No. 10(02)/2016-NICSI Page 1 of 105 No. 10(02)/2016-NICSI NATIONAL INFORMATICS CENTRE SERVICES INCORPORATED (A Government of India Enterprise under NIC) MINISTRY OF COMMUNICATION AND INFORMATION TECHNOLOGY REQUEST FOR PROPOSAL From vendors for empanelment with NICSI for Centrally Managed Endpoint Security Solutions Products & Services TENDER NO. NICSI/ENDPOINT SECURITY SOLUTION/2016/02 HALL NO. 2&3, 6TH FLOOR, NBCC TOWER, 15 BHIKAJI CAMA PLACE, NEW DELHI – 110066. TEL – 26105054, FAX – 26105212
105
Embed
NATIONAL INFORMATICS CENTRE SERVICES INCORPORATED · GTC Generic Token Card ... NICSI National Informatics Centre Services Incorporated NMAP Network Mapper ... SMS Short Messaging
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
No. 10(02)/2016-NICSI
Page 1 of 105
No. 10(02)/2016-NICSI
NATIONAL INFORMATICS CENTRE SERVICES INCORPORATED
(A Government of India Enterprise under NIC)
MINISTRY OF COMMUNICATION AND INFORMATION TECHNOLOGY
REQUEST FOR PROPOSAL
From vendors for empanelment with NICSI
for
Centrally Managed Endpoint Security Solutions
Products & Services
TENDER NO.
NICSI/ENDPOINT SECURITY SOLUTION/2016/02
HALL NO. 2&3,
6TH FLOOR, NBCC TOWER,
15 BHIKAJI CAMA PLACE,
NEW DELHI – 110066.
TEL – 26105054, FAX – 26105212
No. 10(02)/2016-NICSI
Page 2 of 105
Table of Contents
1 ABOUT NICSI ............................................................................................................................................. 7
2 ABOUT THIS TENDER .............................................................................................................................. 7
2.1 SCOPE OF WORK ........................................................................................................................... 7
2.1.1 LIST OF SCHEDULES ...................................................................................................... 7
2.2 IMPORTANT DATES...................................................................................................................... 9
19.8.2 FINAL GTV VALUE .................................................................................................. 103
ANNEXURE 9. SERVICE NETWORK ............................................................................................... 104
No. 10(02)/2016-NICSI
Page 5 of 105
Abbreviations
AD Active Directory AES Advanced Encryption Standard API Application Programming Interface APT Advanced Packaging Tool BG Bank Guarantee BPA Best Practice Analyzer CD Compact Disc CDP Cisco Discovery Protocol CMAS Centrally Manages Antivirus Solution CMESS Centrally Managed Endpoint Security Solution CMPMS Centrally Managed Patch Management Solution COM Communication CPU Central Process Unit CST Central Sales Tax CSV Comma Separated Values CVC Central Vigilance Commission CVE Common Vulnerabilities and Exposures dACLs Downloadable Access Control Lists DDos Distributed Denial of Service DeitY Department of Information Technology DHCP Dynamic Host Configuration Protocol DLL Dynamic Link Library DLP Data Leakage and Prevention DNS Domain Name System DVD Digital Versatile Disc EAL Evaluation Assurance Level EAP Extensible Authentication Protocol EMD Earnest Money Deposit ESMTP Extended Simple Mail Transfer Protocol FAST EAP Flexible Authentication via Secure Tunneling FEC Financial Evaluation Committee FTP File Transfer Protocol GFR General Financial Rules GPS Global Positioning System GTC Generic Token Card GTV Gross Total Value GUI Graphical User Interface HIPS Host Intrusion Prevention System HQ Head Quarter HR Human Resource HTML Hyper Text Markup Language HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure ICADR International Centre for Alternative Dispute
Resolution ICT Information and Communication Technology ILAC International Laboratory Accreditation IM Instant Messaging IMAP Internet Message Access Protocol IP Internet Protocol IPS Intrusion Prevention System ISO International Organization for Standardization IT Information Technology ITR Income Tax Report LBT Local Body Tax LDAP Lightweight Directory Access Protocol LEAP Lightweight Extensible Authentication Protocol LLDP Link Layer Discovery Protocol LPT Line Printer Terminal MAC Media Access Control MAF Manufacturer Authorizations Form
No. 10(02)/2016-NICSI
Page 6 of 105
MDM Mobile Device Management MS-CHAP Microsoft Challenge Handshake Authentication
Protocol NABL National Accreditation Board for Testing and
Calibration Laboratories NAC Network Access Control NIC National Informatics Centre NICNET National Informatics Centre Network NICSI National Informatics Centre Services Incorporated NMAP Network Mapper NSIC National Small Industries Corporation NVD National Vulnerability Database OEM Original Equipment Manufacturers OS Operating System OUI Organizationally Unique Identifier PAP Password Authentication Protocol PBG Performance Bank Guarantee PC Personal Computer PDF Portable Document Format PEAP Protected Extensible Authentication Protocol PF Provident Fund PHI Protected Health Information PII Personally Identifiable Information PKI Public Key Infrastructure PO Purchase Order POP Post Office Protocol PSU Public Sector Undertaking RADIUS Remote Authentication Dial In User Service RAM Random Access Memory RCA Root Cause Analysis RF Radio Frequency RTGS Real Time Gross Settlement SCCM System Center Configuration Manager SD Secure Digital SIEM Security Information and Event Management SIM Subscriber Identity Module SLA Service Level Agreement SMS Short Messaging Service SMTP Simple Mail Transfer Protocol SNR Site Not Ready SOP Standard Operating Procedure SPAN Switch Port Analyzer SSL Secure Sockets Layer TA/DA Travel Allowance / Dearness Allowance TDS Tax Deduction at Source TEC Technical Evaluation Committee TFTP Trivial File Transfer Protocol TLS Transport Layer Security USB Universal Serial Bus USD United States Dollar VAT Value Added Tax VLAN Virtual Local Area Network VM Virtual Machines VPN Virtual Private Network VSAT A Very Small Aperture Terminal
No. 10(02)/2016-NICSI
Page 7 of 105
1 ABOUT NICSI
The National Informatics Centre Services Inc. (NICSI) was set up in 1995 as a section 25 Company under
National Informatics Centre (NIC), Ministry of Communications & Information Technology, Government
of India to provide total IT solutions to the Government organizations. NICSI provides services for a
number of e-Governance projects undertaken by NIC and Department of Information technology (DeitY).
Main Objectives:
1.1 To provide economic, scientific, technological, social and cultural development of India by
promoting the utilization of Information Technology. Computer-Communication Networks,
Informatics etc. by a spin-off of the services, technologies, infrastructure and expertise developed by
the NIC of the Government of India including its Computer-Communication Network, NICNET and
associated infrastructure and services.
1.2 To promote further development of services, technologies, infrastructure and expertise
supplementing that developed by NIC in directions which will increase the revenue earning capacity
of NIC.
1.3 To develop and promote value added computer and computer-communications services over the
basic infrastructure and services developed by NIC including NICNET.
In furtherance of these objectives, NICSI has been providing various products & services to organizations
in the Central Government, State Governments and PSUs etc. Products and Services include Hardware,
Systems Software, Application Software, Software Development, Intra-Networking, Wide Area
Networking, Video Conferencing, IT Consultancy, IT Implementation Support among others.
2 ABOUT THIS TENDER
2.1 SCOPE OF WORK
National Informatics Centre (NIC) is providing ICT services to various Central Government
Ministries/Departments, State Governments and District Administration. Different offices/
locations are being connected by various means like RF, VSAT, terrestrial high speed leased
lines etc. More than 2500 VSATs are connected in NICNET and these VSATs are installed all
over India. Under the telecommuting programme, a huge number of senior officers of
Government of India access Internet, Intranet and Video Conferencing. NIC has all necessary
permissions for operating Internet Gateway services. Currently more than 200,000 nodes are
connected to NICNET. NICNET has the state of the art Internet Data Centres/National Data
Centres hosting huge number of web sites.
In this respect NICSI would like to invite bids from OEM(s)/their Authorized Indian
Agents (hereby referred to as “Bidder(s)” in the tender document) to provide and
manage endpoint security for the client systems, Servers and Mobile Devices. This Centrally
Managed Endpoint Security Solution (CMESS) has different products mentioned in the tender
as separate schedules. The details of these different schedules are as follows
2.1.1 LIST OF SCHEDULES
S.No. Schedule No
(Section No) Product Name
Page No for each
Section
No. 10(02)/2016-NICSI
Page 8 of 105
1 I (18.1)
Hardware/Software Support
(CMAS – 18.1.1 , CMPMS –
18.1.2 , LDAP – 18.1.3,
Mobile Security – 18.1.4)
Hardware/Software
Support for
CMAS – 34
CMPMS – 35
LDAP –37
Mobile Security - 38
2 II (18.2)
Centrally Managed
Antivirus Solution
(Procurement and Renewal
of CMAS licenses – 18.2.1 ,
Maintaining and Managing
Existing CMAS Licenses –
18.2.2, Value added
Features – 18.2.3)
Procurement and Renewal
of CMAS licenses – 38
Maintaining and
Managing Existing CMAS
Licenses – 41
Value Added Features for
CMAS – 43
3 III(18.3)
Endpoint Intrusion
Prevention System for
Servers ( Technical
specifications of Endpoint
IPS for Servers – 18.3.1,
Value Added Features of
Endpoint IPS for Servers –
18.3.2)
Technical specifications of
Endpoint IPS for Servers –
44
Value Added Features of
Endpoint IPS for Servers –
45
4 IV(18.4)
Centrally Managed Data
Leakage Prevention
Solution (Technical
Specifications for DLP
Solution – 18.4.1 , Value
Added Features for DLP –
18.4.2)
Technical Specifications
for DLP Solution – 46
Value Added Features for
DLP – 48
5 V(18.5)
Centrally Managed Security
Solution for Mobile Devices
(Technical Specifications for
Mobile Security Solution –
18.5.1, Value Added
Features for Mobile Security
Solution – 18.5.2 )
Technical Specifications
for Mobile Security
Solution – 49
Value Added Features for
Mobile Security Solution –
52
6 VI(18.6)
Centrally Managed Device
Control Solution( Technical
Specifications for Device
Control Solution – 18.6.1,
Value Added Features for
Device Control solution –
18.6.2)
Technical Specifications
for Device Control
Solution – 52
Value Added Features for
Device Control solution –
54
7 VII (18.7)
Centrally Managed Network
Access Control ( Technical
Specifications for Network
Access Control Solution –
18.7.1,Value Added Features
for Network Access Control
Solution – 18.7.2 )
Technical Specifications
for Network Access
Control Solution – 54
Value Added Features for
Network Access Control
Solution – 60
No. 10(02)/2016-NICSI
Page 9 of 105
8 VIII (18.8)
Centrally Managed
Encryption Solution (
Technical Specifications for
Encryption Solution –
18.8.1, Value Added
Features for Encryption
Solution – 18.8.2 )
Technical Specifications
for Encryption Solution –
61
Value Added Features for
Encryption Solution – 62
9 IX (18.9)
Centrally Managed Patch
Management Solution
(Procurement and Renewal
of CMPMS Licenses - 18.9.1
and Maintaining and
Managing Existing CMPMS
Licenses – 18.9.2, Value
added Features for CMPMS
– 18.9.3)
Procurement and Renewal
of CMPMS Licenses – 63
Maintaining and
Managing Existing
CMPMS Licenses – 65
Value Added Features for
CMPMS – 67
10 X (18.10)
Lightweight Directory
Access Protocol ( Technical
Specifications for LDAP –
18.10.1, Value Added
Features for LDAP –
18.10.2)
Technical Specifications
for LDAP – 68
Value Added Features for
LDAP – 71
11 XI(18.11)
Managed Enterprise
Endpoint Security Solution
Services
Managed Enterprise
Endpoint Security
Solution Services - 71
Note - The bidder(s) must quote for all the schedules mentioned in Section 2.1.1 : LIST OF SCHEDULES which would form a comprehensive Centrally Managed Endpoint Security Solution
2.2 IMPORTANT DATES
Date of publication 26-04-2016
The tender document is available at NICSI e-
procurement site http://eproc-nicsi.nic.in
Start of sale of tender
document
26-04-2016
The tender document is available free of cost on the
Earnest Money Deposit must be submitted by all the bidders, except those who are registered
with the Central Purchase Organization, National Small Industries Corporation (NSIC) or the
concerned Ministry or Department only (if they are registered for relevant schedules /
products under this tender). The bidder must submit the certification of registration with one
of the given authorities.
The EMD amount should be INR 20 crores which must be submitted through Demand
Draft/Bank Guarantee of any Scheduled Commercial Bank (drawn in favor of National
Informatics Centre Services Inc., New Delhi) physically before Bid submission end date as
mentioned in Section 2.2 : IMPORTANT DATES, otherwise bids will be rejected.
However, the scanned copy of Bank drafts must be uploaded (PDF format) electronically on
http://eproc-nicsi.nic.in. EMD shall be valid for a period of 180 days from the date of
publication of the tender which should be further extendable in case of need. EMD of
unsuccessful bidders will be returned, without any interest, on tender finalization. EMD of
successful bidders will be returned after they sign letter of empanelment with NICSI and
submit a bank guarantee of equal amount for the period of empanelment/extended
empanelment. The BG will be released after the empanelment or extended empanelment or
complete execution of all the purchase orders issued under this empanelment, whichever is
later.
3 PRE-BID QUERIES
NICSI will hold a pre bid meeting with the prospective bidders at the designated Pre-bid meeting date
as mentioned in Section 2.2 : IMPORTANT DATES in the NICSI conference hall. Queries (including
the bidding conditions & bidding process) received from the prospective bidders in writing, or over email,
up till Seek clarification end date as mentioned in Section 2.2 : IMPORTANT DATES, shall be
addressed. The queries can be sent to NICSI through email at [email protected] or faxed on 011-
26105212.
Only those pre-bid queries which are received in the following format (in .xls) shall be
entertained:
Company name M/s.
S.
No.
Name and
number of
section /
annexure /
Pg. No. of
Name and
number of
sub category
/ table, if any
Item
no., if
any
Item
description
Query Description of
requested
change
No. 10(02)/2016-NICSI
Page 11 of 105
tender
4 BID SUBMISSION
4.1. Online bids (complete in all respect) must be uploaded on http://eproc-nicsi.nic.in latest before
5:30 pm by Bid submission end date as mentioned in Section 2.2 : IMPORTANT DATES
4.2. The bids must be submitted as under:
EMD The PDF file should be saved as ‘EMD<Bidder’s Name>.pdf’ and should
comprise of the following items:
• Scanned copy of bank draft / bank guarantee for EMD Fees (as per
items quoted from this RFP);
The PDF file not containing the above documents or containing the technical or
financial bid in explicit / implicit form will lead to rejection of the bid.
Hard Copies of demand drafts/bank guarantees must be put in a separate
envelope titled EMD of “Tender No. NICSI/ENDPOINT SECURITY
SOLUTINS/2016/02 for SUPPLY, INSTALLATION,
CONFIGURATION AND SERVICE SUPPORT OF CENTRALLY
MANAGED ENDPOINT SECURITY SOLUTION AND
EMPANELMENT OF THE VENDORS .”
Pre
Qualification
The RAR file must be saved as ‘Pre_Qual_<MENTION TENDER
NUMBER>.rar’.
It must contain the following information –
Compliance sheets as per Annexure 1 : ELIGIBILITY CRITERIA
and the supporting documents (in pdf format)
Bidder’s profile as per Annexure 4 : BIDDER’S PROFILE (in pdf
format)
Bidder must provide all documents mandated for eligibility criteria (in
pdf format)
Bidder must provide all the documents mandated for bidder’s profile
(in pdf format)
Annexure 1 : ELIGIBILITY CRITERIA (in excel form)
Annexure 4 : BIDDER’S PROFILE (in excel form)
This RAR file containing the technical or financial bid in explicit/implicit form
will result in rejection of the bid.
It is the sole responsibility of the bidder to ensure that there is no
deviation in the information provided in pdf & excel versions for
these two Annexures.
All the bids documents must be digitally signed by the authorized signatory of
No. 10(02)/2016-NICSI
Page 12 of 105
the company. In case the bid is signed by anyone other than the authorized
signatory of the company, the bidder must enclose authorization letter from
HR department of the company for the officer, who signed the bid.
All pages of the bid being submitted must be sequentially numbered by the
bidder.
Hard Copies of all the documents must be put in a separate envelope titled
Pre Qualification of “Tender No. NICSI/ENDPOINT SECURITY
SOLUTINS/2016/02 for SUPPLY, INSTALLATION,
CONFIGURATION AND SERVICE SUPPORT OF CENTRALLY
MANAGED ENDPOINT SECURITY SOLUTION AND
EMPANELMENT OF THE VENDORS.”
Technical
Bid
The RAR file must be saved as ‘Tech_bid_<MENTION TENDER
NUMBER>.rar’.
It must contain the following information –
Combined technical bid in the format provided as per the different
schedules in Section 18 : TECHNICAL SPECIFICATIONS (in pdf
format)
Data sheets and any other relevant documentation for all equipment
quoted (in pdf format)
Technical Bid as per the format provided in different schedules of
Section 18 : TECHNICAL SPECIFICATIONS (in xls format)
This RAR file containing the financial bid in explicit/implicit form will result in
rejection of the bid.
It is the sole responsibility of the bidder to ensure that there is no
deviation in the information provided in pdf & excel versions for the
technical bid.
All the bids documents must be digitally signed by the authorized signatory of
company. In case the bid is signed by other than authorized signatory of
company, the bidder must enclose authorization letter from HR department of
the company for the officer, who signed the bid.
All pages of the bid being submitted must be sequentially numbered by the
bidder.
Hard Copies of all the documents must be put in a separate envelope titled
Technical Bid of “Tender No. NICSI/ENDPOINT SECURITY
SOLUTINS/2016/02 for SUPPLY, INSTALLATION,
CONFIGURATION AND SERVICE SUPPORT OF CENTRALLY
MANAGED ENDPOINT SECURITY SOLUTION AND
EMPANELMENT OF THE VENDORS.”
Financial
Bid
The excel file must be saved as ‘Fin_bid_<MENTION TENDER
NUMBER>.xls’.
No. 10(02)/2016-NICSI
Page 13 of 105
It must contain the following information –
Financial bid in the format provided
The format of the financial bid must strictly follow the prescribed format as
mentioned in Annexure 8 : FINANCIAL BID PROFORMA TEMPLATE .
Non-adherence will result in rejection of the bid.
All the bid documents must be digitally signed by the authorized signatory of
company. In case the bid is signed by other than authorized signatory of
company, the bidder must enclose authorization letter from HR department of
the company for the officer, who signed the bid.
All pages of the bid being submitted must be sequentially numbered by the
bidder.
A hard copy of the financial bid should be put in a separate envelope titled
Financial Bid of “Tender No. NICSI/ENDPOINT SECURITY
SOLUTINS/2016/02 for SUPPLY, INSTALLATION,
CONFIGURATION AND SERVICE SUPPORT OF CENTRALLY
MANAGED ENDPOINT SECURITY SOLUTION AND
EMPANELMENT OF THE VENDORS.”
Bidder must ensure there is no discrepancy between the hard copy submitted
and the softcopy uploaded in Financial Bid Format. In case of any discrepancy
between hard copy submitted and softcopy uploaded, then the commercials
uploaded in softcopy will prevail
4.3. The demand drafts/pay orders for EMD must be submitted in a sealed envelope by Bid
submission end date as mentioned in Section 2.2 : IMPORTANT DATES.
4.4. The pre qualification , technical and financial bids must be submitted in hard copy in separate
sealed envelopes by Bid submission end date as mentioned in Section 2.2 : IMPORTANT
DATES.
4.5. All these sealed envelopes must be enclosed in a single Large envelope titled Tender No.
NICSI/ENDPOINT SECURITY SOLUTINS/2016/02 for SUPPLY, INSTALLATION,
CONFIGURATION AND SERVICE SUPPORT OF CENTRALLY MANAGED ENDPOINT
SECURITY SOLUTION AND EMPANELMENT OF THE VENDORS and sealed. This must
reach NICSI HQ at 1st floor , NBCC towers , Bhikaji Cama Place , New Delhi before 5 :30 pm on the
Bid submission end date as mentioned in Section 2.2 : IMPORTANT DATES
4.6. These bids would be valid for a period of 120 days from the date of opening
4.7. NICSI will not be responsible for any delay on the part of the bidder in obtaining the terms and
conditions of the tender notice or submission of the bids either online or the hard copies beyond the
Bid submission end date as mentioned in Section 2.2 : IMPORTANT DATES .
4.8. The bids submitted by fax/ E-mail /manually etc. shall not be considered. No correspondence will be
entertained on this matter.
4.9. The bid must either be submitted by a particular OEM or its authorized partner/vendor but not by
both the entities.
No. 10(02)/2016-NICSI
Page 14 of 105
4.10. The bidder(s) must bid for the complete solution and bidding for specific schedules is not permitted.
If a bidder has quoted only for certain schedules as mentioned in Section 18 : TECHNICAL
SPECIFICATIONS and not the entire solution then the bid will be rejected
4.11. Conditional tenders shall not be accepted on any ground and shall be rejected straightway. If any
clarification is required, the same should be obtained on the Pre bid meeting date as mentioned
in Section 2.2 : IMPORTANT DATES.
4.12. No bids will be accepted after the Bid submission end date as mentioned in Section 2.2 :
IMPORTANT DATES .
4.13. In case, the day of bid submission is declared Holiday by Govt. of India, the next working day will be
treated as day for submission of bids. There will be no change in the timings.
4.14. All pages of the bid being submitted must be signed by the authorized signatory, stamped and
sequentially numbered by the bidder irrespective of the nature of content of the documents. Un-
signed & un-stamped bid will be summarily rejected.
4.15. At any time prior to the Bid submission end date , NICSI, may, for any reason, whether at its
own initiative or in response to a clarification requested by a prospective bidder, modify the Tender
Document by an amendment. The amendment will be notified on NICSI’s website http://eproc-
nicsi.nic.in and should be taken into consideration by the prospective agencies while preparing their
bids.
4.16. In order to give prospective agencies reasonable time to take the amendment into account in
preparing their bids, NICSI may, at its discretion, extend the Bid submission end date as
mentioned in Section 2.2 : IMPORTANT DATES .
4.17. No bid must be modified subsequent to the Bid submission end date. No bid must be withdrawn
in the interval between the Bid submission end date as mentioned in Section 2.2 :
IMPORTANT DATES and the expiry of the bid validity (120 days from the Bid Opening date as
mentioned in Section 2.2 : IMPORTANT DATES). Withdrawal of a bid during this interval may
result in forfeiture of bidder’s EMD.
4.18. The bidders must bear all costs associated with the preparation and submission of their bids. NICSI
will, in no case, be responsible or liable for those costs, regardless of the outcome of the tendering
process.
