add Me To Interested Vendors