Inactive

This is an unrestricted combined synopsis/solicitation prepared in accordance with Federal Acquisition Regulation (FAR) Part 12 and the supplemental information included in this notice. This announcem... This is an unrestricted combined synopsis/solicitation prepared in accordance with Federal Acquisition Regulation (FAR) Part 12 and the supplemental information included in this notice. This announcement constitutes the only solicitation; submissions are being requested for Payment Card Industry Data Security Standards (PCI-DSS) Services, as described in the Scope of Work herein. Please see the solicitation details for complete information about this opportunity and all submission instructions. Questions concerning this opportunity are due to Paula_Johnson@nps.gov by 04/02/2019 at 1200 MT. The resultant award will be firm fixed price.

Inactive

The National Park Service (NPS), Washington Contracting Office (WCO), in support of Recreation Fee Program announces its intention to procure on a competitive basis a contract for Payment Card Industr... The National Park Service (NPS), Washington Contracting Office (WCO), in support of Recreation Fee Program announces its intention to procure on a competitive basis a contract for Payment Card Industry Data Security Standard (PCI-DSS) services. Program Background: The Recreation Fee Program oversees all credit card processing inside the NPS, which includes approximately 1000 merchant accounts that are collectively processing approximately 6 million credit card transactions annually. Each year the NPS is required by Treasury and its processor, WorldPay, to validate compliance with the Payment Card Industry Data Security Standards (PCI-DSS) requirements for all processing "payment channels." As a credit card merchant, the NPS must meet appropriate Payment Card Industry (PCI) standards to securely process, store and transmit cardholder data. The National Park Service is seeking a Qualified Security Assessor (QSA), Payment Application Qualified Security Assessor (PA-QSA) and Approved Scanning Vendor (ASV) with extensive PCI assessment experience to assist the Recreation Fee program in providing the following services: • PCI Security Standards policy guidance • PCI DSS scope reduction practices guidance • National Park Service Cardholder Data Environment (CDE) • Self-assessment questionnaires (SAQ) for each MID • Attestation of Compliance (AOC) • PCI SCC Level 1 penetration testing • PCI SCC vulnerability scans Set-Aside: Results from this Request for Information will assist the Government in determining whether some or all of the scope of work can be performed by a small business entity. Contract Type: The resultant award will be a firm fixed price contract. North American Industry Classification System Codes (NAICS): The NAICS code for this acquisition is 522320 "Financial Transactions Processing, Reserve and Clearinghouse Activities". The Small Business Size Standard for this NAICS code is $38.5 million. Estimated Period of Performance: The period of performance for this project shall include one (1) base period plus four (4) one (1) period options and is anticipated as follows: Base Period: May 1, 2019 to April 30, 2020 Optional Period One (1): May 1, 2020 to April 30, 2021 Optional Period Two (2): May 1, 2021 to April 30, 2022 Optional Period Three (3): May 1, 2022 to April 30, 2023 Optional Period Four (4): May 1, 2023 to April 30, 2024 Submittal Information: It is requested that interested businesses submit to the contracting office a brief capabilities statement package (no more than five (5) 8.5 x 11 " pages in length exclusive of cover and table of content pages, single spaced, and 12-point font minimum). The capabilities statement package shall address, at a minimum, the following items related to the services required: • Prior/current corporate experience performing efforts of similar size and scope within the last five (5) years, including contract number, organization supported, indication of whether as a prime or subcontractor, contract value, and a brief description of how the referenced contract relates to the services described. • Demonstrate that the firm is a qualified security assessor (QSA) and payment application qualified security assessor (PA-QSA) • Demonstrate understanding of and ability to perform vulnerability scanning and penetration testing All capabilities statement packages shall also address the following: • Company profile to include GSA Schedule number, number of employees, annual revenue history, DUNS Number, socioeconomic status and a statement regarding current size status. Responses to this Sources Sought Notice shall be submitted to Paula_Johnson@nps.gov by Wednesday, March 13, 2019 at 1200 MT. NOTE: This is a Request for Information, a market survey for information to be used for preliminary planning purposes. The information received will be used within the National Park Service to facilitate the decision making process and will not be disclosed outside of the agency. The intent of this Request for Information is to identify potential qualified Small Businesses, U.S. Small Business Administration (SBA) certified 8(a) Businesses, SBA certified HUBZone Small Businesses, Economically Disadvantaged Women-Owned Small Businesses, and/or Service Disabled Veteran-Owned Small Businesses that hold a GSA Schedule. No reimbursement will be made for any costs associated with providing information in response to this announcement or any follow-up information requests. This notice does not constitute a Request for Quote and is not to be construed as a commitment by the Government for any purpose other than market research. Respondents will not be notified of the results of this market research.