4.19. Printed terms and conditions of the bidder will not be considered as forming part of their bid. In
case terms and conditions of the tender document are not acceptable to any bidder, they should
clearly specify the deviations in their bids.
4.20. Bids not submitted as per the specified format and nomenclature may be out rightly rejected.
4.21. Ambiguous/Incomplete/Illegible bids may be out rightly rejected.
4.22. Submission of the Bid will be deemed to have been done after careful study and examination of all
instructions, eligibility norms, terms and required specifications in the tender document with full
understanding of its implications. Bids not complying with all the given clauses in this tender
document are liable to be rejected. Failure to furnish all information required in the tender
Document or submission of a bid not substantially responsive to the tender document in all respects
will be at the bidder’s risk and may result in the rejection of the bid.
4.23. NICSI, at any time during the course of evaluation of the bids, may seek verbal or written
clarifications from the bidders, which may be in the form of product demonstration, presentation,
undertaking, declaration, reports, datasheets, etc., if NICSI finds the information in the submitted
bids to be insufficient/ambiguous/deviant or of any such nature that hinders the evaluation
committee from arriving at a clear decision. It will entirely be at NICSI’s discretion whether to seek
clarifications or not, and what clarifications to seek, or take any other action as per the guidelines
provided in the tender.
5 BID OPENING
No. 10(02)/2016-NICSI
Page 15 of 105
Online bids (complete in all respect as detailed in Section 4 : BID SUBMISSION) received along with
Demand Draft of EMD (Physically) will be opened at Tender bids opening date as mentioned in
Section 2.2 : IMPORTANT DATES in presence of bidders’ representative, if available. Bid received
without EMD will be rejected straight way.
6 BID EVALUATION
6.1 PRE-QUALIFICATION EVALUATION
6.1.1 OEMs which fall under the category of Start Ups as per the criteria defined under
“Start up Stand Up India” initiative of the Government of India would be exempt
from the pre qualification criteria of average annual turnover and past bidder
experience .However these OEMs will still need to furnish a CA certificate
mentioning their turnover for the past 3 financial years ( 2015-14, 2014 – 13 , 2013 –
12)
6.1.2 The Bidders must have furnished the necessary documents to establish their
eligibility (indicating the page number in the bid) for each of the items given in
Annexure 1 : ELIGIBILITY CRITERIA. Relevant portions in the documents
should be highlighted. If a bid is not accompanied by all the necessary documents, it
will be summarily rejected.
6.1.3 Annexure 1: ELIGIBILITY CRITERIA has some criteria which pertain to basic
qualifications as mentioned in 19.1.1 BASIC QUALIFICATION CRITERIA for
which the bidder must mandatorily furnish documents whereas there is an
additional requirement of experience of project implementation for various solutions
as mentioned in 19.1.2 PROJECT IMPLEMENTATION where the bidder must
score at least score 80% among the criteria/sub criteria listed to be eligible for
technical evaluation.
6.1.4 Undertaking for subsequent submission of any of the eligibility documents will not
be entertained. However, NICSI reserves the right to seek fresh set of documents or
seek clarifications on the already submitted documents.
6.1.5 If a bidder submits a MAF which has not been authorized by the OEM then its bid
would be rejected and the EMD would be forfeited
6.1.6 All documents must also be submitted electronically in PDF format. Upon
verification, evaluation/assessment, if in case any information furnished by the
Bidder is found to be false / incorrect, their bid will be summarily rejected and no
correspondence on the same shall be entertained. Submission of false/forged
documents will lead to forfeiture of EMD and blacklisting of bidder for a minimum
period of 3 years from participating in NICSI/NIC tenders.
6.1.7 A Bid that does not fulfill all the stipulated eligibility conditions/criteria will not be
considered.
6.2 TECHNICAL BID EVALUATION
6.2.1 A duly constituted Technical Evaluation Committee (TEC) will select Bidders on the
basis of Technical Specifications as mentioned in the different schedules of Section 18
: TECHNICAL SPECIFICATIONS. The Bids conforming to those specifications will
be considered for further evaluation
6.2.2 The TEC will then evaluate the bidders on the basis of Value Added Features mentioned
for every solution in Section 18 : TECHNICAL SPECIFICATIONS and bidders who
No. 10(02)/2016-NICSI
Page 16 of 105
score at least 60% in these Value Added Features will only be considered for further
evaluation
6.2.3 If the bid doesn’t conform to the technical specifications as mentioned in Section 18 :
TECHNICAL SPECIFICATIONS or doesn’t score minimum 60% in Value Added
Features mentioned in Section 18 : TECHNICAL SPECIFICATIONS for any one
schedule then the bidder would be disqualified and his bid would be rejected.
6.2.4 The TEC has the right to verify the compliance of the quoted solutions with the required
tender specifications of all schedules as mentioned in Section 18 : TECHNICAL
SPECIFICATIONS, and to test them for reliability & functionality. In case the bidder
fails to bring the quoted solution within the prescribed limit (2 weeks) given by the
NICSI for evaluation, the bid may be rejected. In case TEC decides to inspect the
solutions at Bidder’s/OEM’s premises, the expenditure on travel will be borne by NICSI.
6.2.5 The solutions quoted in all schedules must work perfectly in specified operating systems
(if any mentioned in all the schedules of Section 18 : Technical Specifications). If
any quoted solution is found deviating from the requirement, the same shall be rejected.
6.2.6 OEM should be able to provide support for minimum 5 (Five) years for the solutions
mentioned in all the schedules of Section 18 : TECHNICAL SPECIFICATIONS
6.2.7 The TEC reserves the right to reject a solution if it does not match the specifications as
mentioned in the different schedules of Section 18 : TECHNICAL
SPECIFICATIONS
6.3 FINANCIAL BID EVALUATION
6.3.1 The following must be complied with during the preparation of the financial bid:
6.3.1.1 The final rates submitted by the bidders must be in Indian Currency only
and all the payment shall be made by NICSI in Indian currency only
6.3.1.2 Bidders must indicate their rates in clear/visible figures and must not
alter/overwrite/make cutting in the quotation.
6.3.1.3 The bidder must avoid any error while quoting prices for the solution as per
the format given in Annexure 8 : FINANCIAL BID PROFORMA
TEMPLATE. If any discrepancy is found in the bid, it will be rejected.
6.3.2 The evaluation of the financial bids must proceed in the manner as described here:
6.3.2.1 The Financial Bids of only technically qualified bidders will be opened
electronically in the presence of their representatives on a specified date and
time duly notified. The financial bids will then be passed on to a duly
constituted Financial Evaluation Committee (FEC) for evaluation.
6.3.2.2 The bidders must clearly mention Unit Price and Total Price (inclusive of
warranty) against each schedule mentioned in Annexure 8 : FINANCIAL
BID PROFORMA TEMPLATE in their financial bid.
6.3.2.3 The Financial Evaluation Committee shall independently determine the
“Reserved Discount Rate” on unit price of each schedule mentioned in
Annexure 8 : FINANCIAL BID PROFORMA TEMPLATE through
market intelligence.
6.3.2.4 The financial bids for any product & service found to be abnormally higher
than determined by the FEC may be out rightly rejected. The reasonability of
the quoted discount rate will be compared with reserve discount rate
obtained through market intelligence for a specific OEM. NICSI may reserve
No. 10(02)/2016-NICSI
Page 17 of 105
the right to conclude contract with the bidders falling beyond 10% band of
the reserve discount rate determined by FEC through market intelligence.
6.3.2.5 The bidders quoting marginally lower discount rate than determined by the
FEC shall be given an option to match the rates determined by FEC. The
maximum period allowed for matching the rates by any Bidder will not be
more than 7 (Seven) working days from the date of issuance of such
communication from NICSI. If the bidder fails to match the FEC rates within
the stipulated time, the offer may be treated as withdrawn and the bid may
be rejected.
6.3.2.6 The bidders quoting higher discount rate than determined by the FEC, shall
be accepted as per the rates offered under the Financial Bid.
6.3.2.7 FEC is not liable to disclose the following to the bidders:-
6.3.2.7.1 Methodology adopted by FEC to arrive at “reserved discount
rate”
6.3.2.7.2 “Reserved discount rate” for any product / service
6.3.2.8 Quoting incredibly low value of items with a view to subverting the tender
process shall be rejected straight away and EMD of such vendor will be
forfeited
6.3.2.9 The bidder quoting the lowest GTV value will be designated as L1 and
selected for empanelment for the various solutions mentioned in the
schedules of this tender
6.3.2.10 The next lowest quoting bidder in terms of GTV Value (L2 ) will be asked to
match the rates quoted by L1 for Schedule II ( 18.2 Centrally Managed
Antivirus Solutions) and Schedule IX (18.9 Centrally Managed Patch
Management Solution ) to form a panel of 2 vendors for 18.2 Centrally
Managed Antivirus Solution and 18.9 Centrally Managed Patch Management
Solution)
6.3.2.11 In the event of any mismatch in the GTV value mentioned at 19.8.1
FINANCIAL BID TEMPLATE and the one at 19.8.2 FINAL GTV
VALUE of the L1 bidder, the following criteria will be adopted to remove the
discrepancy between these two values :
6.3.2.11.1 When Grand Total Value given in 19.8.1 FINANCIAL BID
TEMPLATE is greater than the Grand Total Value given in
19.8.2 FINAL GTV VALUE , The value given in 19.8.2
FINAL GTV VALUE will be taken as the value for 19.8.1
FINANCIAL BID TEMPLATE and the item wise value for
each item in 19.8.1 FINANCIAL BID TEMPLATE will be
reduced on pro rata basis and consequently unit values will be
worked out
6.3.2.11.2 When Grand Total Value given in 19.8.1 FINANCIAL BID
TEMPLATE is less than the Grand Total Value given in 19.8.2
FINAL GTV VALUE , then the value given in 19.8.1
FINANCIAL BID TEMPLATE will be taken as the GTV value
for the bidder
6.3.2.12 The prices obtained after the financial evaluation may be displayed on the
NICSI website for the empanelment period.
7 EMPANELMENT OF SUCCESSFUL BIDDER
7.1 EMPANELMENT CONDITIONS
No. 10(02)/2016-NICSI
Page 18 of 105
7.1.1 The empanelment under this tender, with all its terms and conditions, can be used by
NIC also.
7.1.2 NIC/NICSI will try to ensure equal distribution of purchase orders to the extent
possible in a round robin manner starting with empaneled vendor designated as L1
7.1.3 The slabs rates for the different solutions will be decided on the quantity of order
placed. The quantity will however be cumulative and the slab rates would be decided
taking into account the existing and licenses ordered earlier.
7.1.4 The bidder will have to make necessary arrangements to maintain existing installed
licenses as per terms and conditions of the tender even if he has quoted for non
existing solutions.
7.1.5 The order for maintain existing installed licenses from one particular OEM would be
given to one particular bidder and the licenses would not be split between two bidders
7.1.6 The empanelment will be valid for a period of 2 years in the first instance from the
date of empanelment. It may be extended for two years followed by a further
extension of another year depending upon the need of NIC / NICSI’s project
requirements with mutual consent.
7.1.7 The empaneled vendor must supply, install & maintain the Centrally Managed
Endpoint Security Solutions at the L1 value bid finalized through this tender
during the period of empanelment/extended empanelment, except for revision in
rates as per provisions of Section 16.4 : PRICE VARIATION CLAUSE.
7.1.8 All licenses of the solutions mentioned in the schedules of Section 18 : Technical
Specifications would be considered as new licenses and renewed from next year
onwards
7.1.9 The responsibility of NIC/user would be limited to ensuring reachability onto
NICNET/user network and the installation of the agent for the first time after which it
will be the responsibility of the vendor to ensure communication and availability of all
the solutions and non compliance will result in penalties for the empaneled vendor as
per Annexure 3 : SLA AND PENALTY, 19.3.2 PERFORMANCE
7.1.10 All empaneled vendors must honor all tender conditions and adherence to all aspects
of fair trade practices in executing the purchase orders placed by NICSI on behalf of
its clients. Failing this, NICSI may forfeit their EMD and stop further participation of
such vendor for three years in NICSI tendering process.
7.1.11 In the event, an empaneled Company or the concerned division of the Company is
taken over /bought over by another company, all the obligations and execution
responsibilities under the agreement with NICSI, should be passed on for compliance
by the new company in the negotiation for their transfer.
7.1.12 Empaneled vendor cannot re tender any schedule of the tender to any other company.
The defaulting bidder will also be debarred from participating in NICSI tenders for a
period of three years.
7.1.13 If the name of the product is changed, the renamed product must have equivalent or
superior technical specifications. Empaneled vendor will undertake to supply
/replace, upgrade the new product with the existing one.
7.1.14 The vendor must ensure and undertake as written assurance / guarantee /
commitment to NIC/user on the following:
7.1.14.1 Specify additional functionalities, if any, not covered under technical
specifications in the tender, explicitly
7.1.14.2 Any functionality which is neither in the tender document nor explicitly
specified as mentioned above, either by accident or by design, will be
considered to be a breach of contract, such that the vendor must be liable
for legal actions and be charged for damages.
No. 10(02)/2016-NICSI
Page 19 of 105
7.1.15 Empaneled vendor must also maintain the existing solution with same terms and
conditions.
7.1.16 Bidder will have to make necessary arrangement with reporting OEM for existing
solution and licenses as per the terms and condition of this tender.
7.1.17 In case any selected bidder refuses to sign empanelment within seven days of
communication from NICSI, the offer would be treated as withdrawn and the bidder’s
EMD will be forfeited. The defaulting bidder will also be debarred from participating
in NICSI tenders for a period of three years.
7.1.18 In case an empaneled vendor is found in breach of any condition(s) of tender or
supply order, at any stage during the course of supply / installation or warranty
period, legal action as per rules/laws, shall be initiated against the bidder and
EMD/Security Deposits shall be forfeited, besides debarring and blacklisting the
bidder concerned for at least three years, for further dealings with NICSI.
7.1.19 NICSI may, at any time, terminate the empanelment by giving written notice before
30 days to the empaneled vendor without any compensation, if the empaneled vendor
becomes bankrupt or otherwise insolvent, provided that such termination will not
prejudice or affect any right of action or remedy which has accrued or will accrue
thereafter to NICSI.
7.1.20 In case the empaneled Indian Authorized Agent is unable to fulfill the obligations
given under this tender, OEM shall be completely responsible to replace the Indian
Authorized Agent with an alternate Indian Authorized Agent and get the requisite
work done. The alternate Indian Authorized Agent in this case must abide by all the
terms and conditions laid down under this tender and during the empanelment of the
previous Indian Authorized Agent. The alternate Indian Authorized agent will also be
subject to the same pre qualification criteria as the earlier authorized agent and will
have to submit the requisite documents as proof of that.
7.1.21 Tender process will be over after the issue of empanelment letter to the selected
bidder. Thereafter, information submitted by the participating bidders before and
during the bidding process may be put by NICSI in the public domain. Competent
Authority in NICSI may not exercise the privilege given under Right to Information
Act Section 8(1) (d) which says “there shall be no obligation to give any citizen
information including commercial confidence, trade secrets or intellectual property,
the disclosure of which would harm the competitive position of a third party, unless
competent authority is satisfied that larger public interest warrants the disclosure of
such information”.
7.1.22 Reasons for rejecting a tender/bid will be disclosed to a bidder only where enquiries
are made.
7.2 SECURITY DEPOSIT & PBG
7.2.1 In the case of the Bidder who has been selected for empanelment, the bidder
(including those exempt under Section 2.3) must give Security Deposit for the
equivalent amount of EMD. Security Deposit will be in the form of Bank Guarantee
(BG) of any commercial bank drawn in the name of National Informatics Centre
Services Inc, New Delhi, valid till empanelment. EMD of successful bidders will be
returned after they sign letter of empanelment with NICSI and submit a security
deposit of equal amount for the period of empanelment/extended empanelment. The
BG will be released after the empanelment or extended empanelment or complete
execution of all the purchase orders issued under this empanelment, whichever is
later and thereafter the Security Deposit / BG shall be returned to the empaneled
No. 10(02)/2016-NICSI
Page 20 of 105
vendor without any interest. In case of default by the empaneled vendor on non-
acceptance of the purchase orders, this Security Deposit /BG will be forfeited and
empanelment will be cancelled.
7.2.2 Empaneled vendors must give Performance Bank Guarantee (PBG) equivalent to 10%
of the total PO at the time of bill submission. Performance Bank Guarantee (PBG) will
be of any scheduled commercial bank drawn in the name of National Informatics
Centre Services Inc, New Delhi for a period of warranty + 3 months. This PBG may be
invoked in case of non compliance of maintenance schedule during warranty period
mentioned in the purchase order.
Security deposit must be made in the form of Bank Guarantee equal to the EMD
amount
P
e
r
formance Bank Guarantee (PBG) equal to 10% of total purchase order
8 P
L
A
CING OF PURCHASE ORDERS
8.1 NICSI has the right to choose any subset of the tendered items for placement of purchase order.
8.2 For all procurements NICSI shall try to ensure that all bidders shall be given an equal
distribution of software licenses and subscriptions support services in a round robin
manner starting with the L1 vendor
8.3 For procurement of goods, Purchase Order will be placed on the empaneled vendor in hardcopy
format or in softcopy mode either through e-mail containing the scanned copy of the Purchase
Order or an alert through e-mail for downloading the Purchase Order from Web Site. An
intimation of the purchase order may also be sent to the OEM if the empaneled vendor is an
Authorized Indian Agent.
8.4 Objection, if any, to the Purchase Order must be reported to NICSI by the empaneled vendor
within three (3) working days from the date of receipt or date of email whichever is earlier for
modifications, otherwise it is assumed that the empaneled vendor has accepted the Purchase
Order in totality. This is applicable in case of electronic publishing/delivery of Purchase Order
also. After receiving the Purchase Order, in case of amendment (if any), of the same Purchase
Order, as requested by the empaneled vendor or done by NICSI, installation period will be
calculated from the amendment date and not from the original Purchase Order date.
9 PRE-DELIVERY INSPECTION AND ACCEPTANCE OF ITEMS
9.1 No solution with short supply or with lower technical specifications shall be accepted for conduct
of acceptance testing under any circumstances. The solutions must give same performance
results as shown during initial demonstration/evaluation tests. The offered solutions, in addition
Validity Valid for the period of empanelment / extended empanelment. The BG will be released
after the empanelment or execution of all pending Purchase Orders, whichever is later
Instrument One single deposit in the form of Bank Guarantee
Amount Equal to EMD amount
Validity Warranty period + 3 months, from the date of delivery of Systems
Instrument One single deposit in the form of Bank Guarantee to be submitted along with the bills and
proof of delivery for claiming 80% of the PO value
Amount Equal to 10% of PO Value
No. 10(02)/2016-NICSI
Page 21 of 105
to meeting the performance results as per evaluation tests, must also contain the same
subsystem as approved by NICSI. Failure to fulfill any of the above-mentioned conditions will
entail cancellation of the Purchase Order along with forfeiture of the EMD/Security Deposit.
9.2 In case an empaneled solution under the various schedules in this tender is becoming end of sale
or end of life within next 2 (Two) years, the same must be immediately brought to the notice of
NICSI through email along with written communication addressed to “Tender Division, NICSI”.
However the bidder must ensure that the OEM shall provide active support (w.r.t. firmware /
hardware / software / etc) for this product for minimum 5 (Five) years from the date of
issuance of last purchase order.
9.3 In case an empaneled solution under the various schedules in this tender is becoming end of sale
and if the empaneled bidder wants to offer a new solution of same make and same or higher
specifications, which was not offered for evaluation, the same must be offered to NICSI for
evaluation with full configuration at least one month prior to the acceptance testing date. The
empaneled vendor must provide detailed technical documents and technical man power support
so as to enable NICSI to carry out the evaluation. The decision taken by NICSI will be final and
binding on the empaneled vendor. If empaneled vendor is not able to empanel new solution
against empaneled solution which has been declared end of sale, the empanelment of such
vendor will be cancelled and respective EMD, if any, may be forfeited. However the bidder must
ensure that the OEM shall provide active support (w.r.t. firmware / hardware / software / etc)
for this solution for minimum 5 (Five) years from the date of issuance of last purchase order.
9.4 Since technological trends in IT industry are changing very rapidly, NICSI may examine/re-
access the technical specifications of all empaneled solutions under the various schedules in this
tender at an interval of an year in consultation with all empaneled vendors. The finalized
specifications will then be applicable for all empaneled vendors. If any up gradation is released
by the OEM that will be provided free of cost to the user, the finalized specification will be
applicable for all empaneled vendors of that category.
9.5 The schedule for acceptance testing dates must be provided at least 15 (fifteen) days before the
last date of delivery. This needs to be strictly followed.
9.6 Normally, testing and acceptance of the solutions will be done at the factory premises of the
empaneled vendor/OEM where it will be tested as per ordered specifications. NICSI/NIC
reserves the right to reject any item, if found unsuitable and / or not conforming to the approved
specifications. No payment will be made for rejected items.
10 DELIVERY PROCESS
10.1 The schedule to be given for delivery at site is to be strictly adhered. Any unjustified and
unacceptable delay in delivery beyond the delivery schedule as per Purchase Order will render
the empaneled vendor liable for penalty as per Annexure 3 : SLA AND PENALTY, 19.3.1
DELIVERY AND INSTALLATION. Proof of Delivery duly signed by the user/NIC/NICSI
Project Coordinator, with his name, date of delivery, designation and office seal, legibly recorded,
must reach NICSI Head Quarters, New Delhi within 4 (Four) weeks of the delivery
10.2 If the delivery, of whole or in part, is delayed beyond 30 (Thirty) days from scheduled date of
delivery as given in the purchase order, NICSI will have option to cancel the purchase order to the
extent of unfulfilled part of the purchase order. NICSI will be free to procure the remaining items
from alternate sources at the cost and risk of the defaulting empaneled vendor, by forfeiting the
EMD/Security Deposit of the empaneled vendor. In addition, NICSI will impose a cancellation
charge as per Annexure 3 : SLA AND PENALTY, 19.3.1 DELIVERY AND
INSTALLATION, which will be recovered from the pending bills or EMD/Security Deposit or by
raising claims.
No. 10(02)/2016-NICSI
Page 22 of 105
10.3 NICSI will impose penalty on total value of purchase order if the delivery of more than 20%
(Twenty percent) of the total order value is delayed beyond the last date of delivery (as per
10.1 and 10.2 above). If the delivery is delayed for the item(s) whose value is equal or less than
20% (Twenty percent) of the total order value, the penalty shall be applicable on the
delayed equipment only.
10.4 In case, if the delivery of any critical component is delayed which may hamper the operation of
overall solution; the penalty of 20% will be imposed on the total PO value, irrespective of
component cost.
