NATIONAL INFORMATICS CENTRE SERVICES INCORPORATED · GTC Generic Token Card ... NICSI National Informatics Centre Services Incorporated NMAP Network Mapper ... SMS Short Messaging

No. 10(02)/2016-NICSI

Page 1 of 105

No. 10(02)/2016-NICSI

NATIONAL INFORMATICS CENTRE SERVICES INCORPORATED

(A Government of India Enterprise under NIC)

MINISTRY OF COMMUNICATION AND INFORMATION TECHNOLOGY

REQUEST FOR PROPOSAL

From vendors for empanelment with NICSI

for

Centrally Managed Endpoint Security Solutions

Products & Services

TENDER NO.

NICSI/ENDPOINT SECURITY SOLUTION/2016/02

HALL NO. 2&3,

6TH FLOOR, NBCC TOWER,

15 BHIKAJI CAMA PLACE,

NEW DELHI – 110066.

TEL – 26105054, FAX – 26105212

No. 10(02)/2016-NICSI

Page 2 of 105

Table of Contents

1 ABOUT NICSI ............................................................................................................................................. 7

2 ABOUT THIS TENDER .............................................................................................................................. 7

2.1 SCOPE OF WORK ........................................................................................................................... 7

2.1.1 LIST OF SCHEDULES ...................................................................................................... 7

2.2 IMPORTANT DATES...................................................................................................................... 9

2.3 EARNEST MONEY DEPOSIT ...................................................................................................... 10

3 PRE-BID QUERIES .................................................................................................................................. 10

4 BID SUBMISSION ..................................................................................................................................... 11

5 BID OPENING .......................................................................................................................................... 14

6 BID EVALUATION ................................................................................................................................... 15

6.1 PRE-QUALIFICATION EVALUATION ....................................................................................... 15

6.2 TECHNICAL BID EVALUATION ................................................................................................ 15

6.3 FINANCIAL BID EVALUATION ................................................................................................. 16

7 EMPANELMENT OF SUCCESSFUL BIDDER ....................................................................................... 17

7.1 EMPANELMENT CONDITIONS ................................................................................................. 17

7.2 SECURITY DEPOSIT & PBG ........................................................................................................ 19

8 PLACING OF PURCHASE ORDERS ....................................................................................................... 20

9 PRE-DELIVERY INSPECTION AND ACCEPTANCE OF ITEMS .......................................................... 20

10 DELIVERY PROCESS ............................................................................................................................... 21

11 TRAINING................................................................................................................................................. 22

12 INSPECTION, INSTALLATION AND ACCEPTANCE OF DELIVERED ITEMS ................................. 22

13 WARRANTY SERVICE ............................................................................................................................. 23

14 PAYMENT ................................................................................................................................................. 23

15 REFUND OF EMD & SECURITY DEPOSIT ........................................................................................... 25

16 GENERAL TERMS & CONDITIONS ....................................................................................................... 25

16.1 CONDITIONS................................................................................................................................ 25

16.2 MICRO, SMALL & MEDIUM ENTERPRISES DEVELOPMENT ACT ...................................... 26

16.3 PRICE VARIATION CLAUSE ...................................................................................................... 26

16.4 LIMITATION OF LIABILITY ....................................................................................................... 27

16.5 INDEMNITY ................................................................................................................................. 28

16.6 TERMINATION FOR INSOLVENCY .......................................................................................... 28

16.7 FORCE MAJEURE ........................................................................................................................ 28

16.8 TERMINATION FOR DEFAULT ................................................................................................. 28

16.9 ARBITRATION ............................................................................................................................. 29

16.10 CONCILIATION ............................................................................................................................ 29

16.11 APPLICABLE LAW ....................................................................................................................... 29

No. 10(02)/2016-NICSI

Page 3 of 105

17 SPECIAL TERMS & CONDITIONS ......................................................................................................... 30

18 TECHNICAL SPECIFICATIONS ............................................................................................................. 30

18.1. SCHEDULE I – HARDWARE/SOFTWARE SUPPORT ............................................................. 31

18.1.1 HARDWARE/SOFTWARE REQUIREMENTS FOR CENTRALLY MANAGED

ANTIVIRUS SYSTEM ................................................................................................................... 31

18.1.2 HARDWARE/SOFTWARE REQUIREMENTS FOR CENTRALLY MANAGED PATCH

MANAGEMENT SOLUTION ...................................................................................................... 32

18.1.3 HARDWARE/SOFTWARE REQUIREMENTS FOR LIGHT-WEIGHT DIRECTORY

ACCESS PROTOCOL .................................................................................................................... 34

18.1.4 HARDWARE/SOFTWARE REQUIREMENTS FOR MOBILE DEVICE MANAGEMENT

35

18.2. SCHEDULE II – CENTRALLY MANAGED ANTIVIRUS SOLUTION ...................................... 35

18.2.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR PROCUREMENT AND RENEWAL

OF CENTRALLY MANAGED ANTIVIRUS SOLUTION LICENSES ....................................... 35

18.2.2 MAINTAINING AND MANAGING EXISTING CMAS LICENSES .............................. 38

18.2.3 TECHNICAL SPECIFICATION/REQUIREMENT OF VALUE ADDED FEATURES FOR

CMAS 39

18.3. SCHEDULE III – ENDPOINT BASED INTRUSION PREVENTION SYSTEM FOR SERVERS41

18.3.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR ENDPOINT BASED INTRUSION

PREVENTION SYSTEM FOR SERVERS ................................................................................... 41

18.3.2 VALUE ADDED FEATURES FOR ENDPOINT INTRUSION PREVENTION SYSTEM42

18.4. SCHEDULE IV – CENTRALLY MANAGED DATA LEAKAGE PREVENTION SOLUTION ... 43

18.4.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR DLP (DATA LEAKAGE

PREVENTION) SOLUTION ......................................................................................................... 43

18.4.2 TECHNICAL SPECIFICATION/REQUIREMENT OF VALUE ADDED FEATURES FOR DLP45

18.5. SCHEDULE V – CENTRALLY MANAGED SECURITY SOLUTION FOR MOBILE DEVICES46

18.5.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR MOBILE SECURITY SOLUTION

46


MOBILE SECURITY ..................................................................................................................... 48

18.6. SCHEDULE VI – CENTRALLY MANAGED DEVICE CONTROL SOLUTION ........................ 48

18.6.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR DEVICE CONTROL SOLUTION

48


DEVICE CONTROL SOLUTION .................................................................................................. 49

18.7. SCHEDULE VII – CENTRALLY MANAGED NETWORK ACCESS CONTROL ....................... 50

18.7.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR NAC (NETWORK ACCESS

CONTROL) SOLUTION ............................................................................................................... 50


NAC (NETWORK ACCESS CONTROL) SOLUTION .................................................................. 54

18.8. SCHEDULE VIII – CENTRALLY MANAGED ENCRYPTION SOLUTION .............................. 55

No. 10(02)/2016-NICSI

Page 4 of 105

18.8.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR ENCRYPTION OF ENDPOINT

55


ENCRYPTION SOLUTION .......................................................................................................... 56

18.9. SCHEDULE IX – CENTRALLY MANAGED PATCH MANAGEMENT SOLUTION ................ 57

18.9.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR PROCUREMENT AND

RENEWAL OF CENTRALLY MANAGED PATCH MANAGEMENT SOLUTION LICENSES . 57

18.9.2 MAINTAINING AND MANAGING EXISTING CMPMS LICENSES .......................... 59

18.9.3 VALUE ADDED FEATURES FOR CENTRALLY MANAGED PATCH MANAGEMENT

SOLUTION .................................................................................................................................... 61

18.10. SCHEDULE X – LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL .................................... 62

18.10.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR LIGHT WEIGHT DIRECTORY

ACCESS PROTOCOL .................................................................................................................... 62


LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL ................................................................ 65

18.11. SCHEDULE XI – MANAGED ENTERPRISE ENDPOINT SECURITY SOLUTION SERVICES65

19 ANNEXURE .............................................................................................................................................. 69

ANNEXURE 1. ELIGIBILITY CRITERIA............................................................................................. 70

19.1.1 BASIC QUALIFICATION CRITERIA ............................................................................. 70

19.1.2 PROJECT IMPLEMENTATION ..................................................................................... 73

ANNEXURE 2. HARDWARE/SOFTWARE/MANPOWER SUPPLY ................................................. 84

ANNEXURE 3. SLA AND PENALTY .................................................................................................... 85

19.3.1 DELIVERY AND INSTALLATION ................................................................................. 85

19.3.2 PERFORMANCE .......................................................................................................... 86

19.3.3 ANTIVIRUS SIGNATURE .............................................................................................. 90

19.3.4 MANPOWER ................................................................................................................... 90

19.3.5 OEM/VENDOR SUPPORT SERVICES .......................................................................... 92

ANNEXURE 4. BIDDER’S PROFILE ................................................................................................... 94

ANNEXURE 5. SITE NOT READY CERTIFICATE ............................................................................. 95

ANNEXURE 6. MANUFACTURER’S AUTHORIZATION FORM...................................................... 96

19.6.1 MAF – A ......................................................................................................................... 96

19.6.2 MAF – B ......................................................................................................................... 97

ANNEXURE 7. INSTALLATION CERTIFICATE ................................................................................ 99

ANNEXURE 8. FINANCIAL BID PROFORMA TEMPLATE ........................................................... 100

19.8.1 FINANCIAL BID TEMPLATE ...................................................................................... 100

19.8.2 FINAL GTV VALUE .................................................................................................. 103

ANNEXURE 9. SERVICE NETWORK ............................................................................................... 104

No. 10(02)/2016-NICSI

Page 5 of 105

Abbreviations

AD Active Directory AES Advanced Encryption Standard API Application Programming Interface APT Advanced Packaging Tool BG Bank Guarantee BPA Best Practice Analyzer CD Compact Disc CDP Cisco Discovery Protocol CMAS Centrally Manages Antivirus Solution CMESS Centrally Managed Endpoint Security Solution CMPMS Centrally Managed Patch Management Solution COM Communication CPU Central Process Unit CST Central Sales Tax CSV Comma Separated Values CVC Central Vigilance Commission CVE Common Vulnerabilities and Exposures dACLs Downloadable Access Control Lists DDos Distributed Denial of Service DeitY Department of Information Technology DHCP Dynamic Host Configuration Protocol DLL Dynamic Link Library DLP Data Leakage and Prevention DNS Domain Name System DVD Digital Versatile Disc EAL Evaluation Assurance Level EAP Extensible Authentication Protocol EMD Earnest Money Deposit ESMTP Extended Simple Mail Transfer Protocol FAST EAP Flexible Authentication via Secure Tunneling FEC Financial Evaluation Committee FTP File Transfer Protocol GFR General Financial Rules GPS Global Positioning System GTC Generic Token Card GTV Gross Total Value GUI Graphical User Interface HIPS Host Intrusion Prevention System HQ Head Quarter HR Human Resource HTML Hyper Text Markup Language HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure ICADR International Centre for Alternative Dispute

Resolution ICT Information and Communication Technology ILAC International Laboratory Accreditation IM Instant Messaging IMAP Internet Message Access Protocol IP Internet Protocol IPS Intrusion Prevention System ISO International Organization for Standardization IT Information Technology ITR Income Tax Report LBT Local Body Tax LDAP Lightweight Directory Access Protocol LEAP Lightweight Extensible Authentication Protocol LLDP Link Layer Discovery Protocol LPT Line Printer Terminal MAC Media Access Control MAF Manufacturer Authorizations Form

No. 10(02)/2016-NICSI

Page 6 of 105

MDM Mobile Device Management MS-CHAP Microsoft Challenge Handshake Authentication

Protocol NABL National Accreditation Board for Testing and

Calibration Laboratories NAC Network Access Control NIC National Informatics Centre NICNET National Informatics Centre Network NICSI National Informatics Centre Services Incorporated NMAP Network Mapper NSIC National Small Industries Corporation NVD National Vulnerability Database OEM Original Equipment Manufacturers OS Operating System OUI Organizationally Unique Identifier PAP Password Authentication Protocol PBG Performance Bank Guarantee PC Personal Computer PDF Portable Document Format PEAP Protected Extensible Authentication Protocol PF Provident Fund PHI Protected Health Information PII Personally Identifiable Information PKI Public Key Infrastructure PO Purchase Order POP Post Office Protocol PSU Public Sector Undertaking RADIUS Remote Authentication Dial In User Service RAM Random Access Memory RCA Root Cause Analysis RF Radio Frequency RTGS Real Time Gross Settlement SCCM System Center Configuration Manager SD Secure Digital SIEM Security Information and Event Management SIM Subscriber Identity Module SLA Service Level Agreement SMS Short Messaging Service SMTP Simple Mail Transfer Protocol SNR Site Not Ready SOP Standard Operating Procedure SPAN Switch Port Analyzer SSL Secure Sockets Layer TA/DA Travel Allowance / Dearness Allowance TDS Tax Deduction at Source TEC Technical Evaluation Committee TFTP Trivial File Transfer Protocol TLS Transport Layer Security USB Universal Serial Bus USD United States Dollar VAT Value Added Tax VLAN Virtual Local Area Network VM Virtual Machines VPN Virtual Private Network VSAT A Very Small Aperture Terminal

No. 10(02)/2016-NICSI

Page 7 of 105

1 ABOUT NICSI

The National Informatics Centre Services Inc. (NICSI) was set up in 1995 as a section 25 Company under

National Informatics Centre (NIC), Ministry of Communications & Information Technology, Government

of India to provide total IT solutions to the Government organizations. NICSI provides services for a

number of e-Governance projects undertaken by NIC and Department of Information technology (DeitY).

Main Objectives:

1.1 To provide economic, scientific, technological, social and cultural development of India by

promoting the utilization of Information Technology. Computer-Communication Networks,

Informatics etc. by a spin-off of the services, technologies, infrastructure and expertise developed by

the NIC of the Government of India including its Computer-Communication Network, NICNET and

associated infrastructure and services.

1.2 To promote further development of services, technologies, infrastructure and expertise

supplementing that developed by NIC in directions which will increase the revenue earning capacity

of NIC.

1.3 To develop and promote value added computer and computer-communications services over the

basic infrastructure and services developed by NIC including NICNET.

In furtherance of these objectives, NICSI has been providing various products & services to organizations

in the Central Government, State Governments and PSUs etc. Products and Services include Hardware,

Systems Software, Application Software, Software Development, Intra-Networking, Wide Area

Networking, Video Conferencing, IT Consultancy, IT Implementation Support among others.

2 ABOUT THIS TENDER

2.1 SCOPE OF WORK

National Informatics Centre (NIC) is providing ICT services to various Central Government

Ministries/Departments, State Governments and District Administration. Different offices/

locations are being connected by various means like RF, VSAT, terrestrial high speed leased

lines etc. More than 2500 VSATs are connected in NICNET and these VSATs are installed all

over India. Under the telecommuting programme, a huge number of senior officers of

Government of India access Internet, Intranet and Video Conferencing. NIC has all necessary

permissions for operating Internet Gateway services. Currently more than 200,000 nodes are

connected to NICNET. NICNET has the state of the art Internet Data Centres/National Data

Centres hosting huge number of web sites.

In this respect NICSI would like to invite bids from OEM(s)/their Authorized Indian

Agents (hereby referred to as “Bidder(s)” in the tender document) to provide and

manage endpoint security for the client systems, Servers and Mobile Devices. This Centrally

Managed Endpoint Security Solution (CMESS) has different products mentioned in the tender

as separate schedules. The details of these different schedules are as follows

2.1.1 LIST OF SCHEDULES

S.No. Schedule No

(Section No) Product Name

Page No for each

Section

No. 10(02)/2016-NICSI

Page 8 of 105

1 I (18.1)

Hardware/Software Support

(CMAS – 18.1.1 , CMPMS –

18.1.2 , LDAP – 18.1.3,

Mobile Security – 18.1.4)

Hardware/Software

Support for

CMAS – 34

CMPMS – 35

LDAP –37

Mobile Security - 38

2 II (18.2)

Centrally Managed

Antivirus Solution

(Procurement and Renewal

of CMAS licenses – 18.2.1 ,

Maintaining and Managing

Existing CMAS Licenses –

18.2.2, Value added

Features – 18.2.3)

Procurement and Renewal

of CMAS licenses – 38

Maintaining and

Managing Existing CMAS

Licenses – 41

Value Added Features for

CMAS – 43

3 III(18.3)

Endpoint Intrusion

Prevention System for

Servers ( Technical

specifications of Endpoint

IPS for Servers – 18.3.1,

Value Added Features of

Endpoint IPS for Servers –

18.3.2)

Technical specifications of


44

Value Added Features of


45

4 IV(18.4)

Centrally Managed Data

Leakage Prevention

Solution (Technical

Specifications for DLP

Solution – 18.4.1 , Value

Added Features for DLP –

18.4.2)

Technical Specifications

for DLP Solution – 46


DLP – 48

5 V(18.5)

Centrally Managed Security

Solution for Mobile Devices

(Technical Specifications for

Mobile Security Solution –

18.5.1, Value Added

Features for Mobile Security

Solution – 18.5.2 )


for Mobile Security

Solution – 49


Mobile Security Solution –

52

6 VI(18.6)

Centrally Managed Device

Control Solution( Technical

Specifications for Device

Control Solution – 18.6.1,


Device Control solution –

18.6.2)


for Device Control

Solution – 52


Device Control solution –

54

7 VII (18.7)

Centrally Managed Network

Access Control ( Technical

Specifications for Network

Access Control Solution –

18.7.1,Value Added Features

for Network Access Control



for Network Access

Control Solution – 54


Network Access Control

Solution – 60

No. 10(02)/2016-NICSI

Page 9 of 105

8 VIII (18.8)

Centrally Managed

Encryption Solution (

Technical Specifications for

Encryption Solution –

18.8.1, Value Added

Features for Encryption



for Encryption Solution –

61


Encryption Solution – 62

9 IX (18.9)

Centrally Managed Patch

Management Solution

(Procurement and Renewal

of CMPMS Licenses - 18.9.1

and Maintaining and

Managing Existing CMPMS

Licenses – 18.9.2, Value

added Features for CMPMS

– 18.9.3)

Procurement and Renewal

of CMPMS Licenses – 63

Maintaining and

Managing Existing

CMPMS Licenses – 65


CMPMS – 67

10 X (18.10)

Lightweight Directory

Access Protocol ( Technical

Specifications for LDAP –

18.10.1, Value Added

Features for LDAP –

18.10.2)


for LDAP – 68


LDAP – 71

11 XI(18.11)

Managed Enterprise

Endpoint Security Solution

Services

Managed Enterprise

Endpoint Security

Solution Services - 71

Note - The bidder(s) must quote for all the schedules mentioned in Section 2.1.1 : LIST OF SCHEDULES which would form a comprehensive Centrally Managed Endpoint Security Solution

2.2 IMPORTANT DATES

Date of publication 26-04-2016

The tender document is available at NICSI e-

procurement site http://eproc-nicsi.nic.in

Start of sale of tender

document

26-04-2016

The tender document is available free of cost on the

NICSI e-procurement site

Seek clarification start

date

29-04-2016 at 0900 Hrs

Seek clarification end

date

02-05-2016 1700 hrs

Pre-bid meeting date 04-05-2016 at 1130 Hrs

Bid submission start

date

12-05-2016 at 0900 hrs

http://eproc-nicsi.nic.in/

No. 10(02)/2016-NICSI

Page 10 of 105

Bid submission end

date

26-05-2016 till 1500 Hrs

Tender bids opening

date

27-05-2016 at 1530 Hrs

2.3 EARNEST MONEY DEPOSIT

Earnest Money Deposit must be submitted by all the bidders, except those who are registered

with the Central Purchase Organization, National Small Industries Corporation (NSIC) or the

concerned Ministry or Department only (if they are registered for relevant schedules /

products under this tender). The bidder must submit the certification of registration with one

of the given authorities.

The EMD amount should be INR 20 crores which must be submitted through Demand

Draft/Bank Guarantee of any Scheduled Commercial Bank (drawn in favor of National

Informatics Centre Services Inc., New Delhi) physically before Bid submission end date as

mentioned in Section 2.2 : IMPORTANT DATES, otherwise bids will be rejected.

However, the scanned copy of Bank drafts must be uploaded (PDF format) electronically on

http://eproc-nicsi.nic.in. EMD shall be valid for a period of 180 days from the date of

publication of the tender which should be further extendable in case of need. EMD of

unsuccessful bidders will be returned, without any interest, on tender finalization. EMD of

successful bidders will be returned after they sign letter of empanelment with NICSI and

submit a bank guarantee of equal amount for the period of empanelment/extended

empanelment. The BG will be released after the empanelment or extended empanelment or

complete execution of all the purchase orders issued under this empanelment, whichever is

later.

3 PRE-BID QUERIES

NICSI will hold a pre bid meeting with the prospective bidders at the designated Pre-bid meeting date

as mentioned in Section 2.2 : IMPORTANT DATES in the NICSI conference hall. Queries (including

the bidding conditions & bidding process) received from the prospective bidders in writing, or over email,

up till Seek clarification end date as mentioned in Section 2.2 : IMPORTANT DATES, shall be

addressed. The queries can be sent to NICSI through email at [email protected] or faxed on 011-

26105212.

Only those pre-bid queries which are received in the following format (in .xls) shall be

entertained:

Company name M/s.

S.

No.

Name and

number of

section /

annexure /

Pg. No. of

Name and

number of

sub category

/ table, if any

Item

no., if

any

Item

description

Query Description of

requested

change

No. 10(02)/2016-NICSI

Page 11 of 105

tender

4 BID SUBMISSION

4.1. Online bids (complete in all respect) must be uploaded on http://eproc-nicsi.nic.in latest before

5:30 pm by Bid submission end date as mentioned in Section 2.2 : IMPORTANT DATES

4.2. The bids must be submitted as under:

EMD The PDF file should be saved as ‘EMD<Bidder’s Name>.pdf’ and should

comprise of the following items:

• Scanned copy of bank draft / bank guarantee for EMD Fees (as per

items quoted from this RFP);

The PDF file not containing the above documents or containing the technical or

financial bid in explicit / implicit form will lead to rejection of the bid.

Hard Copies of demand drafts/bank guarantees must be put in a separate

envelope titled EMD of “Tender No. NICSI/ENDPOINT SECURITY

SOLUTINS/2016/02 for SUPPLY, INSTALLATION,

CONFIGURATION AND SERVICE SUPPORT OF CENTRALLY

MANAGED ENDPOINT SECURITY SOLUTION AND

EMPANELMENT OF THE VENDORS .”

Pre

Qualification

The RAR file must be saved as ‘Pre_Qual_<MENTION TENDER

NUMBER>.rar’.

It must contain the following information –

Compliance sheets as per Annexure 1 : ELIGIBILITY CRITERIA

and the supporting documents (in pdf format)

Bidder’s profile as per Annexure 4 : BIDDER’S PROFILE (in pdf

format)

Bidder must provide all documents mandated for eligibility criteria (in

pdf format)

Bidder must provide all the documents mandated for bidder’s profile

(in pdf format)

Annexure 1 : ELIGIBILITY CRITERIA (in excel form)

Annexure 4 : BIDDER’S PROFILE (in excel form)

This RAR file containing the technical or financial bid in explicit/implicit form

will result in rejection of the bid.

It is the sole responsibility of the bidder to ensure that there is no

deviation in the information provided in pdf & excel versions for

these two Annexures.

All the bids documents must be digitally signed by the authorized signatory of

No. 10(02)/2016-NICSI

Page 12 of 105

the company. In case the bid is signed by anyone other than the authorized

signatory of the company, the bidder must enclose authorization letter from

HR department of the company for the officer, who signed the bid.

