10 October 1999

[Printed Issue Date: September 27, 1999]
From the Commerce Business Daily Online via GPO Access
[cbdnet.access.gpo.gov]

PART: U.S. GOVERNMENT PROCUREMENTS
SUBPART: SUPPLIES, EQUIPMENT AND MATERIAL
CLASSCOD: 70--General-Purpose Information Technology Equipment
OFFADD: DISA/DITCO/DTS6, 2300 East Drive, Scott AFB, IL 62225-
  5406
SUBJECT: 70--DOD PUBLIC KEY INFRASTRUCTURE CRYPTOGRAPHIC MODULES
SOL DCA200-99-T-5038
DUE 101299
POC Debra D. Santoro, 618-229-9710
DESC: (i) This is a combined synopsis/solicitation for commercial
  items prepared in accordance with the format in FAR 12.6, as
  supplemented with additional information included in this notice.
  This announcement constitutes the only solicitation; proposals
  are being requested and a written solicitation will not be
  issued. 

  (ii) DCA200-99-T-5038. This solicitation is an RFQ.
  
  (iii) The RFQ document and incorporated provisions and clauses
  are those in effect through FAC 91-31 and DAC 91-13. 

  (iv) SIC Code 5045, Computers and Computer Peripheral Equipment and
  Software, Size Standard, 100 employees. This RFQ is issued
  under Full and Open Competition. 

  (v) Price each basic and Option CLIN. Specifications in para (vi). CLIN 0001, DoD PKI Root
  Certificate Authority Cryptographic Modules; SubCLIN 0001AA,
  Hardware, para (vi)(1), 2 Each; 0001AB, Maintenance for SubCLIN
  0001AA, para (vi)(4)(a), 24 Months; SubCLIN 0001AC, Option,
  Hardware, para (vi)(1), 4 Each; SubCLIN 0001AD, Option, Maintenance
  for SubCLIN 0001AC, para (vi)(4)(b), 48 Months. CLIN 0002,
  DoD PKI Intermediate Certificate Authority Cryptographic Modules;
  subCLIN 0002AA, Hardware, para (vi)(2), 4 Each; SubCLIN 0002AB,
  Maintenance for SubCLIN 0002AA, para (vi)(4)(a), 48 Months;
  SubCLIN 0002AC, Option, Hardware, para (vi)(2), 9 Each; SubCLIN
  0002AD, Option, Maintenance for SubCLIN 0002AC, para (vi)(4)(b),
  108 Months. CLIN 0003, DoD PKI Infrastructure Components Cryptographic
  Modules; SubCLIN 0003AA, Hardware, para (vi)(3), 2 Each; 0003AB,
  Maintenance for SubCLIN 0003AA, para (vi)(4)(a); 24 Months,
  subCLIN 0003AC, Option, Hardware, para (vi)(3), 6 Each; subCLIN
  0003AD, OPTION, Maintenance for SubCLIN 0003AC, para (vi)(4)(c),
  72 Months. CLIN 0004, Option, Hourly Technical Support for
  Installation, para (vi)(5), 1 Hour. 

  (vi) Specifications: 

  (1)The hardware cryptographic modules used by the Root Certificate
  Authority must meet the following minimum requirements: Meet
  the requirements of the Security Requirements for Cryptographic
  Modules (FIPS 140-1) for Level 3, Support the Public Key Cryptography
  Standard (PCKS) #11, Support Ron Rivest, Adi Shamir, Leonard
  Adleman (RSA) and Digital Signature Algorithm (DSA) key generation,
  Support Secure Hash Algorithm (SHA-1), Support Data Encryption
  Standard (DES) and Triple DES, Support "N of M" user processing
  for Root CA Key activation, Provide for Backup of Certificate
  Authority signing Keys using "N of M" user protection, Support
  X.509 V3 Certificate Issuance, Support 1024 bit RSA Key Signing
  at least at a 20/sec rate, Interoperable with Sun Ultra Enterprise
  2 (Solaris Operation System 2.7(64 Bit) or higher) hardware,
  and Must be compatible with Netscape Certificate Manager (CMS)
  4.1. 

  (2) The hardware cryptographic modules used by the Intermediate
  Certificate Authority(s) must meet the following minimum requirements:
  Meet the requirements of the FIPS 140-1 for Level 3, Support
  PCKS #11, RSA and DSA key generation, SHA-1, Support DES and
  Triple DES, Provide for Backup of Certificate Authority signing
  Keys using "N of M" user protection, Simultaneously Support
  Secure Sockets Layer protocol and 1024 bit RSA Key Signing
  at least at a 300/sec rate, Support X.509 V3 Certificate Issuance,
  Interoperable with Sun Enterprise 3500 (Solaris Operation System
  2.7 (64 bit) or higher) hardware, and Must be compatible with
  Netscape Certificate Manager (CMS) 4.1. 

  (3) The hardware cryptographic
  modules used by the other infrastructure components to support
  secure communication between severs/clients must meet the following
  minimum requirements: Meet the requirements of the FIPS 140-1
  for Level 2, Support the PCKS #11, Support RSA and DSA key
  generation, SHA-1, Support DES and Triple DES, Support Secure
  Sockets Layer protocol, Support 1024 bit RSA Key change at
  least at a 300/sec rate, Interoperable with Sun Enterprise
  3500 (Solaris Operation System 2.7 (64 bit) or higher) hardware,
  and Must be compatible with Netscape Certificate Manager (CMS)
  4.1. 

