DA10--Trellix Brand Name or Equal Compact Disc (CD) / Digital Versatile Disc (DVD) Enterprise Encryption Software VA-26- 00046223

Product Description (PD)

This document describes the requirements for replacing an enterprise-wide deployment of Trellix software used for encrypting removable media (CDs, DVDs, digital images) by the Department of Veterans Affairs (VA) Office of Information & Technology (OI&T), End User Operations (EUO). The current deployment is set to end in May 2026. The VA seeks a "Trellix Brand Name or Equal" software solution that meets or exceeds specified requirements.

• Encryption: Ensure all communication between agents and console are encrypted and utilize FIPS 140-3 compliant encryption for data-in-motion and data-at-rest by September 2026.

• Management: Centrally managed with agents deployable via standard VA methods (BigFix or Configuration Manager).

• Logging: Calibratable logging levels for agents and console.

• Updates: Software updates pushed from the server over the network.

• Reporting: Web-based UI with a user-friendly query/reporting tool, capable of exporting reports in multiple formats (DOC, PDF, XML).

• Integration: API-driven integration with Security Information and Event Management (SIEM) tools and support for Microsoft Active Directory (AD) integration.

• Operating System: Support for Windows 11 Professional Operating System.

• Security: Compliance with VA Critical Security Controls, SSN Reduction Act, and IPv6 requirements.

• Accessibility: Compliance with Section 508 standards for Information and Communication Technology (ICT).

• Period of Performance (PoP): One 12-month base period (May 15, 2026 - May 14, 2027), with four potential 12-month option periods.

• Optional Tasks:

  • Base Period Optional Task 1: Professional Services (NTE 80 Hours).
  • Optional Task 2: Additional Subscriptions (quantities specified per period).

• Software Support: 24/7/365 technical support for all subscriptions.

• Bidders must refer to and complete Attachment A for specific requirements.

• The document details various security and compliance requirements, including VA TRM, Zero Trust, Section 508, and specific VA directives and handbooks.

• Not explicitly stated in this document, but the "Brand Name or Equal" designation suggests potential for multiple vendors.

• The document includes extensive sections on Information Security, Privacy Language, Information System Design and Development, Hosting, Operation, Maintenance, Viruses/Firmware/Malware, Cryptographic Requirements, Patching Governance, and Data Center Provisions.

Form / Attachment / Pricing Sheet

This document, "P01 PD Attachment A - CD-DVD Encryption Software Requirements.xlsx", outlines the minimum technical requirements for CD/DVD encryption software. Bidders should use this document to confirm their proposed software solution meets the specified criteria.

• Encryption Standards: Software must utilize FIPS 140-3 compliant encryption for data-in-motion and data-at-rest by September 2026. Proof of NIST certification or submission for certification is required.
• Operating System Support: Must support Windows 11 Professional.
• Management & Deployment: Software should be centrally managed, with agents deployable via BigFix or Configuration Manager (CM). Updates should be pushed from the server over the network.
• User Interface & Reporting: Features a web-based user interface for the management console. Includes a simple query/reporting tool with a GUI wizard, supporting summary and detailed reports exportable in DOC*, PDF, and XML formats.
• Data Management: Event data collected across agents should be stored in a centralized, quarriable database.
• Integration: API-driven integration with Security Information and Event Management (SIEM) tools is required. Microsoft Active Directory (AD) integration is also necessary.
• System Impact: The software must not negatively impact normal system operations or degrade managed system performance.

This attachment details critical technical specifications for the encryption software. Bidders must demonstrate how their proposed solution meets each of these requirements, including providing specific proof or certification details where indicated. Failure to meet these requirements may disqualify a proposal.

Request for Information (RFI)

This RFI is for planning purposes to gather information for the Department of Veterans Affairs (VA) Technology Acquisition Center regarding Trellix Brand Name or Equal Compact Disc (CD) / Digital Versatile Disc (DVD) Enterprise Encryption Software. The VA is not obligated to acquire any products or services described and will not pay for information submitted. Responses will help the VA develop its acquisition strategy and Product Description (PD).

• Interested parties should provide a capability statement summarizing their ability to meet the requirements in the draft Product Description (PD).

• Small businesses should provide information on their intent and ability to meet set-aside requirements (VAAR 852.219-10 and 13 CFR §125.6), including available personnel, financial resources, and proposed subcontracting plans for SDVOSBs.

• Respondents must indicate if the draft PD provides sufficient detail for software development and production operations support services.

• If the PD is insufficient, provide technical comments and recommendations for improvement.

• Response Date/Time: March 17, 2026, 10:00 AM Eastern Time, New York, USA.

• Submission Method: Email to Julia Renna (julia.renna@va.gov).

• Subject Line: "RFI 36C10B26Q0254 - CD/DVD Enterprise Encryption Software".

• Page Limitation: 10 pages for the capability statement. No marketing materials allowed.

• File Size Limit: 5 MB per email.

• Marking: Mark responses as "Proprietary Information" if business sensitive.

• Responses may influence set-aside decisions.

• Small businesses, particularly VOSBs and SDVOSBs, should provide verification proof (VIP) and details on meeting set-aside requirements.

• The RFI does not constitute a solicitation or an obligation to award a contract.

• Technical questions may be submitted with the response; questions directed to the customer are prohibited.

• Attached documents include "P01 Product Description - CD DVD Encryption RFI for SAM.gov" and "P01 PD Attachment A - CD-DVD Encryption Software Requirements."