All pages of the bid being submitted must be sequentially numbered by the

bidder.

Hard Copies of all the documents must be put in a separate envelope titled

Pre Qualification of “Tender No. NICSI/ENDPOINT SECURITY




EMPANELMENT OF THE VENDORS.”

Technical

Bid

The RAR file must be saved as ‘Tech_bid_<MENTION TENDER

NUMBER>.rar’.


Combined technical bid in the format provided as per the different

schedules in Section 18 : TECHNICAL SPECIFICATIONS (in pdf

format)

Data sheets and any other relevant documentation for all equipment

quoted (in pdf format)

Technical Bid as per the format provided in different schedules of

Section 18 : TECHNICAL SPECIFICATIONS (in xls format)

This RAR file containing the financial bid in explicit/implicit form will result in

rejection of the bid.

It is the sole responsibility of the bidder to ensure that there is no

deviation in the information provided in pdf & excel versions for the

technical bid.

All the bids documents must be digitally signed by the authorized signatory of

company. In case the bid is signed by other than authorized signatory of

company, the bidder must enclose authorization letter from HR department of

the company for the officer, who signed the bid.


bidder.

Hard Copies of all the documents must be put in a separate envelope titled

Technical Bid of “Tender No. NICSI/ENDPOINT SECURITY





Financial

Bid

The excel file must be saved as ‘Fin_bid_<MENTION TENDER

NUMBER>.xls’.

No. 10(02)/2016-NICSI

Page 13 of 105


Financial bid in the format provided

The format of the financial bid must strictly follow the prescribed format as

mentioned in Annexure 8 : FINANCIAL BID PROFORMA TEMPLATE .

Non-adherence will result in rejection of the bid.

All the bid documents must be digitally signed by the authorized signatory of

company. In case the bid is signed by other than authorized signatory of

company, the bidder must enclose authorization letter from HR department of

the company for the officer, who signed the bid.


bidder.

A hard copy of the financial bid should be put in a separate envelope titled

Financial Bid of “Tender No. NICSI/ENDPOINT SECURITY





Bidder must ensure there is no discrepancy between the hard copy submitted

and the softcopy uploaded in Financial Bid Format. In case of any discrepancy

between hard copy submitted and softcopy uploaded, then the commercials

uploaded in softcopy will prevail

4.3. The demand drafts/pay orders for EMD must be submitted in a sealed envelope by Bid

submission end date as mentioned in Section 2.2 : IMPORTANT DATES.

4.4. The pre qualification , technical and financial bids must be submitted in hard copy in separate

sealed envelopes by Bid submission end date as mentioned in Section 2.2 : IMPORTANT

DATES.

4.5. All these sealed envelopes must be enclosed in a single Large envelope titled Tender No.

NICSI/ENDPOINT SECURITY SOLUTINS/2016/02 for SUPPLY, INSTALLATION,

CONFIGURATION AND SERVICE SUPPORT OF CENTRALLY MANAGED ENDPOINT

SECURITY SOLUTION AND EMPANELMENT OF THE VENDORS and sealed. This must

reach NICSI HQ at 1st floor , NBCC towers , Bhikaji Cama Place , New Delhi before 5 :30 pm on the

Bid submission end date as mentioned in Section 2.2 : IMPORTANT DATES

4.6. These bids would be valid for a period of 120 days from the date of opening

4.7. NICSI will not be responsible for any delay on the part of the bidder in obtaining the terms and

conditions of the tender notice or submission of the bids either online or the hard copies beyond the

Bid submission end date as mentioned in Section 2.2 : IMPORTANT DATES .

4.8. The bids submitted by fax/ E-mail /manually etc. shall not be considered. No correspondence will be

entertained on this matter.

4.9. The bid must either be submitted by a particular OEM or its authorized partner/vendor but not by

both the entities.

No. 10(02)/2016-NICSI

Page 14 of 105

4.10. The bidder(s) must bid for the complete solution and bidding for specific schedules is not permitted.

If a bidder has quoted only for certain schedules as mentioned in Section 18 : TECHNICAL

SPECIFICATIONS and not the entire solution then the bid will be rejected

4.11. Conditional tenders shall not be accepted on any ground and shall be rejected straightway. If any

clarification is required, the same should be obtained on the Pre bid meeting date as mentioned

in Section 2.2 : IMPORTANT DATES.

4.12. No bids will be accepted after the Bid submission end date as mentioned in Section 2.2 :

IMPORTANT DATES .

4.13. In case, the day of bid submission is declared Holiday by Govt. of India, the next working day will be

treated as day for submission of bids. There will be no change in the timings.

4.14. All pages of the bid being submitted must be signed by the authorized signatory, stamped and

sequentially numbered by the bidder irrespective of the nature of content of the documents. Un-

signed & un-stamped bid will be summarily rejected.

4.15. At any time prior to the Bid submission end date , NICSI, may, for any reason, whether at its

own initiative or in response to a clarification requested by a prospective bidder, modify the Tender

Document by an amendment. The amendment will be notified on NICSI’s website http://eproc-

nicsi.nic.in and should be taken into consideration by the prospective agencies while preparing their

bids.

4.16. In order to give prospective agencies reasonable time to take the amendment into account in

preparing their bids, NICSI may, at its discretion, extend the Bid submission end date as

mentioned in Section 2.2 : IMPORTANT DATES .

4.17. No bid must be modified subsequent to the Bid submission end date. No bid must be withdrawn

in the interval between the Bid submission end date as mentioned in Section 2.2 :

IMPORTANT DATES and the expiry of the bid validity (120 days from the Bid Opening date as

mentioned in Section 2.2 : IMPORTANT DATES). Withdrawal of a bid during this interval may

result in forfeiture of bidder’s EMD.

4.18. The bidders must bear all costs associated with the preparation and submission of their bids. NICSI

will, in no case, be responsible or liable for those costs, regardless of the outcome of the tendering

process.

4.19. Printed terms and conditions of the bidder will not be considered as forming part of their bid. In

case terms and conditions of the tender document are not acceptable to any bidder, they should

clearly specify the deviations in their bids.

4.20. Bids not submitted as per the specified format and nomenclature may be out rightly rejected.

4.21. Ambiguous/Incomplete/Illegible bids may be out rightly rejected.

4.22. Submission of the Bid will be deemed to have been done after careful study and examination of all

instructions, eligibility norms, terms and required specifications in the tender document with full

understanding of its implications. Bids not complying with all the given clauses in this tender

document are liable to be rejected. Failure to furnish all information required in the tender

Document or submission of a bid not substantially responsive to the tender document in all respects

will be at the bidder’s risk and may result in the rejection of the bid.

4.23. NICSI, at any time during the course of evaluation of the bids, may seek verbal or written

clarifications from the bidders, which may be in the form of product demonstration, presentation,

undertaking, declaration, reports, datasheets, etc., if NICSI finds the information in the submitted

bids to be insufficient/ambiguous/deviant or of any such nature that hinders the evaluation

committee from arriving at a clear decision. It will entirely be at NICSI’s discretion whether to seek

clarifications or not, and what clarifications to seek, or take any other action as per the guidelines

provided in the tender.

5 BID OPENING

No. 10(02)/2016-NICSI

Page 15 of 105

Online bids (complete in all respect as detailed in Section 4 : BID SUBMISSION) received along with

Demand Draft of EMD (Physically) will be opened at Tender bids opening date as mentioned in

Section 2.2 : IMPORTANT DATES in presence of bidders’ representative, if available. Bid received

without EMD will be rejected straight way.

6 BID EVALUATION

6.1 PRE-QUALIFICATION EVALUATION

6.1.1 OEMs which fall under the category of Start Ups as per the criteria defined under

“Start up Stand Up India” initiative of the Government of India would be exempt

from the pre qualification criteria of average annual turnover and past bidder

experience .However these OEMs will still need to furnish a CA certificate

mentioning their turnover for the past 3 financial years ( 2015-14, 2014 – 13 , 2013 –

12)

6.1.2 The Bidders must have furnished the necessary documents to establish their

eligibility (indicating the page number in the bid) for each of the items given in

Annexure 1 : ELIGIBILITY CRITERIA. Relevant portions in the documents

should be highlighted. If a bid is not accompanied by all the necessary documents, it

will be summarily rejected.

6.1.3 Annexure 1: ELIGIBILITY CRITERIA has some criteria which pertain to basic

qualifications as mentioned in 19.1.1 BASIC QUALIFICATION CRITERIA for

which the bidder must mandatorily furnish documents whereas there is an

additional requirement of experience of project implementation for various solutions

as mentioned in 19.1.2 PROJECT IMPLEMENTATION where the bidder must

score at least score 80% among the criteria/sub criteria listed to be eligible for

technical evaluation.

6.1.4 Undertaking for subsequent submission of any of the eligibility documents will not

be entertained. However, NICSI reserves the right to seek fresh set of documents or

seek clarifications on the already submitted documents.

6.1.5 If a bidder submits a MAF which has not been authorized by the OEM then its bid

would be rejected and the EMD would be forfeited

6.1.6 All documents must also be submitted electronically in PDF format. Upon

verification, evaluation/assessment, if in case any information furnished by the

Bidder is found to be false / incorrect, their bid will be summarily rejected and no

correspondence on the same shall be entertained. Submission of false/forged

documents will lead to forfeiture of EMD and blacklisting of bidder for a minimum

period of 3 years from participating in NICSI/NIC tenders.

6.1.7 A Bid that does not fulfill all the stipulated eligibility conditions/criteria will not be

considered.

6.2 TECHNICAL BID EVALUATION

6.2.1 A duly constituted Technical Evaluation Committee (TEC) will select Bidders on the

basis of Technical Specifications as mentioned in the different schedules of Section 18

: TECHNICAL SPECIFICATIONS. The Bids conforming to those specifications will

be considered for further evaluation

6.2.2 The TEC will then evaluate the bidders on the basis of Value Added Features mentioned

for every solution in Section 18 : TECHNICAL SPECIFICATIONS and bidders who

No. 10(02)/2016-NICSI

Page 16 of 105

score at least 60% in these Value Added Features will only be considered for further

evaluation

6.2.3 If the bid doesn’t conform to the technical specifications as mentioned in Section 18 :

TECHNICAL SPECIFICATIONS or doesn’t score minimum 60% in Value Added

Features mentioned in Section 18 : TECHNICAL SPECIFICATIONS for any one

schedule then the bidder would be disqualified and his bid would be rejected.

6.2.4 The TEC has the right to verify the compliance of the quoted solutions with the required

tender specifications of all schedules as mentioned in Section 18 : TECHNICAL

SPECIFICATIONS, and to test them for reliability & functionality. In case the bidder

fails to bring the quoted solution within the prescribed limit (2 weeks) given by the

NICSI for evaluation, the bid may be rejected. In case TEC decides to inspect the

solutions at Bidder’s/OEM’s premises, the expenditure on travel will be borne by NICSI.

6.2.5 The solutions quoted in all schedules must work perfectly in specified operating systems

(if any mentioned in all the schedules of Section 18 : Technical Specifications). If

any quoted solution is found deviating from the requirement, the same shall be rejected.

6.2.6 OEM should be able to provide support for minimum 5 (Five) years for the solutions

mentioned in all the schedules of Section 18 : TECHNICAL SPECIFICATIONS

6.2.7 The TEC reserves the right to reject a solution if it does not match the specifications as

mentioned in the different schedules of Section 18 : TECHNICAL

SPECIFICATIONS

6.3 FINANCIAL BID EVALUATION

6.3.1 The following must be complied with during the preparation of the financial bid:

6.3.1.1 The final rates submitted by the bidders must be in Indian Currency only

and all the payment shall be made by NICSI in Indian currency only

6.3.1.2 Bidders must indicate their rates in clear/visible figures and must not

alter/overwrite/make cutting in the quotation.

6.3.1.3 The bidder must avoid any error while quoting prices for the solution as per

the format given in Annexure 8 : FINANCIAL BID PROFORMA

TEMPLATE. If any discrepancy is found in the bid, it will be rejected.

6.3.2 The evaluation of the financial bids must proceed in the manner as described here:

6.3.2.1 The Financial Bids of only technically qualified bidders will be opened

electronically in the presence of their representatives on a specified date and

time duly notified. The financial bids will then be passed on to a duly

constituted Financial Evaluation Committee (FEC) for evaluation.

6.3.2.2 The bidders must clearly mention Unit Price and Total Price (inclusive of

warranty) against each schedule mentioned in Annexure 8 : FINANCIAL

BID PROFORMA TEMPLATE in their financial bid.

6.3.2.3 The Financial Evaluation Committee shall independently determine the

“Reserved Discount Rate” on unit price of each schedule mentioned in

Annexure 8 : FINANCIAL BID PROFORMA TEMPLATE through

market intelligence.

6.3.2.4 The financial bids for any product & service found to be abnormally higher

than determined by the FEC may be out rightly rejected. The reasonability of

the quoted discount rate will be compared with reserve discount rate

obtained through market intelligence for a specific OEM. NICSI may reserve

No. 10(02)/2016-NICSI

Page 17 of 105

the right to conclude contract with the bidders falling beyond 10% band of

the reserve discount rate determined by FEC through market intelligence.

6.3.2.5 The bidders quoting marginally lower discount rate than determined by the

FEC shall be given an option to match the rates determined by FEC. The

maximum period allowed for matching the rates by any Bidder will not be

more than 7 (Seven) working days from the date of issuance of such

communication from NICSI. If the bidder fails to match the FEC rates within

the stipulated time, the offer may be treated as withdrawn and the bid may

be rejected.

6.3.2.6 The bidders quoting higher discount rate than determined by the FEC, shall

be accepted as per the rates offered under the Financial Bid.

6.3.2.7 FEC is not liable to disclose the following to the bidders:-

6.3.2.7.1 Methodology adopted by FEC to arrive at “reserved discount

rate”

6.3.2.7.2 “Reserved discount rate” for any product / service

6.3.2.8 Quoting incredibly low value of items with a view to subverting the tender

process shall be rejected straight away and EMD of such vendor will be

forfeited

6.3.2.9 The bidder quoting the lowest GTV value will be designated as L1 and

selected for empanelment for the various solutions mentioned in the

schedules of this tender

6.3.2.10 The next lowest quoting bidder in terms of GTV Value (L2 ) will be asked to

match the rates quoted by L1 for Schedule II ( 18.2 Centrally Managed

Antivirus Solutions) and Schedule IX (18.9 Centrally Managed Patch

Management Solution ) to form a panel of 2 vendors for 18.2 Centrally

Managed Antivirus Solution and 18.9 Centrally Managed Patch Management

Solution)

6.3.2.11 In the event of any mismatch in the GTV value mentioned at 19.8.1

FINANCIAL BID TEMPLATE and the one at 19.8.2 FINAL GTV

VALUE of the L1 bidder, the following criteria will be adopted to remove the

discrepancy between these two values :

6.3.2.11.1 When Grand Total Value given in 19.8.1 FINANCIAL BID

TEMPLATE is greater than the Grand Total Value given in

19.8.2 FINAL GTV VALUE , The value given in 19.8.2

FINAL GTV VALUE will be taken as the value for 19.8.1

FINANCIAL BID TEMPLATE and the item wise value for

each item in 19.8.1 FINANCIAL BID TEMPLATE will be

reduced on pro rata basis and consequently unit values will be

worked out

6.3.2.11.2 When Grand Total Value given in 19.8.1 FINANCIAL BID

TEMPLATE is less than the Grand Total Value given in 19.8.2

FINAL GTV VALUE , then the value given in 19.8.1

FINANCIAL BID TEMPLATE will be taken as the GTV value

for the bidder

6.3.2.12 The prices obtained after the financial evaluation may be displayed on the

NICSI website for the empanelment period.

7 EMPANELMENT OF SUCCESSFUL BIDDER

7.1 EMPANELMENT CONDITIONS

No. 10(02)/2016-NICSI

Page 18 of 105

7.1.1 The empanelment under this tender, with all its terms and conditions, can be used by

NIC also.

7.1.2 NIC/NICSI will try to ensure equal distribution of purchase orders to the extent

possible in a round robin manner starting with empaneled vendor designated as L1

7.1.3 The slabs rates for the different solutions will be decided on the quantity of order

placed. The quantity will however be cumulative and the slab rates would be decided

taking into account the existing and licenses ordered earlier.

7.1.4 The bidder will have to make necessary arrangements to maintain existing installed

licenses as per terms and conditions of the tender even if he has quoted for non

existing solutions.

7.1.5 The order for maintain existing installed licenses from one particular OEM would be

given to one particular bidder and the licenses would not be split between two bidders

7.1.6 The empanelment will be valid for a period of 2 years in the first instance from the

date of empanelment. It may be extended for two years followed by a further

extension of another year depending upon the need of NIC / NICSI’s project

requirements with mutual consent.

7.1.7 The empaneled vendor must supply, install & maintain the Centrally Managed

Endpoint Security Solutions at the L1 value bid finalized through this tender

during the period of empanelment/extended empanelment, except for revision in

rates as per provisions of Section 16.4 : PRICE VARIATION CLAUSE.

7.1.8 All licenses of the solutions mentioned in the schedules of Section 18 : Technical

Specifications would be considered as new licenses and renewed from next year

onwards

7.1.9 The responsibility of NIC/user would be limited to ensuring reachability onto

NICNET/user network and the installation of the agent for the first time after which it

will be the responsibility of the vendor to ensure communication and availability of all

the solutions and non compliance will result in penalties for the empaneled vendor as

per Annexure 3 : SLA AND PENALTY, 19.3.2 PERFORMANCE

7.1.10 All empaneled vendors must honor all tender conditions and adherence to all aspects

of fair trade practices in executing the purchase orders placed by NICSI on behalf of

its clients. Failing this, NICSI may forfeit their EMD and stop further participation of

such vendor for three years in NICSI tendering process.

7.1.11 In the event, an empaneled Company or the concerned division of the Company is

taken over /bought over by another company, all the obligations and execution

responsibilities under the agreement with NICSI, should be passed on for compliance

by the new company in the negotiation for their transfer.

7.1.12 Empaneled vendor cannot re tender any schedule of the tender to any other company.

The defaulting bidder will also be debarred from participating in NICSI tenders for a

period of three years.

7.1.13 If the name of the product is changed, the renamed product must have equivalent or

superior technical specifications. Empaneled vendor will undertake to supply

/replace, upgrade the new product with the existing one.

7.1.14 The vendor must ensure and undertake as written assurance / guarantee /

commitment to NIC/user on the following:

7.1.14.1 Specify additional functionalities, if any, not covered under technical

specifications in the tender, explicitly

7.1.14.2 Any functionality which is neither in the tender document nor explicitly

specified as mentioned above, either by accident or by design, will be

considered to be a breach of contract, such that the vendor must be liable

for legal actions and be charged for damages.

No. 10(02)/2016-NICSI

Page 19 of 105

7.1.15 Empaneled vendor must also maintain the existing solution with same terms and

conditions.

7.1.16 Bidder will have to make necessary arrangement with reporting OEM for existing

solution and licenses as per the terms and condition of this tender.

7.1.17 In case any selected bidder refuses to sign empanelment within seven days of

communication from NICSI, the offer would be treated as withdrawn and the bidder’s

EMD will be forfeited. The defaulting bidder will also be debarred from participating

in NICSI tenders for a period of three years.

7.1.18 In case an empaneled vendor is found in breach of any condition(s) of tender or

supply order, at any stage during the course of supply / installation or warranty

period, legal action as per rules/laws, shall be initiated against the bidder and

EMD/Security Deposits shall be forfeited, besides debarring and blacklisting the

bidder concerned for at least three years, for further dealings with NICSI.

7.1.19 NICSI may, at any time, terminate the empanelment by giving written notice before

30 days to the empaneled vendor without any compensation, if the empaneled vendor

becomes bankrupt or otherwise insolvent, provided that such termination will not

prejudice or affect any right of action or remedy which has accrued or will accrue

thereafter to NICSI.

7.1.20 In case the empaneled Indian Authorized Agent is unable to fulfill the obligations

given under this tender, OEM shall be completely responsible to replace the Indian

Authorized Agent with an alternate Indian Authorized Agent and get the requisite

work done. The alternate Indian Authorized Agent in this case must abide by all the

terms and conditions laid down under this tender and during the empanelment of the

previous Indian Authorized Agent. The alternate Indian Authorized agent will also be

subject to the same pre qualification criteria as the earlier authorized agent and will

have to submit the requisite documents as proof of that.

7.1.21 Tender process will be over after the issue of empanelment letter to the selected

bidder. Thereafter, information submitted by the participating bidders before and

during the bidding process may be put by NICSI in the public domain. Competent

Authority in NICSI may not exercise the privilege given under Right to Information

Act Section 8(1) (d) which says “there shall be no obligation to give any citizen

information including commercial confidence, trade secrets or intellectual property,

the disclosure of which would harm the competitive position of a third party, unless

competent authority is satisfied that larger public interest warrants the disclosure of

such information”.

7.1.22 Reasons for rejecting a tender/bid will be disclosed to a bidder only where enquiries

are made.

7.2 SECURITY DEPOSIT & PBG

7.2.1 In the case of the Bidder who has been selected for empanelment, the bidder

(including those exempt under Section 2.3) must give Security Deposit for the

equivalent amount of EMD. Security Deposit will be in the form of Bank Guarantee

(BG) of any commercial bank drawn in the name of National Informatics Centre

Services Inc, New Delhi, valid till empanelment. EMD of successful bidders will be

returned after they sign letter of empanelment with NICSI and submit a security

deposit of equal amount for the period of empanelment/extended empanelment. The

BG will be released after the empanelment or extended empanelment or complete

execution of all the purchase orders issued under this empanelment, whichever is

later and thereafter the Security Deposit / BG shall be returned to the empaneled

No. 10(02)/2016-NICSI

Page 20 of 105

vendor without any interest. In case of default by the empaneled vendor on non-

acceptance of the purchase orders, this Security Deposit /BG will be forfeited and

empanelment will be cancelled.

7.2.2 Empaneled vendors must give Performance Bank Guarantee (PBG) equivalent to 10%

of the total PO at the time of bill submission. Performance Bank Guarantee (PBG) will

be of any scheduled commercial bank drawn in the name of National Informatics

Centre Services Inc, New Delhi for a period of warranty + 3 months. This PBG may be

invoked in case of non compliance of maintenance schedule during warranty period

mentioned in the purchase order.

Security deposit must be made in the form of Bank Guarantee equal to the EMD

amount

P

e

r

formance Bank Guarantee (PBG) equal to 10% of total purchase order

8 P

L

A

CING OF PURCHASE ORDERS

8.1 NICSI has the right to choose any subset of the tendered items for placement of purchase order.

8.2 For all procurements NICSI shall try to ensure that all bidders shall be given an equal

distribution of software licenses and subscriptions support services in a round robin

manner starting with the L1 vendor

8.3 For procurement of goods, Purchase Order will be placed on the empaneled vendor in hardcopy

format or in softcopy mode either through e-mail containing the scanned copy of the Purchase

Order or an alert through e-mail for downloading the Purchase Order from Web Site. An

intimation of the purchase order may also be sent to the OEM if the empaneled vendor is an

Authorized Indian Agent.

8.4 Objection, if any, to the Purchase Order must be reported to NICSI by the empaneled vendor

within three (3) working days from the date of receipt or date of email whichever is earlier for

modifications, otherwise it is assumed that the empaneled vendor has accepted the Purchase

Order in totality. This is applicable in case of electronic publishing/delivery of Purchase Order

also. After receiving the Purchase Order, in case of amendment (if any), of the same Purchase

Order, as requested by the empaneled vendor or done by NICSI, installation period will be

calculated from the amendment date and not from the original Purchase Order date.