11 TRAINING
11.1 The vendor must provide one week hands-on training / workshop as per location
mentioned in the PO on the solutions mentioned in the specific schedules of Section 18 :
TECHNICAL SPECIFICATIONS as desired on deployment options, device configuration,
security policy design and implementation, monitoring of events, generating desired reports from
database, predefined report, user-defined policies and reports, user-defined desktop firewall
policies, malware analysis and their mitigation techniques etc at its own cost. ( at least once a year
or whenever there is major technological change)
11.2 The Number of participants must be minimum three administrators per location/NICHQ.
The training / workshop will be conducted at NIC (HQ) or other location(s) as deemed
appropriate. The training must be held at least once a year or in the event of any
technological change in the solutions mentioned in the specific schedules of Section 18 :
TECHNICAL SPECIFICATIONS
11.3 The OEM must provide necessary training material for the trainings
11.4 The OEM/vendor must arrange suitable infrastructure of hardware and software or any
other equipment required for conducting training
11.5 The Trainings should be given by certified professionals with hands on sessions.
11.6 The OEM must arrange for a technical knowledge workshop once a year for at least four
members of NIC core Team managing solution, at its research and development labs in
India or abroad on technology relevant to the specific schedules mentioned in Section 18 :
TECHNICAL SPECIFICATIONS
12 INSPECTION, INSTALLATION AND ACCEPTANCE OF DELIVERED ITEMS
12.1 The empaneled vendor must install all the solutions mentioned in the specific schedules of
Section 18 : TECHNICAL SPECIFICATIONS at specified central site or distributed
Location. Installation must be completed within 15 (Fifteen) Days from the scheduled or actual
date of delivery, whichever is later. If the scheduled date of installation falls on holiday / non
working day , the next working day shall be treated as due date of installation. In case of
installation at distributed locations it must be reflected in the central manager
12.2 If NICSI receives any written complaint from the user about non-completion of inspection and
installation at site or distributed location within the stipulated time after delivery, due to the non-
responsiveness of the empaneled vendor, a penalty will be imposed as per Annexure 3 : SLA
AND PENALTY, 19.3.1 DELIVERY AND INSTALLATION Thereafter, NICSI holds the
option to complete the inspection and installation work through alternate sources at the risk and
cost of the defaulting empaneled vendor.
No. 10(02)/2016-NICSI
Page 23 of 105
12.3 During inspection and installation at site or distributed location , if any item is found to be
defective or broken, it must be replaced with new one by the empaneled vendor at its own cost
and risk within 30 days from the date on which the empaneled vendor has been informed of
such damage. Inspection and installation must be carried out within 7 days of scheduled / actual
delivery of replaced item, whichever is earlier. If the items are not replaced and installed at the
site or distributed location within the stipulated time, penalty as per Annexure 3 : SLA AND
PENALTY, 19.3.1 DELIVERY AND INSTALLATION will be applicable. Thereafter, NICSI
holds the option to complete the procurement, inspection and installation work through alternate
sources at the risk and cost of the defaulting empaneled vendor.
12.4 A Consolidated Installation Report, based on the successful installations of the individual
solutions mentioned in all the schedules of Section 18 : TECHNICAL SPECIFICATIONS,
duly signed by concerned NIC/NICSI Coordinator of the project/ User Department must be
submitted to NICSI Headquarters along with the bills.
12.5 For Site Not Ready (SNR) cases, empaneled vendor must submit SNR certificate as per the format
given in Annexure 5 : SITE NOT READY CERTIFICATE signed by NIC/NICSI Coordinator
of the project/ User Department. The decision of the User Department/NIC/NICSI Project
Coordinator will be final regarding readiness of site. No penalty will be imposed for SNR cases,
however, empaneled vendor must install the items within 15 days of receipt of Site Ready notice
from User/NICSI/NIC else it will attract penalty as per above clause(s), recoverable from Bill.
13 WARRANTY SERVICE
13.1 The empaneled vendor must fulfill the following conditions during warranty period
13.1.1 The complete Centrally Managed Endpoint Security Solution (CMESS) must be under 5
(Five) years on-site warranty, which includes yearly renewal, software subscription,
service support and maintenance.
13.1.2 During on-site warranty and software subscription period, CMESS software up-
gradation, bugs / patches/ any product enhancement required to handle any new
security threat and services must be provided free of cost by the empaneled vendor till
the expiry of the warranty period.
13.1.3 Bidder must ensure that the OEM must provide 24X7 dedicated technical qualified
engineers to support services through Website portal / Telephone/Mobile / e-mail lodge
complaint else penalty will be imposed as per Annexure 3 : SLA AND PENALTY ,
19.3.5 OEM SUPPORT SERVICES
13.1.4 On completion of the On-site warranty and software subscription period, the Security
Deposit without any interest accrued will be released by NICSI to the empaneled vendor
after validating the various reports submitted to NIC during the contract period. If
considered necessary, suitable amount of penalty must be recovered from the
empaneled vendor out of either already due payments or from their Security Deposit.
After expiry of on-site warranty and software subscription, NIC/NICSI/user has option
to enter into Annual Maintenance Contract with the supplier for post warranty
maintenance and software subscription of the solution.
14 PAYMENT
14.1 Empaneled vendors should furnish details of the location from where they are going to raise their
Bills / Invoices to NICSI, New Delhi.
14.2 Empaneled vendors must raise their Bills / Invoices in the name of NICSI, New Delhi.
No. 10(02)/2016-NICSI
Page 24 of 105
14.3 Separate Purchase Orders may be issued for supply / delivery of items, installation services and
support services, as applicable.
14.4 A pre-receipted bill, along with original excise duty gate pass (if applicable) and acceptance
certificate, must be submitted (Three copies) in the name of NICSI soon after the delivery of the
items along with a copy of the duly receipt delivery challan. The Bills/Invoice must be in the
format and as per guidelines / instructions given in Rule 52-A, 57GG etc., of the Central Excise
Rules, 1944 as amended from time to time for these items for which payment of Excise duty is
applicable. Payment will be made on delivery and acceptance of items at the destination as
per PO.
14.5 50 % payment will be released on the activation of new licenses on Central
manager. Payment will be made on delivery of paper licenses and the activation of licenses
for the different solutions which have been mentioned in all the schedules of Section 18 :
TECHNICAL SPECIFICATIONS. PBG will have to be renewed for such further periods till
satisfactory warranty support has been provided by the empaneled vendor for all the items
supplied and installed, and there after the PBG will be returned to the empaneled vendor. If bills,
complete in all aspect are submitted with all relevant documents as defined above, NICSI will
ensure that the payment are made to empaneled vendor within thirty days from the date of bill
submission.
14.6 30 % will be made on the installation / configuration of the different solutions mentioned in the
specific schedules of Section 18 : TECHNICAL SPECIFICATIONS . The remaining 20% will
be retained to deduct any penalties as per Annexure 3 : SLA AND PENALTY.
14.7 In case of Renewal of Licenses , 100 % payment will be made to the empaneled vendor only after
the renewal of all the licenses
14.8 A pre-receipted quarterly bill, along with certificate of satisfactory performance (Monthly
performance report) from user/NIC/NICSI Project coordinator of the project must be submitted
for each of the hired manpower resource as mentioned in Section 18 : TECHNICAL
SPECIFICATIONS, Schedule X MANAGED ENTERPRISE ENDPOINT SECURITY
SOLUTION SERVICES. If the hired manpower is absent or indulges in any type of misbehavior
appropriate penalty will be imposed on the empaneled agency as per Annexure 3 : SLA and
Penalty, 19.3.4 Manpower
14.9 A monthly report showing the compliance for all the SLAs as mentioned in Annexure 3 : SLA
AND PENALTY must be submitted by the empaneled vendor before the 7th of every month to the
concerned user/NIC/NICSI Project Coordinator who will sign off on the report and deduct any
penalties if applicable
14.10 Payment must be subjected to deductions of any amount for which the Agency is liable under the
empanelment or tender conditions. Further, all payments shall be made subject to deduction of
TDS(Tax deduction at source) as per the current Income-Tax Act and /or any other Govt. orders /
rules.
14.11 Renewal cost of the existing licenses will be done annually after completion of one year of software
subscription, service support and Upgradation of software. Deductions will be made if any penalty
is imposed as per Annexure 3 : SLA AND PENALTY
14.12 If installation is completed within the stipulated period i.e. 15 (Fifteen) Days from the date of
delivery, the empaneled vendor must submit one bill for payment rather than submitting two bills
(one bill for delivery and one for installation).
14.13 In case where site for installation is not ready, NICSI will intimate the empaneled vendor through
a communication for site readiness & the installation must be completed within 2 (Two) weeks’
time. In case NICSI receives a complaint from the user that the item was not installed within 2
(Two) weeks of site readiness report sent to the empaneled vendor, penalty for installation will
be applicable on the empaneled vendor as per Section 11 : INSPECTION , INSTALLATION
AND ACCEPTANCE OF DELIVERED ITEMS for delayed period
No. 10(02)/2016-NICSI
Page 25 of 105
14.14 If the bills are not submitted after delivery/installation with relevant documents in 30 (Thirty)
days, penalty @ 1% (One percent) per week subject to a maximum of 2% (Two percent)
will be levied from the total order value.
14.15 In case the submission of bills to NICSI, along with the necessary documents i.e. POD’s/BG’s etc.,
is delayed by the empaneled vendor beyond 30 (Thirty) days from the date of issue of bill or
delivery of materials etc., whichever is earlier, the entire liability towards payment of
interest/penalty to the tax authorities would be on the cost of respective empaneled vendor so that
NICSI is not burdened unnecessarily with this amount. The entire amount will be deducted from
the payment due, to the respective empaneled vendor.
14.16 All payments will be made through RTGS only.
15 REFUND OF EMD & SECURITY DEPOSIT
The Earnest Money Deposit (EMD) without any interest accrued will be refunded as follows:
15.1 In the case of those bidders whose technical bids do not qualify, the EMD will be refunded without
any interest accrued within 1 (One) month of the acceptance of TEC’s (Technical Evaluation
Committee)’s recommendations.
15.2 In the case of those Technically Qualified bidders who are not empaneled, the EMD will be
refunded without any interest accrued within 1 (One) month of the acceptance of FEC’s (Financial
Evaluation Committee)’s recommendations.
15.3 In case of those bidders whose tender bids are accepted for the empanelment, EMD of such
bidders will be refunded on receipt of security deposit as mentioned in Section 7.2.2 :
SECURITY DEPOSIT AND PBG. Security Deposit shall be in the form of Bank Guarantee (BG)
drawn in the name of National Informatics Centre Services Inc Hall No. 2&3, 6th Floor, NBCC
Tower, 15 Bhikaji Cama Place, New Delhi – 110 066, valid for empanelment period and shall be
renewed by the empaneled vendor till Empanelment lasts or the orders placed are executed,
whichever is later. No interest will be payable for the Security Deposit.
15.4 On completion of the warranty period of ordered items, the Security Deposit without any interest
accrued shall be released after ascertaining that satisfactory support has been provided during the
warranty period. In case, it is found that appropriate satisfactory support has not been provided by
the empaneled vendor, NICSI/NIC will ensure that the prescribed penalty for the default in service
has been realized or shall be recovered from the empaneled vendor out of the Security Deposit
16 GENERAL TERMS & CONDITIONS
16.1 CONDITIONS
16.1.1 The empanelment under this tender is not further assignable by the empaneled
vendor. The empaneled vendor must not assign its contractual authority to any other
third party.
16.1.2 As a matter of policy and practice and on the basis of Notification published in
Gazette of India dated 14th March, 1998, it is clarified that services and supplies of
the vendor empaneled through this tender can be availed by both National
Informatics Center [NIC] and National Informatics Center Services Incorporated
[NICSI], as the case may be depending on the project, and the empaneled vendor
shall be obliged to render services / supplies to both or any of these organizations as
per the indent placed by the respective organization. In other words, the selection
procedure adopted in this tender remains applicable for NIC as well, and in the event
No. 10(02)/2016-NICSI
Page 26 of 105
of rendering services / supplies to NIC, the empaneled vendor must discharge all its
obligations under this tender to NIC as well
16.1.3 Any default or breach in discharging obligations under this tender by the empaneled
vendor while rendering services / supplies to NIC/NICSI, shall invite all or any
actions / sanctions, as the case may be, including forfeiture of EMD, security deposit,
invocation of performance guarantee stipulated in this tender document. The decision
of NICSI/NIC arrived at as above will be final and no representation of any kind will
be entertained on the above.
16.1.4 All terms and conditions governing prices and supply given in this tender, as
applicable to NICSI, will be made equally applicable to NIC.
16.1.5 NICSI reserves the right to modify and amend any of the stipulated
condition/criterion given in this tender document, depending upon project priorities
vis-à-vis urgent commitments. NICSI also reserves the right to accept/reject a bid, to
cancel/abort tender process and/or reject all bids at any time prior to award of
empanelment, without thereby incurring any liability to the affected agencies on the
grounds of such action taken by NICSI.
16.1.6 Any default by the bidder in respect of tender terms & conditions will lead to rejection
of the bid & forfeiture of EMD/Security Deposit.
16.1.7 The decision of NICSI arrived during the various stages of evaluation of the bids is
final & binding on all bidders. Any representation towards these shall not be
entertained by NICSI.
16.1.8 In case the empaneled vendor is found in-breach of any condition(s) of tender or
supply order, at any stage during the course of supply/delivery/commissioning or
warranty period, then legal action as per rules/laws will be appropriately taken.
16.1.9 In case of any attempt by OEM/bidder to bring pressure towards NICSI’s decision
making process, such OEMs/bidders shall be disqualified for participation in the
present tender and those bidder may be liable to be debarred from bidding for NICSI
tenders in future for a period of 3 (Three) years.
16.1.10 Printed/written conditions mentioned in the tender bids submitted by bidders will
not be binding on NICSI.
16.1.11 Upon verification, evaluation/assessment, if in case any information furnished by the
bidder is found to be false/incorrect, their total bid shall be summarily rejected and
no correspondence on the same, shall be entertained.
16.1.12 NICSI will not be responsible for any misinterpretation or wrong assumption by the
bidder, while responding to this tender.
16.2 MICRO, SMALL & MEDIUM ENTERPRISES DEVELOPMENT ACT
16.2.1 If a bidder falls under the Micro, Small & Medium Enterprises Development Act,
2006, then a copy of the registration certificate must be provided to NICSI. Further,
the bidder must keep NICSI informed of any change in the status of the company.
16.2.2 Following facilities have been extended to the SSI units registered with NSIC:
16.2.2.1 Issue of tender sets free of cost
16.2.2.2 Exemption from payment of earnest money
16.2.2.3 Waiver of security deposit up to the monetary limit for which the unit is
registered
16.3 PRICE VARIATION CLAUSE
No. 10(02)/2016-NICSI
Page 27 of 105
16.3.1 During the validity of the empanelment including the extended period (if any), if the
empaneled vendor sells any empaneled item to any other Department/Organization,
under similar terms & conditions, at a price lower than the price fixed for NICSI, the
empaneled vendor must voluntarily pass on the price difference to NICSI with
immediate effect. Similarly, in the event of lowering of Government levies
subsequent to empanelment, the empaneled vendor must automatically pass on the
benefits to NICSI, and in the event of increasing of Government taxes/ levies
subsequent to empanelment, NICSI shall consider the case on merit and pass on the
pro-rata benefits to the empaneled vendor if full reference with documentary
evidence is submitted.
16.3.2 During the validity of the empanelment, in case NICSI notices that the market rates
have come down from the time when rates were finalized or for the reasons of
technological advances / changes, NICSI will ask the technically short listed Bidders
to re-quote the prices based on new / advanced configurations/technologies and the
products/services will be selected on the basis of procedure as per Section 6.3 :
FINANCIAL BID EVALUATION.
16.3.3 Bidder will submit the foreign exchange rate (USD) applicable on tender submission
date, as given in financial bid. The foreign exchange rate on last date of bid
submission published at RBI site will be taken as reference. The rate revision due to
the above will be considered when the average monthly fluctuation is ±10% or above
of the defined reference value. If the fluctuation is downwards, NICSI Tender
division will automatically initiate the process for reducing the rate by following the
same procedure. For subsequent revisions, the rate revision committee will record
the foreign exchange rate applicable on the finalization date. In such cases, NICSI
will take decision of giving complete / partial benefit of the variation by examining
other existing similar government empanelment and prevalent market rates. NICSI
may also invite revised financial bid from technically qualified bidders (if number of
such bidders is more than two) and empanelment size will be reduced to at most two
vendors. Decision of NICSI in this regard will be final and no representation of any
kind will be entertained.
16.3.4 All other taxes, i.e. VAT, Installation Charges, Service Taxes as mentioned in the
tender by the empaneled vendor will be added to arrive at the new revised total rate.
Local taxes such as Octroi, LBT , etc shall be paid by NICSI
on actuals.
16.4 LIMITATION OF LIABILITY
(a) The empanelled vendor shall not be liable for any indirect or consequential loss or damage.
(b) With respect to damage caused by the empanelled vendor to end user / NICSI / NIC under any work order issued pursuant to this empanelment, the empanelled vendor shall be liable to end user / NICSI / NIC only for direct damage and loss up to the maximum extent of the higher of (i) the total amount payable to empanelled vendor under the respective work order, or (ii) the proceeds which the empanelled vendor may be entitled to receive from any insurance maintained by the empanelled vendor to cover such a liability.
(c) The limitation of liability in (b) above shall not affect the empanelled vendor’s liability in case of gross negligence or wilful misconduct on the part of the
No. 10(02)/2016-NICSI
Page 28 of 105
empanelled vendor or on part of any person or company acting on behalf of the empanelled vendor in carrying out the services. The limitation of liability in (a) and (b) above shall not affect the empanelled vendor’s liability, if any, for damage to Third Parties caused by the empanelled vendor or any person or firm / company acting on behalf of the empanelled vendor in carrying out the services under any work order issued pursuant to this empanelment.
16.5 INDEMNITY
The empaneled vendor must indemnify NICSI/NIC/User departments against all third party
claims of infringement of patent, trademark/copyright or industrial design rights arising from
the use of the supplied software/ hardware/manpower etc and related services or any part
thereof. NICSI/NIC/User department stand indemnified from any claims that the hired
manpower / empaneled vendor’s manpower may opt to have towards the discharge of their
duties in the fulfillment of the purchase orders. NIC/NICSI/User department also stand
indemnified from any compensation arising out of accidental loss of life or injury sustained by
the hired manpower / empaneled vendor’s manpower while discharging their duty towards
fulfillment of the purchase orders.
16.6 TERMINATION FOR INSOLVENCY
NICSI may at any time terminate the purchase order/empanelment by giving four weeks
written notice to the empaneled vendor, without any compensation to the empaneled vendor,
if the empaneled vendor becomes bankrupt or otherwise insolvent.
16.7 FORCE MAJEURE
If at any time, during the continuance of the empanelment, the performance in whole or in
part by either party of any obligation under the empanelment is prevented or delayed by
reasons of any war, hostility, acts of public enemy, civil commotion, sabotage, fires, floods,
explosions, epidemics quarantine restrictions, strikes, lockouts or acts of God (hereinafter
referred to as "events"), provided notice of happenings of any such event is duly endorsed by
the appropriate authorities/chamber of commerce in the country of the party giving notice, is
given by party seeking concession to the other as soon as practicable, but within 21 days from
the date of occurrence and termination thereof and satisfies the party adequately of the
measures taken by it, neither party shall, by reason of such event, be entitled to terminate the
empanelment/contract, nor shall either party have any claim for damages against the other in
respect of such nonperformance or delay in performance, and deliveries under the
empanelment/contract shall be resumed as soon as practicable after such event has come to
an end or ceased to exist and the decision of the purchaser as to whether the deliveries have so
resumed or not, shall be final and conclusive, provided further, that if the performance in
whole or in part or any obligation under the empanelment is prevented or delayed by reason
of any such event for a period exceeding 60 days, the purchaser may at his option, terminate
the empanelment.
16.8 TERMINATION FOR DEFAULT
Default is said to have occurred
No. 10(02)/2016-NICSI
Page 29 of 105
a. If the empaneled vendor fails to accept the Purchase Orders
b. If the empaneled vendor fails to deliver any or all of the services within the time
period(s) specified in the purchase order or during any extension thereof granted by
NICSI.
c. If the empaneled vendor fails to perform any other obligation(s) under the contract
16.8.1 If the empaneled vendor defaults on (a) & (c) of above circumstances, his Bid security
(EMD)/BG received against this empanelment will be forfeited and empanelment will
be cancelled.
16.8.2 If the empaneled vendor defaults on (b) of above circumstances, 8.5% (eight point
five percent) of the work order value will be levied as cancellation charges.
16.9 ARBITRATION
16.9.1 If a dispute arises out of or in connection with this contract, or in respect of any
defined legal relationship associated therewith or derived there from, the parties
agree to submit that dispute to arbitration under the ICADR Arbitration Rules, 1996.
16.9.2 The Authority to appoint the arbitrator(s) shall be the International Centre for
Alternative Dispute Resolution (ICADR).
16.9.3 The International Centre for Alternative Dispute Resolution will provide
administrative services in accordance with the ICADR Arbitration Rules, 1996.
16.10 CONCILIATION
16.10.1 If a dispute arises out of or in connection with this contract, or in respect of any
defined legal relationship associated therewith or derived there from, the parties
agree to seek an amicable settlement of that dispute by Conciliation under the
ICADR Conciliation Rules, 1996.
16.10.2 The Authority to appoint the Conciliator(s) shall be the International Centre for
Alternative Dispute Resolution (ICADR).
16.10.3 The International Centre for Alternative Dispute Resolution will provide
administrative services in accordance with the ICADR Conciliation Rules, 1996.
16.11 APPLICABLE LAW
16.11.1 The empaneled vendor shall be governed by the laws and procedures established by
Govt. of India, within the framework of applicable legislation and enactment made
from time to time concerning such commercial dealings/processing.
16.11.2 All disputes in this connection shall be settled in Delhi jurisdiction only.
16.11.3 NICSI reserves the right to cancel this tender or modify the requirement at any stage
of Tender process cycle without assigning any reasons. NICSI will not be under
obligation to give clarifications for doing the aforementioned.
16.11.4 NICSI also reserves the right to modify/relax any of the terms & conditions of the
tender by declaring / publishing such amendments in a manner that all prospective
bidders / parties to be kept informed about it.
No. 10(02)/2016-NICSI
Page 30 of 105
16.11.5 NICSI, without assigning any further reason can reject any tender(s), in which any
prescribed condition(s) is/are found incomplete in any respect and at any processing
state.
16.11.6 NICSI also reserves the right to award works/supply order on quality/technical basis,
which depends on quality/capability of the system and infrastructure of the firm.
Bidder(s) are, therefore, directed to submit the tender carefully along with complete
technical features of the solutions as well as other documents required to access the
capability of the firm.
16.11.7 All procedure for the purchase of stores laid down in GFR shall be adhered-to strictly
by the NICSI and Bidders are bound to respect the same.
16.11.8 Any functionality which is neither in the tender document nor explicitly specified as
mentioned above, either by accident or by design, will be considered to be a breach of
contract, such that the bidder must be liable for legal actions and be charged for
damages.
