Patches Government Bids & RFPs

The bid notice does not explicitly state a general delivery deadline for all products or services. However, it mentions that for all equipment requiring a full independent verification and validation (IVV) test, the vendor shall not make any delivery and shall not receive payment until the program management office (PMO) has completed a self-assessment and the IVV has been scheduled. Delivery may take place prior to this milestone only if written permission is provided by the contracting officer. For equipment requiring an assess only certification, delivery and payment are contingent on the PMO completing a self-assessment and the system being submitted for an assess only ATO/APL. The vendor must receive written confirmation from the PMO or contracting officer that the system has been submitted and that the vendor may proceed with delivery. Delivery may take place prior to this milestone only if written permission is provided by the contracting officer. The vendor shall remit all requested technical documents to the requester no later than one hundred and thirty (130) days from the date of order.

The bid notice states that for all equipment requiring a full independent verification and validation (IVV) test, the vendor shall not receive payment for the system until the program management office (PMO) has completed a self-assessment and the IVV has been scheduled. Similarly, for equipment requiring an assess only certification, the vendor shall not receive payment for the system until the PMO has completed a self-assessment and the system has been submitted for an assess only ATO/APL. The vendor must receive written confirmation from the PMO or contracting officer that the system has been submitted for an assess only ATO/APL and that the vendor may proceed with delivery before payment is processed. The bid notice does not specify other general payment terms.

The bid notice states that vendors shall be responsible for providing cybersecurity maintenance support for six (6) years, or until the end of life date of the equipment identified by the vendor, whichever is longer. Furthermore, pursuant to subsequent warranty period and service maintenance agreements (SMAs), the vendor shall, after the issuance of an ATO or APL approval, ensure that the vendor's device or system maintains its ATO or operating system platform and patches/updates for six (6) years or as long as the vendor commercially supports the equipment/product, whichever is longer. Maintaining the RMF ATO or APL approval shall be included as part of the vendor's warranty period.

The bid notice mentions that the option pricing for RMF only maintenance shall at a minimum be used in the evaluation/selection of vendors. However, it does not explicitly detail the overall award criterion.

The bid notice requires vendors to comply with the national information assurance partnership (NIAP) common criteria cybersecurity evaluation and validation scheme (CCEVS) evaluation. Vendors must provide a fully credentialed Nessus scan with RFO submission and monthly Nessus scans. The vendor device or system shall pass prevalidation technical screening vulnerability scans utilizing Nessus, Security Content Automation Protocol (SCAP) scans, and Security Technical Implementation Guides (STIGs) checklists within 6 months of contract award. Specific criteria for these scans include no unmitigated very high or high severity category I (CAT I) vulnerabilities and no unmitigated moderate severity category II (CAT II) vulnerabilities from Nessus scans and STIGs. The vendor shall also provide all sections of the medical device equipment risk assessment (MDERA) questionnaire and a vulnerability assessment report from a Nessus scanner.

The bid notice states that failure to meet the requirements may result in termination of the delivery order for cause, in accordance with Federal Acquisition Regulation (FAR) ****(m).

The contractor shall deliver the license access instructions and license keys to the email address no later than 20 calendar days from date of award to program manager, Patrick Lewis at patrick. lewis@ice. dhs. gov.

The bid notice states one year 12 month warranty on all hardware, iris and moris software, mounting devices, and cables including 24 hour shipment of replacement hardware whether damaged, broken or defective.

The bid notice states The government intends to award a single firm fixed price FFP contract with a 12 month period of performance to BI2 provided the proposal is determined to be technically acceptable and the proposed price is determined to be fair and reasonable.

This acquisition is set aside for small business concerns.

The bid notice states that final completion is estimated for December 31, 2026.

The bid notice indicates that the prebid meeting is non-mandatory, suggesting that a site visit is optional.

The bid notice does not mention the submission of samples.

The bid notice specifies a question submission deadline of May 29, 2026, which may be related to challenges or clarifications.

The bid notice states that proposals must be received no later than May 28, 2026, at 5:00 PM Eastern Standard Time. Late submissions will not be considered.

The bid notice states that proposals will be evaluated based on the following criteria: Technical approach and methodology, relevant experience and qualifications, project plan and staffing, cost proposal, and references and past performance.

The bid notice states that vendors must be based in the United States and should include their company profile and qualifications, relevant certifications, and at least three client references for comparable engagements within the last five years.