9 PRE-DELIVERY INSPECTION AND ACCEPTANCE OF ITEMS

9.1 No solution with short supply or with lower technical specifications shall be accepted for conduct

of acceptance testing under any circumstances. The solutions must give same performance

results as shown during initial demonstration/evaluation tests. The offered solutions, in addition

Validity Valid for the period of empanelment / extended empanelment. The BG will be released

after the empanelment or execution of all pending Purchase Orders, whichever is later

Instrument One single deposit in the form of Bank Guarantee

Amount Equal to EMD amount

Validity Warranty period + 3 months, from the date of delivery of Systems

Instrument One single deposit in the form of Bank Guarantee to be submitted along with the bills and

proof of delivery for claiming 80% of the PO value

Amount Equal to 10% of PO Value

No. 10(02)/2016-NICSI

Page 21 of 105

to meeting the performance results as per evaluation tests, must also contain the same

subsystem as approved by NICSI. Failure to fulfill any of the above-mentioned conditions will

entail cancellation of the Purchase Order along with forfeiture of the EMD/Security Deposit.

9.2 In case an empaneled solution under the various schedules in this tender is becoming end of sale

or end of life within next 2 (Two) years, the same must be immediately brought to the notice of

NICSI through email along with written communication addressed to “Tender Division, NICSI”.

However the bidder must ensure that the OEM shall provide active support (w.r.t. firmware /

hardware / software / etc) for this product for minimum 5 (Five) years from the date of

issuance of last purchase order.

9.3 In case an empaneled solution under the various schedules in this tender is becoming end of sale

and if the empaneled bidder wants to offer a new solution of same make and same or higher

specifications, which was not offered for evaluation, the same must be offered to NICSI for

evaluation with full configuration at least one month prior to the acceptance testing date. The

empaneled vendor must provide detailed technical documents and technical man power support

so as to enable NICSI to carry out the evaluation. The decision taken by NICSI will be final and

binding on the empaneled vendor. If empaneled vendor is not able to empanel new solution

against empaneled solution which has been declared end of sale, the empanelment of such

vendor will be cancelled and respective EMD, if any, may be forfeited. However the bidder must

ensure that the OEM shall provide active support (w.r.t. firmware / hardware / software / etc)

for this solution for minimum 5 (Five) years from the date of issuance of last purchase order.

9.4 Since technological trends in IT industry are changing very rapidly, NICSI may examine/re-

access the technical specifications of all empaneled solutions under the various schedules in this

tender at an interval of an year in consultation with all empaneled vendors. The finalized

specifications will then be applicable for all empaneled vendors. If any up gradation is released

by the OEM that will be provided free of cost to the user, the finalized specification will be

applicable for all empaneled vendors of that category.

9.5 The schedule for acceptance testing dates must be provided at least 15 (fifteen) days before the

last date of delivery. This needs to be strictly followed.

9.6 Normally, testing and acceptance of the solutions will be done at the factory premises of the

empaneled vendor/OEM where it will be tested as per ordered specifications. NICSI/NIC

reserves the right to reject any item, if found unsuitable and / or not conforming to the approved

specifications. No payment will be made for rejected items.

10 DELIVERY PROCESS

10.1 The schedule to be given for delivery at site is to be strictly adhered. Any unjustified and

unacceptable delay in delivery beyond the delivery schedule as per Purchase Order will render

the empaneled vendor liable for penalty as per Annexure 3 : SLA AND PENALTY, 19.3.1

DELIVERY AND INSTALLATION. Proof of Delivery duly signed by the user/NIC/NICSI

Project Coordinator, with his name, date of delivery, designation and office seal, legibly recorded,

must reach NICSI Head Quarters, New Delhi within 4 (Four) weeks of the delivery

10.2 If the delivery, of whole or in part, is delayed beyond 30 (Thirty) days from scheduled date of

delivery as given in the purchase order, NICSI will have option to cancel the purchase order to the

extent of unfulfilled part of the purchase order. NICSI will be free to procure the remaining items

from alternate sources at the cost and risk of the defaulting empaneled vendor, by forfeiting the

EMD/Security Deposit of the empaneled vendor. In addition, NICSI will impose a cancellation

charge as per Annexure 3 : SLA AND PENALTY, 19.3.1 DELIVERY AND

INSTALLATION, which will be recovered from the pending bills or EMD/Security Deposit or by

raising claims.

No. 10(02)/2016-NICSI

Page 22 of 105

10.3 NICSI will impose penalty on total value of purchase order if the delivery of more than 20%

(Twenty percent) of the total order value is delayed beyond the last date of delivery (as per

10.1 and 10.2 above). If the delivery is delayed for the item(s) whose value is equal or less than

20% (Twenty percent) of the total order value, the penalty shall be applicable on the

delayed equipment only.

10.4 In case, if the delivery of any critical component is delayed which may hamper the operation of

overall solution; the penalty of 20% will be imposed on the total PO value, irrespective of

component cost.

11 TRAINING

11.1 The vendor must provide one week hands-on training / workshop as per location

mentioned in the PO on the solutions mentioned in the specific schedules of Section 18 :

TECHNICAL SPECIFICATIONS as desired on deployment options, device configuration,

security policy design and implementation, monitoring of events, generating desired reports from

database, predefined report, user-defined policies and reports, user-defined desktop firewall

policies, malware analysis and their mitigation techniques etc at its own cost. ( at least once a year

or whenever there is major technological change)

11.2 The Number of participants must be minimum three administrators per location/NICHQ.

The training / workshop will be conducted at NIC (HQ) or other location(s) as deemed

appropriate. The training must be held at least once a year or in the event of any

technological change in the solutions mentioned in the specific schedules of Section 18 :

TECHNICAL SPECIFICATIONS

11.3 The OEM must provide necessary training material for the trainings

11.4 The OEM/vendor must arrange suitable infrastructure of hardware and software or any

other equipment required for conducting training

11.5 The Trainings should be given by certified professionals with hands on sessions.

11.6 The OEM must arrange for a technical knowledge workshop once a year for at least four

members of NIC core Team managing solution, at its research and development labs in

India or abroad on technology relevant to the specific schedules mentioned in Section 18 :

TECHNICAL SPECIFICATIONS

12 INSPECTION, INSTALLATION AND ACCEPTANCE OF DELIVERED ITEMS

12.1 The empaneled vendor must install all the solutions mentioned in the specific schedules of

Section 18 : TECHNICAL SPECIFICATIONS at specified central site or distributed

Location. Installation must be completed within 15 (Fifteen) Days from the scheduled or actual

date of delivery, whichever is later. If the scheduled date of installation falls on holiday / non

working day , the next working day shall be treated as due date of installation. In case of

installation at distributed locations it must be reflected in the central manager

12.2 If NICSI receives any written complaint from the user about non-completion of inspection and

installation at site or distributed location within the stipulated time after delivery, due to the non-

responsiveness of the empaneled vendor, a penalty will be imposed as per Annexure 3 : SLA

AND PENALTY, 19.3.1 DELIVERY AND INSTALLATION Thereafter, NICSI holds the

option to complete the inspection and installation work through alternate sources at the risk and

cost of the defaulting empaneled vendor.

No. 10(02)/2016-NICSI

Page 23 of 105

12.3 During inspection and installation at site or distributed location , if any item is found to be

defective or broken, it must be replaced with new one by the empaneled vendor at its own cost

and risk within 30 days from the date on which the empaneled vendor has been informed of

such damage. Inspection and installation must be carried out within 7 days of scheduled / actual

delivery of replaced item, whichever is earlier. If the items are not replaced and installed at the

site or distributed location within the stipulated time, penalty as per Annexure 3 : SLA AND

PENALTY, 19.3.1 DELIVERY AND INSTALLATION will be applicable. Thereafter, NICSI

holds the option to complete the procurement, inspection and installation work through alternate

sources at the risk and cost of the defaulting empaneled vendor.

12.4 A Consolidated Installation Report, based on the successful installations of the individual

solutions mentioned in all the schedules of Section 18 : TECHNICAL SPECIFICATIONS,

duly signed by concerned NIC/NICSI Coordinator of the project/ User Department must be

submitted to NICSI Headquarters along with the bills.

12.5 For Site Not Ready (SNR) cases, empaneled vendor must submit SNR certificate as per the format

given in Annexure 5 : SITE NOT READY CERTIFICATE signed by NIC/NICSI Coordinator

of the project/ User Department. The decision of the User Department/NIC/NICSI Project

Coordinator will be final regarding readiness of site. No penalty will be imposed for SNR cases,

however, empaneled vendor must install the items within 15 days of receipt of Site Ready notice

from User/NICSI/NIC else it will attract penalty as per above clause(s), recoverable from Bill.

13 WARRANTY SERVICE

13.1 The empaneled vendor must fulfill the following conditions during warranty period

13.1.1 The complete Centrally Managed Endpoint Security Solution (CMESS) must be under 5

(Five) years on-site warranty, which includes yearly renewal, software subscription,

service support and maintenance.

13.1.2 During on-site warranty and software subscription period, CMESS software up-

gradation, bugs / patches/ any product enhancement required to handle any new

security threat and services must be provided free of cost by the empaneled vendor till

the expiry of the warranty period.

13.1.3 Bidder must ensure that the OEM must provide 24X7 dedicated technical qualified

engineers to support services through Website portal / Telephone/Mobile / e-mail lodge

complaint else penalty will be imposed as per Annexure 3 : SLA AND PENALTY ,

19.3.5 OEM SUPPORT SERVICES

13.1.4 On completion of the On-site warranty and software subscription period, the Security

Deposit without any interest accrued will be released by NICSI to the empaneled vendor

after validating the various reports submitted to NIC during the contract period. If

considered necessary, suitable amount of penalty must be recovered from the

empaneled vendor out of either already due payments or from their Security Deposit.

After expiry of on-site warranty and software subscription, NIC/NICSI/user has option

to enter into Annual Maintenance Contract with the supplier for post warranty

maintenance and software subscription of the solution.

14 PAYMENT

14.1 Empaneled vendors should furnish details of the location from where they are going to raise their

Bills / Invoices to NICSI, New Delhi.

14.2 Empaneled vendors must raise their Bills / Invoices in the name of NICSI, New Delhi.

No. 10(02)/2016-NICSI

Page 24 of 105

14.3 Separate Purchase Orders may be issued for supply / delivery of items, installation services and

support services, as applicable.

14.4 A pre-receipted bill, along with original excise duty gate pass (if applicable) and acceptance

certificate, must be submitted (Three copies) in the name of NICSI soon after the delivery of the

items along with a copy of the duly receipt delivery challan. The Bills/Invoice must be in the

format and as per guidelines / instructions given in Rule 52-A, 57GG etc., of the Central Excise

Rules, 1944 as amended from time to time for these items for which payment of Excise duty is

applicable. Payment will be made on delivery and acceptance of items at the destination as

per PO.

14.5 50 % payment will be released on the activation of new licenses on Central

manager. Payment will be made on delivery of paper licenses and the activation of licenses

for the different solutions which have been mentioned in all the schedules of Section 18 :

TECHNICAL SPECIFICATIONS. PBG will have to be renewed for such further periods till

satisfactory warranty support has been provided by the empaneled vendor for all the items

supplied and installed, and there after the PBG will be returned to the empaneled vendor. If bills,

complete in all aspect are submitted with all relevant documents as defined above, NICSI will

ensure that the payment are made to empaneled vendor within thirty days from the date of bill

submission.

14.6 30 % will be made on the installation / configuration of the different solutions mentioned in the

specific schedules of Section 18 : TECHNICAL SPECIFICATIONS . The remaining 20% will

be retained to deduct any penalties as per Annexure 3 : SLA AND PENALTY.

14.7 In case of Renewal of Licenses , 100 % payment will be made to the empaneled vendor only after

the renewal of all the licenses

14.8 A pre-receipted quarterly bill, along with certificate of satisfactory performance (Monthly

performance report) from user/NIC/NICSI Project coordinator of the project must be submitted

for each of the hired manpower resource as mentioned in Section 18 : TECHNICAL

SPECIFICATIONS, Schedule X MANAGED ENTERPRISE ENDPOINT SECURITY

SOLUTION SERVICES. If the hired manpower is absent or indulges in any type of misbehavior

appropriate penalty will be imposed on the empaneled agency as per Annexure 3 : SLA and

Penalty, 19.3.4 Manpower

14.9 A monthly report showing the compliance for all the SLAs as mentioned in Annexure 3 : SLA

AND PENALTY must be submitted by the empaneled vendor before the 7th of every month to the

concerned user/NIC/NICSI Project Coordinator who will sign off on the report and deduct any

penalties if applicable

14.10 Payment must be subjected to deductions of any amount for which the Agency is liable under the

empanelment or tender conditions. Further, all payments shall be made subject to deduction of

TDS(Tax deduction at source) as per the current Income-Tax Act and /or any other Govt. orders /

rules.

14.11 Renewal cost of the existing licenses will be done annually after completion of one year of software

subscription, service support and Upgradation of software. Deductions will be made if any penalty

is imposed as per Annexure 3 : SLA AND PENALTY

14.12 If installation is completed within the stipulated period i.e. 15 (Fifteen) Days from the date of

delivery, the empaneled vendor must submit one bill for payment rather than submitting two bills

(one bill for delivery and one for installation).

14.13 In case where site for installation is not ready, NICSI will intimate the empaneled vendor through

a communication for site readiness & the installation must be completed within 2 (Two) weeks’

time. In case NICSI receives a complaint from the user that the item was not installed within 2

(Two) weeks of site readiness report sent to the empaneled vendor, penalty for installation will

be applicable on the empaneled vendor as per Section 11 : INSPECTION , INSTALLATION

AND ACCEPTANCE OF DELIVERED ITEMS for delayed period

No. 10(02)/2016-NICSI

Page 25 of 105

14.14 If the bills are not submitted after delivery/installation with relevant documents in 30 (Thirty)

days, penalty @ 1% (One percent) per week subject to a maximum of 2% (Two percent)

will be levied from the total order value.

14.15 In case the submission of bills to NICSI, along with the necessary documents i.e. POD’s/BG’s etc.,

is delayed by the empaneled vendor beyond 30 (Thirty) days from the date of issue of bill or

delivery of materials etc., whichever is earlier, the entire liability towards payment of

interest/penalty to the tax authorities would be on the cost of respective empaneled vendor so that

NICSI is not burdened unnecessarily with this amount. The entire amount will be deducted from

the payment due, to the respective empaneled vendor.

14.16 All payments will be made through RTGS only.

15 REFUND OF EMD & SECURITY DEPOSIT

The Earnest Money Deposit (EMD) without any interest accrued will be refunded as follows:

15.1 In the case of those bidders whose technical bids do not qualify, the EMD will be refunded without

any interest accrued within 1 (One) month of the acceptance of TEC’s (Technical Evaluation

Committee)’s recommendations.

15.2 In the case of those Technically Qualified bidders who are not empaneled, the EMD will be

refunded without any interest accrued within 1 (One) month of the acceptance of FEC’s (Financial

Evaluation Committee)’s recommendations.

15.3 In case of those bidders whose tender bids are accepted for the empanelment, EMD of such

bidders will be refunded on receipt of security deposit as mentioned in Section 7.2.2 :

SECURITY DEPOSIT AND PBG. Security Deposit shall be in the form of Bank Guarantee (BG)

drawn in the name of National Informatics Centre Services Inc Hall No. 2&3, 6th Floor, NBCC

Tower, 15 Bhikaji Cama Place, New Delhi – 110 066, valid for empanelment period and shall be

renewed by the empaneled vendor till Empanelment lasts or the orders placed are executed,

whichever is later. No interest will be payable for the Security Deposit.

15.4 On completion of the warranty period of ordered items, the Security Deposit without any interest

accrued shall be released after ascertaining that satisfactory support has been provided during the

warranty period. In case, it is found that appropriate satisfactory support has not been provided by

the empaneled vendor, NICSI/NIC will ensure that the prescribed penalty for the default in service

has been realized or shall be recovered from the empaneled vendor out of the Security Deposit

16 GENERAL TERMS & CONDITIONS

16.1 CONDITIONS

16.1.1 The empanelment under this tender is not further assignable by the empaneled

vendor. The empaneled vendor must not assign its contractual authority to any other

third party.

16.1.2 As a matter of policy and practice and on the basis of Notification published in

Gazette of India dated 14th March, 1998, it is clarified that services and supplies of

the vendor empaneled through this tender can be availed by both National

Informatics Center [NIC] and National Informatics Center Services Incorporated

[NICSI], as the case may be depending on the project, and the empaneled vendor

shall be obliged to render services / supplies to both or any of these organizations as

per the indent placed by the respective organization. In other words, the selection

procedure adopted in this tender remains applicable for NIC as well, and in the event

No. 10(02)/2016-NICSI

Page 26 of 105

of rendering services / supplies to NIC, the empaneled vendor must discharge all its

obligations under this tender to NIC as well

16.1.3 Any default or breach in discharging obligations under this tender by the empaneled

vendor while rendering services / supplies to NIC/NICSI, shall invite all or any

actions / sanctions, as the case may be, including forfeiture of EMD, security deposit,

invocation of performance guarantee stipulated in this tender document. The decision

of NICSI/NIC arrived at as above will be final and no representation of any kind will

be entertained on the above.

16.1.4 All terms and conditions governing prices and supply given in this tender, as

applicable to NICSI, will be made equally applicable to NIC.

16.1.5 NICSI reserves the right to modify and amend any of the stipulated

condition/criterion given in this tender document, depending upon project priorities

vis-à-vis urgent commitments. NICSI also reserves the right to accept/reject a bid, to

cancel/abort tender process and/or reject all bids at any time prior to award of

empanelment, without thereby incurring any liability to the affected agencies on the

grounds of such action taken by NICSI.

16.1.6 Any default by the bidder in respect of tender terms & conditions will lead to rejection

of the bid & forfeiture of EMD/Security Deposit.

16.1.7 The decision of NICSI arrived during the various stages of evaluation of the bids is

final & binding on all bidders. Any representation towards these shall not be

entertained by NICSI.

16.1.8 In case the empaneled vendor is found in-breach of any condition(s) of tender or

supply order, at any stage during the course of supply/delivery/commissioning or

warranty period, then legal action as per rules/laws will be appropriately taken.

16.1.9 In case of any attempt by OEM/bidder to bring pressure towards NICSI’s decision

making process, such OEMs/bidders shall be disqualified for participation in the

present tender and those bidder may be liable to be debarred from bidding for NICSI

tenders in future for a period of 3 (Three) years.

16.1.10 Printed/written conditions mentioned in the tender bids submitted by bidders will

not be binding on NICSI.

16.1.11 Upon verification, evaluation/assessment, if in case any information furnished by the

bidder is found to be false/incorrect, their total bid shall be summarily rejected and

no correspondence on the same, shall be entertained.

16.1.12 NICSI will not be responsible for any misinterpretation or wrong assumption by the

bidder, while responding to this tender.

16.2 MICRO, SMALL & MEDIUM ENTERPRISES DEVELOPMENT ACT

16.2.1 If a bidder falls under the Micro, Small & Medium Enterprises Development Act,

2006, then a copy of the registration certificate must be provided to NICSI. Further,

the bidder must keep NICSI informed of any change in the status of the company.

16.2.2 Following facilities have been extended to the SSI units registered with NSIC:

16.2.2.1 Issue of tender sets free of cost

16.2.2.2 Exemption from payment of earnest money

16.2.2.3 Waiver of security deposit up to the monetary limit for which the unit is

registered

16.3 PRICE VARIATION CLAUSE

No. 10(02)/2016-NICSI

Page 27 of 105

16.3.1 During the validity of the empanelment including the extended period (if any), if the

empaneled vendor sells any empaneled item to any other Department/Organization,

under similar terms & conditions, at a price lower than the price fixed for NICSI, the

empaneled vendor must voluntarily pass on the price difference to NICSI with

immediate effect. Similarly, in the event of lowering of Government levies

subsequent to empanelment, the empaneled vendor must automatically pass on the

benefits to NICSI, and in the event of increasing of Government taxes/ levies

subsequent to empanelment, NICSI shall consider the case on merit and pass on the

pro-rata benefits to the empaneled vendor if full reference with documentary

evidence is submitted.

16.3.2 During the validity of the empanelment, in case NICSI notices that the market rates

have come down from the time when rates were finalized or for the reasons of

technological advances / changes, NICSI will ask the technically short listed Bidders

to re-quote the prices based on new / advanced configurations/technologies and the

products/services will be selected on the basis of procedure as per Section 6.3 :

FINANCIAL BID EVALUATION.

16.3.3 Bidder will submit the foreign exchange rate (USD) applicable on tender submission

date, as given in financial bid. The foreign exchange rate on last date of bid

submission published at RBI site will be taken as reference. The rate revision due to

the above will be considered when the average monthly fluctuation is ±10% or above

of the defined reference value. If the fluctuation is downwards, NICSI Tender

division will automatically initiate the process for reducing the rate by following the

same procedure. For subsequent revisions, the rate revision committee will record

the foreign exchange rate applicable on the finalization date. In such cases, NICSI

will take decision of giving complete / partial benefit of the variation by examining

other existing similar government empanelment and prevalent market rates. NICSI

may also invite revised financial bid from technically qualified bidders (if number of

such bidders is more than two) and empanelment size will be reduced to at most two

vendors. Decision of NICSI in this regard will be final and no representation of any

kind will be entertained.

16.3.4 All other taxes, i.e. VAT, Installation Charges, Service Taxes as mentioned in the

tender by the empaneled vendor will be added to arrive at the new revised total rate.

Local taxes such as Octroi, LBT , etc shall be paid by NICSI

on actuals.

16.4 LIMITATION OF LIABILITY

(a) The empanelled vendor shall not be liable for any indirect or consequential loss or damage.

(b) With respect to damage caused by the empanelled vendor to end user / NICSI / NIC under any work order issued pursuant to this empanelment, the empanelled vendor shall be liable to end user / NICSI / NIC only for direct damage and loss up to the maximum extent of the higher of (i) the total amount payable to empanelled vendor under the respective work order, or (ii) the proceeds which the empanelled vendor may be entitled to receive from any insurance maintained by the empanelled vendor to cover such a liability.

(c) The limitation of liability in (b) above shall not affect the empanelled vendor’s liability in case of gross negligence or wilful misconduct on the part of the

No. 10(02)/2016-NICSI

Page 28 of 105

empanelled vendor or on part of any person or company acting on behalf of the empanelled vendor in carrying out the services. The limitation of liability in (a) and (b) above shall not affect the empanelled vendor’s liability, if any, for damage to Third Parties caused by the empanelled vendor or any person or firm / company acting on behalf of the empanelled vendor in carrying out the services under any work order issued pursuant to this empanelment.

16.5 INDEMNITY

The empaneled vendor must indemnify NICSI/NIC/User departments against all third party

claims of infringement of patent, trademark/copyright or industrial design rights arising from

the use of the supplied software/ hardware/manpower etc and related services or any part

thereof. NICSI/NIC/User department stand indemnified from any claims that the hired

manpower / empaneled vendor’s manpower may opt to have towards the discharge of their

duties in the fulfillment of the purchase orders. NIC/NICSI/User department also stand

indemnified from any compensation arising out of accidental loss of life or injury sustained by

the hired manpower / empaneled vendor’s manpower while discharging their duty towards

fulfillment of the purchase orders.

16.6 TERMINATION FOR INSOLVENCY

NICSI may at any time terminate the purchase order/empanelment by giving four weeks

written notice to the empaneled vendor, without any compensation to the empaneled vendor,

if the empaneled vendor becomes bankrupt or otherwise insolvent.