16.11.9 The bidder / OEM must maintain absolute confidentiality on the information with
respect to NIC/user Security plan and related details, which the bidder/OEM
becomes aware of during interaction with NIC-personnel and from the solutions
supplied by them and made operational under NICNET domain. The bidder / OEM of
the solution must sign a Non-Disclosure Agreement (NDA) with
NIC/NICSI/user.
17 SPECIAL TERMS & CONDITIONS
17.1 This tender process will adhere to conditions of CVC Circular No. 3/01/2012 dated 13.01.2012
wherein
17.1.1 In a tender, either the Indian agent on behalf of the Principal/OEM or Principal/OEM
itself can bid but both cannot bid simultaneously for the same item/product in the same
tender.
17.1.2 If an agent submits bid on behalf of the Principal/OEM, the same agent shall not submit a
bid on behalf of another Principal/OEM in the same tender for the same item/product.
17.2 The bidder must bid for all solutions under various schedules mentioned in Section 18 :
TECHNICAL SPECIFICATIONS.
17.3 Bidder must ensure there is no discrepancy between the hard copy submitted and the softcopy
uploaded for the Financial Bid. In case of any discrepancy between hard copy submitted and
softcopy uploaded, then the commercials uploaded in softcopy will prevail.
17.4 After finalization of Rates, the same may be put on the NICSI’s Web page for 15 (Fifteen) Days
inviting comments with regards to the rates being lowest before any contract signing.
17.5 The OEM/Vendor must not use this empanelment anywhere on its own, without taking prior
permission from NICSI. Any purchase order placed with reference to this empanelment has to be
executed through NICSI only.
17.6 Any invoice generated on NICSI under this empanelment by the empaneled vendor must be done
only from an office located in Delhi
18 TECHNICAL SPECIFICATIONS
No. 10(02)/2016-NICSI
Page 31 of 105
18.1. SCHEDULE I – HARDWARE/SOFTWARE SUPPORT
18.1.1 HARDWARE/SOFTWARE REQUIREMENTS FOR CENTRALLY MANAGED
ANTIVIRUS SYSTEM
S.No. Hardware/Software Requirements for Centrally Managed
Antivirus Solution
Compliance
(Y/N)
Remarks
A. A.1. The Central Management of Antivirus Solution must have capabilities to manage 75,000 endpoints which may be implemented in phased manner in 35 states and sub locations within the state
A.2. All solutions features must be fully compatible over IPv6 network such as hardware, software and application software etc.
A.3. First work order will be released to the new OEM only for 20,000 Antivirus licenses to start the services; the next work order will be only given depending upon the requirement of licenses of specific solution and performance.
A.4. Bidder must integrate central manager of the respective solution for forwarding the desired logs to SIEM system or centralized logging server for correlation and analysis of logs for generating reports, and archiving.
A.5. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)
A.6. The CMAS solution must be bundled with all required hardware, software, software subscription (Software license of endpoints and Central Management Server) and service support for managing of Antivirus solution with 5 years warranty across the country. A.6.1. The CMAS hardware configuration must be capable of
managing minimum 50,000 endpoints (independent of the number of licenses procured) to start with and must be scalable to at least 75000 endpoints
A.6.2. Solution must provide enough storage for logs in the Central Management Server (Separate Log Server if required) to retain logs of malware, firewall and other events of the managed endpoints for minimum of six months.
A.6.3. Solution must be bundled with all required hardware and software for distribution or relay systems if required for deploying antivirus software / signature updates for better management of bandwidth at multiple sites for managing Antivirus solution. Bidder may use existing normal client systems as a distribution point but solution must not hamper day to day activity of the user and he/she must not fill that his/her system is used as a distribution point for respective solution.
A.6.4. Solution must ensure that if any distribution or relay servers are deployed must not become bottleneck for the performance of Central Management Server due to insufficient hardware or software.
A.6.5. Solution must support and be able to work in the virtualized environment.
A.6.6. Solution must ensure proper synchronization between Central Management Server and managed endpoints and distribution or relay systems.
A.6.7. Solution must ensure that all managed endpoints coming under the distribution/relay server takes updates on regular basis but at the same time the performance of endpoints should not be reduced due to the performance of Central Management /distribution /relay server deployed by the bidder.
No. 10(02)/2016-NICSI
Page 32 of 105
A.6.8. The CMAS must be bundled with disaster recovery/failover or redundancy environment.
A.6.9. Bidder must provide version upgrade of Antivirus solutions for existing version of antivirus solutions on managed endpoints.
18.1.2 HARDWARE/SOFTWARE REQUIREMENTS FOR CENTRALLY MANAGED PATCH
MANAGEMENT SOLUTION
No. 10(02)/2016-NICSI
Page 33 of 105
S.No.
.. Hardware/Software Requirements of Centrally Managed
Patch Management Solution
Compliance
(Y/N)
Remarks
B.1 The Patch Management Solution must have capabilities to manage 75,000 endpoints from central console which may be implemented in phased manner at multiple remote locations across the country.
B.2 The CMPMS must be bundled with all required hardware, software, software subscription (software license) and service support for managing Patch Management Solution with 5 years warranty across the country.
B.3 The CMPMS hardware configuration must be capable of managing minimum 50,000 endpoints to start with and must be scalable to at least 75000 endpoints
B.4 Solution must provide enough storage for logs in the Central Management Server (Separate Log Server if required) to retain logs of managed endpoints for minimum of six months.
B.5 Solution must be bundled with all required hardware and software for distribution or relay systems if required for deploying the agent and patches for better management of bandwidth at multiple sites for managing Patch Management Solution.
B.6 Solution must ensure that if any distribution or relay servers are deployed, they must not become bottleneck in the performance of Central Management Server due to insufficient hardware or software.
B.7 Solution must ensure proper synchronization between Central Management Server and managed endpoints and distribution or relay systems.
B.8 Solution must ensure that all managed endpoints coming under the distribution/relay server take updates on regular basis but at the same time the performance of endpoints should not be reduced due to the performance of Central Management /distribution /relay server deployed by the bidder.
B.9 The bidder must ensure that the existing licenses of Centrally Managed Patch Management Solution should be migrated to the new Patch Management solution. This may not be required if Patch Management solution is from existing OEM.
B.10 The bidder must ensure that if any hardware or software is required for the smooth migration of existing licenses, it must be bundled with 5 years of warranty
B.11 The CMPMS must be bundled with disaster recovery solution in passive mode environment.
B.12 Solution must provide version upgrade of Patch Management Solution without any dependency on existing version of Patch Management Solution on managed endpoints.
B.13 Solution must ensure secure authentication and communication between managed endpoints and Central Management /Distribution/Relay servers for deployment of patch agent, patches and software updates.
B.14 The solution must have role-based access control features
B.15 Solution must support all latest versions of Windows Operation Systems.
B.16 Solution must support deployment on virtual machine (VM) environment including offline patching of virtual machines.
B.17 Solution must support to send managed endpoints logs automatically on the central Server.
B.18 OEM must provide RCA (Root Cause Analysis) report of technical problem/ incident / issue reported and resolved within 5 working days.
B.19 Solution must support deployment on endpoints in Active Directory/LDAP and workgroup environment.
B.20 The integrity of all the patches deployed on endpoints must be protected by secure hashing algorithm like (SHA-2, etc).
No. 10(02)/2016-NICSI
Page 34 of 105
18.1.3 HARDWARE/SOFTWARE REQUIREMENTS FOR LIGHT-WEIGHT DIRECTORY
ACCESS PROTOCOL
B.21 The solution must be able to start and stop services on endpoints from central console.
B.22 The solution must be able to shut down or restart any endpoint from central console
B.23 The solution must be able to optimize data transfer with bandwidth throttling. Administrator must be able to set exact limit on maximum bandwidth used by each endpoint, group of endpoints or site.
B.24 Solution must be fully IPv4 and IPv6 compliant (dual-stackable)
S.No. Hardware/Software Requirements for LDAP
Compliance
(Y/N)
Remarks
C.1 The LDAP Solution must have capabilities to manage 75,000 endpoints from central console which may be implemented in phased manner at multiple remote locations across the country.
C.2 The LDAP solution must be bundled with all required hardware, software, software subscription (software license) and service support with 5 years warranty across the country.
C.3 The LDAP hardware configuration must be capable of managing minimum 50,000 endpoints to start with and must be scalable to at least 75000 endpoints
C.4 Solution must provide enough storage for logs in the Central Management Server (Separate Log Server if required) to retain logs of managed endpoints for minimum of six months.
C.5 Solution must ensure that if any LDAP servers are deployed, they must not become bottleneck in the performance of Central Management Server due to insufficient hardware or software.
C.6 Solution must ensure proper synchronization between Central Management Server and managed endpoints
C.7 Solution must ensure that all managed endpoints coming under the LDAP solution take updates on regular basis but at the same time the performance of endpoints should not be reduced due to the performance of Central Management /distribution /relay server deployed by the bidder.
C.8 The LDAP must be bundled with disaster recovery solution in passive mode environment.
C.9 Solution must ensure secure authentication and communication between managed endpoints and LDAP solution for deployment of patch agent, patches and software updates.
C.10 The solution must have role-based access control features
C.11 The solution must be integrated with DLP
C.12 Solution must support deployment on endpoints in Active Directory/LDAP and workgroup environment.
C.13 Solution must be fully IPv4 and IPv6 compliant (dual-stackable)
No. 10(02)/2016-NICSI
Page 35 of 105
18.1.4 HARDWARE/SOFTWARE REQUIREMENTS FOR MOBILE DEVICE MANAGEMENT
S.
No.
Hardware/Software Requirements for Centrally Managed
Mobile Security Solution
Compliance
(Y/N)
Remarks
D. D.1. The Centrally Managed Security Solution for Mobile Devices must have capabilities to manage 75,000 endpoints which may be implemented in phased manner at multiple remote locations across the country.
D.2. Bidder must integrate central manager of the respective solution for forwarding the desired logs to SIEM system or centralized logging server for correlation and analysis of logs for generating reports, and archiving.
D.3. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)
D.4. The solution must be bundled with all required hardware, software, software subscription and service support for managing of Antivirus solution with 5 years warranty across the country. D.4.1. The hardware configuration for the solution must
be capable of managing minimum 10,000 endpoints (independent of the number of licenses procured) to start with and must be scalable to at least 75000 endpoints
D.4.2. Solution must support and be able to work in the virtualized environment.
D.4.3. Solution must ensure proper synchronization between Central Management Server and managed endpoints and distribution or relay systems.
D.4.4. Solution must ensure that all managed endpoints coming under the distribution/relay server takes updates on regular basis but at the same time the performance of endpoints should not be reduced due to the performance of Central Management /distribution /relay server deployed by the bidder.
D.4.5. The solution must be bundled with disaster recovery/failover or redundancy environment.
D.4.6. The solution must be able to shut down or restart any endpoint from central console
D.4.7. OEM must provide RCA (Root Cause Analysis) report of technical problem/ incident / issue reported and resolved within 5 working days.
D.4.8. Solution must support deployment on endpoints in Active Directory/LDAP and workgroup environment.
D.4.9. The solution must have role-based access control features
18.2. SCHEDULE II – CENTRALLY MANAGED ANTIVIRUS SOLUTION
18.2.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR PROCUREMENT AND RENEWAL OF
CENTRALLY MANAGED ANTIVIRUS SOLUTION LICENSES
S. No. Procurement and Renewal of CMAS Licenses Compliance
(Y/N)
Remarks
A.1. Solution must have single agent with following Antivirus
No. 10(02)/2016-NICSI
Page 36 of 105
Features for endpoint security
A. A.1.1. Antivirus and Anti-Spyware
A.1.1.1. Solution must scan, detect, clean, delete and quarantine the infected files.
A.1.1.2. Solution must clean/ delete/ block malicious codes/software in real time, including viruses, worms, Trojan horses, bot, spyware, adware, mass mailing worms and Rootkit for Windows based Operating systems /Root kit along with webshell(s) for UNIX/Linux based operating systems
A.1.1.3. Solution must support boot sector and Master boot record A.1.1.4. Solution must have embedded behavioral analysis and
protection technology apart from signature based clean/delete/quarantine for unknown threats.
A.1.1.5. Solution must scan, detect, clean or delete malicious code for protocols like POP3 /IMAP/TCP/FTP etc.,
A.1.1.6. Solution must support to install antivirus agent through various techniques like web based, MSI package or other methods in workgroup and Active Directory/LDAP environment.
A.1.1.7. Solution must support CPU utilization threshold must not exceed 20% during real time and conventional scan for improving the performance of endpoints during the execution of user routine task.
A.1.1.8. Solution must support to scan single file/directory/entire system and detect, clean, delete or quarantine the infected file.
A.1.1.9. Solution must support file reputation and web reputation and blocking of URL on all browsers like Opera, Safari, Chrome , IE etc
A.1.1.10. Solution must support scheduled scan configuration for full-disks scan at designated time from central manager for clean, delete or quarantine infected file.
A.1.1.11. Solution must support to prevent endpoint users from uninstalling or disabling the managed antivirus services.
A.1.1.12. Solution must support to exclude the specified files/directories from real time and manual scan.
A.1.1.13. Solution must provide a utility program for clean uninstallation process of the corrupted antivirus.
A.1.1.14. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)
A.1.1.15. Solution must support virtualized environment A.1.1.16. Solution must submit the suspected files for which
signature has been developed to NIC Network Security Team
A.1.2. Desktop Firewall
Solution must allow for creation and deployment of user defined firewall policy for endpoints to permit or deny network access based on IP Address, logical Ports, and Services on a single IP Address, range, and segments
A.1.3. Endpoint Based Intrusion Prevention System
A.1.3.1. Solution must provide Endpoint based Intrusion Prevention System to proactively block and safely eliminate malwares and potentially unwanted program from endpoints.
A.1.3.2. Endpoint Based Intrusion Prevention Solution must be bundled with CMAS for client system (managed endpoints).
A.1.4. Device Control
No. 10(02)/2016-NICSI
Page 37 of 105
A.1.4.1. Solution must support to block external devices like USB, Data Card, IOS , Android , Symbian and other devices based on standard OS flavors
A.1.4.2. Solution must be able to provide access to authorized external devices and services based on privileges.
A.1.4.3. Solution must allow devices which have Serial number , MAC address
A.1.4.4. Solution should support data classification where user should not be allowed to copy the data in other device and location
A.1.4.5. Solution must support both device instance/ID and model exceptions. For example a USB with a specific serial no given can be exempted
A.1.4.6. Solution must support exemptions and provisioning of remark to identify who has requested for exemption and when.
A.1.5. Application Control
A.1.5.1. Solution must allow for creating whitelisting of application programs, DLLs and executable files and block all remaining programs, DLLs. executable files for execution.
A.1.5.2. Solution must support self motivated Whitelisting, and block applications attempting to execute on any endpoint, unless explicitly allowed by administrator.
A.1.5.3. Solution must support anti spoofing a A.1.5.4. Solution must support to create classify
applications which are attempting network access, and block unauthorized connections and data transfers by malicious programs.
A.1.5.5. Solution must support to protect against zero-day attacks
A.1.5.6. Solution must support to accept automatically new software added through authorized processes.
A.1.6. Supported Operating Systems
A.1.6.1. Solution must support all the supported versions/latest versions of Microsoft Windows Operating Systems.
A.1.7. Reports
A.1.7.1. Solution must support to generate infected systems report with their source and destination IP address.
A.1.7.2.Solution must support to generate malware, name-wise reports based on source and destination IP address.
A.1.7.3. Solution must support to generate user defined reports from database. In case reports are provided in raw logs, vendor must be able to generate meaningful reports by exporting into a database.
A.1.7.4. Solution must support to generate following reports: A.1.7.4.1. Current Virus Definition. A.1.7.4.2. Virus Definition updates. A.1.7.4.3. Report generated must be exported to
other applications like HTML, Microsoft Excel, CSV or PDF.
A.1.7.4.4. Graphical Charts for malwares, infected endpoints etc. for managed clients.
A.1.8. Antivirus Client System logs for all supported Microsoft Windows OS
No. 10(02)/2016-NICSI
Page 38 of 105
18.2.2 MAINTAINING AND MANAGING EXISTING CMAS LICENSES
S.No. Maintaining and Managing Existing CMAS
Licenses
Compliance
(Y/N)
Remarks
B. Solution for Renewal and Integration of
Existing Antivirus Licenses in the same CMAS
B.1. Bidder must provide support services for already deployed one of the three existing CMAS solutions, namely, Trend Micro, Symantec and McAfee including the following: B.1.1. CMAS version upgrade B.1.2. Support all existing components and
sub-components of CMAS B.1.3. Software subscription and annual
renewal of existing licenses. B.1.4. Support for creating new Antivirus
signature after submitting all desired logs for zero day attack or any infected endpoint.
B.1.5. Bidder must integrate central manager of the respective solution for forwarding
A.1.8.1. Solution must support to send following endpoint logs based on IP and MAC address automatically up to CMAS.
A.1.8.2. Solution must support that the managed endpoints must send Antivirus event logs.
A.1.8.3. Solution must support to send logs of device control and application control to the central manager
A.1.8.4. Solution must support that the managed endpoints must send Antivirus firewall logs i.e. compliance violations and access log.
A.1.8.5. Solution must support that the managed endpoints must send Endpoint Based Intrusion Prevention System compliance violations and access log.
A.1.8.6. Solution must support to integrate with 3rd Party Log Analyzer Application Software like Arc-Sight.
A.1.9. Log Collection Utility Programs for all supported Windows OS. A.1.9.1. Solution must provide a Utility program for all
supported Windows operating systems for collecting logs of infected endpoints for analyzing and developing signatures.
A.1.10. Root Cause Analysis Reports : A.1.10.1. OEM must provide RCA (Root Cause Analysis)
report of technical problem/ incidence / issues reported and resolved.
A.1.11. Log Analysis A.1.11.1. Vendor must support log analysis of infected
systems and submit required suspected files to OEM lab for new signature
A.2. Annual Software Subscription
A.2.1. Vendor must support software upgrades, new malware antivirus signatures, and technical know-how transfer training.
No. 10(02)/2016-NICSI
Page 39 of 105
the desired logs to SIEM system or centralized logging server for correlation and analysis of logs for generating reports, and archiving.
Note: Approximately there are 41000
Licenses of Trend Micro, 20000 Licenses
of Symantec and 20000 Licenses of
McAfee
B.2. In case same OEM solution is empaneled the existing licenses must be integrated by the bidder of the respective solutions (Trend Micro, Symantec and McAfee) in the same CMAS.
B.3. Bidder is not allowed to deploy separate central managers for the existing licenses and the new licenses if both are from the same OEM. The new licenses must be integrated in the existing CMAS central manager of the respective solutions.
B.4. In case the vendor doesn’t support the existing CMAS OEM and as the vendor has quoted for a different OEM CMAS, the vendor must provide software subscription and all required service support for existing licenses: B.4.1. CMAS version upgrade B.4.2. Support all existing components and
sub-components of CMAS B.4.3. Software subscription and annually
renewal of existing licenses. B.4.4. Support for creating new Antivirus
signature after submitting all desired logs for zero day attack or any infected endpoint.
Note: Approximately there are 41000 Licenses of
Trend Micro, 20000 Licenses of Symantec and 20000
Licenses of McAfee
B.5. Bidder must ensure that if any hardware/ software/ software subscription is required for the integration of existing licenses it must be bundled with 5 years of warranty.
B.6. Root Cause Analysis Reports :
B.6.1. OEM must provide RCA (Root Cause Analysis) report of technical problem/ incidence / issues reported and resolved.
Note
1. The cost of maintaining and managing existing licenses would be same as the cost quoted
for 18.2.1 PROCUREMENT AND RENEWAL OF CMAS LICENSES
2. There will be no additional cost for the installation of the existing licenses
18.2.3 TECHNICAL SPECIFICATION/REQUIREMENT OF VALUE ADDED FEATURES FOR CMAS
S.No. Value Added Features (VAF) for CMAS TMVAF
Marks
Documents
evidence
No. 10(02)/2016-NICSI
Page 40 of 105
100
C. C.1.
Same Rates for Antivirus Agents for all
supported OS platforms:
10
C.1.1. Solution must quote same rates for all supported Microsoft Windows and non-windows Operating Systems.
C.2. Customized Messages 2
C.2.1. Solution should able to display customized user defined alert messages on managed endpoints.
C.2.2. Solution must support to prompt a message whenever any external devices are plugged into the endpoints and scan the external device storage and detect, clean, delete or quarantine the infected file.
C.3. Log Collection Utility Programs 3
C.3.1. Log Collection Utility Programs for other than Windows Operating Systems:
C.3.1.1. Solution must provide a Utility Software Tool for all variant of OS other than Windows Operating System for collecting logs of infected endpoints for analyzing and developing signatures which can clean the endpoints from Malware infection.
C.4. Supported Operating Systems 60
C.4.1. Linux 20
C.4.2. Mac OS 5
C.4.3. Solaris 5
C.4.4. Cent OS 15
C.4.5. Ubuntu 10
C.4.6. BOSS 5
C.5. Antivirus for Private Cloud environment 2
C.5.1. Solution should support for antivirus in the cloud environment
C.6. Software Deployment kit : 3
C.6.1. Solution must have ability to push any third party application software program and execute on managed endpoints from Central Management Console to the managed endpoints.
C.7. Solution must provide support to automatically collect
infected system desired logs from the end points on to
the central server for uploading in OEM lab
3
C.8. Solution must provide anti IP and MAC addresses
spoofing.
2
C.9. Gartner Magic Quadrant 15
Should be present in the Leader Space in
the Gartner Magic Quadrant for
2015 5
2014 5
2013 5
Should be present in the Challenger 2015 2.5
No. 10(02)/2016-NICSI
Page 41 of 105
Note - Bidders who score atleast 60% in these Value Added Features will only be considered for
further evaluation.
18.3. SCHEDULE III – ENDPOINT BASED INTRUSION PREVENTION
SYSTEM FOR SERVERS
18.3.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR ENDPOINT BASED INTRUSION
PREVENTION SYSTEM FOR SERVERS
S.No. Centrally Managed Endpoint Based Intrusion
Prevention System
Compliance
(Y/N)
Remarks
A. Centrally managed Endpoint Based Intrusion
Prevention System for Servers :
A.1. Solution should support the logging of all access violation based on the attack pattern based using IP/MAC addresses of end points
A.2. Solution must be able to work in detection and protection mode.
A.3. Solution should support the control and logging of all inbound and outbound traffic from the endpoint systems..
A.4. Solution must ensure proactive blocking and elimination of malwares .
A.5. Solution must able to provide complete solution for Endpoint based Intrusion Prevention for Servers in datacenter environment like zero day attack, access log analysis etc.
A.6. Solution should support monitoring and protection of file integrity in physical and virtual systems.