  (4) Maintenance. Provide 24x7 technical support to assist
  in problem identification and resolution, which may include
  assisting Government personnel with removing, installing, and
  testing of government owned installed or backup modules and/or
  vendor provided temporary replacement modules. Additional maintenance
  requirements by CLIN are: (a) CLINs 0001AB, 0002AB and 0003AB.
  Provide on-site support within 1 work day of notice; Provide
  a temporary replacement module within 1 work day of notice;
  Return modules within 3 work days when a module is returned
  to the vendor for maintenance, which may be the same module
  corrected or a replacement module, which will become the property
  of the Government if the original module can not be fixed.
  (b) CLINs 0001AD and 0002AD. Provide on-site support within
  6 hours of notice; Provide a temporary replacement module within
  1 work day of notice; Provide modules within 3 work days when
  a module is returned to the vendor for maintenance, which may
  be the same module corrected or a replacement module, which
  will become the property of the Government if the original
  module can not be fixed. In the event all government backup
  modules have been installed due to maintenance problems with
  other modules, the vendor shall provide a temporary backup
  within 6 hours of notice. (c) CLIN 0003AD. Provide on-site
  support within 1 work day of notice; Provide a temporary replacement
  module within 1 work day of notice; Provide modules within
  3 work days when a module is returned to the vendor for maintenance,
  which may be the same module corrected or a replacement module,
  which will become the property of the Government if the original
  module can not be fixed. In the event all government backup
  modules have been installed due to maintenance problems with
  other modules, the vendor shall provide a temporary backup
  within 1 work day of notice. 

  (5) The Government intends to perform all hardware installations. 
  However, as an option, the government may order contractor hourly 
  support under CLIN 0004.

  (vii) FOB Destination. Deliver 1 Each, SubCLIN 0001AA,
  2 Each subCLIN 0002AA, and 1 Each subCLIN 0003AA to: NSA, 9800
  Savage Road SAB3, Ft Meade MD 20755-6734, Attn: Wayne Meckling,
  V51, Point of contact is Ray Mielke, 410-854-4509. Deliver
  1 Each, SubCLIN 0001AA, 2 Each subCLIN 0002AA, and 1 Each subCLIN
  0003AA to: SAIC, 10260 Campus Point Drive, MS B-1-E, San Diego
  CA 92121, Attn: Jamil Nimeh, 619-552-5403. Deliver all hardware
  within 5 work days after award. Maintenance is to be performed
  at delivery locations and shall be for 12 months from date
  of installation. Installation shall generally be completed
  within 5 work days of delivery. Depending on hardware warranty,
  if any, maintenance period may be reduced at award. Delivery
  address and date for option CLINs will be as mutually agreed.

  (viii) The following FAR clauses or provisions apply: 52.212-1
  applies, (b)(5): Specify warranty, if any, for hardware CLINs.
  h): Multiple awards may be made. Therefore, all or none quotes
  are not required. Quotes may be submitted for CLINs 0001, 0002,
  or 0003 only or any combination thereof; 52.212-2, (a) Award
  shall be made to the lowest price offer that complies with
  all requirements of this quote, including specifications in
  para (vi); 52.212-4; 52.212-5, (b) 52.203-6, 52.222-21, 52.222-26,
  52.222-35, 52.222-36, 52.222-37; 52.212-7, Options may be exercised
  at any time during the life of the order; 52.239-1, 52.233-3,
  and 52.232-33,. 

  (ix) The following DFARS clauses apply: 252.212-7001,
  (b): 252.225-7001 and 252.247-7024; 252.204-7004. 

  (x) Quotes shall include a completed copy of FAR 52.212-3, and 
  DFARS 252.212-7000, 252.225-7000 and 252.247-7022. 

  (xi) Additional Requirements.
  (1) The quantities set forth in paragraph (v) above for CLINs
  0001 through 0003 shall be used for evaluation purposes. CLIN
  0004, 150 hours shall be used for evaluation purposes. (2)
  Any order awarded as a result of this RFQ shall be for one
  year. Note maintenance may extend beyond this period. (3) Contract
  type shall be firm fixed price. 

  (xii) Year 2000 Compliance:
  (a) All information technology provided under, or in support
  of, this contract by the contractor and all subcontractors
  shall be Year 2000 compliant. "Year 2000 compliant" means,
  with respect to information technology, that the information
  technology accurately processes date/time data (including,
  but not limited to, calculating, comparing, and sequencing)
  from, into, and between the twentieth and twenty-first centuries,
  and the years 1999 and 2000 and leap year calculations, to
  the extent that other information technology, used in combination
  with the information technology being acquired, properly exchanges
  date/time data with it. (b) To ensure Year 2000 compliance,
  the contractor shall, at a minimum, test a representative sampling
  of the information technology, or same type of information
  technology, that will be provided under the contract. Testing
  will be accomplished and documented in accordance with generally
  accepted commercial standards/practices. If requested, the
  contractor shall provide the Government with a copy of such
  Year 2000 compliance test documentation at no additional cost
  to the Government. 

  (xiii) DPAS, N/A. 

  (xiv) CDB Number Notes, N/A. 

  (xv) Quotes are due no later than 12:00 pm central time,
  12 Oct 99. Quotes shall be prepared in 2 Volumes: Volume 1,
  Cost Proposal and Other Information Required by this RFQ. Volume
  2, Technical Proposal which sets forth sufficient evidence
  to confirm compliance with the specifications. Original and
  one copy of Volumes 1 and 2 shall be delivered to DITCO/DTS6,
  Debi Santoro, 2300 East Drive, Scott AFB Il 62225-5406. Four
  copies of Volume 2 ONLY shall be delivered to DISA/D6/IAESO,
  5600 Columbia Pike, Falls Church VA 22041-2717, Attn: Lee Nelson.

  (xvi) Contract Debi Santoro, 618-229-9710 (voice) or santorod@scott.disa.mil
  for information regarding this RFQ.  

EMAILADD: santorod@scott.disa.mil
EMAILDESC: santorod@scott.disa.mil
CITE: (W-266 SN383710)