16.7 FORCE MAJEURE

If at any time, during the continuance of the empanelment, the performance in whole or in

part by either party of any obligation under the empanelment is prevented or delayed by

reasons of any war, hostility, acts of public enemy, civil commotion, sabotage, fires, floods,

explosions, epidemics quarantine restrictions, strikes, lockouts or acts of God (hereinafter

referred to as "events"), provided notice of happenings of any such event is duly endorsed by

the appropriate authorities/chamber of commerce in the country of the party giving notice, is

given by party seeking concession to the other as soon as practicable, but within 21 days from

the date of occurrence and termination thereof and satisfies the party adequately of the

measures taken by it, neither party shall, by reason of such event, be entitled to terminate the

empanelment/contract, nor shall either party have any claim for damages against the other in

respect of such nonperformance or delay in performance, and deliveries under the

empanelment/contract shall be resumed as soon as practicable after such event has come to

an end or ceased to exist and the decision of the purchaser as to whether the deliveries have so

resumed or not, shall be final and conclusive, provided further, that if the performance in

whole or in part or any obligation under the empanelment is prevented or delayed by reason

of any such event for a period exceeding 60 days, the purchaser may at his option, terminate

the empanelment.

16.8 TERMINATION FOR DEFAULT

Default is said to have occurred

No. 10(02)/2016-NICSI

Page 29 of 105

a. If the empaneled vendor fails to accept the Purchase Orders

b. If the empaneled vendor fails to deliver any or all of the services within the time

period(s) specified in the purchase order or during any extension thereof granted by

NICSI.

c. If the empaneled vendor fails to perform any other obligation(s) under the contract

16.8.1 If the empaneled vendor defaults on (a) & (c) of above circumstances, his Bid security

(EMD)/BG received against this empanelment will be forfeited and empanelment will

be cancelled.

16.8.2 If the empaneled vendor defaults on (b) of above circumstances, 8.5% (eight point

five percent) of the work order value will be levied as cancellation charges.

16.9 ARBITRATION

16.9.1 If a dispute arises out of or in connection with this contract, or in respect of any

defined legal relationship associated therewith or derived there from, the parties

agree to submit that dispute to arbitration under the ICADR Arbitration Rules, 1996.

16.9.2 The Authority to appoint the arbitrator(s) shall be the International Centre for

Alternative Dispute Resolution (ICADR).

16.9.3 The International Centre for Alternative Dispute Resolution will provide

administrative services in accordance with the ICADR Arbitration Rules, 1996.

16.10 CONCILIATION

16.10.1 If a dispute arises out of or in connection with this contract, or in respect of any

defined legal relationship associated therewith or derived there from, the parties

agree to seek an amicable settlement of that dispute by Conciliation under the

ICADR Conciliation Rules, 1996.

16.10.2 The Authority to appoint the Conciliator(s) shall be the International Centre for

Alternative Dispute Resolution (ICADR).

16.10.3 The International Centre for Alternative Dispute Resolution will provide

administrative services in accordance with the ICADR Conciliation Rules, 1996.

16.11 APPLICABLE LAW

16.11.1 The empaneled vendor shall be governed by the laws and procedures established by

Govt. of India, within the framework of applicable legislation and enactment made

from time to time concerning such commercial dealings/processing.

16.11.2 All disputes in this connection shall be settled in Delhi jurisdiction only.

16.11.3 NICSI reserves the right to cancel this tender or modify the requirement at any stage

of Tender process cycle without assigning any reasons. NICSI will not be under

obligation to give clarifications for doing the aforementioned.

16.11.4 NICSI also reserves the right to modify/relax any of the terms & conditions of the

tender by declaring / publishing such amendments in a manner that all prospective

bidders / parties to be kept informed about it.

No. 10(02)/2016-NICSI

Page 30 of 105

16.11.5 NICSI, without assigning any further reason can reject any tender(s), in which any

prescribed condition(s) is/are found incomplete in any respect and at any processing

state.

16.11.6 NICSI also reserves the right to award works/supply order on quality/technical basis,

which depends on quality/capability of the system and infrastructure of the firm.

Bidder(s) are, therefore, directed to submit the tender carefully along with complete

technical features of the solutions as well as other documents required to access the

capability of the firm.

16.11.7 All procedure for the purchase of stores laid down in GFR shall be adhered-to strictly

by the NICSI and Bidders are bound to respect the same.

16.11.8 Any functionality which is neither in the tender document nor explicitly specified as

mentioned above, either by accident or by design, will be considered to be a breach of

contract, such that the bidder must be liable for legal actions and be charged for

damages.

16.11.9 The bidder / OEM must maintain absolute confidentiality on the information with

respect to NIC/user Security plan and related details, which the bidder/OEM

becomes aware of during interaction with NIC-personnel and from the solutions

supplied by them and made operational under NICNET domain. The bidder / OEM of

the solution must sign a Non-Disclosure Agreement (NDA) with

NIC/NICSI/user.

17 SPECIAL TERMS & CONDITIONS

17.1 This tender process will adhere to conditions of CVC Circular No. 3/01/2012 dated 13.01.2012

wherein

17.1.1 In a tender, either the Indian agent on behalf of the Principal/OEM or Principal/OEM

itself can bid but both cannot bid simultaneously for the same item/product in the same

tender.

17.1.2 If an agent submits bid on behalf of the Principal/OEM, the same agent shall not submit a

bid on behalf of another Principal/OEM in the same tender for the same item/product.

17.2 The bidder must bid for all solutions under various schedules mentioned in Section 18 :

TECHNICAL SPECIFICATIONS.

17.3 Bidder must ensure there is no discrepancy between the hard copy submitted and the softcopy

uploaded for the Financial Bid. In case of any discrepancy between hard copy submitted and

softcopy uploaded, then the commercials uploaded in softcopy will prevail.

17.4 After finalization of Rates, the same may be put on the NICSI’s Web page for 15 (Fifteen) Days

inviting comments with regards to the rates being lowest before any contract signing.

17.5 The OEM/Vendor must not use this empanelment anywhere on its own, without taking prior

permission from NICSI. Any purchase order placed with reference to this empanelment has to be

executed through NICSI only.

17.6 Any invoice generated on NICSI under this empanelment by the empaneled vendor must be done

only from an office located in Delhi

18 TECHNICAL SPECIFICATIONS

No. 10(02)/2016-NICSI

Page 31 of 105

18.1. SCHEDULE I – HARDWARE/SOFTWARE SUPPORT

18.1.1 HARDWARE/SOFTWARE REQUIREMENTS FOR CENTRALLY MANAGED

ANTIVIRUS SYSTEM

S.No. Hardware/Software Requirements for Centrally Managed

Antivirus Solution

Compliance

(Y/N)

Remarks

A. A.1. The Central Management of Antivirus Solution must have capabilities to manage 75,000 endpoints which may be implemented in phased manner in 35 states and sub locations within the state

A.2. All solutions features must be fully compatible over IPv6 network such as hardware, software and application software etc.

A.3. First work order will be released to the new OEM only for 20,000 Antivirus licenses to start the services; the next work order will be only given depending upon the requirement of licenses of specific solution and performance.

A.4. Bidder must integrate central manager of the respective solution for forwarding the desired logs to SIEM system or centralized logging server for correlation and analysis of logs for generating reports, and archiving.

A.5. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)

A.6. The CMAS solution must be bundled with all required hardware, software, software subscription (Software license of endpoints and Central Management Server) and service support for managing of Antivirus solution with 5 years warranty across the country. A.6.1. The CMAS hardware configuration must be capable of

managing minimum 50,000 endpoints (independent of the number of licenses procured) to start with and must be scalable to at least 75000 endpoints

A.6.2. Solution must provide enough storage for logs in the Central Management Server (Separate Log Server if required) to retain logs of malware, firewall and other events of the managed endpoints for minimum of six months.

A.6.3. Solution must be bundled with all required hardware and software for distribution or relay systems if required for deploying antivirus software / signature updates for better management of bandwidth at multiple sites for managing Antivirus solution. Bidder may use existing normal client systems as a distribution point but solution must not hamper day to day activity of the user and he/she must not fill that his/her system is used as a distribution point for respective solution.

A.6.4. Solution must ensure that if any distribution or relay servers are deployed must not become bottleneck for the performance of Central Management Server due to insufficient hardware or software.

A.6.5. Solution must support and be able to work in the virtualized environment.

A.6.6. Solution must ensure proper synchronization between Central Management Server and managed endpoints and distribution or relay systems.

A.6.7. Solution must ensure that all managed endpoints coming under the distribution/relay server takes updates on regular basis but at the same time the performance of endpoints should not be reduced due to the performance of Central Management /distribution /relay server deployed by the bidder.

No. 10(02)/2016-NICSI

Page 32 of 105

A.6.8. The CMAS must be bundled with disaster recovery/failover or redundancy environment.

A.6.9. Bidder must provide version upgrade of Antivirus solutions for existing version of antivirus solutions on managed endpoints.

18.1.2 HARDWARE/SOFTWARE REQUIREMENTS FOR CENTRALLY MANAGED PATCH

MANAGEMENT SOLUTION

No. 10(02)/2016-NICSI

Page 33 of 105

S.No.

.. Hardware/Software Requirements of Centrally Managed

Patch Management Solution

Compliance

(Y/N)

Remarks

B.1 The Patch Management Solution must have capabilities to manage 75,000 endpoints from central console which may be implemented in phased manner at multiple remote locations across the country.

B.2 The CMPMS must be bundled with all required hardware, software, software subscription (software license) and service support for managing Patch Management Solution with 5 years warranty across the country.

B.3 The CMPMS hardware configuration must be capable of managing minimum 50,000 endpoints to start with and must be scalable to at least 75000 endpoints

B.4 Solution must provide enough storage for logs in the Central Management Server (Separate Log Server if required) to retain logs of managed endpoints for minimum of six months.

B.5 Solution must be bundled with all required hardware and software for distribution or relay systems if required for deploying the agent and patches for better management of bandwidth at multiple sites for managing Patch Management Solution.

B.6 Solution must ensure that if any distribution or relay servers are deployed, they must not become bottleneck in the performance of Central Management Server due to insufficient hardware or software.

B.7 Solution must ensure proper synchronization between Central Management Server and managed endpoints and distribution or relay systems.

B.8 Solution must ensure that all managed endpoints coming under the distribution/relay server take updates on regular basis but at the same time the performance of endpoints should not be reduced due to the performance of Central Management /distribution /relay server deployed by the bidder.

B.9 The bidder must ensure that the existing licenses of Centrally Managed Patch Management Solution should be migrated to the new Patch Management solution. This may not be required if Patch Management solution is from existing OEM.

B.10 The bidder must ensure that if any hardware or software is required for the smooth migration of existing licenses, it must be bundled with 5 years of warranty

B.11 The CMPMS must be bundled with disaster recovery solution in passive mode environment.

B.12 Solution must provide version upgrade of Patch Management Solution without any dependency on existing version of Patch Management Solution on managed endpoints.

B.13 Solution must ensure secure authentication and communication between managed endpoints and Central Management /Distribution/Relay servers for deployment of patch agent, patches and software updates.

B.14 The solution must have role-based access control features

B.15 Solution must support all latest versions of Windows Operation Systems.

B.16 Solution must support deployment on virtual machine (VM) environment including offline patching of virtual machines.

B.17 Solution must support to send managed endpoints logs automatically on the central Server.

B.18 OEM must provide RCA (Root Cause Analysis) report of technical problem/ incident / issue reported and resolved within 5 working days.

B.19 Solution must support deployment on endpoints in Active Directory/LDAP and workgroup environment.

B.20 The integrity of all the patches deployed on endpoints must be protected by secure hashing algorithm like (SHA-2, etc).

No. 10(02)/2016-NICSI

Page 34 of 105

18.1.3 HARDWARE/SOFTWARE REQUIREMENTS FOR LIGHT-WEIGHT DIRECTORY

ACCESS PROTOCOL

B.21 The solution must be able to start and stop services on endpoints from central console.

B.22 The solution must be able to shut down or restart any endpoint from central console

B.23 The solution must be able to optimize data transfer with bandwidth throttling. Administrator must be able to set exact limit on maximum bandwidth used by each endpoint, group of endpoints or site.

B.24 Solution must be fully IPv4 and IPv6 compliant (dual-stackable)

S.No. Hardware/Software Requirements for LDAP

Compliance

(Y/N)

Remarks

C.1 The LDAP Solution must have capabilities to manage 75,000 endpoints from central console which may be implemented in phased manner at multiple remote locations across the country.

C.2 The LDAP solution must be bundled with all required hardware, software, software subscription (software license) and service support with 5 years warranty across the country.

C.3 The LDAP hardware configuration must be capable of managing minimum 50,000 endpoints to start with and must be scalable to at least 75000 endpoints

C.4 Solution must provide enough storage for logs in the Central Management Server (Separate Log Server if required) to retain logs of managed endpoints for minimum of six months.

C.5 Solution must ensure that if any LDAP servers are deployed, they must not become bottleneck in the performance of Central Management Server due to insufficient hardware or software.

C.6 Solution must ensure proper synchronization between Central Management Server and managed endpoints

C.7 Solution must ensure that all managed endpoints coming under the LDAP solution take updates on regular basis but at the same time the performance of endpoints should not be reduced due to the performance of Central Management /distribution /relay server deployed by the bidder.

C.8 The LDAP must be bundled with disaster recovery solution in passive mode environment.

C.9 Solution must ensure secure authentication and communication between managed endpoints and LDAP solution for deployment of patch agent, patches and software updates.

C.10 The solution must have role-based access control features

C.11 The solution must be integrated with DLP

C.12 Solution must support deployment on endpoints in Active Directory/LDAP and workgroup environment.

C.13 Solution must be fully IPv4 and IPv6 compliant (dual-stackable)

No. 10(02)/2016-NICSI

Page 35 of 105

18.1.4 HARDWARE/SOFTWARE REQUIREMENTS FOR MOBILE DEVICE MANAGEMENT

S.

No.

Hardware/Software Requirements for Centrally Managed

Mobile Security Solution

Compliance

(Y/N)

Remarks

D. D.1. The Centrally Managed Security Solution for Mobile Devices must have capabilities to manage 75,000 endpoints which may be implemented in phased manner at multiple remote locations across the country.

D.2. Bidder must integrate central manager of the respective solution for forwarding the desired logs to SIEM system or centralized logging server for correlation and analysis of logs for generating reports, and archiving.

D.3. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)

D.4. The solution must be bundled with all required hardware, software, software subscription and service support for managing of Antivirus solution with 5 years warranty across the country. D.4.1. The hardware configuration for the solution must

be capable of managing minimum 10,000 endpoints (independent of the number of licenses procured) to start with and must be scalable to at least 75000 endpoints

D.4.2. Solution must support and be able to work in the virtualized environment.

D.4.3. Solution must ensure proper synchronization between Central Management Server and managed endpoints and distribution or relay systems.

D.4.4. Solution must ensure that all managed endpoints coming under the distribution/relay server takes updates on regular basis but at the same time the performance of endpoints should not be reduced due to the performance of Central Management /distribution /relay server deployed by the bidder.

D.4.5. The solution must be bundled with disaster recovery/failover or redundancy environment.

D.4.6. The solution must be able to shut down or restart any endpoint from central console

D.4.7. OEM must provide RCA (Root Cause Analysis) report of technical problem/ incident / issue reported and resolved within 5 working days.

D.4.8. Solution must support deployment on endpoints in Active Directory/LDAP and workgroup environment.

D.4.9. The solution must have role-based access control features

18.2. SCHEDULE II – CENTRALLY MANAGED ANTIVIRUS SOLUTION

18.2.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR PROCUREMENT AND RENEWAL OF

CENTRALLY MANAGED ANTIVIRUS SOLUTION LICENSES

S. No. Procurement and Renewal of CMAS Licenses Compliance

(Y/N)

Remarks

A.1. Solution must have single agent with following Antivirus

No. 10(02)/2016-NICSI

Page 36 of 105

Features for endpoint security

A. A.1.1. Antivirus and Anti-Spyware

A.1.1.1. Solution must scan, detect, clean, delete and quarantine the infected files.

A.1.1.2. Solution must clean/ delete/ block malicious codes/software in real time, including viruses, worms, Trojan horses, bot, spyware, adware, mass mailing worms and Rootkit for Windows based Operating systems /Root kit along with webshell(s) for UNIX/Linux based operating systems

A.1.1.3. Solution must support boot sector and Master boot record A.1.1.4. Solution must have embedded behavioral analysis and

protection technology apart from signature based clean/delete/quarantine for unknown threats.

A.1.1.5. Solution must scan, detect, clean or delete malicious code for protocols like POP3 /IMAP/TCP/FTP etc.,

A.1.1.6. Solution must support to install antivirus agent through various techniques like web based, MSI package or other methods in workgroup and Active Directory/LDAP environment.

A.1.1.7. Solution must support CPU utilization threshold must not exceed 20% during real time and conventional scan for improving the performance of endpoints during the execution of user routine task.

A.1.1.8. Solution must support to scan single file/directory/entire system and detect, clean, delete or quarantine the infected file.

A.1.1.9. Solution must support file reputation and web reputation and blocking of URL on all browsers like Opera, Safari, Chrome , IE etc

A.1.1.10. Solution must support scheduled scan configuration for full-disks scan at designated time from central manager for clean, delete or quarantine infected file.

A.1.1.11. Solution must support to prevent endpoint users from uninstalling or disabling the managed antivirus services.

A.1.1.12. Solution must support to exclude the specified files/directories from real time and manual scan.

A.1.1.13. Solution must provide a utility program for clean uninstallation process of the corrupted antivirus.

A.1.1.14. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)

A.1.1.15. Solution must support virtualized environment A.1.1.16. Solution must submit the suspected files for which

signature has been developed to NIC Network Security Team

A.1.2. Desktop Firewall

Solution must allow for creation and deployment of user defined firewall policy for endpoints to permit or deny network access based on IP Address, logical Ports, and Services on a single IP Address, range, and segments

A.1.3. Endpoint Based Intrusion Prevention System

A.1.3.1. Solution must provide Endpoint based Intrusion Prevention System to proactively block and safely eliminate malwares and potentially unwanted program from endpoints.

A.1.3.2. Endpoint Based Intrusion Prevention Solution must be bundled with CMAS for client system (managed endpoints).

A.1.4. Device Control

No. 10(02)/2016-NICSI

Page 37 of 105

A.1.4.1. Solution must support to block external devices like USB, Data Card, IOS , Android , Symbian and other devices based on standard OS flavors

A.1.4.2. Solution must be able to provide access to authorized external devices and services based on privileges.

A.1.4.3. Solution must allow devices which have Serial number , MAC address

A.1.4.4. Solution should support data classification where user should not be allowed to copy the data in other device and location

A.1.4.5. Solution must support both device instance/ID and model exceptions. For example a USB with a specific serial no given can be exempted

A.1.4.6. Solution must support exemptions and provisioning of remark to identify who has requested for exemption and when.

A.1.5. Application Control

A.1.5.1. Solution must allow for creating whitelisting of application programs, DLLs and executable files and block all remaining programs, DLLs. executable files for execution.

A.1.5.2. Solution must support self motivated Whitelisting, and block applications attempting to execute on any endpoint, unless explicitly allowed by administrator.

A.1.5.3. Solution must support anti spoofing a A.1.5.4. Solution must support to create classify

applications which are attempting network access, and block unauthorized connections and data transfers by malicious programs.

A.1.5.5. Solution must support to protect against zero-day attacks

A.1.5.6. Solution must support to accept automatically new software added through authorized processes.

A.1.6. Supported Operating Systems

A.1.6.1. Solution must support all the supported versions/latest versions of Microsoft Windows Operating Systems.

A.1.7. Reports

A.1.7.1. Solution must support to generate infected systems report with their source and destination IP address.

A.1.7.2.Solution must support to generate malware, name-wise reports based on source and destination IP address.

A.1.7.3. Solution must support to generate user defined reports from database. In case reports are provided in raw logs, vendor must be able to generate meaningful reports by exporting into a database.

A.1.7.4. Solution must support to generate following reports: A.1.7.4.1. Current Virus Definition. A.1.7.4.2. Virus Definition updates. A.1.7.4.3. Report generated must be exported to

other applications like HTML, Microsoft Excel, CSV or PDF.

A.1.7.4.4. Graphical Charts for malwares, infected endpoints etc. for managed clients.

A.1.8. Antivirus Client System logs for all supported Microsoft Windows OS

No. 10(02)/2016-NICSI

Page 38 of 105

18.2.2 MAINTAINING AND MANAGING EXISTING CMAS LICENSES

S.No. Maintaining and Managing Existing CMAS

Licenses

Compliance

(Y/N)

Remarks

B. Solution for Renewal and Integration of

Existing Antivirus Licenses in the same CMAS

B.1. Bidder must provide support services for already deployed one of the three existing CMAS solutions, namely, Trend Micro, Symantec and McAfee including the following: B.1.1. CMAS version upgrade B.1.2. Support all existing components and

sub-components of CMAS B.1.3. Software subscription and annual

renewal of existing licenses. B.1.4. Support for creating new Antivirus

signature after submitting all desired logs for zero day attack or any infected endpoint.

B.1.5. Bidder must integrate central manager of the respective solution for forwarding

A.1.8.1. Solution must support to send following endpoint logs based on IP and MAC address automatically up to CMAS.

A.1.8.2. Solution must support that the managed endpoints must send Antivirus event logs.

A.1.8.3. Solution must support to send logs of device control and application control to the central manager

A.1.8.4. Solution must support that the managed endpoints must send Antivirus firewall logs i.e. compliance violations and access log.

A.1.8.5. Solution must support that the managed endpoints must send Endpoint Based Intrusion Prevention System compliance violations and access log.

A.1.8.6. Solution must support to integrate with 3rd Party Log Analyzer Application Software like Arc-Sight.

A.1.9. Log Collection Utility Programs for all supported Windows OS. A.1.9.1. Solution must provide a Utility program for all

supported Windows operating systems for collecting logs of infected endpoints for analyzing and developing signatures.

A.1.10. Root Cause Analysis Reports : A.1.10.1. OEM must provide RCA (Root Cause Analysis)

report of technical problem/ incidence / issues reported and resolved.

A.1.11. Log Analysis A.1.11.1. Vendor must support log analysis of infected

systems and submit required suspected files to OEM lab for new signature

A.2. Annual Software Subscription

A.2.1. Vendor must support software upgrades, new malware antivirus signatures, and technical know-how transfer training.

No. 10(02)/2016-NICSI

Page 39 of 105

the desired logs to SIEM system or centralized logging server for correlation and analysis of logs for generating reports, and archiving.

Note: Approximately there are 41000

Licenses of Trend Micro, 20000 Licenses

of Symantec and 20000 Licenses of

McAfee

B.2. In case same OEM solution is empaneled the existing licenses must be integrated by the bidder of the respective solutions (Trend Micro, Symantec and McAfee) in the same CMAS.

B.3. Bidder is not allowed to deploy separate central managers for the existing licenses and the new licenses if both are from the same OEM. The new licenses must be integrated in the existing CMAS central manager of the respective solutions.

B.4. In case the vendor doesn’t support the existing CMAS OEM and as the vendor has quoted for a different OEM CMAS, the vendor must provide software subscription and all required service support for existing licenses: B.4.1. CMAS version upgrade B.4.2. Support all existing components and

sub-components of CMAS B.4.3. Software subscription and annually

renewal of existing licenses. B.4.4. Support for creating new Antivirus

signature after submitting all desired logs for zero day attack or any infected endpoint.

Note: Approximately there are 41000 Licenses of

Trend Micro, 20000 Licenses of Symantec and 20000

Licenses of McAfee

B.5. Bidder must ensure that if any hardware/ software/ software subscription is required for the integration of existing licenses it must be bundled with 5 years of warranty.