A.7. Solution must ensure protection of OS, web & database server attacks through dynamic and stateful firewall which defense against advanced threats and malicious traffic. It must also provide signature and behavioral intrusion prevention system (IPS) protection.
A.8. Solution must be able to monitor and protect various platforms like Windows Solaris, Linux, AIX, HP-UX and have the capability to leverage Virtual Agent protect servers against advanced threats such as botnets, distributed denial-of-service (DDoS) agents and emerging malicious traffic before attacks.
A.9. Solution must be able to identify policy violations, suspicious administrators or intruder activity on a real time basis
A.10.Solution should have pre-defined set of rules/policies which should prevent and alert the abnormal activities and tempering of data.
A.11. Solution must be able to provide virtual support with the same specifications
A.12. Solution must enforce the broadest IPS and zero-day threat protection coverage across all levels.
Space in the Gartner Magic Quadrant
for the last three years
2014 2.5
2013 2.5
No. 10(02)/2016-NICSI
Page 42 of 105
A.13. Solution must detect and remove viruses, spyware, rootkits, Trojans, adware and potentially unwanted applications in real time with minimal performance impact.
A.14. Solution must have a dashboard for management of components such as anti-malware, web reputation, firewall, intrusion prevention, integrity monitoring, log inspection, and data security
A.15. Solution must support to configure policy based application profiling and rest should be denied
A.16. Solution must have restricted application and operating system behavior using policy-based least privilege access control.
A.17. Solution must be able to forward relevant logs to SIEM system or centralized logging server for correlation reporting, and archiving.
A.18. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)
A.19. Root Cause Analysis Reports
A.19.1. OEM must provide RCA (Root Cause Analysis) report of technical problem/ incidence / issues reported and resolved.
18.3.2 VALUE ADDED FEATURES FOR ENDPOINT INTRUSION PREVENTION SYSTEM
S. No. Value Added Features (VAF) for Endpoint
Intrusion Prevention System
TMVAF
Marks
100
Documents
evidence
B.1 Gartner Magic Quadrant 30
Should be present in the Leader Space in
the Gartner Magic Quadrant for the last
three years
2015 10
2014 10
2013 10
Should be present in the Challenger
Space in the Gartner Magic Quadrant for
the last three years
2015 5
2014 5
2013 5
B.2 Virtualized Environment 20
Management of both agent based deployment
and agentless deployment ( for virtualized
environment ) should happen from a single
console and any new VM provisioned in the
virtual environment should get auto protected.
Should provide agentless anti-malware security
services for the virtualized network
B.3 Recommendations 10
Should provide automatic recommendation against
existing vulnerabilities and removing assigned
policies if a vulnerability no longer exists
B.4 Should have minimum of EAL 4+ Certification 10
B.5 Should provide granular access control of network,
file systems, registry, process-to-process memory
10
No. 10(02)/2016-NICSI
Page 43 of 105
Note - Bidders who score atleast 60% in these Value Added Features will only be considered for
further evaluation.
18.4. SCHEDULE IV – CENTRALLY MANAGED DATA LEAKAGE
PREVENTION SOLUTION
18.4.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR DLP (DATA LEAKAGE
PREVENTION) SOLUTION
S.No. Centrally Managed DLP Solution Compliance
(Y/N)
Remarks
A.1. Centrally managed Data Leakage Prevention
(DLP) Solution
A.1.1. Solution must detect and prevent leakage of confidential content inside documents
A.1.2. Solutions must have capability to install and uninstall the agent remotely even for protected managed endpoints from the management console.
A.1.3. Solution must be able block the leakage of sensitive data from different public and private email channels.
A.1.4. Solution must support all type of document, files types systems, like Microsoft Office, OpenOffice and Linux document editor’s files types.
A.1.5. Solution must virtual support with the same specifications
A.1.6. Solution must support to analyze, protect and monitor screenshot operations of critical/sensitive documents.
A.1.7. Solution must have the capability to integrate with LDAP to create user or group-based detection rules.
A.1.8. Solution must support to protect the data leakage from Social Networking sites and Chat server application sources like Facebook, LinkedIn, Twitter, Live Journal, Myspace, etc. (not limited to these sites only).
A.1.9. Solution must support role-based administration control
A.1.10. Solution must allow only selected security group administrator to install and uninstall the application.
A.1.11. Solution must ensure monitoring of the remote systems on a real time basis including checking of version updates and ensuring policy consistency and integrity.
access, system calls, and application and child process
launches
B.6 Should provide be signature less security to servers to
protect security when signatures are not available or
in an air gap network
10
B.7 Should automate and simplify security provisioning
for virtual applications by assessing the security
requirements for applications and applying the
appropriate security policies
10
No. 10(02)/2016-NICSI
Page 44 of 105
A.1.12. Solution must support to protect the data being transmitted to ensure the data integrity and avoid sniffing.
A.1.13. Solution must monitor, detect and block sensitive data while in-use (endpoint systems/Server actions), in-motion (network traffic), and at-rest (data storage).
A.1.14. Solution must be able to identify true data owners even if a sender has changed the file extension to hide content.
A.1.15. Solution must support to monitoring, blocking, encrypting, quarantining data and notifying administrator and end users in real time and offline environment
A.1.16. Solution must notify users regarding policy violations, exposed files and folders, and detection of confidential data sent over the new version of the Internet Protocol/ IPv6.
A.1.17. Solution must have the capability of reporting and administration from a centrally managed web-based console manager.
A.1.18. Solution must support to distinguish between different types of PII (Personally identifiable information) with/without the presence of a keyword/pattern.
A.1.19. Solution must protect documents containing sensitive content (such as intellectual property, source code, and/or financial documents) with/without relying on keywords or patterns.
A.1.20. Solution must have the capability to allowing exceptions for data owners governed by a a fingerprint policy.
A.1.21. Solution must have method of detecting documents even if it contains portions of text in different file formats through fingerprinting/pattern matching ,
A.1.22. Solution must support to control and block confidential data copied to input/output devices through USB, CD/DVD, IrDA, Bluetooth, COM and LPT ports, IM, SSL, Skype, HTTP, HTTPS, FTP, SMTP, ESMTP, POP, POP3, IMAP4 MAPI, FTP, TFTP, Wi-Fi and FileZilla Sessions etc.
A.1.23. Solution must monitor and protect instant messaging traffic when it tunnels through HTTP, port 80.
A.1.24. Bidder must integrate central manager of the respective solution for forwarding the desired logs to SIEM system or centralized logging server for correlation and analysis of logs for generating reports, and archiving.
A.1.25. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)
A.2. Root Cause Analysis Reports :
A.2.1. OEM must provide RCA (Root Cause Analysis) report of technical problem/ incidence / issues reported and resolved.
No. 10(02)/2016-NICSI
Page 45 of 105
18.4.2 TECHNICAL SPECIFICATION/REQUIREMENT OF VALUE ADDED FEATURES FOR
DLP
Note - Bidders who score atleast 60% in these Value Added Features will only be considered for
further evaluation.
S.No. Value Added Features (VAF) for DLP TMVAF
Marks
100
Documents
evidence
B. B.1.
Gartner Magic Quadrant 30
Should be present in the Leader Space in the
Gartner Magic Quadrant for the last three years
2015 10
2014 10
2013 10
Should be present in the Challenger Space in
the Gartner Magic Quadrant for the last three
years
2015 5
2014 5
2013 5
B.2. Fingerprint policy enforcement 10
The solution should enforce fingerprinting/pattern
matching policy on both network and endpoint channel,
even when the endpoint is off network
B.3. Incident Management 20
B.3.1. The solution should allow a specific
incident manager to manage incidents
of specific policy violation, specific user
groups etc.
B.3.2. The solution should have options for
managing and remediating incidents
through email by providing incident
management options in the email.
B.4. Role based Access 20
The system should have options to create a role to see
summary reports, trend reports and high-level metrics
without the ability to see individual incidents
B.5. Data Classification 10
The solution should provide in-built or 3rd party tool to
classify the data. This data classification tool shall help
the organization in in-depth data classification and
tagging the confidential data.
B.6. Reporting 5
The solution should have a dashboard view designed for
use by executives that can combine information from
data in motion (network), data at rest (storage), and
data at the endpoint (endpoint) in a single view
B.7. Support for Linux 5
Solution must support Linux document editor’s files
types
No. 10(02)/2016-NICSI
Page 46 of 105
18.5. SCHEDULE V – CENTRALLY MANAGED SECURITY SOLUTION FOR
MOBILE DEVICES
18.5.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR MOBILE SECURITY SOLUTION
S.No. Centrally Managed Mobile Security Compliance
(Y/N)
Remarks
A. Centrally Managed Security Solution for Mobile Devices
A.1. Solution must have a central manager for device management and data security of the complex and heterogeneous mobile devices (IOS, Windows, and Android).
A.2. Solution must have comprehensive visibility and control of the mobile environment so as to safeguard mobile data and devices regardless of platform, device type or service provider.
A.3. Solution must have processes to enroll, deploy, and configure all mobile devices, applications, and content and it must enable end user to access organizational resources through MDM (Mobile Device Management).
A.4. Solution must support to allow mobile administrator to enable policy controls of password and application restrictions, certificate distribution and remote actions like device lock or remote wipe. Security options must include:
A.4.1. Policy options (password control, remote wipe, app restrictions) and it must be targeted to specific user and user groups and department vs. personal devices.
A.4.2. Automated provisioning and delivery of device authentication certificates.
A.4.3. Enforcement of mobile email access policies using email gateway or certificates.
A.4.4. Email restriction policy to limit email access to specific apps for instance native or 3rd party (Android Work Mail).
A.4.5. Compliance enforcement of device, defined by device status (jailbreak encryption), user status (group membership), or threat protection status (security installed, definitions up-to-date and no malware)
A.5. Solution must have the capability to distinguish between organizational and personal data
A.6. Solution must provide device management across platforms and integration with directory services
A.7. Solution must support on premise deployments with role based access control and leverage the product’s APIs for reporting via third-party or internal reporting systems.
A.8. Solution must support to send access violation logs of endpoints based on IP and MAC address automatically up to central manager.
A.9. Solution must provide Secure Web-based console for managing mobile devices through central manager for mobile Security software (such as, antivirus / anti-malware, endpoint protection, firewall, device storage encryption, etc.)
A.10. Solution must detect and remove viruses, spyware, rootkits, Trojans, adware and potentially unwanted mobile applications.
A.11. Solution must enforce certain features on mobile devices
No. 10(02)/2016-NICSI
Page 47 of 105
such as, Device access password, inactivity timeout, storage encryption, device lockout on failed login attempts, secure deletion of data through remote wipe on device theft / loss, etc to provide a secure configuration
A.12. Solution must support encryption status of data on the device and restrict Devices that don't support encryption.
A.13. Solution must be able integrate with LDAP solution and it should be able to send SMS/notifications to the device.
A.14. Solution must be able to forward relevant logs to SIEM system or centralized logging server for correlation reporting, and archiving.
A.15. Solution must provide following features : A.15.1. Remote Wipe of misplaced devices from the
console A.15.2. Selectively remote wipe only official data from
console A.15.3. Remotely lock the device A.15.4. Remotely reset password on the device A.15.5. Query device to get the latest status A.15.6. Able to push organizational security
compliance policies updates through Internet without user interaction.
A.15.7. Able fetch device software installation status. A.15.8. Able to show security details of the devices A.15.9. Must provide anti-phishing web protection and
block fraudulent websites to protect sensitive information.
A.15.10. Must reduce mobile spam by blocking unwanted calls and SMS text messages
A.15.11. Must support an automatic scan, clean, delete or quarantine infected files of SD memory cards for threats when users plug them into device.
A.16. Solution must able to create secure encrypted storage space / container on Mobile Device of official data. It must be able to store only on secure container on mobile device. Access to the secure container must be allowed only from the authorized applications. External / Third-party applications (applications which are not official) must be prevented from accessing this secure container.
A.17. Solution must be able to disable unnecessary / unauthorized hardware components / interfaces, such as, camera, Bluetooth, GPS, external storage (like, SD card) and ensure secure deletion of Official Data while de-provisioning the Mobile Device.
A.18. Solution must ensure limited privileges and restricted installation of third party applications which do not permit modification of Mobile Device configuration
A.19. Solution must synchronize Official data contained on the Mobile Device with backup Server in the Office.
A.20. Solution must be able to forward relevant logs to SIEM system or centralized logging server for correlation reporting, and archiving.
A.21. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)
A.22. Root Cause Analysis Reports :
A.22.1. OEM must provide RCA (Root Cause Analysis) report of technical problem/ incidence / issues reported and resolved.
No. 10(02)/2016-NICSI
Page 48 of 105
18.5.2 TECHNICAL SPECIFICATION/REQUIREMENT OF VALUE ADDED FEATURES FOR
MOBILE SECURITY
Note - Bidders who score atleast 60% in these Value Added Features will only be considered for
further evaluation.
18.6. SCHEDULE VI – CENTRALLY MANAGED DEVICE CONTROL
SOLUTION
18.6.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR DEVICE CONTROL SOLUTION
S.No. Centrally Managed Device Control Solution Compliance
(Y/N)
Remarks
A. Centrally Managed Device Control Solution for
Endpoint Security
A.1. Solution must support to send logs required for analysis of endpoint based on IP and MAC address automatically up to central manager.
A.2. Solution must support to enforce Security Policies for Removable Devices, Media and Data like Optical discs ( CDs , DVDs , Blu Ray disks) , Memory cards ( Compact Flash card, Secure Digital Card , Memory Stick), Zip disks/other Floppy disks , Disk packs, Magnetic Tapes, Paper Data storage ( punched cards, punched tapes),
S.No. Value Added Features (VAF) for Mobile
Security
TMVAF
Marks
100
Documents
evidence
B. B.1.
Gartner Magic Quadrant 30
Should be present in the Leader Space in
the Gartner Magic Quadrant for the last
three years
2015 10
2014 10
2013 10
Should be present in the Challenger
Space in the Gartner Magic Quadrant
for the last three years
2015 5
2014 5
2013 5
B.2. Call and Text Blocker 20
Blocks annoying and unwanted calls and text messages.
B.3. Sim Card Lock 10
Instantly locks your phone if the SIM card is removed, so thieves can’t use it with a different SIM card.
B.4. Solution must be able to support two-factor authentication and provisioning to permit the access of applications
10
B.5. Platform Coverage 30
B.5.1. IOS 10
B.5.2. Android 10
B.5.3. Windows 10
No. 10(02)/2016-NICSI
Page 49 of 105
USB flash drives, External hard disk drives (traditional IDE, EIDE , SCSSI and SSD), Digital Cameras, Smartphones and Wired or Wireless printers
A.3. Solution must support following: A.3.1. Assign permissions for authorized
removable devices and media to individual user or user groups.
A.3.2. Restrict the daily amount of data copied to removable devices and media on a per-user basis and also, limits to specific time frames.
A.3.3. Solution must Control of file types that may be moved to and from removable devices / media on per-user basis and helps reduce malware propagation.
A.3.4. Solution must support to grants temporary access to the user or user groups / scheduled access to removable devices / media; used to grant access “in the future” for a limited period.
A.3.5. access / usage policies should remain regardless of connection status, and can be personalized whether the endpoint is connected to the network or not.
A.3.6. Solution must provide tamper proof agents on managed endpoint on the network so that agents are protected against unauthorized removal – even by user having administrative privileges
A.3.7. Solution must provide organization-wide control and enforcement using scalable client-server architecture with a central database that is optimized for performance and also supports virtualized server configurations.
A.3.8. Bidder must integrate central manager of the respective solution for forwarding the desired logs to SIEM system or centralized logging server for correlation and analysis of logs for generating reports, and archiving.
A.3.9. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)
A.4. Root Cause Analysis Reports :
A.4.1. OEM must provide RCA (Root Cause Analysis) report of technical problem/ incidence / issues reported and resolved.
18.6.2 TECHNICAL SPECIFICATION/REQUIREMENT OF VALUE ADDED FEATURES FOR
DEVICE CONTROL SOLUTION
S.No. Value Added Features (VAF) for Device Control TMVAF
Marks
100
Documents
evidence
B. B.1.
Gartner Magic Quadrant 30
Should be present in the Leader Space in the 2015 10
No. 10(02)/2016-NICSI
Page 50 of 105
Note
-
Bidd
ers
who
scor
e
atlea
st
60%
in
thes
e
Valu
e
Add
ed Features will only be considered for further evaluation.
18.7. SCHEDULE VII – CENTRALLY MANAGED NETWORK ACCESS
CONTROL
18.7.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR NAC (NETWORK ACCESS CONTROL)
SOLUTION
S.No. Centrally Managed NAC for Endpoint Security Compliance
(Y/N)
Remarks
A. Network Access Control (NAC) Solution
A.1. Solution must be able provide software / hardware base Network Access Control (NAC) for network security that attempts to unify endpoint/server security technology (such as antivirus, host based intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement for achieving organizational security compliance level.
A.2. Solution must quarantine some system so that user is provided routed access only to certain IP segments/servers/hosts and applications
A.3. Solution must be able to redirect users system to a specific web portal that provides instructions /patches / antivirus and tools for updating their system. Until their system passes automated inspection for meeting compliance, no network is allowed.
A.4. Solution must be able to forward relevant logs to SIEM system or centralized logging server for correlation reporting, and archiving.
A.5. Solution must allow authentication and centralized authorization of users and endpoints via wired, wireless, and VPN with consistent policy throughout the enterprise
Gartner Magic Quadrant for the last three
years
2014 10
2013 10
Should be present in the Challenger Space in
the Gartner Magic Quadrant for the last three
years
2015 5
2014 5
2013 5
B.2 Enforce wireless connection control, including Wi-Fi,
Bluetooth, and IrDA connections
15
B.3 Solution should be able to whitelist USB based on
device id or vendor id
15
B.4 Solution should be able to allocate certain USB for
limited users and block for rest of the users
15
B.5 Should track to discover all users connecting what devices
to each and every desktop
15
B.6 Should query desktops transparently locating and
documenting all devices that are or have been locally
connected
10
No. 10(02)/2016-NICSI
Page 51 of 105
which can be customized at any time. A.6. Solution must offer comprehensive visibility
of the network by automatically discovering, classifying, and controlling endpoints connected to the network to enable the appropriate services per endpoint.
A.7. Solution must address vulnerabilities on user machines through periodic evaluation and remediation to help proactively mitigate network threats such as viruses, worms, and spyware.
A.8. Solution must enforce security policies by blocking, isolating, and repairing noncompliant machines in a quarantine area without requiring administrator attention.
A.9. Solution must offer a built-in monitoring, reporting, and troubleshooting console to assist helpdesk operators and administrators to streamline operations.
A.10. Solution must be able to identify devices in greater detail with Active Endpoint Scanning
A.11. Solution must augment network-based profiling to target specific endpoints (based on policy) for specific attribute device scans, resulting in higher accuracy and comprehensive visibility of components present on the network
A.12. Solution must enable administrators to specify an endpoint and select an action - for example, move to a new VLAN, return to the original VLAN, or isolate the endpoint from the network entirely - all in a simple interface
A.13. Solution must utilize standard protocols for authentication, authorization, and accounting (AAA) meeting full compliances with networked devices.
A.14. Solution must support a wide range of authentication protocols, including PAP, MS-CHAP, Extensible Authentication Protocol (EAP)-MD5, Protected EAP (PEAP), EAP Flexible Authentication via Secure Tunneling (FAST), and EAP-Transport Layer Security (TLS).
A.15. Solution must provide a wide range of access control mechanisms, including downloadable access control lists (dACLs), VLAN assignments.
A.16. Solution must have predefined device templates for a wide range of endpoints, such as IP phones, printers, IP cameras, smartphones, tablets etc and allow administrators to create their own templates
A.17. Solution must allow end users to interact with a self-service portal for device on-boarding and registration for standard PC and mobile computing platforms.
A.18. Solution must allow administrators to quickly take corrective action (Quarantine, Un-Quarantine, or Shutdown) on risk compromised endpoints within the network to help reduce risk and increase security in the network.
A.19. Solution must enable administrators to
No. 10(02)/2016-NICSI
Page 52 of 105
centrally configure and manage profile authentication, and authorization services in a single web-based GUI console, greatly simplifying administration by providing consistency in managing all these services.
A.20. Solution must include a built-in web console for monitoring, reporting, and troubleshooting issues
A.21. Solution must offer comprehensive historical and real-time reporting for all services, logging of all activities, and real-time dashboard metrics of all users and endpoints connecting to the network.
A.22. Solution must support consistent policy in centralized and distributed deployments that allows services to be delivered where they are needed
A.23. Solution must have capability to determine whether users are accessing the network on an authorized, policy-compliant device.
A.24. Solution must provide information about endpoints that are registered through the device registration portal by a specific user for a selected period of time. The report should provide the following details :- A.24.1. Logged in Date and Time. A.24.2. Portal User (who registered the
A.25. Solution must have capability to look at various elements when classifying the type of login session through which users access the internal network, including the following :"
A.25.1. Client machine operating system and version.
A.25.2. Client machine browser type and version.
A.25.3. Group to which the user belongs. A.25.4. Condition evaluation results (based
on applied dictionary attributes). A.26. Solution must classify a client machine, and
must support client provisioning resource policies to ensure that the client machine is set up with an appropriate agent version, up-to-date compliance modules for antivirus and antispyware vendor support, and correct agent customization packages and profiles, if necessary.
A.27. Solution must support the user logs, based on the profile that is associated with that user's authorization and set up the user's personal device to access the network. This must be supported over Microsoft windows, iOS and Android devices."
A.28. Solution must support usage of simple filters based on field descriptions, such as the
No. 10(02)/2016-NICSI
Page 53 of 105
endpoint profile, MAC address, and the static status that is assigned to endpoints when they are created in the Endpoints page.
A.29. Solution must support an advanced filter based on a specific value associated with the field that can be preset for use later and retrieved, along with the filtering results.
A.30. Solution must support importing endpoints from a comma separated values (CSV) file and the LDAP server in which the list of endpoints appears with the MAC address
A.31. Solution must support Role-based access policies s which a to restrict the network access privileges for any user or group.
A.32. Solution must support Identity source sequences which defines the order in which the solution will look for user credentials in the different databases. Solution must support the following databases:-
Flexible Authentication via Secure Tunneling (EAP-FAST) and Protected Extensible Authentication Protocol (PEAP)—support for user and machine authentication and change password against LDAP using EAP-FAST and PEAP with an inner method of Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2) and Extensible Authentication Protocol-Generic Token Card (EAP-GTC).
A.33.2. Password Authentication Protocol (PAP)— support for authenticating against LDAP using PAP and also allows to change LDAP user passwords.
A.33.3. Microsoft Challenge Handshake Authentication Protocol version 1 (MS-CHAPv1)—support for user and machine authentication against Active Directory using MS-CHAPv1.
A.33.4. MS-CHAPv2—support for user and machine authentication against Active Directory using EAP-MSCHAPv2.
A.33.5. EAP-GTC—support for user and machine authentication against Active Directory using EAP-GTC.
