The US Department of Health and Human Services (HHS) OS Chief Information Security Office, has a requirement for Bromium vSentry and LAVA Micro-Virtualization and hardware isolation security solution.

Currently, no other security product provides a micro virtualization (also referred to as a hardware isolation virtualization) capability which uses hardware level isolation to stop targeted attacks including zero day exploits, commonly considered undetectable, from successfully penetrating Department systems.

The Bromium vSentry software creates an environment, which creates a specific environment isolated down to the hardware which mimics a singular system. This is unlike other sandboxing applications which wrap their sandboxes in a cocoon of code which the malware can escape..
Advantages:
• Any malicious software which is executed is done so in a unique environment which will not result in a full system infection or compromise.
• Upon identification of malicious activity, the virtualized environment is terminated while still allowing the users session to continue.
• All details of the malware activity and attempted system modifications are logged and available for further analysis and notification across effected OpDivs within the Department.

The product being purchased is the only product currently available which meet the CSIRC requirements and the capabilities that Bromium provides:
• Solution must utilize micro-virtualization for the most common untrusted tasks and threat vectors, including browsing the internet, downloading documents, opening email attachments, and launching files from authorized USB/removable storage devices.
• Solution must provide granular isolation leveraging individual micro-VMs for each untrusted task (i.e. each website is rendered in its own independent micro-VM, and each document is opened in its own micro-VM).
• Solution must incorporate a micro visor architecture that runs on the CPU instead of a kernel-level sandbox.
• Solution must have a manager server to maintain and report on the vSentry agents

The product selection provides a unique capability to identify and mitigate the malware threat, to include previously unidentified malware and those taking advantage of zero-day exploits. The unique micro visor architecture that runs on the CPU rather than the Kernel Level sanboxing offered by other vendors, offers a level of protection and analytical capabilities that has been previously unobtainable on a common user's system.

The North American Industry Classification Code is 541512 Computer Systems, Design Services. The Period of Performance is for 12 months.

The acquisition is being conducted under simplified acquisition procedures using FAR Part 13 and is exempt from the requirements of FAR Part 6, Competition Requirement. This notice of intent is not a request for competitive proposals. The determination by the Government not to compete the proposed contract based upon responses to this notice is solely with the discretion of the Government.

Interested parties may submit a quote in response to this synopsis to the attention of Ms. Demetrus Hunter, Contract Specialist at [email protected].
Program Support Center, Division of Acquisition Management 12501 Ardennes Ave. Suite 400, Rockville, MD 20857