B.6. Root Cause Analysis Reports :

B.6.1. OEM must provide RCA (Root Cause Analysis) report of technical problem/ incidence / issues reported and resolved.

Note

1. The cost of maintaining and managing existing licenses would be same as the cost quoted

for 18.2.1 PROCUREMENT AND RENEWAL OF CMAS LICENSES

2. There will be no additional cost for the installation of the existing licenses

18.2.3 TECHNICAL SPECIFICATION/REQUIREMENT OF VALUE ADDED FEATURES FOR CMAS

S.No. Value Added Features (VAF) for CMAS TMVAF

Marks

Documents

evidence

No. 10(02)/2016-NICSI

Page 40 of 105

100

C. C.1.

Same Rates for Antivirus Agents for all

supported OS platforms:

10

C.1.1. Solution must quote same rates for all supported Microsoft Windows and non-windows Operating Systems.

C.2. Customized Messages 2

C.2.1. Solution should able to display customized user defined alert messages on managed endpoints.

C.2.2. Solution must support to prompt a message whenever any external devices are plugged into the endpoints and scan the external device storage and detect, clean, delete or quarantine the infected file.

C.3. Log Collection Utility Programs 3

C.3.1. Log Collection Utility Programs for other than Windows Operating Systems:

C.3.1.1. Solution must provide a Utility Software Tool for all variant of OS other than Windows Operating System for collecting logs of infected endpoints for analyzing and developing signatures which can clean the endpoints from Malware infection.

C.4. Supported Operating Systems 60

C.4.1. Linux 20

C.4.2. Mac OS 5

C.4.3. Solaris 5

C.4.4. Cent OS 15

C.4.5. Ubuntu 10

C.4.6. BOSS 5

C.5. Antivirus for Private Cloud environment 2

C.5.1. Solution should support for antivirus in the cloud environment

C.6. Software Deployment kit : 3

C.6.1. Solution must have ability to push any third party application software program and execute on managed endpoints from Central Management Console to the managed endpoints.

C.7. Solution must provide support to automatically collect

infected system desired logs from the end points on to

the central server for uploading in OEM lab

3

C.8. Solution must provide anti IP and MAC addresses

spoofing.

2

C.9. Gartner Magic Quadrant 15

Should be present in the Leader Space in

the Gartner Magic Quadrant for

2015 5

2014 5

2013 5

Should be present in the Challenger 2015 2.5

No. 10(02)/2016-NICSI

Page 41 of 105

Note - Bidders who score atleast 60% in these Value Added Features will only be considered for

further evaluation.

18.3. SCHEDULE III – ENDPOINT BASED INTRUSION PREVENTION

SYSTEM FOR SERVERS

18.3.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR ENDPOINT BASED INTRUSION

PREVENTION SYSTEM FOR SERVERS

S.No. Centrally Managed Endpoint Based Intrusion

Prevention System

Compliance

(Y/N)

Remarks

A. Centrally managed Endpoint Based Intrusion

Prevention System for Servers :

A.1. Solution should support the logging of all access violation based on the attack pattern based using IP/MAC addresses of end points

A.2. Solution must be able to work in detection and protection mode.

A.3. Solution should support the control and logging of all inbound and outbound traffic from the endpoint systems..

A.4. Solution must ensure proactive blocking and elimination of malwares .

A.5. Solution must able to provide complete solution for Endpoint based Intrusion Prevention for Servers in datacenter environment like zero day attack, access log analysis etc.

A.6. Solution should support monitoring and protection of file integrity in physical and virtual systems.

A.7. Solution must ensure protection of OS, web & database server attacks through dynamic and stateful firewall which defense against advanced threats and malicious traffic. It must also provide signature and behavioral intrusion prevention system (IPS) protection.

A.8. Solution must be able to monitor and protect various platforms like Windows Solaris, Linux, AIX, HP-UX and have the capability to leverage Virtual Agent protect servers against advanced threats such as botnets, distributed denial-of-service (DDoS) agents and emerging malicious traffic before attacks.

A.9. Solution must be able to identify policy violations, suspicious administrators or intruder activity on a real time basis

A.10.Solution should have pre-defined set of rules/policies which should prevent and alert the abnormal activities and tempering of data.

A.11. Solution must be able to provide virtual support with the same specifications

A.12. Solution must enforce the broadest IPS and zero-day threat protection coverage across all levels.

Space in the Gartner Magic Quadrant

for the last three years

2014 2.5

2013 2.5

No. 10(02)/2016-NICSI

Page 42 of 105

A.13. Solution must detect and remove viruses, spyware, rootkits, Trojans, adware and potentially unwanted applications in real time with minimal performance impact.

A.14. Solution must have a dashboard for management of components such as anti-malware, web reputation, firewall, intrusion prevention, integrity monitoring, log inspection, and data security

A.15. Solution must support to configure policy based application profiling and rest should be denied

A.16. Solution must have restricted application and operating system behavior using policy-based least privilege access control.

A.17. Solution must be able to forward relevant logs to SIEM system or centralized logging server for correlation reporting, and archiving.


A.19. Root Cause Analysis Reports

A.19.1. OEM must provide RCA (Root Cause Analysis) report of technical problem/ incidence / issues reported and resolved.

18.3.2 VALUE ADDED FEATURES FOR ENDPOINT INTRUSION PREVENTION SYSTEM

S. No. Value Added Features (VAF) for Endpoint

Intrusion Prevention System

TMVAF

Marks

100

Documents

evidence

B.1 Gartner Magic Quadrant 30


the Gartner Magic Quadrant for the last

three years

2015 10

2014 10

2013 10

Should be present in the Challenger

Space in the Gartner Magic Quadrant for

the last three years

2015 5

2014 5

2013 5

B.2 Virtualized Environment 20

Management of both agent based deployment

and agentless deployment ( for virtualized

environment ) should happen from a single

console and any new VM provisioned in the

virtual environment should get auto protected.

Should provide agentless anti-malware security

services for the virtualized network

B.3 Recommendations 10

Should provide automatic recommendation against

existing vulnerabilities and removing assigned

policies if a vulnerability no longer exists

B.4 Should have minimum of EAL 4+ Certification 10

B.5 Should provide granular access control of network,

file systems, registry, process-to-process memory

10

No. 10(02)/2016-NICSI

Page 43 of 105


further evaluation.

18.4. SCHEDULE IV – CENTRALLY MANAGED DATA LEAKAGE

PREVENTION SOLUTION

18.4.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR DLP (DATA LEAKAGE

PREVENTION) SOLUTION

S.No. Centrally Managed DLP Solution Compliance

(Y/N)

Remarks

A.1. Centrally managed Data Leakage Prevention

(DLP) Solution

A.1.1. Solution must detect and prevent leakage of confidential content inside documents

A.1.2. Solutions must have capability to install and uninstall the agent remotely even for protected managed endpoints from the management console.

A.1.3. Solution must be able block the leakage of sensitive data from different public and private email channels.

A.1.4. Solution must support all type of document, files types systems, like Microsoft Office, OpenOffice and Linux document editor’s files types.

A.1.5. Solution must virtual support with the same specifications

A.1.6. Solution must support to analyze, protect and monitor screenshot operations of critical/sensitive documents.

A.1.7. Solution must have the capability to integrate with LDAP to create user or group-based detection rules.

A.1.8. Solution must support to protect the data leakage from Social Networking sites and Chat server application sources like Facebook, LinkedIn, Twitter, Live Journal, Myspace, etc. (not limited to these sites only).

A.1.9. Solution must support role-based administration control

A.1.10. Solution must allow only selected security group administrator to install and uninstall the application.

A.1.11. Solution must ensure monitoring of the remote systems on a real time basis including checking of version updates and ensuring policy consistency and integrity.

access, system calls, and application and child process

launches

B.6 Should provide be signature less security to servers to

protect security when signatures are not available or

in an air gap network

10

B.7 Should automate and simplify security provisioning

for virtual applications by assessing the security

requirements for applications and applying the

appropriate security policies

10

No. 10(02)/2016-NICSI

Page 44 of 105

A.1.12. Solution must support to protect the data being transmitted to ensure the data integrity and avoid sniffing.

A.1.13. Solution must monitor, detect and block sensitive data while in-use (endpoint systems/Server actions), in-motion (network traffic), and at-rest (data storage).

A.1.14. Solution must be able to identify true data owners even if a sender has changed the file extension to hide content.

A.1.15. Solution must support to monitoring, blocking, encrypting, quarantining data and notifying administrator and end users in real time and offline environment

A.1.16. Solution must notify users regarding policy violations, exposed files and folders, and detection of confidential data sent over the new version of the Internet Protocol/ IPv6.

A.1.17. Solution must have the capability of reporting and administration from a centrally managed web-based console manager.

A.1.18. Solution must support to distinguish between different types of PII (Personally identifiable information) with/without the presence of a keyword/pattern.

A.1.19. Solution must protect documents containing sensitive content (such as intellectual property, source code, and/or financial documents) with/without relying on keywords or patterns.

A.1.20. Solution must have the capability to allowing exceptions for data owners governed by a a fingerprint policy.

A.1.21. Solution must have method of detecting documents even if it contains portions of text in different file formats through fingerprinting/pattern matching ,

A.1.22. Solution must support to control and block confidential data copied to input/output devices through USB, CD/DVD, IrDA, Bluetooth, COM and LPT ports, IM, SSL, Skype, HTTP, HTTPS, FTP, SMTP, ESMTP, POP, POP3, IMAP4 MAPI, FTP, TFTP, Wi-Fi and FileZilla Sessions etc.

A.1.23. Solution must monitor and protect instant messaging traffic when it tunnels through HTTP, port 80.

A.1.24. Bidder must integrate central manager of the respective solution for forwarding the desired logs to SIEM system or centralized logging server for correlation and analysis of logs for generating reports, and archiving.

A.1.25. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)

A.2. Root Cause Analysis Reports :


No. 10(02)/2016-NICSI

Page 45 of 105


DLP


further evaluation.

S.No. Value Added Features (VAF) for DLP TMVAF

Marks

100

Documents

evidence

B. B.1.

Gartner Magic Quadrant 30

Should be present in the Leader Space in the

Gartner Magic Quadrant for the last three years

2015 10

2014 10

2013 10

Should be present in the Challenger Space in

the Gartner Magic Quadrant for the last three

years

2015 5

2014 5

2013 5

B.2. Fingerprint policy enforcement 10

The solution should enforce fingerprinting/pattern

matching policy on both network and endpoint channel,

even when the endpoint is off network

B.3. Incident Management 20

B.3.1. The solution should allow a specific

incident manager to manage incidents

of specific policy violation, specific user

groups etc.

B.3.2. The solution should have options for

managing and remediating incidents

through email by providing incident

management options in the email.

B.4. Role based Access 20

The system should have options to create a role to see

summary reports, trend reports and high-level metrics

without the ability to see individual incidents

B.5. Data Classification 10

The solution should provide in-built or 3rd party tool to

classify the data. This data classification tool shall help

the organization in in-depth data classification and

tagging the confidential data.

B.6. Reporting 5

The solution should have a dashboard view designed for

use by executives that can combine information from

data in motion (network), data at rest (storage), and

data at the endpoint (endpoint) in a single view

B.7. Support for Linux 5

Solution must support Linux document editor’s files

types

No. 10(02)/2016-NICSI

Page 46 of 105

18.5. SCHEDULE V – CENTRALLY MANAGED SECURITY SOLUTION FOR

MOBILE DEVICES

18.5.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR MOBILE SECURITY SOLUTION

S.No. Centrally Managed Mobile Security Compliance

(Y/N)

Remarks

A. Centrally Managed Security Solution for Mobile Devices

A.1. Solution must have a central manager for device management and data security of the complex and heterogeneous mobile devices (IOS, Windows, and Android).

A.2. Solution must have comprehensive visibility and control of the mobile environment so as to safeguard mobile data and devices regardless of platform, device type or service provider.

A.3. Solution must have processes to enroll, deploy, and configure all mobile devices, applications, and content and it must enable end user to access organizational resources through MDM (Mobile Device Management).

A.4. Solution must support to allow mobile administrator to enable policy controls of password and application restrictions, certificate distribution and remote actions like device lock or remote wipe. Security options must include:

A.4.1. Policy options (password control, remote wipe, app restrictions) and it must be targeted to specific user and user groups and department vs. personal devices.

A.4.2. Automated provisioning and delivery of device authentication certificates.

A.4.3. Enforcement of mobile email access policies using email gateway or certificates.

A.4.4. Email restriction policy to limit email access to specific apps for instance native or 3rd party (Android Work Mail).

A.4.5. Compliance enforcement of device, defined by device status (jailbreak encryption), user status (group membership), or threat protection status (security installed, definitions up-to-date and no malware)

A.5. Solution must have the capability to distinguish between organizational and personal data

A.6. Solution must provide device management across platforms and integration with directory services

A.7. Solution must support on premise deployments with role based access control and leverage the product’s APIs for reporting via third-party or internal reporting systems.

A.8. Solution must support to send access violation logs of endpoints based on IP and MAC address automatically up to central manager.

A.9. Solution must provide Secure Web-based console for managing mobile devices through central manager for mobile Security software (such as, antivirus / anti-malware, endpoint protection, firewall, device storage encryption, etc.)

A.10. Solution must detect and remove viruses, spyware, rootkits, Trojans, adware and potentially unwanted mobile applications.

A.11. Solution must enforce certain features on mobile devices

No. 10(02)/2016-NICSI

Page 47 of 105

such as, Device access password, inactivity timeout, storage encryption, device lockout on failed login attempts, secure deletion of data through remote wipe on device theft / loss, etc to provide a secure configuration

A.12. Solution must support encryption status of data on the device and restrict Devices that don't support encryption.

A.13. Solution must be able integrate with LDAP solution and it should be able to send SMS/notifications to the device.


A.15. Solution must provide following features : A.15.1. Remote Wipe of misplaced devices from the

console A.15.2. Selectively remote wipe only official data from

console A.15.3. Remotely lock the device A.15.4. Remotely reset password on the device A.15.5. Query device to get the latest status A.15.6. Able to push organizational security

compliance policies updates through Internet without user interaction.

A.15.7. Able fetch device software installation status. A.15.8. Able to show security details of the devices A.15.9. Must provide anti-phishing web protection and

block fraudulent websites to protect sensitive information.

A.15.10. Must reduce mobile spam by blocking unwanted calls and SMS text messages

A.15.11. Must support an automatic scan, clean, delete or quarantine infected files of SD memory cards for threats when users plug them into device.

A.16. Solution must able to create secure encrypted storage space / container on Mobile Device of official data. It must be able to store only on secure container on mobile device. Access to the secure container must be allowed only from the authorized applications. External / Third-party applications (applications which are not official) must be prevented from accessing this secure container.

A.17. Solution must be able to disable unnecessary / unauthorized hardware components / interfaces, such as, camera, Bluetooth, GPS, external storage (like, SD card) and ensure secure deletion of Official Data while de-provisioning the Mobile Device.

A.18. Solution must ensure limited privileges and restricted installation of third party applications which do not permit modification of Mobile Device configuration

A.19. Solution must synchronize Official data contained on the Mobile Device with backup Server in the Office.





No. 10(02)/2016-NICSI

Page 48 of 105


MOBILE SECURITY


further evaluation.

18.6. SCHEDULE VI – CENTRALLY MANAGED DEVICE CONTROL

SOLUTION

18.6.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR DEVICE CONTROL SOLUTION

S.No. Centrally Managed Device Control Solution Compliance

(Y/N)

Remarks

A. Centrally Managed Device Control Solution for

Endpoint Security

A.1. Solution must support to send logs required for analysis of endpoint based on IP and MAC address automatically up to central manager.

A.2. Solution must support to enforce Security Policies for Removable Devices, Media and Data like Optical discs ( CDs , DVDs , Blu Ray disks) , Memory cards ( Compact Flash card, Secure Digital Card , Memory Stick), Zip disks/other Floppy disks , Disk packs, Magnetic Tapes, Paper Data storage ( punched cards, punched tapes),

S.No. Value Added Features (VAF) for Mobile

Security

TMVAF

Marks

100

Documents

evidence

B. B.1.



the Gartner Magic Quadrant for the last

three years

2015 10

2014 10

2013 10

Should be present in the Challenger



2015 5

2014 5

2013 5

B.2. Call and Text Blocker 20

Blocks annoying and unwanted calls and text messages.

B.3. Sim Card Lock 10

Instantly locks your phone if the SIM card is removed, so thieves can’t use it with a different SIM card.

B.4. Solution must be able to support two-factor authentication and provisioning to permit the access of applications

10

B.5. Platform Coverage 30

B.5.1. IOS 10

B.5.2. Android 10

B.5.3. Windows 10

No. 10(02)/2016-NICSI

Page 49 of 105

USB flash drives, External hard disk drives (traditional IDE, EIDE , SCSSI and SSD), Digital Cameras, Smartphones and Wired or Wireless printers

A.3. Solution must support following: A.3.1. Assign permissions for authorized

removable devices and media to individual user or user groups.

A.3.2. Restrict the daily amount of data copied to removable devices and media on a per-user basis and also, limits to specific time frames.

A.3.3. Solution must Control of file types that may be moved to and from removable devices / media on per-user basis and helps reduce malware propagation.

A.3.4. Solution must support to grants temporary access to the user or user groups / scheduled access to removable devices / media; used to grant access “in the future” for a limited period.

A.3.5. access / usage policies should remain regardless of connection status, and can be personalized whether the endpoint is connected to the network or not.

A.3.6. Solution must provide tamper proof agents on managed endpoint on the network so that agents are protected against unauthorized removal – even by user having administrative privileges

A.3.7. Solution must provide organization-wide control and enforcement using scalable client-server architecture with a central database that is optimized for performance and also supports virtualized server configurations.

A.3.8. Bidder must integrate central manager of the respective solution for forwarding the desired logs to SIEM system or centralized logging server for correlation and analysis of logs for generating reports, and archiving.

A.3.9. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)




DEVICE CONTROL SOLUTION

S.No. Value Added Features (VAF) for Device Control TMVAF

Marks

100

Documents

evidence

B. B.1.


Should be present in the Leader Space in the 2015 10

No. 10(02)/2016-NICSI

Page 50 of 105

Note

-

Bidd

ers

who

scor

e

atlea

st

60%

in

thes

e

Valu

e

Add

ed Features will only be considered for further evaluation.

18.7. SCHEDULE VII – CENTRALLY MANAGED NETWORK ACCESS

CONTROL

18.7.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR NAC (NETWORK ACCESS CONTROL)

SOLUTION

S.No. Centrally Managed NAC for Endpoint Security Compliance

(Y/N)

Remarks

A. Network Access Control (NAC) Solution

A.1. Solution must be able provide software / hardware base Network Access Control (NAC) for network security that attempts to unify endpoint/server security technology (such as antivirus, host based intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement for achieving organizational security compliance level.

A.2. Solution must quarantine some system so that user is provided routed access only to certain IP segments/servers/hosts and applications

A.3. Solution must be able to redirect users system to a specific web portal that provides instructions /patches / antivirus and tools for updating their system. Until their system passes automated inspection for meeting compliance, no network is allowed.


A.5. Solution must allow authentication and centralized authorization of users and endpoints via wired, wireless, and VPN with consistent policy throughout the enterprise

Gartner Magic Quadrant for the last three

years

2014 10

2013 10



years

2015 5

2014 5

2013 5

B.2 Enforce wireless connection control, including Wi-Fi,

Bluetooth, and IrDA connections

15

B.3 Solution should be able to whitelist USB based on

device id or vendor id

15

B.4 Solution should be able to allocate certain USB for

limited users and block for rest of the users

15

B.5 Should track to discover all users connecting what devices

to each and every desktop

15

B.6 Should query desktops transparently locating and

documenting all devices that are or have been locally

connected

10

No. 10(02)/2016-NICSI

Page 51 of 105

which can be customized at any time. A.6. Solution must offer comprehensive visibility

of the network by automatically discovering, classifying, and controlling endpoints connected to the network to enable the appropriate services per endpoint.

A.7. Solution must address vulnerabilities on user machines through periodic evaluation and remediation to help proactively mitigate network threats such as viruses, worms, and spyware.

A.8. Solution must enforce security policies by blocking, isolating, and repairing noncompliant machines in a quarantine area without requiring administrator attention.

A.9. Solution must offer a built-in monitoring, reporting, and troubleshooting console to assist helpdesk operators and administrators to streamline operations.

A.10. Solution must be able to identify devices in greater detail with Active Endpoint Scanning

A.11. Solution must augment network-based profiling to target specific endpoints (based on policy) for specific attribute device scans, resulting in higher accuracy and comprehensive visibility of components present on the network

A.12. Solution must enable administrators to specify an endpoint and select an action - for example, move to a new VLAN, return to the original VLAN, or isolate the endpoint from the network entirely - all in a simple interface

A.13. Solution must utilize standard protocols for authentication, authorization, and accounting (AAA) meeting full compliances with networked devices.

A.14. Solution must support a wide range of authentication protocols, including PAP, MS-CHAP, Extensible Authentication Protocol (EAP)-MD5, Protected EAP (PEAP), EAP Flexible Authentication via Secure Tunneling (FAST), and EAP-Transport Layer Security (TLS).

A.15. Solution must provide a wide range of access control mechanisms, including downloadable access control lists (dACLs), VLAN assignments.

A.16. Solution must have predefined device templates for a wide range of endpoints, such as IP phones, printers, IP cameras, smartphones, tablets etc and allow administrators to create their own templates

A.17. Solution must allow end users to interact with a self-service portal for device on-boarding and registration for standard PC and mobile computing platforms.

A.18. Solution must allow administrators to quickly take corrective action (Quarantine, Un-Quarantine, or Shutdown) on risk compromised endpoints within the network to help reduce risk and increase security in the network.

A.19. Solution must enable administrators to

No. 10(02)/2016-NICSI

Page 52 of 105

centrally configure and manage profile authentication, and authorization services in a single web-based GUI console, greatly simplifying administration by providing consistency in managing all these services.

A.20. Solution must include a built-in web console for monitoring, reporting, and troubleshooting issues

A.21. Solution must offer comprehensive historical and real-time reporting for all services, logging of all activities, and real-time dashboard metrics of all users and endpoints connecting to the network.

A.22. Solution must support consistent policy in centralized and distributed deployments that allows services to be delivered where they are needed

A.23. Solution must have capability to determine whether users are accessing the network on an authorized, policy-compliant device.

A.24. Solution must provide information about endpoints that are registered through the device registration portal by a specific user for a selected period of time. The report should provide the following details :- A.24.1. Logged in Date and Time. A.24.2. Portal User (who registered the

device). A.24.3. MAC Address. A.24.4. Identity Group. A.24.5. Endpoint Policy. A.24.6. Static Assignment. A.24.7. Static Group Assignment. A.24.8. Endpoint Policy ID. A.24.9. NMAP Subnet Scan ID. A.24.10. Device Registration Status.

A.25. Solution must have capability to look at various elements when classifying the type of login session through which users access the internal network, including the following :"

A.25.1. Client machine operating system and version.

A.25.2. Client machine browser type and version.

A.25.3. Group to which the user belongs. A.25.4. Condition evaluation results (based

on applied dictionary attributes). A.26. Solution must classify a client machine, and

must support client provisioning resource policies to ensure that the client machine is set up with an appropriate agent version, up-to-date compliance modules for antivirus and antispyware vendor support, and correct agent customization packages and profiles, if necessary.

A.27. Solution must support the user logs, based on the profile that is associated with that user's authorization and set up the user's personal device to access the network. This must be supported over Microsoft windows, iOS and Android devices."