A.33.6. Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)—Should use the certificate retrieval option to support user and machine authentication against Active Directory using EAP-TLS.
A.33.7. Protected Extensible Authentication
No. 10(02)/2016-NICSI
Page 54 of 105
Protocol- Transport Layer Security (PEAP-TLS)—support for user and machine authentication against Active Directory using PEAP-TLS.
A.33.8. LEAP—support for user authentication against Active Directory using LEAP.
A.34. Solution must be able to differentiate policy based on device type + authentication
A.35. Solution must have ability to authenticate at least one port and multiple users on the same switch port without interrupting service.
A.36. Solution must support MAC and can further utilize identity of the endpoint to apply the proper rules for access.
A.37. Solution must support Non 802.1x technology on assigned ports and 802.1x technology on open use ports.
A.38. Solution should support authenticating Machines and users connected to the same port on the switch in a single authentication flow.
A.39. Solution must have profiling capabilities integrated into the solution in order to detect headless host.
A.40. The profiling features leverage the existing infrastructure for device discovery. Solution must support the use of attributes from the following sources or sensors:-
A.40.1. Profiling using MAC OUIs. A.40.2. Profiling using DHCP
information. A.40.3. Profiling using RADIUS
information. A.40.4. Profiling using HTTP
information. A.40.5.Profiling using DNS information. A.40.6. Profiling using NetFlow
information. A.40.7. Profiling using SPAN/Mirrored traffic.
A.41. Solution must be able to classify endpoints based on information like DHCP, CDP, and LLDP attributes using IOS sensor capabilities enabled on switches.
A.42. Solution must be appliance or server based hardware application capable of interfacing to all networked devices without impacting existing throughput or performance.
A.43. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)
A.44. Root Cause Analysis Reports :
A.44.1. OEM must provide RCA (Root Cause Analysis) report of technical problem/ incidence / issues reported and resolved.
18.7.2 TECHNICAL SPECIFICATION/REQUIREMENT OF VALUE ADDED FEATURES FOR NAC
(NETWORK ACCESS CONTROL) SOLUTION
S.No. Value Added Features (VAF) for NAC (NETWORK TMVAF Documents
No. 10(02)/2016-NICSI
Page 55 of 105
Note -
Bidde
rs
who
score
atleas
t 60%
in
these
Value
Adde
d
Featu
res
will
only
be
consi
dered
for
furth
er
evaluation.
18.8. SCHEDULE VIII – CENTRALLY MANAGED ENCRYPTION SOLUTION
18.8.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR ENCRYPTION OF ENDPOINT
S.No. Centrally Managed Encryption Solution for
Endpoint Security
Compliance
(Y/N)
Remarks
A. Encryption Solution for Endpoints
A.1. Solution must support that the Endpoint Encryption solution management architecture easily adapts to small and large enterprise environments.
A.2. Solution must support encryption of endpoints for encrypting each drive, sector by sector, ensuring no files are left unencrypted
A.3. Policy Enforced Encryption for removable Storage: Solution must able to centrally encrypt removable devices (such as USB flash drives) and media (such as DVDs/CDs), plus enforces encryption policies when copying to devices / media.
A.4. Solution must support a single-sign-on technology which eliminating the need to re-input multiple passwords. As user access their information, decryption and re-encryption happen instantaneously for a seamless experience
A.5. Solution must support faster encryption speeds for high performing, strong
ACCESS CONTROL) Marks
100
evidence
B.1 Gartner Magic Quadrant 45
Should be present in the Leader Space in the
Gartner Magic Quadrant for the last three years
2015 15
2014 15
2013 15
Should be present in the Challenger Space in
the Gartner Magic Quadrant for the last three
years
2015 10
2014 10
2013 10
B.2 Support for 3rd Part NAC Appliance 20
If s/w based Solution, then it should support the 3rd party
NAC appliance for ensuring security compliance of the
endpoints
B.3 Integration with central console 20
If the NAC solution is from the existing OEMs, then it
should integrate with their own central console. No
separate
console is accepted.
B.4 For the guest portal, solution must have the ability to
restrict self registration (service) to only those with a
passcode and provide the list of domains that are allowed
for self-registration
15
No. 10(02)/2016-NICSI
Page 56 of 105
encryption, built with hybrid cryptographic optimizer technology and leveraging AES-NI hardware optimization
A.6. Solution must have active directory/LDAP support based on individual and group policies and keys must be synchronized with Active Directory/LDAP.
A.7. Solution must have a key recovery mechanism to recover passphrase and it should have multiple recovery options to allow administrator to determine the right solution for them to minimize potential lockouts and reduce support calls.
A.8. Solution must have a transparent installation and registration of endpoint encryption . The utilization of CPU during initial encryption must be minimized to ensure that user can continue his/her work and it must not affect the productivity of endpoint user while encryption happens in the background.
A.9. Solution must support multi-user deployments in both Active Directory/LDAP and non-Active Directory/LDAP environments.
A.10. Solution must allow user to access encrypted data from removable media safely even on systems that do not have encryption solution.
A.11. Solution must help to reduce the risk of sensitive data loss through unauthorized access to its laptops, desktops, or portable storage devices using whole-disk encryption.
A.12. Solution must ensure to protect all information of endpoint, including the operating system (OS).
A.13. Solution must be able to forward relevant logs to SIEM system or centralized logging server for correlation reporting, and archiving.
A.14. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)
A.15. Root Cause Analysis Reports :
A.15.1. OEM must provide RCA (Root Cause Analysis) report of technical problem/ incidence / issues reported and resolved.
18.8.2 TECHNICAL SPECIFICATION/REQUIREMENT OF VALUE ADDED FEATURES FOR
ENCRYPTION SOLUTION
S.No. Value Added Features (VAF) for
Encryption solution
TMVAF
Marks
100
Documents
evidence
B.1 Gartner Magic Quadrant 30
Should be present in the Leader Space
in the Gartner Magic Quadrant for the
last three years
2015 10
2014 10
2013 10
Should be present in the Challenger 2015 5
No. 10(02)/2016-NICSI
Page 57 of 105
Note - Bidders who score atleast 60% in these Value Added Features will only be considered for
further evaluation.
18.9. SCHEDULE IX – CENTRALLY MANAGED PATCH MANAGEMENT
SOLUTION
18.9.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR PROCUREMENT AND RENEWAL
OF CENTRALLY MANAGED PATCH MANAGEMENT SOLUTION LICENSES
Space in the Gartner Magic Quadrant
for the last three years
2014 5
2013 5
B.2 Solution should provide a utility to check whether
system is compatible for full disk encryption before
deployment
20
B.3
Solution must provide integration with Data
Leakage Prevention solution with removable media
encryption to analyse data before it’s transferred
and automatically encrypt sensitive outgoing data.
20
B.4 Should allow encryption using X.509 certificates,
including requesting and validating a certificate
15
B.5 Should be scriptable encryption to encrypt, sign,
and decrypt individual files or collections of files
using scripting language
15
S.No. Procurement and Renewal of CMPMS Licenses
Complianc
e (Y/N)
Remark
s
A.1. Functional Requirements on Central Management
Console
It must support management/monitoring of following functions
through central console:
A.1.1. Patch Deployment
A.1.1.1. The solution must be able to manually group endpoints together based on asset and software information for deployment of patches
A.1.1.2. The solution must classify the patches based on the severity levels of the
No. 10(02)/2016-NICSI
Page 58 of 105
vulnerabilities and provide description of severity level
A.1.1.3. The solution must support to download the available patches from the OEM to keep in repository for distribution.
A.1.1.4. The solution must allow administrator to define different patch deployment policies
A.1.1.5. The solution must provide real-time patch deployment status
A.1.1.6. The solution must allow to deploy the patches over a predefined period of time to reduce overall impact to network bandwidth
A.1.1.7. The solution must allow to restart/shutdown the selected endpoints from central console
A.1.1.8. The solution must allow to create custom scripts to deploy patches made by users on the endpoints
A.1.1.9. The solution must be able to install all previously installed patches automatically to endpoints that are subsequently added to network
A.1.1.10. The solution must allow administrator to customize the message displayed in a pop-up message box to all endpoints before installation of any patch
A.1.1.11. The solution must support deployment of new patches on the computer systems running over different supported OS flavours from central console without intervention from the users of the endpoints
A.1.1.12. The solution must be able to push the missing patches on computer systems running over different supported OS flavours from central console.
A.1.1.13. The solution must support to roll-back, uninstall and remove deployed patches for OS, any in-house developed application software and any other third party application software from central console.
A.1.1.14. The solution must support to deploy patches on the endpoints from central console on Subnet, IP Range, User Group or OS platform basis
A.1.1.15. Solution must be fully IPv4 and IPv6 compliant (dual-stackable)
A.1.2. ASSET DISCOVERY
A.1.2.1. The solution must discover and group assets/devices connected in the network such as Desktops, Laptops, Servers, Switches, and Routers etc. on the Subnet, IP Range, User Group or OS platform basis.
A.1.2.2. The solution must be able to discover managed (client systems with patch agent installed) and unmanaged assets (client systems with patch agent not installed) on the network.
A.1.3. ASSET INVENTORY(HARDWARE/SOFTWARE)
A.1.3.1. The solution must detect hardware
No. 10(02)/2016-NICSI
Page 59 of 105
18.9.2 MAINTAINING AND MANAGING EXISTING CMPMS LICENSES
S.No. MAINTAINING AND MANAGING EXISTING Compliance Remarks
configuration of systems like RAM, CPU, Hard Disk and free space on hard disk.
A.1.3.2. The solution must detect running OS, any other software applications and their installed patches.
A.1.4. SOFTWARE DISTRIBUTION
A.1.4.1. The solution must be able to deploy operating system(s) on bare metal machine from central console.
A.1.4.2. The solution must be able to deploy third party application software ( including newer versions) and any other in-house developed application on client systems running over different supported OS flavours.
A.1.4.3. The solution must support to download any third party application software in the same patch management repository for distribution)
A.1.4.4. The solution must support to schedule the deployment of other software across NICNET on Segment , IP range, OS and User Group basis
A.1.4.5. The solution must support to deploy any Patch Management Solution on the systems across NICNET from central console.
A.1.5. REPORT GENERATION
A.1.5.1. The solution must support to generate reports of installed patches, missing patches, failed patches, application software, antivirus solution and their signature version on daily, weekly and monthly basis.
A.1.5.2. The solution must support to generate reports of compliant and non-compliant systems in graphical formats like pie-chart, bar-chart based on user defined security compliance baseline.
A.1.5.3. The solution must support to design and generate various user defined (customized) reports from database and raw log files. Any required customization has to be done by vendor without any additional cost to NIC.
A.1.5.4. The solution must support to generate vulnerability reports of the systems based on standard vulnerability database like CVE, MITRE and NVD.
A.1.5.5.The solution must report existing vulnerabilities in the systems based on the missing patches and other application software(s) installed in the systems.
A.2. Root Cause Analysis Reports :
A.2.1. OEM must provide RCA (Root Cause Analysis) report of technical problem/ incidence / issues reported and resolved.
No. 10(02)/2016-NICSI
Page 60 of 105
CMPMS LICENSES (Y/N)
B.1. Bidder must provide support services for already deployed CMPMS solutions, namely IBM Tivoli Endpoint Manager Patch Management Solution and Microsoft SCCM Patch Management Solution including the following: B.1.1. CMPMS version upgrade B.1.2. Support all existing components and sub-
components of CMPMS B.1.3. Software subscription and annually
renewal of existing licenses. B.1.4. Developing workaround/intermediate
patches for Zero Day attacks ( After notifying the OEM/Bidder about particular zero day attack over OEM web portal).
B.1.5. Bidder must integrate central manager of the respective solution for forwarding the desired logs to SIEM system or centralized logging server for correlation and analysis of logs for generating reports, and archiving. Note: Approximately there are 3850 nos.
Licenses of IBM Tivoli Endpoint Manager
Patch Management Solution and 9500
Licenses of Microsoft SCCM Patch
Management Solution
B.2. In case same OEM solution is empaneled, the existing licenses must be integrated by the bidder of the respective solutions (namely IBM Tivoli Endpoint Manager Patch Management Solution and Microsoft SCCM Patch Management Solution) in the same CMPMS.
B.3. Bidder is not allowed to create a separate CMPMS for the existing license of the respective OEMs or even new licenses are procured from same OEM. It must be integrated in the existing CMPMS central manager of the respective solutions.
B.4. In case same OEM solution is not empaneled Bidder must provide software subscription and all required service support for existing licenses:
B.4.1. CMPMS version upgrade B.4.2. Support all existing components
and sub-components of CMPMS B.4.3. Software subscription and
annually renewal of existing licenses. B.4.4. Developing
workaround/intermediate patches for Zero Day attacks (After notifying the OEM/Bidder about particular zero day attack over OEM web portal).
Note: Approximately there are 3850 nos.
Licenses of IBM Tivoli Endpoint Manager
Patch Management Solution and 9500
Licenses of Microsoft SCCM Patch
Management Solution
B.5. Bidder must ensure that if any hardware/ software/ software subscription is required for the integration of existing licenses it must be bundled with 5 years of warranty
B.6. Root Cause Analysis Reports :
No. 10(02)/2016-NICSI
Page 61 of 105
B.6.1. OEM must provide RCA (Root Cause Analysis) report of technical problem/ incidence / issues reported and resolved.
18.9.3 VALUE ADDED FEATURES FOR CENTRALLY MANAGED PATCH MANAGEMENT
SOLUTION
S.No. Specifications Assigned Marks
Compliance (Y/N) ( Provide supporting document)
C.1 Client Computer Systems OS Platforms other than MS Windows supported for patching
40
RedHat Linux 6 Solaris 4 Ubuntu 4 Open SUSE Linux 4
Fedora 4 Mac OS 4 CentOS 4 Debian 4
Virtualization platforms like Hyper V / VMWare ESXi Server
6
C.2 Patch Agent for Cloud environment
5
Solution should support patch deployment in the cloud environment
C.3 Software deployment kit 10 Solution must have ability to push any
third party application software program and execute on managed endpoints from Central Management console.
C.4 Total number of distinct Log Files
5
Less than or equal to 10 5 Greater than 10 but less than or equal
to 50 4
Greater than 50 but less than or equal to 100
3
More than 100 2 C.5 It shall support to deploy Anti Virus
Solution agent/signatures on the systems across NICNET
10
C.6 Gartner Magic Quadrant Years 30 Should be present in the
Leader Space in the
Gartner Magic Quadrant
for the last three years
2014 10
2013 10 2012 10
Should be present in the 2014 5
No. 10(02)/2016-NICSI
Page 62 of 105
Note - Bidders who score atleast 60% in these Value Added Features will only be considered for
further evaluation.
18.10. SCHEDULE X – LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL
18.10.1 TECHNICAL SPECIFICATION/REQUIREMENT FOR LIGHT WEIGHT DIRECTORY
ACCESS PROTOCOL
Specification for Lightweight Directory
Access Protocol
Compliance
(Y/N)
Remarks
A.1. Solution must provide support for logon
and authentication.
A.2. Solution must be able to store information
about users, computers, and network
resources and make the resources
accessible to users and applications.
A.3. Solution must support integrated DNS
zones for ease of management and
administration/replication.
A.4. The directory service must be able to
monitor health and verify replication
A.5. The directory service must provide support
for Group policies and software restriction
policies.
A.6. The directory service must be able to
modify and extend schemas.
A.7. Solution must support multi-master
directory service replication features,
Directory Server must be scalable and must
have multi-master & multi-site capabilities.
A.8. The Object types supported must include:
A.8.1. Users Object Type;
A.8.2. Groups (Security & Distribution
Groups which can be static or
dynamic)
A.8.3. Foreign Users (Non-
employees/Business partners etc.)
A.8.4. Printers
Challenger Space in the
Gartner Magic Quadrant
for the last three years
2013 5 2012 5
NOTE Any of the above mentioned specification points, if covered by a different Endpoint Security Solution; the same must be mentioned in the compliance column.
MMVAF=100
No. 10(02)/2016-NICSI
Page 63 of 105
A.8.5. Containers for purposes of
grouping, administration and policy
control
A.9. Solution must provide Search capability to
query all directory objects and network
resources by attributes
A.10. Solution must support recovery of a
Single Object as well as the entire directory.
A.11. Solution must ensure that loss of a single
directory server should not affect ability for
users to logon.
A.12. Solution must have unified management
capabilities through a single integrated
directory for OS
A.13. Solution must support that user account
capabilities for a given group or groups of
users can be delegated to any nominated
user.
A.14. Solution must support multiple password
and account lockout policies for different
set of users.
A.15. Solution must ensure that Directory
services should be extensible for custom
development.
A.16. Solution must be able to log old and new
values when changes are made to objects
and their attributes;
A.17. Solution must support the deployment of a
read only additional directory server which
may be deployed in a different location so
as to prevent any changes from the other
location
A.18. Directory services must be able to create
snapshots of the directory database to
determine the restore requirements when
necessary.
A.19. Directory Architecture must have at least 2
servers for load balancing and ensuring
high availability.
A.20. Directory services must provide
capabilities to undo an accidental deletion
of objects.
A.21. Directory Services must provide
command-line scripting for administrative,
configuration and diagnostic tasks with a
consistent vocabulary and syntax.
A.22. Directory Services must be able tp provide
a task-oriented administration model, with
support for larger datasets.
A.23. Directory services must be able identity
No. 10(02)/2016-NICSI
Page 64 of 105
deviations from best practices
A.24. Directory Services must provide a built-in
authentication mechanism
A.25. Directory services must provide with
Offline-domain joining functionality.
A.26. Directory services must provide features to
manage service accounts through their
passwords
A.27. The directory Services must provide
capabilities to manage desktop and user
profile settings from central console
A.28. The Directory services must provide
features to disable/enable various hardware
components like USB Ports, Bluetooth and
Wifi Networks etc
A.29. The Directory services must have
capability to push Different customized
settings to different Users and Computer
Groups
A.30. The solutions must provide capabilities to
push custom scripts during Log on and Log
Off
A.31. The solution must provide capabilities for
administrators to enable policies for PCs in
a virtual environment with the ssame
specifications
A.32. Solution should contain the following
policies:
A.32.1. Password Policy o Account
Lockout Policy
A.32.2. Kerberos Policy
A.33. Computer configuration and user
configuration settings -
A.33.1. Customize computer
configuration settings, such as
customizing the start menu, desktop,
A.33.2. The user configuration
settings, such as roaming profiles
and desktop customization
No. 10(02)/2016-NICSI
Page 65 of 105
A.34. Policy Server must be able to inherit
groups available in LDAP Directory names
and address book for role based security
and personalization purposes.
A.35. Solution must be fully IPv4 and IPv6
compliant (dual-stackable)
A.36. Solution must have the capability to
monitor web/email clients
18.10.2 TECHNICAL SPECIFICATION/REQUIREMENT OF VALUE ADDED FEATURES FOR
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL
N
o
Note -
Bidders who score atleast 60% in these Value Added Features will only be considered for
further evaluation.
18.11. SCHEDULE XI – MANAGED ENTERPRISE ENDPOINT SECURITY
SOLUTION SERVICES
18.11.1 REQUIREMENTS FOR MANAGED ENTERPRISE ENDPOINT SECURITY SOLUTIONS
SERVICES
S.No. Manpower Requirements Compliance
(Y/N)
Remarks
A.1. Manpower Requirements:
A.1.1. The empaneled vendor must deploy an adequate number of Technical Support Manpower centrally and at distributed locations to ensure optimum performance of the solution
A.1.2. The empaneled vendor must ensure that an equally adequate number of personnel should be deployed at other locations so as not to compromise on the performance of the solution
A.1.3. These deployments must be factored in the costs quoted by
S.No. Value Added Features (VAF) for Encryption
solution
TMVAF
Marks
100
Documents
evidence
B.1 Gartner Magic Quadrant 45
Should be present in the Leader Space in the
Gartner Magic Quadrant for the last three
years
2015 15
2014 15
2013 15
Should be present in the Challenger Space in
the Gartner Magic Quadrant for the last three
years
2015 10
2014 10
2013 10
B.2 Policy Server must integrate with standard Directory
platforms for usage of names and address book user
ids and passwords for authentication purposes
30
B.3 The Directory services must have capability to push
custom branding like wallpaper, screensaver directly to
PCs in the network
25
No. 10(02)/2016-NICSI
Page 66 of 105
the empaneled vendor and should not incur any extra charges
A.1.4. Empaneled vendor must deploy resources which are on their payrolls as on the date of deployment
A.1.5. Sub Contracting of resources is not permitted and if found guilty the empaneled vendor will be appropriately penalized as per Annexure 3 : SLA AND PENALTY, 19.3.4 MANPOWER
A.1.6. A bidder who quotes for a particular solution from an OEM will have the responsibility to provide services to manage all the other existing solutions too
A.1.7. Empaneled vendor must deploy the minimum number of Technical Support Manpower as :
A.2.1. Qualification must be B.E / B.Tech / M.CA / M.E / M.Tech / M.Sc (IT) / M.Sc (preferably in a related field like Computer Science, Network Security and Software Engineering)
A.3. Experience of Various Positions:
S. No
Resource
Category (As
per the
Qualification)
Experience
in years
Required Experiences
1.1.1.1 1 1
Senior Security Administrator
5
5+ years ‘experience in handling IT projects. The candidates must have experience in relevant Technology Domains and possess leader qualities to lead a team of 20-30 professionals. They must also have the latest relevant certifications or should have been trained by their respective OEMs on the various solutions under this tender.
2 Security Administrator
3 3 + year’s relevant experience in assessing project needs in various domains. The candidate must be able to offer value addition to the projected requirement with respect to future needs and must be capable of managing multiple projects. They must have latest relevant certifications or trained by respective OEMs on the
No. 10(02)/2016-NICSI
Page 67 of 105
various solutions under this tender
3 Field Engineers
A.4. Selection Procedure for deployment of Technical Support
Manpower on site.
A.4.1. Submission of all relevant documents with regards to
qualification and experience A.4.2. Submission of Falsified documents certified and verified by
the empaneled vendor will result in a penalty as per Annexure 3 : SLA AND PENALTY,19.3.4 MANPOWER
A.4.3. Verification of all the submitted documents by NIC/user Project co –ordinator
A.4.4. A written test/ Personal Interview will be taken by the NIC/user Project Co - ordinator for selecting Technical Support Manpower before deployment on site by the empaneled vendor.
A.5. Payment Procedure for Technical Support Manpower :
A.5.1. Empaneled vendor must give undertaking that at least 60% of hiring charges must be paid to the hired manpower/resource.
A.5.2. Empaneled vendor must revise the rates of increment for each deployed resources categories by 10% every year
A.5.3. The technical manpower/resource to be deployed on site must be on the payroll of the empaneled vendor.
A.5.4. The empaneled vendor may have to produce the Monthly Salary Certificate of the deployed technical hired manpower at any time to verify the payment made by the vendor to the manpower/resource or by producing bank account details.
A.5.5. Reimbursement of conveyance, PF, Employee insurance or Bonus must be settled between the empaneled vendor and the manpower/resource from time to time as per Government rules and regulations.
A.5.6. Satisfactory performance linked increment may be admissible to the deployed professional as per the empaneled vendor’s HR policies.
A.5.7. The empaneled vendors must be able to provide services all over India.
A.5.8. The salary must be paid by the 3rd of every month to the hired manpower resource by the empaneled vendor.
A.5.9. No TA/DA is admissible to the deployed resource for the first posting on the project. However, if resource has to undertake a tour in the interest of the project with prior approval of the project head, the Travelling Allowance as per government rates will be applicable.
A.5.10. Service Tax and other taxes as applicable will be paid extra.
A.6. An indicative list of activities which empaneled vendor’s resource
will be required to undertake are as follows:
No. 10(02)/2016-NICSI
Page 68 of 105
A.6.1. The deployed resource must manage different OEM solutions of all tender schedules ,troubling shooting of these solutions and managed endpoints, helping in collecting infected system log file or collecting by resources itself, analyzing system behavior, submitting suspicious file or any other server/endpoint log files to OEM lab for developing signature, lodging compliant of respective solutions, users/systems or issue related to respective products, and coordination with different OEMs of respective solutions and end users problem etc.
A.6.2. Proper documentation of the different solutions under all the schedules in this tender as mentioned in Section 18 : TECHNICAL SPECIFICATIONS
A.6.3. Technical documentation and quality assurance.
A.7. Confidentiality :
A.7.1. The bidder must not use Confidential Information like user name, system name, IP addresses, Segments, suspicious file details, the name or the logo etc which are the property of NIC/user except for the purposes of providing the service as specified under this tender.
A.7.2. The bidder must only disclose Confidential Information with prior written consent from the NIC/user Project Co- ordinator.
A.7.3. In case of any data theft , penalty will be applicable as per Annexure 3 : SLA AND PENALTY,19.3.4 MANPOWER
A.8. Responsibilities of the Agency for implementation according to Annexure 3 : SLA AND PENALTY, 19.3.4 MANPOWER
A.8.1. The manpower required must be deployed by the empaneled vendor within a month of the issue of the work order
A.8.2. If hired resource manpower is not deployed by bidder within a month, empaneled vendor would be penalized
A.8.3. The hired resource should be deployed for 6 days a week from 8 am to 8 pm daily and could be required to come on non working days too in the event of any emergency situations as the needs arises
A.8.4. The empaneled vendor is responsible for the conduct of the employees while deployed on site and will be liable for penalty in case the employee misbehaves or acts inappropriately with the NIC/user staff
A.8.5. Timely production of quality output will be an overarching responsibility of the empaneled vendor.
A.8.6. If due to any unavoidable circumstance the deployed manpower needs to be replaced/ changed then the empaneled vendor must ensure complete knowledge transfer during the replacement ensuring continuity of the project.
A.8.7. Bidder must provide backup resource with same qualifications and experience on site in the absence of hired manpower, failing which, penalty will be imposed on the empaneled vendor
A.8.8. Bidder must provide backup resource with experience of the same solution in the absence of hired manpower, failing which, penalty will be imposed on the empaneled vendor
A.8.9. Regular progress reporting and review of the same with concerned NIC/user Project coordinator will be an integral part of the responsibility of the empaneled vendor.
A.8.10. Timely intimation of any kind of absence to the concerned official is mandatory and any default to this end would be treated as leave and penalty will be imposed on the empaneled vendor
A.8.11. All solutions of the tender must be managed / maintained by the bidder itself
A.8.12. All complaints of the user department must be attended by
No. 10(02)/2016-NICSI
Page 69 of 105
the bidder
The products must be quoted strictly as per the description provided above. Any bid found to
be quoting irrelevant products is liable to be rejected and EMD forfeited. The bidder shall
provide copies of data sheets for each of the products. The bidder shall also provide copies of
satisfactory test report/certificate issued from International Laboratory Accreditation (ILAC)
or their worldwide affiliated/recognized labs or NABL approved labs for tendered products.
19 ANNEXURE
The necessary Annexures for this tender are given in the following pages.
No. 10(02)/2016-NICSI
Page 70 of 105
ANNEXURE 1. ELIGIBILITY CRITERIA
This states the eligibility criteria essential for qualifying as a prospective bidder for
this tender.
19.1.1 BASIC QUALIFICATION CRITERIA
S.No. Criteria Documents to be
submitted as
qualifying documents
(100% Compliance)
Eligible
(Yes/No)
Reference of
enclosed proof
along with page
number where
document occurs
in the bid
1. The bidder/OEM must be a Company
registered in India under the
Companies Act 1956 or a partnership
registered under the Indian Partnership
Act 1932 with their registered office in
India for the last three years as on
31st March 2015.
Copy of valid Certificate
of Registration attested
by Company Secretary/
Authorized Signatory
2. Power of Attorney in the name of
authorized signatory authorizing him
for signing the bid documents or related
clarifications on bid documents
Power of Attorney in the
name of authorised
signatory
3. Only OEM or their Authorized Indian
Agent (but not both simultaneously)
would be eligible to quote for
solution(s) under the schedules of this
tender.
If an agent submits bid on behalf of the
OEM, the same agent shall not submit a
bid on behalf of another OEM for the
same solution/product in the same
tender
If the bidder is an
Authorised Indian Agent,
a signed and Stamped
copy of Manufacturer’s
Authorization Form as
given below from every
OEM of the quoted
solutions
Annexure 6 :
MANUFACTURE
R
AUTHORIZATIO
N FORM, 19.6.1
MAF – A only for
SCHEDULE
I(18.1)-
CENTRALLY
MANAGED
ANTIVIRUS
SOLUTION and
SCHEDULE IX
(18.9) –
No. 10(02)/2016-NICSI
Page 71 of 105
S.No. Criteria Documents to be
submitted as
qualifying documents
(100% Compliance)
Eligible
(Yes/No)
Reference of
enclosed proof
along with page
number where
document occurs
in the bid
CENTRALLY
MANAGED
PATCH
MANAGEMENT
SOLUTION
Annexure 6 :
MANUFACTURE
R
AUTHORIZATIO
N FORM, 19.6.2
MAF – B for all the
schedules
mentioned in
Section 18 :
TECHNICAL
SPECIFICATIONS
except SCHEDULE
I(18.1) –
CENTRALLY
MANAGED
ANTIVIRUS
SOLUTION and
SCHEDULE IX
(18.9) –
CENTRALLY
MANAGED
PATCH
MANAGEMENT
SOLUTION
and a proof of
agreement with the
OEM
4. Bidder must have an average annual
turnover of INR 500 crores during
each of the last 3 financial years (i.e.,
FY 2015-14, FY 2014-13, FY 2012-13)
from sale of IT Products and services
Duly signed & stamped
CA certificate
5. The bidder/OEM must have executed a
minimum of five projects related to
Network Security Solution in any
Government (Central / State / PSUs)
Duly signed & stamped
copies of supporting
purchase orders for all
projects ( atleast 2 POs in
No. 10(02)/2016-NICSI
Page 72 of 105
S.No. Criteria Documents to be
submitted as
qualifying documents
(100% Compliance)
Eligible
(Yes/No)
Reference of
enclosed proof
along with page
number where
document occurs
in the bid
departments in India. The order value
placed must exceed INR 3 Crores for
each project during the last three
financial years (2015-14, 2014-13, 2013-
12)
the last financial year i.e.
2015 - 14 along with work
completion certificate
from the client and a copy
of the bank transactions
to verify the orders)
6. The bidder must have a Positive Net
Worth for the last 3 financial years (
2015-14, 2014-13 , 2013 – 12)
Duly signed & stamped
CA certificate
7. The bidder must have a registration
number of -
1. VAT where his business is located
2. CST where his business is located
3. Service Tax
Duly signed & stamped
copies of relevant
certificates of registration
8. The bidder must have cleared his VAT/
CST dues up to 31st March, 2015 to the
Government.
Duly signed & stamped
copy of Tax Clearance
Certificate from the
Commercial Taxes Officer
of the Circle concerned
Auditor/CA signed VAT
returns may be provided
9. Bidder must have a valid PAN Duly signed & stamped
copy of PAN card /
certificate
10. The bidder must be a single legal
entity/ individual organization.
Consortium shall not be allowed.
Undertaking signed by
authorized signatory
11. The bidder must have filed its Income
Tax Returns for the last 3 financial
years (i.e., FY 2014-15, 2013-14, 2012-
13)
Duly signed and stamped
copies of Income Tax
Returns
Digitally signed ITR may
be provided
12. To confirm in Yes or No, whether the
bidder falls under the Micro, Small and
Medium Enterprises Development Act,
If yes, a duly signed &
stamped copy of the
registration Certificate
must be provided to
No. 10(02)/2016-NICSI
Page 73 of 105
S.No. Criteria Documents to be
submitted as
qualifying documents
(100% Compliance)
Eligible
(Yes/No)
Reference of
enclosed proof
along with page
number where
document occurs
in the bid
2006. NICSI. Further, NICSI
must be kept informed of
any change to the status
of the company as per the
mentioned act.
13. The bidder must be ISO 9001:2008 and
ISO 27001: 2013 certified
Bidder should submit
copies of these
certifications
Note - All these documents are mandatory for qualification. Once these basic criteria are met, then the
experience of the bidder vis – a – vis Implementation in Government Sector would be checked
19.1.2 PROJECT IMPLEMENTATION
S.No. Criteria/Su
b Criteria Description
Point
Syste
m
Points
Criteria/
Sub
Criteria
(Total
Points 100 )
Docume
nts /
evidence
Refere
nce
Page
numbe
r
1 Project Implementation of Centrally Managed Antivirus Solution by the Bidder
15
a. Detail of projects implemented by the bidder
Bidder must provide projects implementation details (during last
The marks would be awarded based on the
5 Work Orders Copy/ PO supported
No. 10(02)/2016-NICSI
Page 74 of 105
S.No. Criteria/Su
b Criteria Description
Point
Syste
m
Points
Criteria/
Sub
Criteria
(Total
Points 100 )
Docume
nts /
evidence
Refere
nce
Page
numbe
r
over the last 5 years up to 31st March, 2015(Supply, Installation, Configuration, Monitoring ,Training and Maintenance Support of CMAS
five financial years only) for integrated projects related to Centrally Managed Antivirus Solution :
size of implementation as mentioned below:
by documentary evidence like Work Completion Certificates and letter by the CA attesting these projects must be submitted
a) Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of CMAS
> 1,00,000 Endpoints - 5 points
b) Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of CMAS
50,000 – 1,00,00 Endpoints - 3 points
c) Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of CMAS
< 50,000 endpoints – 1 point
b. Number of product certified Professionals Positioned by Bidder
a) Qualified Technical Support Engineers in India on OEM payroll.
> 15 Product Technical Support Engineers - 5 Points.
5 Undertaking letter by both (OEM & Bidder) that these professionals are on OEM payroll.
b) Qualified Technical Support Engineers in India on OEM payroll.
10-15 Product Technical Support Engineers -3 Points.
c) Qualified Technical Support Engineers in India on OEM payroll.
<10 Product Technical Support Engineers -1 Point.
No. 10(02)/2016-NICSI
Page 75 of 105
S.No. Criteria/Su
b Criteria Description
Point
Syste
m
Points
Criteria/
Sub
Criteria
(Total
Points 100 )
Docume
nts /
evidence
Refere
nce
Page
numbe
r
c. OEM Global Malware Threat Intelligence Infrastructure LABs for developing Signatures in India or abroad.
OEM Global Malware Threat Intelligence Infrastructure LABs in India or abroad:
5 Technical Response Document of the bidder.
a) OEM Global Malware Threat Intelligence Infrastructure LABs
> 10 OEM
Global
Malware
Threat
Intelligence
Infrastructure
LABs – 5
points
b) OEM Global Malware Threat Intelligence Infrastructure LABs
5 - 10 OEM
Global
Malware
Threat
Intelligence
Infrastructure
LABs - 3
points
c) OEM Global Malware Threat Intelligence Infrastructure LABs
< 5 OEM
Global
Malware
Threat
Intelligence
Infrastructure
LABs - 1
point
2 Project Implementation of Centrally Managed Patch Management Solution by bidder
15
a. Detail of projects implemented by the bidder over the last 5 years up to 31st March, 2015(Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of
Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to Centrally Managed Patch Management Solution :
The marks would be awarded based on the size of implementation as mentioned below:
10 Work Orders Copy/ PO supported by documentary evidence like Work Completion Certificates and letter by the CA
Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of CMPMS
> 1,00,00 Endpoints - 10 points
No. 10(02)/2016-NICSI
Page 76 of 105
S.No. Criteria/Su
b Criteria Description
Point
Syste
m
Points
Criteria/
Sub
Criteria
(Total
Points 100 )
Docume
nts /
evidence
Refere
nce
Page
numbe
r
CMPMS Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of CMPMS
1,00,000 – 75,000 Endpoints - 8 points
attesting these projects must be submitted
Supply, Installation , Configuration, Monitoring , Training and Maintenance Support and CMPMS
< 75,000 endpoints – 5 points
b. Number of product certified Professionals Positioned by Bidder
Qualified Technical Support Engineers in India on OEM payroll.
> 15 Product Technical Support Engineers - 5 Points.
5 Undertaking letter by both (OEM & Bidder) that these professionals are on OEM payroll.
Qualified Technical Support Engineers in India on OEM payroll.
10-15 Product Technical Support Engineers -3 Points.
Qualified Technical Support Engineers in India on OEM payroll.
< 10 Product Technical Support Engineers -1 Point
3 Project Implementation of LDAP by bidder 10
a. Detail of projects implemented by the bidder over the last 5 years up to 31st March, 2015 ( Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of LDAP
Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to LDAP :
The marks would be awarded based on the size of implementation as mentioned below:
5 Work Orders Copy/ PO supported by documentary evidence like Work Completion Certificates and letter by the CA attesting these projects must be submitted
Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of LDAP
> 75,000 Endpoints - 5 points
Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of LDAP
75,000 – 50,000 Endpoints - 3 points
Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of LDAP
< 50,000 endpoints – 1 point
No. 10(02)/2016-NICSI
Page 77 of 105
S.No. Criteria/Su
b Criteria Description
Point
Syste
m
Points
Criteria/
Sub
Criteria
(Total
Points 100 )
Docume
nts /
evidence
Refere
nce
Page
numbe
r
b. Number of product certified Professionals Positioned by Bidder
Qualified Technical Support Engineers in India on OEM payroll.
> 10 Product Technical Support Engineers - 5 Points.
5 Undertaking letter by both (OEM & Bidder) that these professionals are on OEM payroll.
Qualified Technical Support Engineers in India on OEM payroll.
5 - 10 Product Technical Support Engineers -3 Points.
Qualified Technical Support Engineers in India on OEM payroll.
< 5 Product Technical Support Engineers -1 Point.
4 Project Implementation of Mobile Security by bidder 10 a. Detail of
projects implemented by the bidder over the last 5 years up to 31st March, 2015 ( Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of Centrally Managed Mobile Security Solution
Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to Centrally Managed Mobile Security Solution :
The marks would be awarded based on the size of implementation as mentioned below:
5 Work Orders Copy/ PO supported by documentary evidence like Work Completion Certificates and letter by the CA attesting these projects must be submitted
Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of Centrally Managed Mobile Security Solution
> 10,000 Endpoints - 5 points
Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of Centrally Managed Mobile Security Solution
10,000 – 5,000 Endpoints - 3 points
Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of Centrally Managed Mobile Security Solution
< 5,000 endpoints – 1 point
B Number of product
Qualified Technical Support Engineers
> 5 Product Technical
5 Undertaking letter
No. 10(02)/2016-NICSI
Page 78 of 105
S.No. Criteria/Su
b Criteria Description
Point
Syste
m
Points
Criteria/
Sub
Criteria
(Total
Points 100 )
Docume
nts /
evidence
Refere
nce
Page
numbe
r
certified Professionals Positioned by Bidder
in India on OEM payroll.
Support Engineers - 5 Points.
by both (OEM & Bidder) that these professionals are on OEM payroll.
Qualified Technical Support Engineers in India on OEM payroll.
5 - 3 Product Technical Support Engineers -3 Points.
Qualified Technical Support Engineers in India on OEM payroll.
<3 Product Technical Support Engineers -1 Point.
5 Project Implementation of HIPS by bidder 10 A Detail of
projects implemented by the bidder over the last 5 years up to 31st March, 2015 ( Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of HIPS
Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to HIPS :
The marks would be awarded based on the size of implementation as mentioned below:
5 Work Orders Copy/ PO supported by documentary evidence like Work Completion Certificates and letter by the CA attesting these projects must be submitted
Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of HIPS
> 25,000 Endpoints - 5 points
Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of HIPS
10,000 – 25,000 Endpoints - 3 points
Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of HIPS
< 10,000 endpoints – 1 point
b. Number of product certified Professionals Positioned by Bidder
Qualified Technical Support Engineers in India on OEM payroll.
> 10 Product Technical Support Engineers - 5 Points.
5 Undertaking letter by both (OEM & Bidder) that these professionals are on OEM payroll.
Qualified Technical Support Engineers in India on OEM payroll.
5 - 10 Product Technical Support Engineers -3 Points.
No. 10(02)/2016-NICSI
Page 79 of 105
S.No. Criteria/Su
b Criteria Description
Point
Syste
m
Points
Criteria/
Sub
Criteria
(Total
Points 100 )
Docume
nts /
evidence
Refere
nce
Page
numbe
r
Qualified Technical Support Engineers in India on OEM payroll.
< 5 Product Technical Support Engineers -1 Point.
6 Project Implementation of DLP Solution by bidder 10 a. Detail of
projects implemented by the bidder over the last 5 years up to 31st March, 2015 ( Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of Centrally Managed DLP Solution
Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to Centrally Managed DLP Soution :
The marks would be awarded based on the size of implementation as mentioned below:
5 Work Orders Copy/ PO supported by documentary evidence like Work Completion Certificates and letter by the CA attesting these projects must be submitted
Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of Centrally Managed DLP Solution
> 25,000 Endpoints - 5 points
Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of Centrally Managed DLP Solution
10,000 – 25,000 Endpoints - 3 points
Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of Centrally Managed DLP Solution
< 10,000 endpoints – 1 point
b. Number of product certified Professionals Positioned by Bidder
Qualified Technical Support Engineers in India on OEM payroll.
> 10 Product Technical Support Engineers - 5 Points.
5 Undertaking letter by both (OEM & Bidder) that these professionals are on OEM payroll.
Qualified Technical Support Engineers in India on OEM payroll.
5 - 10 Product Technical Support Engineers -3 Points.
Qualified Technical Support Engineers
< 5 Product Technical
No. 10(02)/2016-NICSI
Page 80 of 105
S.No. Criteria/Su
b Criteria Description
Point
Syste
m
Points
Criteria/
Sub
Criteria
(Total
Points 100 )
Docume
nts /
evidence
Refere
nce
Page
numbe
r
in India on OEM payroll.
Support Engineers -1 Point.
7 Project Implementation of NAC Solution by bidder 10 a. Detail of
projects implemented by the bidder over the last 5 years up to 31st March, 2015 ( Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of Centrally Managed NAC Solution
Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to Centrally Managed NAC Solution :
The marks would be awarded based on the size of implementation as mentioned below:
5 Work Orders Copy/ PO supported by documentary evidence like Work Completion Certificates and letter by the CA attesting these projects must be submitted
Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of Centrally Managed NAC Solution
> 25,000 Endpoints - 5 points
Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of Centrally Managed NAC Solution
25,000 – 10,000 Endpoints - 3 points
Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of Centrally Managed NAC Solution
< 10,000 endpoints – 1 point
b. Number of
product
certified
Professionals
Positioned by
Bidder
Qualified Technical Support Engineers in India on OEM payroll.
> 10 Product Technical Support Engineers - 5 Points.
5 Undertaking letter by both (OEM & Bidder) that these professionals are on OEM payroll.
Qualified Technical Support Engineers in India on OEM payroll.
5 - 10 Product Technical Support Engineers -3 Points.
Qualified Technical Support Engineers in India on OEM payroll.
< 5 Product Technical Support Engineers -1 Point.
No. 10(02)/2016-NICSI
Page 81 of 105
S.No. Criteria/Su
b Criteria Description
Point
Syste
m
Points
Criteria/
Sub
Criteria
(Total
Points 100 )
Docume
nts /
evidence
Refere
nce
Page
numbe
r
8 Project Implementation of Encryption Solution 10 a. Detail of
projects implemented by the bidder over the last 5 years up to 31st March, 2015 ( Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of Centrally Managed Encryption Solution
Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to Centrally Managed Encryption Solution :
The marks would be awarded based on the size of implementation as mentioned below:
5 Work Orders Copy/ PO supported by documentary evidence like Work Completion Certificates and letter by the CA attesting these projects must be submitted
Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of Centrally Managed Encryption Solution
> 25,000 Endpoints - 5 points
Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of Centrally Managed Encryption Solution
25,000 – 10,000 Endpoints - 3 points
Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of Centrally Managed Encryption Solution
< 10,000 endpoints – 1 point
b. Number of
product
certified
Professionals
Positioned by
Bidder
Qualified Technical Support Engineers in India on OEM payroll.
> 10 Product Technical Support Engineers - 5 Points.
5 Undertaking letter by both (OEM & Bidder) that these professionals are on OEM payroll.
Qualified Technical Support Engineers in India on OEM payroll.
5 - 10 Product Technical Support Engineers -3 Points.
Qualified Technical Support Engineers in India on OEM payroll.
< 5 Product Technical Support Engineers -1 Point.
9 Project Implementation of Device control Solution 10
No. 10(02)/2016-NICSI
Page 82 of 105
S.No. Criteria/Su
b Criteria Description
Point
Syste
m
Points
Criteria/
Sub
Criteria
(Total
Points 100 )
Docume
nts /
evidence
Refere
nce
Page
numbe
r
a. Detail of projects implemented by the bidder over the last 5 years up to 31st March, 2015 ( Supply, Installation, Configuration, Monitoring , Training and Maintenance Support of Centrally Managed Device Control Solution
Bidder must provide projects implementation details (during last five financial years only) for integrated projects related to Centrally Managed Device Control Solution :
The marks would be awarded based on the size of implementation as mentioned below:
5 Work Orders Copy/ PO supported by documentary evidence like Work Completion Certificates and letter by the CA attesting these projects must be submitted
Supply, Installation, Configuration, Monitoring, Training and Maintenance Support of Centrally Managed Device Control Solution
> 25,000 Endpoints - 5 points
Supply, Installation, Configuration , Monitoring, Training and Maintenance Support of Centrally Managed Device Control Solution
25,000 – 10,000 Endpoints - 3 points
Supply, Installation , Configuration, Monitoring , Training and Maintenance Support of Centrally Managed Device Control Solution
< 10,000 endpoints – 1 point
b. Number of
product
certified
Professionals
Positioned by
Bidder
Qualified Technical Support Engineers in India on OEM payroll.