A.28. Solution must support usage of simple filters based on field descriptions, such as the

No. 10(02)/2016-NICSI

Page 53 of 105

endpoint profile, MAC address, and the static status that is assigned to endpoints when they are created in the Endpoints page.

A.29. Solution must support an advanced filter based on a specific value associated with the field that can be preset for use later and retrieved, along with the filtering results.

A.30. Solution must support importing endpoints from a comma separated values (CSV) file and the LDAP server in which the list of endpoints appears with the MAC address

A.31. Solution must support Role-based access policies s which a to restrict the network access privileges for any user or group.

A.32. Solution must support Identity source sequences which defines the order in which the solution will look for user credentials in the different databases. Solution must support the following databases:-

A.32.1. Internal Users. A.32.2. Internal Endpoints. A.32.3. LDAP. A.32.4. RSA. A.32.5. RADIUS Token Servers. A.32.6. Certificate Authentication Profiles.

Yes/No A.33. Solution must Support the following

Authentication Protocols: A.33.1. Extensible Authentication Protocol-

Flexible Authentication via Secure Tunneling (EAP-FAST) and Protected Extensible Authentication Protocol (PEAP)—support for user and machine authentication and change password against LDAP using EAP-FAST and PEAP with an inner method of Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2) and Extensible Authentication Protocol-Generic Token Card (EAP-GTC).

A.33.2. Password Authentication Protocol (PAP)— support for authenticating against LDAP using PAP and also allows to change LDAP user passwords.

A.33.3. Microsoft Challenge Handshake Authentication Protocol version 1 (MS-CHAPv1)—support for user and machine authentication against Active Directory using MS-CHAPv1.

A.33.4. MS-CHAPv2—support for user and machine authentication against Active Directory using EAP-MSCHAPv2.

A.33.5. EAP-GTC—support for user and machine authentication against Active Directory using EAP-GTC.

A.33.6. Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)—Should use the certificate retrieval option to support user and machine authentication against Active Directory using EAP-TLS.

A.33.7. Protected Extensible Authentication

No. 10(02)/2016-NICSI

Page 54 of 105

Protocol- Transport Layer Security (PEAP-TLS)—support for user and machine authentication against Active Directory using PEAP-TLS.

A.33.8. LEAP—support for user authentication against Active Directory using LEAP.

A.34. Solution must be able to differentiate policy based on device type + authentication

A.35. Solution must have ability to authenticate at least one port and multiple users on the same switch port without interrupting service.

A.36. Solution must support MAC and can further utilize identity of the endpoint to apply the proper rules for access.

A.37. Solution must support Non 802.1x technology on assigned ports and 802.1x technology on open use ports.

A.38. Solution should support authenticating Machines and users connected to the same port on the switch in a single authentication flow.

A.39. Solution must have profiling capabilities integrated into the solution in order to detect headless host.

A.40. The profiling features leverage the existing infrastructure for device discovery. Solution must support the use of attributes from the following sources or sensors:-

A.40.1. Profiling using MAC OUIs. A.40.2. Profiling using DHCP

information. A.40.3. Profiling using RADIUS

information. A.40.4. Profiling using HTTP

information. A.40.5.Profiling using DNS information. A.40.6. Profiling using NetFlow

information. A.40.7. Profiling using SPAN/Mirrored traffic.

A.41. Solution must be able to classify endpoints based on information like DHCP, CDP, and LLDP attributes using IOS sensor capabilities enabled on switches.

A.42. Solution must be appliance or server based hardware application capable of interfacing to all networked devices without impacting existing throughput or performance.




18.7.2 TECHNICAL SPECIFICATION/REQUIREMENT OF VALUE ADDED FEATURES FOR NAC

(NETWORK ACCESS CONTROL) SOLUTION

S.No. Value Added Features (VAF) for NAC (NETWORK TMVAF Documents

No. 10(02)/2016-NICSI

Page 55 of 105

Note -

Bidde

rs

who

score

atleas

t 60%

in

these

Value

Adde

d

Featu

res

will

only

be

consi

dered

for

furth

er

evaluation.

18.8. SCHEDULE VIII – CENTRALLY MANAGED ENCRYPTION SOLUTION

18.8.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR ENCRYPTION OF ENDPOINT

S.No. Centrally Managed Encryption Solution for

Endpoint Security

Compliance

(Y/N)

Remarks

A. Encryption Solution for Endpoints

A.1. Solution must support that the Endpoint Encryption solution management architecture easily adapts to small and large enterprise environments.

A.2. Solution must support encryption of endpoints for encrypting each drive, sector by sector, ensuring no files are left unencrypted

A.3. Policy Enforced Encryption for removable Storage: Solution must able to centrally encrypt removable devices (such as USB flash drives) and media (such as DVDs/CDs), plus enforces encryption policies when copying to devices / media.

A.4. Solution must support a single-sign-on technology which eliminating the need to re-input multiple passwords. As user access their information, decryption and re-encryption happen instantaneously for a seamless experience

A.5. Solution must support faster encryption speeds for high performing, strong

ACCESS CONTROL) Marks

100

evidence



Gartner Magic Quadrant for the last three years

2015 15

2014 15

2013 15



years

2015 10

2014 10

2013 10

B.2 Support for 3rd Part NAC Appliance 20

If s/w based Solution, then it should support the 3rd party

NAC appliance for ensuring security compliance of the

endpoints

B.3 Integration with central console 20

If the NAC solution is from the existing OEMs, then it

should integrate with their own central console. No

separate

console is accepted.

B.4 For the guest portal, solution must have the ability to

restrict self registration (service) to only those with a

passcode and provide the list of domains that are allowed

for self-registration

15

No. 10(02)/2016-NICSI

Page 56 of 105

encryption, built with hybrid cryptographic optimizer technology and leveraging AES-NI hardware optimization

A.6. Solution must have active directory/LDAP support based on individual and group policies and keys must be synchronized with Active Directory/LDAP.

A.7. Solution must have a key recovery mechanism to recover passphrase and it should have multiple recovery options to allow administrator to determine the right solution for them to minimize potential lockouts and reduce support calls.

A.8. Solution must have a transparent installation and registration of endpoint encryption . The utilization of CPU during initial encryption must be minimized to ensure that user can continue his/her work and it must not affect the productivity of endpoint user while encryption happens in the background.

A.9. Solution must support multi-user deployments in both Active Directory/LDAP and non-Active Directory/LDAP environments.

A.10. Solution must allow user to access encrypted data from removable media safely even on systems that do not have encryption solution.

A.11. Solution must help to reduce the risk of sensitive data loss through unauthorized access to its laptops, desktops, or portable storage devices using whole-disk encryption.

A.12. Solution must ensure to protect all information of endpoint, including the operating system (OS).






ENCRYPTION SOLUTION

S.No. Value Added Features (VAF) for

Encryption solution

TMVAF

Marks

100

Documents

evidence


Should be present in the Leader Space

in the Gartner Magic Quadrant for the

last three years

2015 10

2014 10

2013 10

Should be present in the Challenger 2015 5

No. 10(02)/2016-NICSI

Page 57 of 105


further evaluation.

18.9. SCHEDULE IX – CENTRALLY MANAGED PATCH MANAGEMENT

SOLUTION

18.9.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR PROCUREMENT AND RENEWAL

OF CENTRALLY MANAGED PATCH MANAGEMENT SOLUTION LICENSES



2014 5

2013 5

B.2 Solution should provide a utility to check whether

system is compatible for full disk encryption before

deployment

20

B.3

Solution must provide integration with Data

Leakage Prevention solution with removable media

encryption to analyse data before it’s transferred

and automatically encrypt sensitive outgoing data.

20

B.4 Should allow encryption using X.509 certificates,

including requesting and validating a certificate

15

B.5 Should be scriptable encryption to encrypt, sign,

and decrypt individual files or collections of files

using scripting language

15

S.No. Procurement and Renewal of CMPMS Licenses

Complianc

e (Y/N)

Remark

s

A.1. Functional Requirements on Central Management

Console

It must support management/monitoring of following functions

through central console:

A.1.1. Patch Deployment

A.1.1.1. The solution must be able to manually group endpoints together based on asset and software information for deployment of patches

A.1.1.2. The solution must classify the patches based on the severity levels of the

No. 10(02)/2016-NICSI

Page 58 of 105

vulnerabilities and provide description of severity level

A.1.1.3. The solution must support to download the available patches from the OEM to keep in repository for distribution.

A.1.1.4. The solution must allow administrator to define different patch deployment policies

A.1.1.5. The solution must provide real-time patch deployment status

A.1.1.6. The solution must allow to deploy the patches over a predefined period of time to reduce overall impact to network bandwidth

A.1.1.7. The solution must allow to restart/shutdown the selected endpoints from central console

A.1.1.8. The solution must allow to create custom scripts to deploy patches made by users on the endpoints

A.1.1.9. The solution must be able to install all previously installed patches automatically to endpoints that are subsequently added to network

A.1.1.10. The solution must allow administrator to customize the message displayed in a pop-up message box to all endpoints before installation of any patch

A.1.1.11. The solution must support deployment of new patches on the computer systems running over different supported OS flavours from central console without intervention from the users of the endpoints

A.1.1.12. The solution must be able to push the missing patches on computer systems running over different supported OS flavours from central console.

A.1.1.13. The solution must support to roll-back, uninstall and remove deployed patches for OS, any in-house developed application software and any other third party application software from central console.

A.1.1.14. The solution must support to deploy patches on the endpoints from central console on Subnet, IP Range, User Group or OS platform basis

A.1.1.15. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)

A.1.2. ASSET DISCOVERY

A.1.2.1. The solution must discover and group assets/devices connected in the network such as Desktops, Laptops, Servers, Switches, and Routers etc. on the Subnet, IP Range, User Group or OS platform basis.

A.1.2.2. The solution must be able to discover managed (client systems with patch agent installed) and unmanaged assets (client systems with patch agent not installed) on the network.

A.1.3. ASSET INVENTORY(HARDWARE/SOFTWARE)

A.1.3.1. The solution must detect hardware

No. 10(02)/2016-NICSI

Page 59 of 105

18.9.2 MAINTAINING AND MANAGING EXISTING CMPMS LICENSES

S.No. MAINTAINING AND MANAGING EXISTING Compliance Remarks

configuration of systems like RAM, CPU, Hard Disk and free space on hard disk.

A.1.3.2. The solution must detect running OS, any other software applications and their installed patches.

A.1.4. SOFTWARE DISTRIBUTION

A.1.4.1. The solution must be able to deploy operating system(s) on bare metal machine from central console.

A.1.4.2. The solution must be able to deploy third party application software ( including newer versions) and any other in-house developed application on client systems running over different supported OS flavours.

A.1.4.3. The solution must support to download any third party application software in the same patch management repository for distribution)

A.1.4.4. The solution must support to schedule the deployment of other software across NICNET on Segment , IP range, OS and User Group basis

A.1.4.5. The solution must support to deploy any Patch Management Solution on the systems across NICNET from central console.

A.1.5. REPORT GENERATION

A.1.5.1. The solution must support to generate reports of installed patches, missing patches, failed patches, application software, antivirus solution and their signature version on daily, weekly and monthly basis.

A.1.5.2. The solution must support to generate reports of compliant and non-compliant systems in graphical formats like pie-chart, bar-chart based on user defined security compliance baseline.

A.1.5.3. The solution must support to design and generate various user defined (customized) reports from database and raw log files. Any required customization has to be done by vendor without any additional cost to NIC.

A.1.5.4. The solution must support to generate vulnerability reports of the systems based on standard vulnerability database like CVE, MITRE and NVD.

A.1.5.5.The solution must report existing vulnerabilities in the systems based on the missing patches and other application software(s) installed in the systems.



No. 10(02)/2016-NICSI

Page 60 of 105

CMPMS LICENSES (Y/N)

B.1. Bidder must provide support services for already deployed CMPMS solutions, namely IBM Tivoli Endpoint Manager Patch Management Solution and Microsoft SCCM Patch Management Solution including the following: B.1.1. CMPMS version upgrade B.1.2. Support all existing components and sub-

components of CMPMS B.1.3. Software subscription and annually

renewal of existing licenses. B.1.4. Developing workaround/intermediate

patches for Zero Day attacks ( After notifying the OEM/Bidder about particular zero day attack over OEM web portal).

B.1.5. Bidder must integrate central manager of the respective solution for forwarding the desired logs to SIEM system or centralized logging server for correlation and analysis of logs for generating reports, and archiving. Note: Approximately there are 3850 nos.

Licenses of IBM Tivoli Endpoint Manager

Patch Management Solution and 9500

Licenses of Microsoft SCCM Patch

Management Solution

B.2. In case same OEM solution is empaneled, the existing licenses must be integrated by the bidder of the respective solutions (namely IBM Tivoli Endpoint Manager Patch Management Solution and Microsoft SCCM Patch Management Solution) in the same CMPMS.

B.3. Bidder is not allowed to create a separate CMPMS for the existing license of the respective OEMs or even new licenses are procured from same OEM. It must be integrated in the existing CMPMS central manager of the respective solutions.

B.4. In case same OEM solution is not empaneled Bidder must provide software subscription and all required service support for existing licenses:

B.4.1. CMPMS version upgrade B.4.2. Support all existing components

and sub-components of CMPMS B.4.3. Software subscription and

annually renewal of existing licenses. B.4.4. Developing

workaround/intermediate patches for Zero Day attacks (After notifying the OEM/Bidder about particular zero day attack over OEM web portal).

Note: Approximately there are 3850 nos.

Licenses of IBM Tivoli Endpoint Manager

Patch Management Solution and 9500

Licenses of Microsoft SCCM Patch

Management Solution

B.5. Bidder must ensure that if any hardware/ software/ software subscription is required for the integration of existing licenses it must be bundled with 5 years of warranty

B.6. Root Cause Analysis Reports :

No. 10(02)/2016-NICSI

Page 61 of 105

B.6.1. OEM must provide RCA (Root Cause Analysis) report of technical problem/ incidence / issues reported and resolved.

18.9.3 VALUE ADDED FEATURES FOR CENTRALLY MANAGED PATCH MANAGEMENT

SOLUTION

S.No. Specifications Assigned Marks

Compliance (Y/N) ( Provide supporting document)

C.1 Client Computer Systems OS Platforms other than MS Windows supported for patching

40

RedHat Linux 6 Solaris 4 Ubuntu 4 Open SUSE Linux 4

Fedora 4 Mac OS 4 CentOS 4 Debian 4

Virtualization platforms like Hyper V / VMWare ESXi Server

6

C.2 Patch Agent for Cloud environment

5

Solution should support patch deployment in the cloud environment

C.3 Software deployment kit 10 Solution must have ability to push any

third party application software program and execute on managed endpoints from Central Management console.

C.4 Total number of distinct Log Files

5

Less than or equal to 10 5 Greater than 10 but less than or equal

to 50 4

Greater than 50 but less than or equal to 100

3

More than 100 2 C.5 It shall support to deploy Anti Virus

Solution agent/signatures on the systems across NICNET

10

C.6 Gartner Magic Quadrant Years 30 Should be present in the

Leader Space in the

Gartner Magic Quadrant


2014 10

2013 10 2012 10

Should be present in the 2014 5

No. 10(02)/2016-NICSI

Page 62 of 105


further evaluation.

18.10. SCHEDULE X – LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL

18.10.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR LIGHT WEIGHT DIRECTORY

ACCESS PROTOCOL

Specification for Lightweight Directory

Access Protocol

Compliance

(Y/N)

Remarks

A.1. Solution must provide support for logon

and authentication.

A.2. Solution must be able to store information

about users, computers, and network

resources and make the resources

accessible to users and applications.

A.3. Solution must support integrated DNS

zones for ease of management and

administration/replication.

A.4. The directory service must be able to

monitor health and verify replication

A.5. The directory service must provide support

for Group policies and software restriction

policies.

A.6. The directory service must be able to

modify and extend schemas.

A.7. Solution must support multi-master

directory service replication features,

Directory Server must be scalable and must

have multi-master & multi-site capabilities.

A.8. The Object types supported must include:

A.8.1. Users Object Type;

A.8.2. Groups (Security & Distribution

Groups which can be static or

dynamic)

A.8.3. Foreign Users (Non-

employees/Business partners etc.)

A.8.4. Printers

Challenger Space in the

Gartner Magic Quadrant


2013 5 2012 5

NOTE Any of the above mentioned specification points, if covered by a different Endpoint Security Solution; the same must be mentioned in the compliance column.

MMVAF=100

No. 10(02)/2016-NICSI

Page 63 of 105

A.8.5. Containers for purposes of

grouping, administration and policy

control

A.9. Solution must provide Search capability to

query all directory objects and network

resources by attributes

A.10. Solution must support recovery of a

Single Object as well as the entire directory.

A.11. Solution must ensure that loss of a single

directory server should not affect ability for

users to logon.

A.12. Solution must have unified management

capabilities through a single integrated

directory for OS

A.13. Solution must support that user account

capabilities for a given group or groups of

users can be delegated to any nominated

user.

A.14. Solution must support multiple password

and account lockout policies for different

set of users.

A.15. Solution must ensure that Directory

services should be extensible for custom

development.

A.16. Solution must be able to log old and new

values when changes are made to objects

and their attributes;

A.17. Solution must support the deployment of a

read only additional directory server which

may be deployed in a different location so

as to prevent any changes from the other

location

A.18. Directory services must be able to create

snapshots of the directory database to

determine the restore requirements when

necessary.

A.19. Directory Architecture must have at least 2

servers for load balancing and ensuring

high availability.

A.20. Directory services must provide

capabilities to undo an accidental deletion

of objects.

A.21. Directory Services must provide

command-line scripting for administrative,

configuration and diagnostic tasks with a

consistent vocabulary and syntax.

A.22. Directory Services must be able tp provide

a task-oriented administration model, with

support for larger datasets.

A.23. Directory services must be able identity

No. 10(02)/2016-NICSI

Page 64 of 105

deviations from best practices

A.24. Directory Services must provide a built-in

authentication mechanism

A.25. Directory services must provide with

Offline-domain joining functionality.

A.26. Directory services must provide features to

manage service accounts through their

passwords

A.27. The directory Services must provide

capabilities to manage desktop and user

profile settings from central console

A.28. The Directory services must provide

features to disable/enable various hardware

components like USB Ports, Bluetooth and

Wifi Networks etc

A.29. The Directory services must have

capability to push Different customized

settings to different Users and Computer

Groups

A.30. The solutions must provide capabilities to

push custom scripts during Log on and Log

Off

A.31. The solution must provide capabilities for

administrators to enable policies for PCs in

a virtual environment with the ssame

specifications

A.32. Solution should contain the following

policies:

A.32.1. Password Policy o Account

Lockout Policy

A.32.2. Kerberos Policy

A.33. Computer configuration and user

configuration settings -

A.33.1. Customize computer

configuration settings, such as

customizing the start menu, desktop,

A.33.2. The user configuration

settings, such as roaming profiles

and desktop customization

No. 10(02)/2016-NICSI

Page 65 of 105

A.34. Policy Server must be able to inherit

groups available in LDAP Directory names

and address book for role based security

and personalization purposes.

A.35. Solution must be fully IPv4 and IPv6

compliant (dual-stackable)

A.36. Solution must have the capability to

monitor web/email clients


LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL

N

o

Note -

Bidders who score atleast 60% in these Value Added Features will only be considered for

further evaluation.

18.11. SCHEDULE XI – MANAGED ENTERPRISE ENDPOINT SECURITY

SOLUTION SERVICES

18.11.1 REQUIREMENTS FOR MANAGED ENTERPRISE ENDPOINT SECURITY SOLUTIONS

SERVICES

S.No. Manpower Requirements Compliance

(Y/N)

Remarks

A.1. Manpower Requirements:

A.1.1. The empaneled vendor must deploy an adequate number of Technical Support Manpower centrally and at distributed locations to ensure optimum performance of the solution

A.1.2. The empaneled vendor must ensure that an equally adequate number of personnel should be deployed at other locations so as not to compromise on the performance of the solution

A.1.3. These deployments must be factored in the costs quoted by

S.No. Value Added Features (VAF) for Encryption

solution

TMVAF

Marks

100

Documents

evidence



Gartner Magic Quadrant for the last three

years

2015 15

2014 15

2013 15



years

2015 10

2014 10

2013 10

B.2 Policy Server must integrate with standard Directory

platforms for usage of names and address book user

ids and passwords for authentication purposes

30

B.3 The Directory services must have capability to push

custom branding like wallpaper, screensaver directly to

PCs in the network

25

No. 10(02)/2016-NICSI

Page 66 of 105

the empaneled vendor and should not incur any extra charges

A.1.4. Empaneled vendor must deploy resources which are on their payrolls as on the date of deployment

A.1.5. Sub Contracting of resources is not permitted and if found guilty the empaneled vendor will be appropriately penalized as per Annexure 3 : SLA AND PENALTY, 19.3.4 MANPOWER

A.1.6. A bidder who quotes for a particular solution from an OEM will have the responsibility to provide services to manage all the other existing solutions too

A.1.7. Empaneled vendor must deploy the minimum number of Technical Support Manpower as :

Solution Senior Security Admin

Security Admin

Field Engineers

CMAS 3 7 5 Centrally Managed Patch Management Solution

2 2 1

LDAP 1 2 1 Others 1 1 1

A.2. Educational Qualification :

A.2.1. Qualification must be B.E / B.Tech / M.CA / M.E / M.Tech / M.Sc (IT) / M.Sc (preferably in a related field like Computer Science, Network Security and Software Engineering)

A.3. Experience of Various Positions:

S. No

Resource

Category (As

per the

Qualification)

Experience

in years

Required Experiences

1.1.1.1 1 1

Senior Security Administrator

5

5+ years ‘experience in handling IT projects. The candidates must have experience in relevant Technology Domains and possess leader qualities to lead a team of 20-30 professionals. They must also have the latest relevant certifications or should have been trained by their respective OEMs on the various solutions under this tender.

2 Security Administrator

3 3 + year’s relevant experience in assessing project needs in various domains. The candidate must be able to offer value addition to the projected requirement with respect to future needs and must be capable of managing multiple projects. They must have latest relevant certifications or trained by respective OEMs on the

No. 10(02)/2016-NICSI

Page 67 of 105

various solutions under this tender

3 Field Engineers

A.4. Selection Procedure for deployment of Technical Support

Manpower on site.

A.4.1. Submission of all relevant documents with regards to

qualification and experience A.4.2. Submission of Falsified documents certified and verified by

the empaneled vendor will result in a penalty as per Annexure 3 : SLA AND PENALTY,19.3.4 MANPOWER

A.4.3. Verification of all the submitted documents by NIC/user Project co –ordinator

A.4.4. A written test/ Personal Interview will be taken by the NIC/user Project Co - ordinator for selecting Technical Support Manpower before deployment on site by the empaneled vendor.

A.5. Payment Procedure for Technical Support Manpower :

A.5.1. Empaneled vendor must give undertaking that at least 60% of hiring charges must be paid to the hired manpower/resource.

A.5.2. Empaneled vendor must revise the rates of increment for each deployed resources categories by 10% every year

A.5.3. The technical manpower/resource to be deployed on site must be on the payroll of the empaneled vendor.

A.5.4. The empaneled vendor may have to produce the Monthly Salary Certificate of the deployed technical hired manpower at any time to verify the payment made by the vendor to the manpower/resource or by producing bank account details.

A.5.5. Reimbursement of conveyance, PF, Employee insurance or Bonus must be settled between the empaneled vendor and the manpower/resource from time to time as per Government rules and regulations.

A.5.6. Satisfactory performance linked increment may be admissible to the deployed professional as per the empaneled vendor’s HR policies.

A.5.7. The empaneled vendors must be able to provide services all over India.

A.5.8. The salary must be paid by the 3rd of every month to the hired manpower resource by the empaneled vendor.

A.5.9. No TA/DA is admissible to the deployed resource for the first posting on the project. However, if resource has to undertake a tour in the interest of the project with prior approval of the project head, the Travelling Allowance as per government rates will be applicable.

A.5.10. Service Tax and other taxes as applicable will be paid extra.

A.6. An indicative list of activities which empaneled vendor’s resource

will be required to undertake are as follows:

No. 10(02)/2016-NICSI

Page 68 of 105

A.6.1. The deployed resource must manage different OEM solutions of all tender schedules ,troubling shooting of these solutions and managed endpoints, helping in collecting infected system log file or collecting by resources itself, analyzing system behavior, submitting suspicious file or any other server/endpoint log files to OEM lab for developing signature, lodging compliant of respective solutions, users/systems or issue related to respective products, and coordination with different OEMs of respective solutions and end users problem etc.

A.6.2. Proper documentation of the different solutions under all the schedules in this tender as mentioned in Section 18 : TECHNICAL SPECIFICATIONS

A.6.3. Technical documentation and quality assurance.

A.7. Confidentiality :

A.7.1. The bidder must not use Confidential Information like user name, system name, IP addresses, Segments, suspicious file details, the name or the logo etc which are the property of NIC/user except for the purposes of providing the service as specified under this tender.

A.7.2. The bidder must only disclose Confidential Information with prior written consent from the NIC/user Project Co- ordinator.

A.7.3. In case of any data theft , penalty will be applicable as per Annexure 3 : SLA AND PENALTY,19.3.4 MANPOWER

A.8. Responsibilities of the Agency for implementation according to Annexure 3 : SLA AND PENALTY, 19.3.4 MANPOWER

A.8.1. The manpower required must be deployed by the empaneled vendor within a month of the issue of the work order

A.8.2. If hired resource manpower is not deployed by bidder within a month, empaneled vendor would be penalized

A.8.3. The hired resource should be deployed for 6 days a week from 8 am to 8 pm daily and could be required to come on non working days too in the event of any emergency situations as the needs arises

A.8.4. The empaneled vendor is responsible for the conduct of the employees while deployed on site and will be liable for penalty in case the employee misbehaves or acts inappropriately with the NIC/user staff

A.8.5. Timely production of quality output will be an overarching responsibility of the empaneled vendor.

A.8.6. If due to any unavoidable circumstance the deployed manpower needs to be replaced/ changed then the empaneled vendor must ensure complete knowledge transfer during the replacement ensuring continuity of the project.

A.8.7. Bidder must provide backup resource with same qualifications and experience on site in the absence of hired manpower, failing which, penalty will be imposed on the empaneled vendor

A.8.8. Bidder must provide backup resource with experience of the same solution in the absence of hired manpower, failing which, penalty will be imposed on the empaneled vendor

A.8.9. Regular progress reporting and review of the same with concerned NIC/user Project coordinator will be an integral part of the responsibility of the empaneled vendor.

A.8.10. Timely intimation of any kind of absence to the concerned official is mandatory and any default to this end would be treated as leave and penalty will be imposed on the empaneled vendor

A.8.11. All solutions of the tender must be managed / maintained by the bidder itself

A.8.12. All complaints of the user department must be attended by

No. 10(02)/2016-NICSI

Page 69 of 105

the bidder

The products must be quoted strictly as per the description provided above. Any bid found to

be quoting irrelevant products is liable to be rejected and EMD forfeited. The bidder shall

provide copies of data sheets for each of the products. The bidder shall also provide copies of

satisfactory test report/certificate issued from International Laboratory Accreditation (ILAC)

or their worldwide affiliated/recognized labs or NABL approved labs for tendered products.

19 ANNEXURE

The necessary Annexures for this tender are given in the following pages.

No. 10(02)/2016-NICSI

Page 70 of 105

ANNEXURE 1. ELIGIBILITY CRITERIA

This states the eligibility criteria essential for qualifying as a prospective bidder for

this tender.

19.1.1 BASIC QUALIFICATION CRITERIA

S.No. Criteria Documents to be

submitted as

qualifying documents

(100% Compliance)

Eligible

(Yes/No)

Reference of

enclosed proof

along with page

number where

document occurs

in the bid

1. The bidder/OEM must be a Company

registered in India under the

Companies Act 1956 or a partnership

registered under the Indian Partnership

Act 1932 with their registered office in

India for the last three years as on

31st March 2015.

Copy of valid Certificate

of Registration attested

by Company Secretary/

Authorized Signatory

2. Power of Attorney in the name of

authorized signatory authorizing him

for signing the bid documents or related

clarifications on bid documents

Power of Attorney in the

name of authorised

signatory

3. Only OEM or their Authorized Indian

Agent (but not both simultaneously)

would be eligible to quote for

solution(s) under the schedules of this

tender.

If an agent submits bid on behalf of the

OEM, the same agent shall not submit a

bid on behalf of another OEM for the

same solution/product in the same

tender

If the bidder is an

Authorised Indian Agent,

a signed and Stamped

copy of Manufacturer’s

Authorization Form as

given below from every

OEM of the quoted

solutions

Annexure 6 :

MANUFACTURE

R

AUTHORIZATIO

N FORM, 19.6.1

MAF – A only for

SCHEDULE

I(18.1)-

CENTRALLY

MANAGED

ANTIVIRUS

SOLUTION and

SCHEDULE IX

(18.9) –

No. 10(02)/2016-NICSI

Page 71 of 105


submitted as


(100% Compliance)

Eligible

(Yes/No)

Reference of

enclosed proof

along with page

number where

document occurs

in the bid

CENTRALLY

MANAGED

PATCH

MANAGEMENT

SOLUTION

Annexure 6 :

MANUFACTURE

R

AUTHORIZATIO

N FORM, 19.6.2

MAF – B for all the

schedules

mentioned in

Section 18 :

TECHNICAL

SPECIFICATIONS

except SCHEDULE

I(18.1) –

CENTRALLY

MANAGED

ANTIVIRUS

SOLUTION and

SCHEDULE IX

(18.9) –

CENTRALLY

MANAGED

PATCH

MANAGEMENT

SOLUTION

and a proof of

agreement with the

OEM

4. Bidder must have an average annual

turnover of INR 500 crores during

each of the last 3 financial years (i.e.,

FY 2015-14, FY 2014-13, FY 2012-13)

from sale of IT Products and services

Duly signed & stamped

CA certificate

5. The bidder/OEM must have executed a

minimum of five projects related to

Network Security Solution in any

Government (Central / State / PSUs)


copies of supporting

purchase orders for all

projects ( atleast 2 POs in

No. 10(02)/2016-NICSI

Page 72 of 105


submitted as


(100% Compliance)

Eligible

(Yes/No)

Reference of

enclosed proof

along with page

number where

document occurs

in the bid

departments in India. The order value

placed must exceed INR 3 Crores for

each project during the last three

financial years (2015-14, 2014-13, 2013-

12)

the last financial year i.e.

2015 - 14 along with work

completion certificate

from the client and a copy

of the bank transactions

to verify the orders)

6. The bidder must have a Positive Net

Worth for the last 3 financial years (

2015-14, 2014-13 , 2013 – 12)


CA certificate

7. The bidder must have a registration

number of -

1. VAT where his business is located

2. CST where his business is located

3. Service Tax


copies of relevant

certificates of registration

8. The bidder must have cleared his VAT/

CST dues up to 31st March, 2015 to the

Government.


copy of Tax Clearance

Certificate from the

Commercial Taxes Officer

of the Circle concerned

Auditor/CA signed VAT

returns may be provided

9. Bidder must have a valid PAN Duly signed & stamped

copy of PAN card /

certificate

10. The bidder must be a single legal

entity/ individual organization.

Consortium shall not be allowed.

Undertaking signed by

authorized signatory

11. The bidder must have filed its Income

Tax Returns for the last 3 financial

years (i.e., FY 2014-15, 2013-14, 2012-

13)

Duly signed and stamped

copies of Income Tax

Returns

Digitally signed ITR may

be provided

12. To confirm in Yes or No, whether the

bidder falls under the Micro, Small and

Medium Enterprises Development Act,

If yes, a duly signed &

stamped copy of the

registration Certificate

must be provided to

No. 10(02)/2016-NICSI

Page 73 of 105


submitted as


(100% Compliance)

Eligible

(Yes/No)

Reference of

enclosed proof

along with page

number where

document occurs

in the bid

2006. NICSI. Further, NICSI

must be kept informed of

any change to the status

of the company as per the

mentioned act.

13. The bidder must be ISO 9001:2008 and

ISO 27001: 2013 certified

Bidder should submit

copies of these

certifications

Note - All these documents are mandatory for qualification. Once these basic criteria are met, then the

experience of the bidder vis – a – vis Implementation in Government Sector would be checked

19.1.2 PROJECT IMPLEMENTATION

S.No. Criteria/Su

b Criteria Description

Point

Syste

m

Points

Criteria/

Sub

Criteria

(Total

Points 100 )

Docume

nts /

evidence

Refere

nce

Page

numbe

r

1 Project Implementation of Centrally Managed Antivirus Solution by the Bidder

15

a. Detail of projects implemented by the bidder

Bidder must provide projects implementation details (during last

The marks would be awarded based on the

5 Work Orders Copy/ PO supported

No. 10(02)/2016-NICSI

Page 74 of 105

S.No. Criteria/Su


Point

Syste

m

Points

Criteria/

Sub

Criteria

(Total

Points 100 )

Docume

nts /

evidence

Refere

nce

Page

numbe

r

over the last 5 years up to 31st March, 2015(Supply, Installation, Configuration, Monitoring ,Training and Maintenance Support of CMAS

five financial years only) for integrated projects related to Centrally Managed Antivirus Solution :

size of implementation as mentioned below:

by documentary evidence like Work Completion Certificates and letter by the CA attesting these projects must be submitted

a) Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of CMAS

> 1,00,000 Endpoints - 5 points

b) Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of CMAS

50,000 – 1,00,00 Endpoints - 3 points

c) Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of CMAS

< 50,000 endpoints – 1 point

b. Number of product certified Professionals Positioned by Bidder

a) Qualified Technical Support Engineers in India on OEM payroll.

> 15 Product Technical Support Engineers - 5 Points.

5 Undertaking letter by both (OEM & Bidder) that these professionals are on OEM payroll.

b) Qualified Technical Support Engineers in India on OEM payroll.

10-15 Product Technical Support Engineers -3 Points.

c) Qualified Technical Support Engineers in India on OEM payroll.

<10 Product Technical Support Engineers -1 Point.

No. 10(02)/2016-NICSI

Page 75 of 105

S.No. Criteria/Su


Point

Syste

m

Points

Criteria/

Sub

Criteria

(Total

Points 100 )

Docume

nts /

evidence

Refere

nce

Page

numbe

r

c. OEM Global Malware Threat Intelligence Infrastructure LABs for developing Signatures in India or abroad.

OEM Global Malware Threat Intelligence Infrastructure LABs in India or abroad:

5 Technical Response Document of the bidder.

a) OEM Global Malware Threat Intelligence Infrastructure LABs

> 10 OEM

Global

Malware

Threat

Intelligence

Infrastructure

LABs – 5

points

b) OEM Global Malware Threat Intelligence Infrastructure LABs

5 - 10 OEM

Global

Malware

Threat

Intelligence

Infrastructure

LABs - 3

points

c) OEM Global Malware Threat Intelligence Infrastructure LABs

< 5 OEM

Global

Malware

Threat

Intelligence

Infrastructure

LABs - 1

point

2 Project Implementation of Centrally Managed Patch Management Solution by bidder

15

a. Detail of projects implemented by the bidder over the last 5 years up to 31st March, 2015(Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of

Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to Centrally Managed Patch Management Solution :

The marks would be awarded based on the size of implementation as mentioned below:

10 Work Orders Copy/ PO supported by documentary evidence like Work Completion Certificates and letter by the CA

Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of CMPMS

> 1,00,00 Endpoints - 10 points

No. 10(02)/2016-NICSI

Page 76 of 105

S.No. Criteria/Su


Point

Syste

m

Points

Criteria/

Sub

Criteria

(Total

Points 100 )

Docume

nts /

evidence

Refere

nce

Page

numbe

r

CMPMS Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of CMPMS

1,00,000 – 75,000 Endpoints - 8 points

attesting these projects must be submitted

Supply, Installation , Configuration, Monitoring , Training and Maintenance Support and CMPMS

< 75,000 endpoints – 5 points


Qualified Technical Support Engineers in India on OEM payroll.




10-15 Product Technical Support Engineers -3 Points.


< 10 Product Technical Support Engineers -1 Point

3 Project Implementation of LDAP by bidder 10

a. Detail of projects implemented by the bidder over the last 5 years up to 31st March, 2015 ( Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of LDAP

Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to LDAP :


5 Work Orders Copy/ PO supported by documentary evidence like Work Completion Certificates and letter by the CA attesting these projects must be submitted

Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of LDAP

> 75,000 Endpoints - 5 points

Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of LDAP

75,000 – 50,000 Endpoints - 3 points

Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of LDAP


No. 10(02)/2016-NICSI

Page 77 of 105

S.No. Criteria/Su


Point

Syste

m

Points

Criteria/

Sub

Criteria

(Total

Points 100 )

Docume

nts /

evidence

Refere

nce

Page

numbe

r






5 - 10 Product Technical Support Engineers -3 Points.


< 5 Product Technical Support Engineers -1 Point.

4 Project Implementation of Mobile Security by bidder 10 a. Detail of

projects implemented by the bidder over the last 5 years up to 31st March, 2015 ( Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of Centrally Managed Mobile Security Solution

Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to Centrally Managed Mobile Security Solution :



Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of Centrally Managed Mobile Security Solution


Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of Centrally Managed Mobile Security Solution


Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of Centrally Managed Mobile Security Solution


B Number of product

Qualified Technical Support Engineers

> 5 Product Technical

5 Undertaking letter

No. 10(02)/2016-NICSI

Page 78 of 105

S.No. Criteria/Su


Point

Syste

m

Points

Criteria/

Sub

Criteria

(Total

Points 100 )

Docume

nts /

evidence

Refere

nce

Page

numbe

r

certified Professionals Positioned by Bidder

in India on OEM payroll.

Support Engineers - 5 Points.

by both (OEM & Bidder) that these professionals are on OEM payroll.




<3 Product Technical Support Engineers -1 Point.

5 Project Implementation of HIPS by bidder 10 A Detail of

projects implemented by the bidder over the last 5 years up to 31st March, 2015 ( Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of HIPS

Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to HIPS :



Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of HIPS


Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of HIPS


Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of HIPS








No. 10(02)/2016-NICSI

Page 79 of 105

S.No. Criteria/Su


Point

Syste

m

Points

Criteria/

Sub

Criteria

(Total

Points 100 )

Docume

nts /

evidence

Refere

nce

Page

numbe

r



6 Project Implementation of DLP Solution by bidder 10 a. Detail of

projects implemented by the bidder over the last 5 years up to 31st March, 2015 ( Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of Centrally Managed DLP Solution

Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to Centrally Managed DLP Soution :



Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of Centrally Managed DLP Solution


Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of Centrally Managed DLP Solution


Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of Centrally Managed DLP Solution








Qualified Technical Support Engineers

< 5 Product Technical

No. 10(02)/2016-NICSI

Page 80 of 105

S.No. Criteria/Su


Point

Syste

m

Points

Criteria/

Sub

Criteria

(Total

Points 100 )

Docume

nts /

evidence

Refere

nce

Page

numbe

r

in India on OEM payroll.

Support Engineers -1 Point.

7 Project Implementation of NAC Solution by bidder 10 a. Detail of

projects implemented by the bidder over the last 5 years up to 31st March, 2015 ( Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of Centrally Managed NAC Solution

Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to Centrally Managed NAC Solution :



Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of Centrally Managed NAC Solution


Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of Centrally Managed NAC Solution


Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of Centrally Managed NAC Solution


b. Number of

product

certified

Professionals

Positioned by

Bidder








No. 10(02)/2016-NICSI

Page 81 of 105

S.No. Criteria/Su


Point

Syste

m

Points

Criteria/

Sub

Criteria

(Total

Points 100 )

Docume

nts /

evidence

Refere

nce

Page

numbe

r

8 Project Implementation of Encryption Solution 10 a. Detail of

projects implemented by the bidder over the last 5 years up to 31st March, 2015 ( Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of Centrally Managed Encryption Solution

Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to Centrally Managed Encryption Solution :



Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of Centrally Managed Encryption Solution


Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of Centrally Managed Encryption Solution


Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of Centrally Managed Encryption Solution


b. Number of

product

certified

Professionals

Positioned by

Bidder








9 Project Implementation of Device control Solution 10

No. 10(02)/2016-NICSI

Page 82 of 105

S.No. Criteria/Su


Point

Syste

m

Points

Criteria/

Sub

Criteria

(Total

Points 100 )

Docume

nts /

evidence

Refere

nce

Page

numbe

r

a. Detail of projects implemented by the bidder over the last 5 years up to 31st March, 2015 ( Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of Centrally Managed Device Control Solution

Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to Centrally Managed Device Control Solution :



Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of Centrally Managed Device Control Solution


Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of Centrally Managed Device Control Solution


Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of Centrally Managed Device Control Solution


b. Number of

product

certified

Professionals

Positioned by

Bidder








Note : 1 For all the above, the Completion Certificate of the projects completed in the last 5 years (as on

31.03.2015) must be provided (issued to the responding firm by the respective customers)

No. 10(02)/2016-NICSI

Page 83 of 105

S.No. Criteria/Su


Point

Syste

m

Points

Criteria/

Sub

Criteria

(Total

Points 100 )

Docume

nts /

evidence

Refere

nce

Page

numbe

r

2 Bidders who score 80 and above marks shall qualify . 3 Bidders are required to complete the template and attach it to their bid, as advised in Section 5 :

BID SUBMISSION.

No. 10(02)/2016-NICSI

Page 84 of 105

ANNEXURE 2. HARDWARE/SOFTWARE/MANPOWER SUPPLY

19.2.1 The bidder must ensure that adequate hardware and software sizing must

have been done to meet the SLA requirements as per Annexure 3 : SLA

AND PENALTY, 19.3.2 PERFORMANCE

19.2.2 The bidder must ensure that the performance of the solution must not be

affected at any point in time which means

The responsiveness of the systems which effects the user’s business

efficiency

Utilization of the system resources

Job throughput

19.2.3 The Bidder must ensure the deployment of technical personnel (if required )

at the various distributed locations to meet SLA requirements as per

Annexure 3 : SLA AND PENALTY, 19.3.2 PERFORMANCE

19.2.4 The cost of these personnel will be borne by the bidder and must be factored

in the total cost quoted by the bidder

19.2.5 The bidder must test all the hardware and software resources deployed at

various locations in advance so that there are no performance issues later

19.2.6 The bidder must factor in all costs associated at various distributed locations

with regards to the necessary infrastructure required for the performance of

the solutions as mentioned in Annexure 3 : SLA AND PENALTY, 19.3.2

PERFORMANCE

19.2.7 NICSI/NIC will not be responsible for the estimate and sizing of the hardware

at these locations and it is the bidder’s discretion to procure the necessary

hardware to ensure the performance is as per SLA requirements given in

detail as per Annexure 3 : SLA AND PENALTY, 19.3.2

PERFORMANCE

No. 10(02)/2016-NICSI

Page 85 of 105

ANNEXURE 3. SLA AND PENALTY

19.3.1 DELIVERY AND INSTALLATION

Sr. No. Penalty Conditions Applicable Penalty

(% of PO)

Applicable Penalty (in INR)

1 0.2 % of PO value per day up to 30

days on default of delivery schedule

as mentioned in Section 10 :

DELIVERY PROCESS subject to

maximum penalty on late delivery

up to 10% of PO value


days on default of centrally

managed solution installation

schedule as mentioned in Section

12 :

INSPECTION,INSTALLATION

AND ACCEPTANCE OF

DELIVERED ITEMS subject to

maximum penalty on late

installation up to 10% of PO value


days on replacement of product

subject to maximum penalty up to

10% of PO value

4 After 30 days for non-delivery issue

or if installation/Integration of

paper licenses isn’t completed on

centrally managed solution/server

or at any distributed locations ( it

must be reflected on the central

manager), NICSI may cancel

Purchase Order for non-delivered

items and charge additional 10% of

PO value as cancellation charges

from security deposit

No. 10(02)/2016-NICSI

Page 86 of 105

19.3.2 PERFORMANCE

Sr. No. Items SLA Target

(%)

Penalty Condition (In Case of

Breach)

Applicable

Penalty(%

of PO

Value)

Applicable

Penalty

(INR)

1 Availability of Central

Manager uptime

99.75% For each 0.5 slab (lower) a

penalty of 1.0% on total PO

value shall be applicable on the

empaneled vendor like

99.75-99.25 – 1.0% of total PO

value

99.25-98.75 – 2.0% of total PO

value and so on

If the uptime goes below

90.75%, additional penalty of

1.0% will be charged on the

total PO Value for each slab of

1%

2 Availability of solution at

Local/Relay/Distribution

Servers

99.75% For each 0.5 slab (lower) a

penalty 1.0% on the PO value

for that location shall be

applicable on the empaneled

vendor like

99.75-99.25 – 1.0% of PO value

for that location

99.25-98.75 – 2.0% of PO value

for that location and so on

If the uptime goes below

90.75%, additional penalty of

1% will be charged on PO Value

for that location for each slab of

1%

3 Availability of endpoint

logs at Central Server

Real time The relevant logs of endpoint

solutions must be available at

the Central Server in real time

basis. In case of non-

compliance of even a single

instance in a day, for each day a

penalty equal to per day support

cost or INR 5000, whichever is

higher will be applicable on the

empaneled vendor

Total Cost= (No. of effected

Endpoints * Unit price)

No. 10(02)/2016-NICSI

Page 87 of 105

Per day Support cost =(Total

cost/365)

Note: Unit price for one year

4 Accuracy of Endpoint

logs given to OEM and

resolution by

OEM/vendor

If any suspicious or infected

system logs are submitted to an

OEM and subsequently cleared ,

but another OEM finds that the

log is still infected and develops

signature for the log, then a

penalty of 0.1% of P.O value will

be imposed on the bidder.

The Bidder must give a suitable

justification for its analysis

before the penalty is applicable

5 Synchronization of

Endpoints with Central

Server

The endpoints must be

synchronized with the central

server and must be visible with

full features. In case of non-

compliance of even a single

instance in a day, for each day a

penalty equal to per day support

cost or INR 5000, whichever is

higher will be applicable on the

empaneled vendor

Per day Support Cost will be

calculated as follows

Per day Support cost =((Total

Support Cost for an year/365))

Where

Total Cost for an year = (No. of

effected Endpoints * Unit price

for one year)

6 Attack by known or new

Virus, Trojan, intrusions

or any other malicious

code

4 hours For every virus attack not

resolved within 4 hours from

the time of reporting, a penalty

equal to per day support cost or

INR 5000, whichever is higher

will be applicable on the

empaneled vendor

Penalty: Total Cost= (No. of

effected Endpoints * Unit price)

Per day Support cost =(Total

cost/365)

Note: Unit price for one years

7 Site-wise Patch Update 72 hours or If the released patches are not updated within 72 hours or 3

No. 10(02)/2016-NICSI

Page 88 of 105

3 working

days

working days then a penalty equal to INR 5000 for every 8 hours will be applicable on the

empaneled vendor

8 Patch Deployment 97% For each 0.5 slab (lower) a

penalty of 1.00% on the PO

value shall be applicable on the

empaneled vendor like

97.0-96.5 -1.0% of PO value for

that location

96.5-96.0 – 2.0% of PO value

for that location and so on

If the non-compliance goes below 90%, additional penalty

of 1% will be charged on PO Value for each slab of 1%

9 Submission of MIS

Reports (like Attendance

of personnel deployed ,

Endpoint logs, RCA

report, Virus Attacks

etc) for all SLAs

mentioned in Annexure

3 : SLA AND

PENALTY

Report for

the

previous

month

shall be

submitted

by the 1st

or the first

working

day of the

next

month

A penalty of INR 1000 per day

for non submission of each

report shall be applicable on the

empaneled vendor

10 Maintenance of

Inventory

100% as

per the

inventory

log

committed

and

maintained

by

empaneled

vendor

Empaneled Vendor shall be

responsible for any mismatch

Or

a penalty of INR 1000 shall be

applicable for each default.