> 10 Product Technical Support Engineers - 5 Points.
5 Undertaking letter by both (OEM & Bidder) that these professionals are on OEM payroll.
Qualified Technical Support Engineers in India on OEM payroll.
5 - 10 Product Technical Support Engineers -3 Points.
Qualified Technical Support Engineers in India on OEM payroll.
< 5 Product Technical Support Engineers -1 Point.
Note : 1 For all the above, the Completion Certificate of the projects completed in the last 5 years (as on
31.03.2015) must be provided (issued to the responding firm by the respective customers)
No. 10(02)/2016-NICSI
Page 83 of 105
S.No. Criteria/Su
b Criteria Description
Point
Syste
m
Points
Criteria/
Sub
Criteria
(Total
Points 100 )
Docume
nts /
evidence
Refere
nce
Page
numbe
r
2 Bidders who score 80 and above marks shall qualify . 3 Bidders are required to complete the template and attach it to their bid, as advised in Section 5 :
BID SUBMISSION.
No. 10(02)/2016-NICSI
Page 84 of 105
ANNEXURE 2. HARDWARE/SOFTWARE/MANPOWER SUPPLY
19.2.1 The bidder must ensure that adequate hardware and software sizing must
have been done to meet the SLA requirements as per Annexure 3 : SLA
AND PENALTY, 19.3.2 PERFORMANCE
19.2.2 The bidder must ensure that the performance of the solution must not be
affected at any point in time which means
The responsiveness of the systems which effects the user’s business
efficiency
Utilization of the system resources
Job throughput
19.2.3 The Bidder must ensure the deployment of technical personnel (if required )
at the various distributed locations to meet SLA requirements as per
Annexure 3 : SLA AND PENALTY, 19.3.2 PERFORMANCE
19.2.4 The cost of these personnel will be borne by the bidder and must be factored
in the total cost quoted by the bidder
19.2.5 The bidder must test all the hardware and software resources deployed at
various locations in advance so that there are no performance issues later
19.2.6 The bidder must factor in all costs associated at various distributed locations
with regards to the necessary infrastructure required for the performance of
the solutions as mentioned in Annexure 3 : SLA AND PENALTY, 19.3.2
PERFORMANCE
19.2.7 NICSI/NIC will not be responsible for the estimate and sizing of the hardware
at these locations and it is the bidder’s discretion to procure the necessary
hardware to ensure the performance is as per SLA requirements given in
detail as per Annexure 3 : SLA AND PENALTY, 19.3.2
PERFORMANCE
No. 10(02)/2016-NICSI
Page 85 of 105
ANNEXURE 3. SLA AND PENALTY
19.3.1 DELIVERY AND INSTALLATION
Sr. No. Penalty Conditions Applicable Penalty
(% of PO)
Applicable Penalty (in INR)
1 0.2 % of PO value per day up to 30
days on default of delivery schedule
as mentioned in Section 10 :
DELIVERY PROCESS subject to
maximum penalty on late delivery
up to 10% of PO value
2 0.2 % of PO value per day up to 30
days on default of centrally
managed solution installation
schedule as mentioned in Section
12 :
INSPECTION,INSTALLATION
AND ACCEPTANCE OF
DELIVERED ITEMS subject to
maximum penalty on late
installation up to 10% of PO value
3 0.2 % of PO value per day up to 10
days on replacement of product
subject to maximum penalty up to
10% of PO value
4 After 30 days for non-delivery issue
or if installation/Integration of
paper licenses isn’t completed on
centrally managed solution/server
or at any distributed locations ( it
must be reflected on the central
manager), NICSI may cancel
Purchase Order for non-delivered
items and charge additional 10% of
PO value as cancellation charges
from security deposit
No. 10(02)/2016-NICSI
Page 86 of 105
19.3.2 PERFORMANCE
Sr. No. Items SLA Target
(%)
Penalty Condition (In Case of
Breach)
Applicable
Penalty(%
of PO
Value)
Applicable
Penalty
(INR)
1 Availability of Central
Manager uptime
99.75% For each 0.5 slab (lower) a
penalty of 1.0% on total PO
value shall be applicable on the
empaneled vendor like
99.75-99.25 – 1.0% of total PO
value
99.25-98.75 – 2.0% of total PO
value and so on
If the uptime goes below
90.75%, additional penalty of
1.0% will be charged on the
total PO Value for each slab of
1%
2 Availability of solution at
Local/Relay/Distribution
Servers
99.75% For each 0.5 slab (lower) a
penalty 1.0% on the PO value
for that location shall be
applicable on the empaneled
vendor like
99.75-99.25 – 1.0% of PO value
for that location
99.25-98.75 – 2.0% of PO value
for that location and so on
If the uptime goes below
90.75%, additional penalty of
1% will be charged on PO Value
for that location for each slab of
1%
3 Availability of endpoint
logs at Central Server
Real time The relevant logs of endpoint
solutions must be available at
the Central Server in real time
basis. In case of non-
compliance of even a single
instance in a day, for each day a
penalty equal to per day support
cost or INR 5000, whichever is
higher will be applicable on the
empaneled vendor
Total Cost= (No. of effected
Endpoints * Unit price)
No. 10(02)/2016-NICSI
Page 87 of 105
Per day Support cost =(Total
cost/365)
Note: Unit price for one year
4 Accuracy of Endpoint
logs given to OEM and
resolution by
OEM/vendor
If any suspicious or infected
system logs are submitted to an
OEM and subsequently cleared ,
but another OEM finds that the
log is still infected and develops
signature for the log, then a
penalty of 0.1% of P.O value will
be imposed on the bidder.
The Bidder must give a suitable
justification for its analysis
before the penalty is applicable
5 Synchronization of
Endpoints with Central
Server
The endpoints must be
synchronized with the central
server and must be visible with
full features. In case of non-
compliance of even a single
instance in a day, for each day a
penalty equal to per day support
cost or INR 5000, whichever is
higher will be applicable on the
empaneled vendor
Per day Support Cost will be
calculated as follows
Per day Support cost =((Total
Support Cost for an year/365))
Where
Total Cost for an year = (No. of
effected Endpoints * Unit price
for one year)
6 Attack by known or new
Virus, Trojan, intrusions
or any other malicious
code
4 hours For every virus attack not
resolved within 4 hours from
the time of reporting, a penalty
equal to per day support cost or
INR 5000, whichever is higher
will be applicable on the
empaneled vendor
Penalty: Total Cost= (No. of
effected Endpoints * Unit price)
Per day Support cost =(Total
cost/365)
Note: Unit price for one years
7 Site-wise Patch Update 72 hours or If the released patches are not updated within 72 hours or 3
No. 10(02)/2016-NICSI
Page 88 of 105
3 working
days
working days then a penalty equal to INR 5000 for every 8 hours will be applicable on the
empaneled vendor
8 Patch Deployment 97% For each 0.5 slab (lower) a
penalty of 1.00% on the PO
value shall be applicable on the
empaneled vendor like
97.0-96.5 -1.0% of PO value for
that location
96.5-96.0 – 2.0% of PO value
for that location and so on
If the non-compliance goes below 90%, additional penalty
of 1% will be charged on PO Value for each slab of 1%
9 Submission of MIS
Reports (like Attendance
of personnel deployed ,
Endpoint logs, RCA
report, Virus Attacks
etc) for all SLAs
mentioned in Annexure
3 : SLA AND
PENALTY
Report for
the
previous
month
shall be
submitted
by the 1st
or the first
working
day of the
next
month
A penalty of INR 1000 per day
for non submission of each
report shall be applicable on the
empaneled vendor
10 Maintenance of
Inventory
100% as
per the
inventory
log
committed
and
maintained
by
empaneled
vendor
Empaneled Vendor shall be
responsible for any mismatch
Or
a penalty of INR 1000 shall be
applicable for each default.
11 Restoration of CMAS
server and configuration
and policy parameters
from backup as and
when required or
requested by NIC/user
Within one
hour
A penalty of INR 1000 per hour
shall be applicable on the
empaneled vendor if the
restoration has not been
completed after an hour
12 Log of Endpoint Security
Solutions
Within a
day
A penalty of INR 1000 per hour
shall be applicable on the
empaneled vendor if the vendor
does not provide the log of
Endpoint Security Solutions as
mentioned in Section 18 :
No. 10(02)/2016-NICSI
Page 89 of 105
Technical Specifications as per
the request of NIC/user within
a day
13 Database tuning Every 2
months
A penalty equal to 0.2% of PO
value for each day of default
would be applicable on the
empaneled vendor if the vendor
does not carry out database
tuning during off office hours
after every two
months
14 Restoration of hardware
device
Within 24
hours
A penalty equal to 0.2% of PO
value per day would be
applicable on the empaneled
vendor if the vendor does not
restore any hardware device of
CMAS, CMEPMS, LDAP,
Mobile Device within 24 hours
in case of failure
15 Data Centre Services A penalty equal to 0.2% of PO
value per day for each non
available service would be
applicable on the empaneled
vendor if any service of the Data
center will go down due to
misbehavior or malfunction of
the CMAS/CMEPMS, LDAP,
Mobile Device.
16 Yearly Security Audit Once a
year
A penalty equal to 0.2% of PO
value for each day of default
beyond the assigned time
period would be applicable on
the empaneled vendor if a
security audit is not done for all
the IPS deployment every year
17 Quarterly Technical
Review
Every
Quarter
A penalty equal to 0.2% of PO
value for each day of default
beyond the assigned time
period would be applicable on
the empaneled vendor if a
technical review of the
configuration and policies is not
done by a external technical
team every quarter to ensure
that there are no security gaps
in the configuration of
CMAS/CMEPMS/LDAP/Mobile
Device
No. 10(02)/2016-NICSI
Page 90 of 105
Note
1. If there are any network issues with NICNET/user network ,NIC/user will take the
responsibility to resolve the issue and till the time issue is resolved there would be no
penalty applicable on the empaneled vendor for such cases
2. Time would be calculated after the submission of all logs
3. Deployment of patches and compliance checks would include OS patches, third Party
Application Patches and Application Software patches
19.3.3 ANTIVIRUS SIGNATURE
Sr No Items Penalty Condition ( in case of breach)
Applicable Penalty (INR)
Observations
1 Signature Development
If there is delay in development of signatures beyond 4 hours then penalty equal to per hour support cost will be applicable on the empaneled vendor for each hour of non compliance
Penalty: Total Cost for one year= (No. of effected
Endpoints * Unit price) Per hour Support cost =((Total cost for one
year/365)/24)
Note: Unit price for one year
19.3.4 MANPOWER
Sr No Items Penalty Condition ( in case of breach)
Applicable Penalty (INR)
Observations
1 Deployment of Resource
by empaneled vendor
If the hired resource is not deployed by the empaneled vendor within a month, penalty will be calculated as number of days manpower not deployed * per day wage rate Where per day wage rate = Man month rate / number of days in a month If the resource has still not been deployed after 2 months the above penalty will be doubled. If the manpower has not been deployed for 3 months then NICSI will impose the penalty as above and will have an option to cancel the order and get the work done from any other source at the risk and cost of such defaulting vendor. The defaulting vendor must also ensure knowledge transfer to the new empaneled vendor.
No. 10(02)/2016-NICSI
Page 91 of 105
2 Availability of Technical Resource by OEM
If the dedicated Technical Support Resource from OEM is not deployed within 48 hours of empanelment as single point of contact over Mobile / Phone /email then a penalty of INR 1000 per day will be applicable on the empaneled vendor After 30 days of non- deployment of the resource from OEM, additional penalty of INR 300 per day will be levied on the empaneled vendor. In light of further non deployment Purchase Order may be canceled and additional 10% of PO value will be charged as cancellation charges from security deposit of the empaneled vendor
3 False appropriation of documents
If the documents of the deployed resource do not match the minimum qualifications mentioned in Section 18: TECHNICAL SPECIFICATIONS, Schedule X MANAGED ENTERPRISE ENDPOINT SECURITY SOLUTION SERVICES or if the resource has submitted forged or false documents then the salary paid to the resource by the empaneled vendor would be taken back and there would be a penalty equal to INR 50000 on the empaneled vendor. Additionally legal action would be initiated against the resource and the empaneled vendor according to the prevalent laws
4 Leave without Authorized permission
If the resource deployed by the empaneled vendor goes on leave without informing the NIC/user Project co-ordinator through mail or phone , then the resource would be allowed a grace period of a day after which a penalty equivalent to per day wage rate * number of days absent would be applicable on the empaneled vendor
5 Replacement of Resource
If the resource deployed by the empaneled vendor is absent or unavailable for more than 7 working days, the vendor must ensure that a replacement is found, within 24 hours. NICSI will not pay to the empaneled vendor the manpower fees for the period of absence. During this time, any mishap/downtime/fault will be the responsibility of the empaneled vendor and any penalty arising of the same will be payable by the empaneled vendor. In Case a replacement is not found , the bidder must pay a penalty equivalent to per day wage rate * number of days If the resource has still not been replaced after 2 months the above penalty will be doubled. If the delay is more than 2 months then NICSI will impose the penalty as above and will have an option to get the work done from any other source at the risk and cost of such defaulting vendor. The defaulting vendor must also ensure knowledge transfer to the new empaneled vendor.
6 Data theft incident
For every data theft incident committed by the resource deployed by the empaneled
vendor a penalty of INR 5 00000 shall be
No. 10(02)/2016-NICSI
Page 92 of 105
imposed along with punishment applicable under the legal provisions of the country
prevailing at that point in time.
7 Misbehavior by staff
In case of a formal compliant of misbehaviour by any member of NIC/NICSI/user staff concerning the resource deployed by the
empaneled vendor a penalty of INR 50000 will be applicable on the empaneled vendor. If NIC/NICSI/user requests the removal of that
resource then the empaneled vendor must immediately remove the concerned resource and arrange a replacement. Failure to do so would attract a penalty on the empaneled
vendor similar to point 5 above. The decision in this regard would be taken by the Project
Co-ordinator
8 Sub-Contracting by Bidder
Sub-Contracting of resources is not permitted and if found guilty then a penalty of INR
500000 would be applicable on the empaneled vendor and appropriate legal
action would be initiated against it
9 Occurrence of Trainings
In case of any irregularity in the occurrence of trainings as mentioned in Section 11 :
TRAINING or if the trainings do not cover all solutions mentioned in the specific
schedules of Section 18 : TECHNICAL SPECIFICATIONS then a penalty of INR
20000 per default in training would be imposed on the empaneled vendor
10
Training by Certified
Professionals
If the designated trainings as mentioned in Section 11 : TRAINING are not conducted by certified professionals with hands on then
a penalty of INR 20000 per defaulted training would be imposed on the empaneled vendor
Note – These SLAs cover the manpower deployed (if any ) at distributed locations too
19.3.5 OEM/VENDOR SUPPORT SERVICES
S. No Empaneled Vendor must ensure that OEM
provides all the support service mentioned below
Applicable Penalty (INR)
1. OEM must provide scheduled service feature and
continual threat database updates
In case, OEM is unable to
provide any of the listed
service, the Penalty of INR
5000 will be imposed on the
empaneled vendors for each
default
2. OEM must provide access to sales, training and marketing
materials
3. OEM must provide support to resolve issues with report generation
4. OEM must ensure the synchronization of endpoints with the central manager with full features of the solution
5. OEM must provide solutions in case of endpoint logs not reaching the Central Manager
6. OEM must conduct quarterly training session with the client to keep him updated about the latest developments in the solution
7. OEM must hold partner – client workshops at least twice a year to remove any bottlenecks and ensure better co-ordination
No. 10(02)/2016-NICSI
Page 93 of 105
8. OEM must hold an annual training session for specific users to train them on the various solutions in this tender and give relevant certifications
9. OEM must conduct a Health Check of the Anti-virus and Patch Management infrastructure including review of baseline Patch Management Policies in consultation with NIC/user.
10. OEM must review of overall Patch compliance for end points including servers, desktops and report on the gaps.
11. OEM must conduct a gap analysis to identify Data Protection gaps to Identify and plug gaps in existing end point protection (if any)
12. OEM must design a data protection strategy with inputs from NIC HOD/ user Project Co-ordinator
13. OEM must enhance existing and develop new security policies, standards and guidelines
14. OEM must review and update Data Leakage prevention tool policies and rule sets and review aspects of data in motion, data in use and data at rest
15. Bidder must ensure Technical Account Manager must be available 24 x 7 through phone, email or by being present physically at the site depending on the severity of the problem.
16. OEM must develop/update/maintain SOPs for the items in the schedules in consultation with NIC/user, as per NIC/user security requirements.
Note
The empaneled vendor must include the progress of these parameters by the OEM and
capture any instances of default in their monthly reports.
No. 10(02)/2016-NICSI
Page 94 of 105
ANNEXURE 4. BIDDER’S PROFILE
S.
No.
Particulars Description
i. Name of the Bidder
ii. Type of Incorporation (Sole Proprietor/
Partnership/ Private Limited/ Limited
Firm)
iii. Year of Incorporation
iv. Place of Incorporation
v. Place of Manufacturing/Supply
vi. Whether any Legal/Arbitration
proceedings have been instituted
against the Bidder or the Bidder has
lodged any claim in connection with
works carried out by them. Mention
Yes/No. If yes, please give details.
vii. Service Tax No.:
viii. Sales Tax/VAT No.:
ix. CST No.:
x. PAN No.:
xi. Full Address
xii. Name of the contact person with
designation
Name:
Designation:
Contact Number(Landline):
Contact Number(Mobile):
Email Address:
Complete Communication Address:
xiii. Turnover from sales in each of the last 3
financial years (i.e., FY 2014-15, 2013-14,
2012-13)
xiv. EMD Details: Amount:
Draft/ Pay Order No.:
Date:
Bank:
Branch:
Signature:
Name:
Date:
Place:
Seal
No. 10(02)/2016-NICSI
Page 95 of 105
ANNEXURE 5. SITE NOT READY CERTIFICATE
1 Empaneled Vendor’s Name
2 Project Number
3 Purchase order No. & date
4 Solution Name
5 Date of delivery
6 Date of 1st Visit for installation
7 Site not ready reason
8 Tentative date of site being ready for installation
9 Contact detail of empaneled vendor for getting
equipment installed, if site gets ready.
10 Certificate There is no delay on the part of empaneled vendor
in getting the solution installed
Name of user / NIC Project Coordinator / NICSI Project in charge:
8 Date of intimation of call for installation/site readiness information
(in case of SNR)
9 Installation Date
10 Certificate Solution (as per ordered configuration) has been installed successfully
Name of user / NIC Project Coordinator / NICSI Project in charge:
______________________________
Designation:
______________________________
Signature:
______________________________
(with official seal)
Date:
______________________________
Name of user Empaneled Vendor’s Representative:
______________________________
Designation:
______________________________
Signature:
______________________________
(with official seal)
Date:
______________________________
No. 10(02)/2016-NICSI
Page 100 of 105
ANNEXURE 8. FINANCIAL BID PROFORMA TEMPLATE
Name of the Bidder: <Mention value here>
Bidder’s Billing
Location:
<Mention value here>
Contact Person in Relation to invoicing/billing -
Name <Mention value here>
Phone <Mention value here>
e-Mail <Mention value here>
19.8.1 FINANCIAL BID TEMPLATE
S.
No.
Item Description Unit
Price
(Rs)
Total of
Duties/Taxes
/Govt. Levies
etc. as
applicable)
Subscription,
support,
renewal
cost(for 1
year)
Total
Price
(All
inclusive
with one
years
Warranty
(Rs.)
Weight factor
for
Determination
of L1 rates
Total
Cost
1 2 3 4 5 6 = 3 + 4 +
5
7 8 = 7*6
1. Hardware/Software
Support
3
1.1 CMAS
1.2 CMPMS
1.3 LDAP
1.4 Mobile
Security
2. Supply, installation
and configuration of
Centrally Managed
Antivirus Solution
30
2.1 1 – 10000
2.2 10001 –
20000
2.3 20001 and
above
3. Supply, installation
and configuration of
Centrally Managed
Patch Management
Solution
30
3.1 1 – 10000
3.2 10001 –
20000
No. 10(02)/2016-NICSI
Page 101 of 105
3.3 20001 and
above
4. Supply, installation
and configuration of
Centrally Managed
Data Leakage
Prevention Solution
5
4.1 1 – 2000
4.2 2001 – 5000
4.3 5001 and
above
5. Supply, installation
and configuration of
Centrally Managed
Mobile Security
Solution
5
5.1 1 – 2000
5.2 2001 – 5000
5.3 5001 and
above
6. Supply, installation
and configuration of
Centrally Managed
Device Control
Solution
5
6.1 1 – 2000
6.2 2001 – 5000
6.3 5001 and
above
7. Supply, installation
and configuration of
Centrally Managed
Network Access
Control Solution
3
7.1 1 – 2000
7.2 2001 – 5000
7.3 5001 and
above
8. Supply, installation
and configuration of
Centrally Managed
Endpoint Encryption
Solution
3
8.1 1 – 2000
8.2 2001 – 5000
8.3 5001 and
above
9. Supply, installation
and configuration of
Centrally Managed
Endpoint Intrusion
Prevention System for
servers
5
9.1 1 – 2000
9.2 2001 – 5000
No. 10(02)/2016-NICSI
Page 102 of 105
9.3 5001 and
above
10. Lightweight Directory
Access Protocol
8
10.1 1 – 10000
10.2 10001 –
20000
10.3 20001 and
above
11. Managed Enterprise
Endpoint Security
Solution Services
3
11.1 Senior
Security
Administrator
11.2 Security
Administrators
11.3 Field
Engineers
12. Installation ,
Operations and
Management of
Endpoint Security
Solution at
distributed locations
in NICNET
12.1 1- 200
12.2 201 - 500
12.3 501 - 1000
12.4 1001 - 2000
12.5 2001 - 5000
12.6 Above 5000
13. Grand Total Value
No. 10(02)/2016-NICSI
Page 103 of 105
19.8.2 FINAL GTV VALUE
Terms and Conditions:-
1. All fields in the financial bid format are MANDATORY. 2. The bidder must quote prices for every solution mentioned in 2.1.1 List of Schedules 3. The Bidder’s billing Location must be anywhere in Delhi only. 4. The unit prices quoted in this bid must be certified / signed by the authorized signatory
of the OEM as well as the authorized signatory of the bidder. 5. Prices must be quoted in Indian Rupees and indicated both in figures and words. Price
in words will prevail, in the event of any mismatch. 6. In case of smaller requirements by users the rates would be applied on a pro rate basis
Authorized Signatory
Date: Name:
Place: SEAL
Gross Total Value (GTV) in figures: GTV =
INR _________
Quoted price (GTV) in words: Rs. --------------------------------------
No. 10(02)/2016-NICSI
Page 104 of 105
ANNEXURE 9. SERVICE NETWORK
The following information for service centers across India must be supplied by the bidder. NICSI would verify
the information furnished here and if found incorrect the bid is liable to be rejected.