11 Restoration of CMAS

server and configuration

and policy parameters

from backup as and

when required or

requested by NIC/user

Within one

hour

A penalty of INR 1000 per hour

shall be applicable on the

empaneled vendor if the

restoration has not been

completed after an hour

12 Log of Endpoint Security

Solutions

Within a

day

A penalty of INR 1000 per hour

shall be applicable on the

empaneled vendor if the vendor

does not provide the log of

Endpoint Security Solutions as

mentioned in Section 18 :

No. 10(02)/2016-NICSI

Page 89 of 105

Technical Specifications as per

the request of NIC/user within

a day

13 Database tuning Every 2

months

A penalty equal to 0.2% of PO

value for each day of default

would be applicable on the

empaneled vendor if the vendor

does not carry out database

tuning during off office hours

after every two

months

14 Restoration of hardware

device

Within 24

hours


value per day would be


vendor if the vendor does not

restore any hardware device of

CMAS, CMEPMS, LDAP,

Mobile Device within 24 hours

in case of failure

15 Data Centre Services A penalty equal to 0.2% of PO

value per day for each non

available service would be


vendor if any service of the Data

center will go down due to

misbehavior or malfunction of

the CMAS/CMEPMS, LDAP,

Mobile Device.

16 Yearly Security Audit Once a

year



beyond the assigned time

period would be applicable on

the empaneled vendor if a

security audit is not done for all

the IPS deployment every year

17 Quarterly Technical

Review

Every

Quarter



beyond the assigned time

period would be applicable on

the empaneled vendor if a

technical review of the

configuration and policies is not

done by a external technical

team every quarter to ensure

that there are no security gaps

in the configuration of

CMAS/CMEPMS/LDAP/Mobile

Device

No. 10(02)/2016-NICSI

Page 90 of 105

Note

1. If there are any network issues with NICNET/user network ,NIC/user will take the

responsibility to resolve the issue and till the time issue is resolved there would be no

penalty applicable on the empaneled vendor for such cases

2. Time would be calculated after the submission of all logs

3. Deployment of patches and compliance checks would include OS patches, third Party

Application Patches and Application Software patches

19.3.3 ANTIVIRUS SIGNATURE

Sr No Items Penalty Condition ( in case of breach)

Applicable Penalty (INR)

Observations

1 Signature Development

If there is delay in development of signatures beyond 4 hours then penalty equal to per hour support cost will be applicable on the empaneled vendor for each hour of non compliance

Penalty: Total Cost for one year= (No. of effected

Endpoints * Unit price) Per hour Support cost =((Total cost for one

year/365)/24)

Note: Unit price for one year

19.3.4 MANPOWER

Sr No Items Penalty Condition ( in case of breach)


Observations

1 Deployment of Resource

by empaneled vendor

If the hired resource is not deployed by the empaneled vendor within a month, penalty will be calculated as number of days manpower not deployed * per day wage rate Where per day wage rate = Man month rate / number of days in a month If the resource has still not been deployed after 2 months the above penalty will be doubled. If the manpower has not been deployed for 3 months then NICSI will impose the penalty as above and will have an option to cancel the order and get the work done from any other source at the risk and cost of such defaulting vendor. The defaulting vendor must also ensure knowledge transfer to the new empaneled vendor.

No. 10(02)/2016-NICSI

Page 91 of 105

2 Availability of Technical Resource by OEM

If the dedicated Technical Support Resource from OEM is not deployed within 48 hours of empanelment as single point of contact over Mobile / Phone /email then a penalty of INR 1000 per day will be applicable on the empaneled vendor After 30 days of non- deployment of the resource from OEM, additional penalty of INR 300 per day will be levied on the empaneled vendor. In light of further non deployment Purchase Order may be canceled and additional 10% of PO value will be charged as cancellation charges from security deposit of the empaneled vendor

3 False appropriation of documents

If the documents of the deployed resource do not match the minimum qualifications mentioned in Section 18: TECHNICAL SPECIFICATIONS, Schedule X MANAGED ENTERPRISE ENDPOINT SECURITY SOLUTION SERVICES or if the resource has submitted forged or false documents then the salary paid to the resource by the empaneled vendor would be taken back and there would be a penalty equal to INR 50000 on the empaneled vendor. Additionally legal action would be initiated against the resource and the empaneled vendor according to the prevalent laws

4 Leave without Authorized permission

If the resource deployed by the empaneled vendor goes on leave without informing the NIC/user Project co-ordinator through mail or phone , then the resource would be allowed a grace period of a day after which a penalty equivalent to per day wage rate * number of days absent would be applicable on the empaneled vendor

5 Replacement of Resource

If the resource deployed by the empaneled vendor is absent or unavailable for more than 7 working days, the vendor must ensure that a replacement is found, within 24 hours. NICSI will not pay to the empaneled vendor the manpower fees for the period of absence. During this time, any mishap/downtime/fault will be the responsibility of the empaneled vendor and any penalty arising of the same will be payable by the empaneled vendor. In Case a replacement is not found , the bidder must pay a penalty equivalent to per day wage rate * number of days If the resource has still not been replaced after 2 months the above penalty will be doubled. If the delay is more than 2 months then NICSI will impose the penalty as above and will have an option to get the work done from any other source at the risk and cost of such defaulting vendor. The defaulting vendor must also ensure knowledge transfer to the new empaneled vendor.

6 Data theft incident

For every data theft incident committed by the resource deployed by the empaneled

vendor a penalty of INR 5 00000 shall be

No. 10(02)/2016-NICSI

Page 92 of 105

imposed along with punishment applicable under the legal provisions of the country

prevailing at that point in time.

7 Misbehavior by staff

In case of a formal compliant of misbehaviour by any member of NIC/NICSI/user staff concerning the resource deployed by the

empaneled vendor a penalty of INR 50000 will be applicable on the empaneled vendor. If NIC/NICSI/user requests the removal of that

resource then the empaneled vendor must immediately remove the concerned resource and arrange a replacement. Failure to do so would attract a penalty on the empaneled

vendor similar to point 5 above. The decision in this regard would be taken by the Project

Co-ordinator

8 Sub-Contracting by Bidder

Sub-Contracting of resources is not permitted and if found guilty then a penalty of INR

500000 would be applicable on the empaneled vendor and appropriate legal

action would be initiated against it

9 Occurrence of Trainings

In case of any irregularity in the occurrence of trainings as mentioned in Section 11 :

TRAINING or if the trainings do not cover all solutions mentioned in the specific

schedules of Section 18 : TECHNICAL SPECIFICATIONS then a penalty of INR

20000 per default in training would be imposed on the empaneled vendor

10

Training by Certified

Professionals

If the designated trainings as mentioned in Section 11 : TRAINING are not conducted by certified professionals with hands on then

a penalty of INR 20000 per defaulted training would be imposed on the empaneled vendor

Note – These SLAs cover the manpower deployed (if any ) at distributed locations too

19.3.5 OEM/VENDOR SUPPORT SERVICES

S. No Empaneled Vendor must ensure that OEM

provides all the support service mentioned below


1. OEM must provide scheduled service feature and

continual threat database updates

In case, OEM is unable to

provide any of the listed

service, the Penalty of INR

5000 will be imposed on the

empaneled vendors for each

default

2. OEM must provide access to sales, training and marketing

materials

3. OEM must provide support to resolve issues with report generation

4. OEM must ensure the synchronization of endpoints with the central manager with full features of the solution

5. OEM must provide solutions in case of endpoint logs not reaching the Central Manager

6. OEM must conduct quarterly training session with the client to keep him updated about the latest developments in the solution

7. OEM must hold partner – client workshops at least twice a year to remove any bottlenecks and ensure better co-ordination

No. 10(02)/2016-NICSI

Page 93 of 105

8. OEM must hold an annual training session for specific users to train them on the various solutions in this tender and give relevant certifications

9. OEM must conduct a Health Check of the Anti-virus and Patch Management infrastructure including review of baseline Patch Management Policies in consultation with NIC/user.

10. OEM must review of overall Patch compliance for end points including servers, desktops and report on the gaps.

11. OEM must conduct a gap analysis to identify Data Protection gaps to Identify and plug gaps in existing end point protection (if any)

12. OEM must design a data protection strategy with inputs from NIC HOD/ user Project Co-ordinator

13. OEM must enhance existing and develop new security policies, standards and guidelines

14. OEM must review and update Data Leakage prevention tool policies and rule sets and review aspects of data in motion, data in use and data at rest

15. Bidder must ensure Technical Account Manager must be available 24 x 7 through phone, email or by being present physically at the site depending on the severity of the problem.

16. OEM must develop/update/maintain SOPs for the items in the schedules in consultation with NIC/user, as per NIC/user security requirements.

Note

The empaneled vendor must include the progress of these parameters by the OEM and

capture any instances of default in their monthly reports.

No. 10(02)/2016-NICSI

Page 94 of 105

ANNEXURE 4. BIDDER’S PROFILE

S.

No.

Particulars Description

i. Name of the Bidder

ii. Type of Incorporation (Sole Proprietor/

Partnership/ Private Limited/ Limited

Firm)

iii. Year of Incorporation

iv. Place of Incorporation

v. Place of Manufacturing/Supply

vi. Whether any Legal/Arbitration

proceedings have been instituted

against the Bidder or the Bidder has

lodged any claim in connection with

works carried out by them. Mention

Yes/No. If yes, please give details.

vii. Service Tax No.:

viii. Sales Tax/VAT No.:

ix. CST No.:

x. PAN No.:

xi. Full Address

xii. Name of the contact person with

designation

Name:

Designation:

Contact Number(Landline):

Contact Number(Mobile):

Email Address:

Complete Communication Address:

xiii. Turnover from sales in each of the last 3

financial years (i.e., FY 2014-15, 2013-14,

2012-13)

xiv. EMD Details: Amount:

Draft/ Pay Order No.:

Date:

Bank:

Branch:

Signature:

Name:

Date:

Place:

Seal

No. 10(02)/2016-NICSI

Page 95 of 105

ANNEXURE 5. SITE NOT READY CERTIFICATE

1 Empaneled Vendor’s Name

2 Project Number

3 Purchase order No. & date

4 Solution Name

5 Date of delivery

6 Date of 1st Visit for installation

7 Site not ready reason

8 Tentative date of site being ready for installation

9 Contact detail of empaneled vendor for getting

equipment installed, if site gets ready.

10 Certificate There is no delay on the part of empaneled vendor

in getting the solution installed

Name of user / NIC Project Coordinator / NICSI Project in charge:

____________________________________________________________

Designation :__________________________________________________

Signature:____________________________________________________

(with official seal)

Date:________________________________________________________

No. 10(02)/2016-NICSI

Page 96 of 105

ANNEXURE 6. MANUFACTURER’S AUTHORIZATION FORM

19.6.1 MAF – A

Ref:

Date:

To,

Deputy Manager

Tender Division,

National Informatics Centre Services Inc.,

Hall No. 2 & 3, 6th Floor, NBCC Tower

15, Bhikaji Cama Place, New Delhi-66

Sub : Manufacturer Authorization for Tender No. NICSI/...................................

Sir,

We, <OEM Name> having our registered office at <OEM address>, are an established manufacturer of <Name

of quoted item types>. We <OEM Name> authorize <Bidder’s name> to quote our product for above

mentioned tender as our sole Authorized Indian Agent. We also confirm that this authorization is in line with

CVC Circular No. 3/01/2012 dated 13.01.2012.

We confirm that we have understood the delivery & installation time lines defined in the tender. We confirm

that we have worked out all necessary logistics and pricing agreement with <Bidder Name> and there won’t be

any delay in delivery, installation and support due to any delay from our side. Our full support is extended in

all respects for supply, warranty and maintenance of our products. We also ensure to provide the required

spares and service support for the supplied solutions for a period of 5 years from date of installation or 3

months from date of delivery (whichever is earlier) of the solutions for all commitments made in this tender

(at additional cost if out of warranty) even if it falls beyond the tenure of this empanelment. In case of any

difficulties in logging complaint at bidder end, user will have option to log complaint at our call support

center.

We also undertake that in case of default in execution of this tender by <Bidder’s Name>, <OEM Name> will

take all liabilities and responsibilities and necessary steps for successful execution of empanelment against

this tender. In case <Bidder’s Name> is unable to fulfill the obligations given under this tender, <OEM Name>

will be full responsible to replace the <Bidder’s Name> with an alternate Indian Authorized Agent and get the

requisite work done. <OEM Name> shall also ensure that the alternate Indian Authorized Agent in this case

shall abide by all the terms and conditions laid down under this tender and during the empanelment of

<Bidder’s Name>. The alternate Indian Authorized agent will also be subject to the same pre qualification

criteria as the earlier authorized agent and will have to submit the requisite documents as proof of that.

If any product is declared end of sale or end of life, we will proactively intimate NICSI through the bidder

atleast three months in advance so that a suitable equivalent or higher roll over product is offered through

<Bidder’s Name> to NICSI for due approval, empanelment and Order executions thereafter.

We understand that any false information/commitment provided here may result in <OEM’s Name> getting

debarred from doing business with NICSI.

No. 10(02)/2016-NICSI

Page 97 of 105

Thanking You

For <OEM Name>

<(Authorized Signatory)>

Name:

Designation:

Seal:

Email Address:

Phone Number (Off):

Note:

1. This letter of authority should be on the letterhead of the manufacturer and

should be signed by the Authorized Signatory or Legal Head.

2. A copy of the MAF needs to be sent to [email protected] from the official

(corporate) e-mail ID of the authorized signatory (OEM). The e-mail should have

a subject line “MAF-NICSI Tender for Empanelment of vendors for CMESS”. It

should reach NICSI within 1 week of the Bid Submission End Date failing which

the copy of MAF submitted with the bid will be ignored and the bid rejected.

3. Any deviation from the above MAF Pro-forma will lead to summarily rejection of

such bids.

19.6.2 MAF – B

Ref:

Date:

To,

Deputy Manager

Tender Division,

National Informatics Centre Services Inc.,

Hall No. 2 & 3, 6th Floor, NBCC Tower

15, Bhikaji Cama Place, New Delhi-66

Sub : Manufacturer Authorization for Tender No. NICSI/...................................

Sir,

We, <OEM Name> having our registered office at <OEM address>, are an established manufacturer of <Name

of quoted item types>. We <OEM Name> authorize <Bidder’s name> to quote our product for above

mentioned tender as our Authorized Indian Agent. We also confirm that this authorization is in line with CVC

Circular No. 3/01/2012 dated 13.01.2012.

We confirm that we have understood the delivery & installation time lines defined in the tender. We confirm

that we have worked out all necessary logistics and pricing agreement with <Bidder Name> and there won’t be

any delay in delivery, installation and support due to any delay from our side. Our full support is extended in

all respects for supply, warranty and maintenance of our products. We also ensure to provide the required

spares and service support for the supplied solutions for a period of 5 years from date of installation or 3

months from the date of delivery (whichever is earlier) of the solutions for all commitments made in this

tender (at additional cost if out of warranty) even if it falls beyond the tenure of this empanelment. In case of

any difficulties in logging complaint at bidder end, user will have option to log complaint at our call support

center.

mailto:[email protected]

No. 10(02)/2016-NICSI

Page 98 of 105

We also undertake that in case of default in execution of this tender by <Bidder’s Name>, <OEM Name> will

take all liabilities and responsibilities and necessary steps for successful execution of empanelment against

this tender. In case <Bidder’s Name> is unable to fulfill the obligations given under this tender, <OEM Name>

will be full responsible to replace the <Bidder’s Name> with an alternate Indian Authorized Agent and get the

requisite work done. <OEM Name> shall also ensure that the alternate Indian Authorized Agent in this case

shall abide by all the terms and conditions laid down under this tender and during the empanelment of

<Bidder’s Name>. The alternate Indian Authorized agent will also be subject to the same pre qualification

criteria as the earlier authorized agent and will have to submit the requisite documents as proof of that.

If any product is declared end of sale or end of life, we will proactively intimate NICSI through the bidder at

least three months in advance so that a suitable equivalent or higher roll over product is offered through

<Bidder’s Name> to NICSI for due approval, empanelment and Order executions thereafter.

We understand that any false information/commitment provided here may result in <OEM’s Name> getting

debarred from doing business with NICSI.

Thanking You

For <OEM Name>

<(Authorized Signatory)>

Name:

Designation:

Seal:

Email Address:

Phone Number (Off):

Note:

1. This letter of authority should be on the letterhead of the manufacturer and

should be signed by the Authorized Signatory or Legal Head.

2. A copy of the MAF needs to be sent to [email protected] from the official

(corporate) e-mail ID of the authorized signatory (OEM). The e-mail should have

a subject line “MAF-NICSI Tender for Empanelment of vendors for CMESS”. It

should reach NICSI within 1 week of the Bid Submission End Date failing which

the copy of MAF submitted with the bid will be ignored and the bid rejected.

3. Any deviation from the above MAF Pro-forma will lead to summarily rejection of

such bids.

mailto:[email protected]

No. 10(02)/2016-NICSI

Page 99 of 105

ANNEXURE 7. INSTALLATION CERTIFICATE

1 Empaneled Vendor’s Name

2 Project No.

3 Purchase order No. & date

4 Invoice No. with date

5 Solution Name & Description

6 Solution serial nos.

7 Date of delivery

8 Date of intimation of call for installation/site readiness information

(in case of SNR)

9 Installation Date

10 Certificate Solution (as per ordered configuration) has been installed successfully

Name of user / NIC Project Coordinator / NICSI Project in charge:

______________________________

Designation:

______________________________

Signature:

______________________________


Date:

______________________________

Name of user Empaneled Vendor’s Representative:

______________________________

Designation:

______________________________

Signature:

______________________________


Date:

______________________________

No. 10(02)/2016-NICSI

Page 100 of 105

ANNEXURE 8. FINANCIAL BID PROFORMA TEMPLATE

Name of the Bidder: <Mention value here>

Bidder’s Billing

Location:

<Mention value here>

Contact Person in Relation to invoicing/billing -

Name <Mention value here>

Phone <Mention value here>

e-Mail <Mention value here>

19.8.1 FINANCIAL BID TEMPLATE

S.

No.

Item Description Unit

Price

(Rs)

Total of

Duties/Taxes

/Govt. Levies

etc. as

applicable)

Subscription,

support,

renewal

cost(for 1

year)

Total

Price

(All

inclusive

with one

years

Warranty

(Rs.)

Weight factor

for

Determination

of L1 rates

Total

Cost

1 2 3 4 5 6 = 3 + 4 +

5

7 8 = 7*6

1. Hardware/Software

Support

3

1.1 CMAS

1.2 CMPMS

1.3 LDAP

1.4 Mobile

Security

2. Supply, installation

and configuration of

Centrally Managed

Antivirus Solution

30

2.1 1 – 10000

2.2 10001 –

20000

2.3 20001 and

above



Centrally Managed

Patch Management

Solution

30

3.1 1 – 10000

3.2 10001 –

20000

No. 10(02)/2016-NICSI

Page 101 of 105

3.3 20001 and

above



Centrally Managed

Data Leakage

Prevention Solution

5

4.1 1 – 2000

4.2 2001 – 5000

4.3 5001 and

above



Centrally Managed

Mobile Security

Solution

5

5.1 1 – 2000

5.2 2001 – 5000

5.3 5001 and

above



Centrally Managed

Device Control

Solution

5

6.1 1 – 2000

6.2 2001 – 5000

6.3 5001 and

above



Centrally Managed

Network Access

Control Solution

3

7.1 1 – 2000

7.2 2001 – 5000

7.3 5001 and

above



Centrally Managed

Endpoint Encryption

Solution

3

8.1 1 – 2000

8.2 2001 – 5000

8.3 5001 and

above



Centrally Managed

Endpoint Intrusion

Prevention System for

servers

5

9.1 1 – 2000

9.2 2001 – 5000

No. 10(02)/2016-NICSI

Page 102 of 105

9.3 5001 and

above

10. Lightweight Directory

Access Protocol

8

10.1 1 – 10000

10.2 10001 –

20000

10.3 20001 and

above

11. Managed Enterprise

Endpoint Security

Solution Services

3

11.1 Senior

Security

Administrator

11.2 Security

Administrators

11.3 Field

Engineers

12. Installation ,

Operations and

Management of

Endpoint Security

Solution at

distributed locations

in NICNET

12.1 1- 200

12.2 201 - 500

12.3 501 - 1000

12.4 1001 - 2000

12.5 2001 - 5000

12.6 Above 5000

13. Grand Total Value

No. 10(02)/2016-NICSI

Page 103 of 105

19.8.2 FINAL GTV VALUE

Terms and Conditions:-

1. All fields in the financial bid format are MANDATORY. 2. The bidder must quote prices for every solution mentioned in 2.1.1 List of Schedules 3. The Bidder’s billing Location must be anywhere in Delhi only. 4. The unit prices quoted in this bid must be certified / signed by the authorized signatory

of the OEM as well as the authorized signatory of the bidder. 5. Prices must be quoted in Indian Rupees and indicated both in figures and words. Price

in words will prevail, in the event of any mismatch. 6. In case of smaller requirements by users the rates would be applied on a pro rate basis

Authorized Signatory

Date: Name:

Place: SEAL

Gross Total Value (GTV) in figures: GTV =

INR _________

Quoted price (GTV) in words: Rs. --------------------------------------

No. 10(02)/2016-NICSI

Page 104 of 105

ANNEXURE 9. SERVICE NETWORK

The following information for service centers across India must be supplied by the bidder. NICSI would verify

the information furnished here and if found incorrect the bid is liable to be rejected.

S.

No.

State Name / UT Own /

Franchisee

Support

Centres

Address Name of

Person-in-

charge

Email of

Person-in-

charge

Phone of

Person-

in-

charge

Size of

Manpower

1 Andaman & Nicobar

(UT)

2 Andhra Pradesh

3 Bihar

4 Chandigarh (UT)

5 Chhattisgarh

6 Dadra & Nagar

Haveli (UT)

7 Daman & Diu (UT)

8 Delhi (UT)

9 Goa

10 Gujarat

11 Haryana

12 Himachal Pradesh

13 Jammu & Kashmir

14 Jharkhand

15 Karnataka

16 Kerala

17 Lakshadweep (UT)

18 Madhya Pradesh

19 Maharashtra

20 Orissa

21 Puducherry (UT)

22 Punjab

No. 10(02)/2016-NICSI

Page 105 of 105

S.

No.

State Name / UT Own /

Franchisee

Support

Centres

Address Name of

Person-in-

charge

Email of

Person-in-

charge

Phone of

Person-

in-

charge

Size of

Manpower

23 Rajasthan

24 Sikkim

25 Tamil Nadu

26 Telangana

27 Uttar Pradesh

28 Uttarakhand

29 West Bengal

NORTH EAST

1 Arunachal Pradesh

2 Assam

3 Manipur

4 Meghalaya

5 Mizoram

6 Nagaland

7 Tripura

Total

Signature:

Name:

Date:

Place:

Seal: