New Delhi-110 001 India
NOTICE INVITING TENDER
Revamp from System Integrators
27-09-2021
Tender Submission End (Date & Time) 18-10-2021 16:00 hours
Technical Bid Opening (Date & Time) 18-10-2021 17:00 hours
[Note: 1. Any tender received by the Employer after the deadline prescribed in submission date
will be returned unopened to the Tenderer] 2. The suggestions received will be referred to the committee and will be incorporated if
found justified after the approval of the Competent Authority.
2
SYSTEM INTEGRATORS
TYPES OF BID 1) TECHNICAL BID 2) FINANCIAL BID
EVALUATION CRITERIA
EARNEST MONEY DEPOSIT
THE BIDDER HAS TO SIGN „BID SECURUTY DECLARATION IN LIEU OF EMD
SECURITY DEPOSIT (SD)
SECURITY DEPOSIT @ 3%
MUMBAI (2), DELHI (NOIDA) AND CHENNAI,
VALIDITY OF TENDER 75 DAYS FROM DATE OF OPENING OF TECHNICAL BID
DESCRIPTION NIXI/TECH/IX/008/6(5)
C O N T E N T S
CLAUSE P A R T I C U L A R S P A G E
I NIXI Overview 5
III Technical Specification 7
IV Bidding System 19
VI Security Deposit (SD) 22
VII Eligibility Criteria 23
IX Signing of An Agreement 25
X Payment Terms 25
XI Force Majeure 26
XII Integrity Pact 27
XIV Change Management 28
XV Liquidated Damages 28
XVIII Use of Defective & Sub-Standard Material 30
XIX Confidentiality Clause 30
Annexures & Formats Technical BOQ Bid (Annexure I)
Financial/ Price Bid (Annexure II)
Bid Security Declaration (Annexure III)
Integrity Pact (Annexure IV)
I NIXI OVERVIEW
The National Internet Exchange of India (NIXI) is a non-profit Company incorporated under
Section 25 of the India Companies Act, 1956 (now section 8 under Companies Act 2013)
with an objective of facilitating improved internet services in the country. NIXI was registered
on 19th June, 2003 and performs three operations -
National Internet Exchange of India (NIXI) was set up for peering of ISPs among
themselves for the purpose of routing the domestic traffic within the country, instead of taking
it all the way to US/Abroad, thereby resulting in better quality of service (reduced latency)
and reduced bandwidth charges for ISPs by saving on International Bandwidth. NIXI is
managed and operated on a Neutral basis, in line with the best practices for such initiatives
globally. Website – www.nixi.in
.IN Registry is Indias Country Code Top Level domain (ccTLD). The Govt. of India
delegated/autorized the operations of .INRegistry to NIXI in 2005. The INRegistry operates
and manages Indias .IN ccTLD. Now .IN domain names are available to anyone on first-
come-first-served basis. Website – www.registry.in
.IN Registry and Internationalized Domain Names (IDNs): Since 2005, NIXI also manages the .IN Registry (www.registry.in ) including 15 IDN TLDs. At present, 137 Registrars have been accredited to offer .IN domain Name registration worldwide to customers. This has helped proliferation of web hosting in the country and promotion of Indian language content on the Internet. IDNs in Hindi, Bodo, Dogri, Konkani, Maithili, Marathi, Nepali Sindhi, Bangali, Gujarati, Manipuri, Punjabi, Tamil, Telugu and Urdu languages were launched during the year 2014- 15. The General availability of all the remaining Indian languages i.e. Assamese, Kannada, Oriya, Malayalam, Santali, Sanskrit, Sindhi, Kashmiri started from 15th July, 2020
Indian Registry for Internet Names and Numbers (IRINN) in India that provides allocation and registration services of IP addresses and AS numbers, and contributes to the society by providing Internet-related information as a non-profit, affiliation-based organisation, and performing research, education and enlightenment activities. IRNN is a division functioning under NIXI and provides allocation and registration services of Internet Protocol addresses (IPv4 & IPv6) and Autonomous System numbers to its Affiliates .It is a not-for-profit, Affiliates based entity, with the primary goal of allocation of Internet resources to its Affiliates. Website – www.irinn.in
NIXI is looking to revamp their Internet Perimeter Security (New Generation Firewall along with
On Premise Sand Box to be Installed, commissioned and tested for its proposed point of
presence (POP)/ Internet exchange point (IX) at Noida, Mumbai & Chennai Locations. Bids
(Technical & Financial) are invited from eligible vendors which are valid for a period of 180
days from the last date of submission. Following are the details of existing infrastructure and
proposed Cyber Security solution.
NIXI Exchange –
NIXI primarily peers ISPs and is connected on MPLS VPN. It also peers with Content Delivery Network (CDN) providers like Google, AWS, Akamai, Netflix and so on. NIXI currently has traffic of around 200+ Gbps. NIXI is the L2 & L3 exchange points for its peer ISPs and CDNs. There are total 9 locations of NIXI, which are Noida, Mumbai, Chennai, Kolkata, Ahmedabad, Bengaluru, Hyderabad and Guwahati. Noida location is connected to MPLS VPN last mile on 1 Mbps link and rest 7 locations are connected on 512 Kbps link.
NIXI utilizes Multi Router Traffic Grapher (MTRG) for Traffic analysis for all the locations and hence the Traffic Analysis servers and other software tools are located in Noida DC location. The servers are protected by a Fortinet FG-100E firewall, which has a Threat Prevention throughput of only 250 Mbps.
NIXI Exchange envisages that there should be cyber security measures and controls which should provide security, control and visibility to maintain an effective cybersecurity posture. NIXI Exchange would like to adopt security system which should deliver advanced threat protection, multi-engine sandboxing architectures to unified policy creation which should make defending NIXI Exchange’s network simpler and more effective. It should be “Security without Compromise”.
NIXI Exchange would have Perimeter Security appliance and Advanced Threat Prevention appliance as per the network architecture below. The proposed Perimeter Security Appliance should be integrated with Security Management and Reporting software.
7
Sl.No Item Description Technical Specification Compliance
1 Make To be mentioned by the bidder/ Vendor (as per Annexure I)
2 Model No. To be mentioned by the bidder/ Vendor (as per Annexure I)
3 Country of Origin To be mentioned by the bidder/ Vendor (as per Annexure I)
4 Hardware Architecture The proposed hardware-based firewall should not consume more than 1RU Rack-mountable space
Proposed Firewall should not be proprietary ASIC based in nature & should be multi-core CPU's based architecture to protect latest security threats.
5 Performance & Scalability Appliance must have one Console port, dedicated one management Port, two USB port and redundant power supply
The device should have 8 x 1G Copper ports, 2 x 10G SFP+ port from day 1. Should be scalable to 18 x 1G Copper ports and 6 x 10G SFP+ ports in the same chassis.
Appliance should have 1 TB or more Built in Storage from day 1.
Appliance should support 10 Gbps or more IPS throughput.
Appliance should support 9 Gbps or more Threat Protection throughput including IPS, Gateway AV, Anti- Spyware, Anti-BOT, URLF/Content Filtering and Application control enabled.
The device should have Concurrent Sessions: 4 Million or higher & New connection/Sec: 100,000 or higher
Firewall Should support at least 10 Gbps or more IPsec VPN throughput and 4000 IPSec Site-to-Site VPN tunnels & 3000 IPSec VPN clients.
Firewall Should support at least 5 Gbps or more TLS/SSL inspection & decryption throughput and 1000 SSL VPN clients. The appliance should have 300,000 SSL DPI connections.
The above-mentioned performance figures should be substantiated with documentary evidence from public website. OEM declaration on letterhead will not be entertained.
8
Solution should provide unified threat policy like AV/AS, IPS, URL & Content filtering, Application control, Malware protection, Bandwidth management, policy & policy-based routing on firewall rules to secure connectivity between Internet & internal network and security controls must be applied on inter zone traffic.
Should support BGP, OSPF, RIP v1/v2 routing protocol and IPv4 & IPv6 functionality (Both phase 1 and Phase2).
Firewall should support manual NAT and Auto-NAT, Static NAT, Dynamic PAT, PAT etc
Should have Layer 2 bridge or transparent mode, Wire mode, Sniffer mode /Tap mode
Should support Zero-Touch registration & provisioning using mobile App.
Solution should support policy-based routing, Application based routing and also Multi Path routing.
Application Control: The proposed system shall have the ability to detect, log and take action against network traffic based on over 3500 application signatures
Should have extensive protocol support to identify common protocols such as HTTP/S, FTP, SMTP, SMBv1/v2 and others, which do not send data in raw TCP, and decode payloads for malware inspection, even if they do not run on standard, well-known ports.
Firewall should support Link aggregation (static and dynamic) to provide additional level of redundancy.
Firewall should support static routing, Dynamic Routing and WAN load-balancing for redundant or backup Internet connections.
The appliance should be capable of scanning raw TCP streams on any port bi-directionally preventing attacks that they to sneak by outdated security systems that focus on securing a few well-known ports.
Should support deep packet SSL to decrypt HTTPS traffic for scanning (IPS, Gateway Antivirus, Content Filtering, Application control) transparently and send to destination if no threat found.
The Firewall should Support for TLS 1.3 to improve overall security on the firewall. This should be implemented in Firewall Management, SSL VPN and DPI.
Firewall should support clientless SSL VPN technology or an easy to manage IPSec client for easy access to email, files, computers, intranet sites and applications from a variety of platforms.
Should support Redundant VPN gateway when primary and secondary VPN can be configured to allow seamless, automatic failover and failback
Solution should have inbuilt support of DES, 3DES, AES 128/192/256 encryption MD5, SHA and Pre- shared keys & Digital certificate-based authentication connection tunnel.
9
Should support Route-based VPN that allow dynamic routing over VPN links to ensure continuous uptime in the event of a temporary VPN tunnel failure, by seamlessly re-routing traffic between endpoints through alternate routes.
Solution should support Dead Peer Detection, DHCP Over VPN, IPSec NAT Traversal, Route-based VPN over OSPF, RIP, BGP.
Proposed solution must support application inspections on following protocols DNS,FTP,H.323, SMTP, SQLnet, RTSP, Skinny, SMBv1/v2,SIP, NetBios, TFTP,SNMP etc.
Solution should support User identification and activity available through seamless AD/LDAP/Citrix/Terminal Services SSO integration combined with extensive information obtained through Deep Packet Inspection.
Proposed solution must have Mac IP Spoof Prevention, Jumbo frames support & IP Helper for other than DHCP.
Firewall should have Pictorial view of a particular access rule, NAT and Routing rule which helps in finding real-time statistics. Should display the rules which are actively used or not being used & enabled or disabled.
7 Firewall Security Features
Firewall should scan for threats in both inbound and outbound and intra-zone traffic for malware in files of unlimited length and size across all ports and TCP streams by GAV & Cloud AV.
The proposed firewall should support Bi-directional raw TCP inspection that scans raw TCP streams on any port and bi-directionally to detect and prevent both inbound and outbound threats
Antivirus should provide real-time detection of viruses and malicious code at the gateway for SMTP, POP3, HTTP, FTP etc
Firewall must support Proxy-less and non-buffering inspection technology for DPI scanning without introducing file and stream size limitations, and can be applied on common protocols as well as raw TCP streams.
Solution should have single-pass DPI architecture simultaneously scans for malware, intrusions and application identification and ensuring that all threat information is correlated in a single architecture
Firewall must have integrated IPS shall be able to scan packet payloads for vulnerabilities and exploits, covering a broad spectrum of attacks and vulnerabilities. Should have at least 20,000 IPS Signatures or 20K DPI signatures, 50 million Could AV signatures.
Should protect against DDoS/DoS attack using both Layer 3 SYN proxy and Layer 2 SYN blacklisting technologies. It protects against DOS/DDoS through UDP/ICMP flood protection and connection rate
10
limiting.
Should have facility to block the URL's based on categories, granular control like Allow/Block, Bandwidth Management, Passphrase override, Notify. URL database should have at least 15-20 million sites and 55 + categories.
Shall be able to configure traffic shaping on a per policy basis for specific application/ Specific networks and should be able to define guaranteed bandwidth and maximum bandwidth per policy.
Should have advanced QoS that guarantees critical communications with 802.1p, DSCP tagging, and remapping of VoIP traffic on the network.
Firewall should support HTTP Request tempering protection, Directory traversal prevention, SQL injection Protection, Cross-site scripting Protection (XSS) & DNS security
Should provide complete protection by performing full decryption and inspection of TLS/SSL and SSH encrypted connections regardless of port or protocol.
Solution should support an on premise based Multi- engine Sandboxing for preventing zero-day threats. One on-premise Sandbox solution should be proposed which should integrate with both Firewall Type 1 and Firewall Type 2. Both the Sandbox appliance and Firewalls Type 1 & Type 2 should be essentially from the same OEM.
The Sandbox should have technology that detects and blocks malware that does not exhibit any malicious behavior and hides its weaponry via encryption. Should detect and block mass-market, zero-day threats and unknown malware. The technology should discover packed malware code that has been compressed to avoid detection, the technology should allow the malware to reveal itself by unpacking its compressed code in memory in a secure sandbox environment. It should see what code sequences are found within and compares it to what it has already seen. The Firewall should have the capability to block/prevent from Side Channel attacks like Meltdown, Spectre, Foreshadow, Foreshadow-NG, Portsmash etc.
Should support both for analysis of a broad range of file types, either individually or as a group, including executable programs (PE), DLL, PDFs, MS Office documents, archives, JAR, and APK plus multiple operating systems including Windows, Android, Mac OS X and multi-browser environments.
Should have ability to prevent potentially malicious files from entering the network and those files sent to the sandbox for analysis to be held at the gateway until a verdict is determined.
11
Deep packet SSL should be available on the same platform & License for DPI SSL should be along with appliance.
The Firewall solution should have detection and prevention capabilities for C&C communications and data exfiltration.
Firewall Identifies and controls network traffic going to or coming from specific countries to either protect against attacks from known or suspected origins of threat activity, or to investigate suspicious traffic originating from the network. Ability to create custom country and Botnet lists to override an incorrect country or Botnet tag associated with an IP address.
8 High-Availability Features The proposed solution should support Hardware redundancy in High Availability configuration using security license/subscription.
The proposed solution should support active-passive / standby / high availability. The Firewalls should support Active-Passive with State Sync configuration from day 1.
The device should support stateful session failover to a standby appliance in the event of a hardware failure without any manual intervention.
9 Visibility and Monitoring
Should provide real-time monitoring and visualization provides a graphical representation of top applications, top address, top users and intrusion by sessions for granular insight into traffic across the network.
The system should provide GUI panels and actionable dashboards with general information, system status, system usage, network interface status, security services information & High availability status.
Solution should support granular network visibility of network topology along with host info.
Solution should have real-time visibility of infected hosts, critical attacks, encrypted traffic information & observed threats.
10 Management & Reporting
Feature
The management platform must be accessible via a web-based interface and without any additional client software
Firewall should support management via CLI, SSH, GUI and support for SNMPv2/3..
The solution should support Centralize management which should include configuration, logging, monitoring, reporting & analytics and should be performed by the Management Centre on-prem/virtual appliance.
The Centralize management platform should support multidevice firmware upgrade, certificate management, global policy template to push config across multiple firewall in single click.
The Centralize management platform should support account lockout security & account access control through whitelisted IPs.
12
The on-prem / virtual appliance centralize management platform should support closed network deployment with High Availability & 2FA via mail/MS/Google authenticator.
The solution should store syslog in local storage or remote appliance. OEM can offer individual solution for logging and reporting based architecture to meet the requirements.
Firewall should have reporting facility to generate reports on virus dedicated over different protocols, top sources for viruses, destination for viruses, top viruses etc.
Should have options to generate reports in terms of which are the frequent attacks as well as top sources and destination for attacks in different formats such as PDF/TEXT/ CSV
The solution should have configurable options to send the alert emails based on event type & reports as a mail to the designated email address
Analytics platform support Real-time risk monitoring and analysis of all network and user traffic that passes through the firewall ecosystem
The solution should support Cloud-based configuration backup.
The solution should support IPFIX or NetFlow protocols for real-time and historical monitoring and reporting
The solution should support Application Visualization and Intelligence - should show historic and real-time reports of what applications are being used, and by which users. Reports should be completely customizable using intuitive filtering and drill-down capabilities.
Logging and reporting solution should be supported. Should have Multi-Tenant and Device Group level management
Should have reporting facility to generate reports on virus dedicated over different protocols, top sources for viruses, destination for viruses, top viruses etc.
The solution shall have readymade templets to generate reports like complete reports or attack reports, bandwidth report etc.
The Firewalls (Type 1 & Type 2) should be from the same OEM. The Firewalls and Security Management Software should be from the same OEM. The Firewalls (Type 1 & Type 2) & Sandbox appliance should be from the same OEM
11 Certification, Warranty, Installation, Testing and
Commissioning
The Firewall solution offered must be ICSA certified for Network Firewall, Anti-virus, Advanced Threat Defense, Common Criteria NDPP (Firewall and IPS) – Certification.
13
The Firewall OEM should be having "recommended rating" by NSS Labs for consecutive three years in the last six years. OEM should have scored minimum 97% in Exploit Block rate in the last NSS Lab for NGFW report (2019).
The Firewall OEM should have NetSec Open certification in FY2020 for Network Security / NGFW product performance testing and should have overall Block rating of 98% and above.
Proposed Solution should support 24x7x365 telephone, email and web-based technical support.
OEM should have TAC and R&D center in INDIA.
Manufacturers warranty should be mentioned minimum 05 (five) years warranty including all services like Gateway AV, IPS, Anti Spyware, Anti-Malware, URLF, Application control, BOT protection, Advance Sandboxing, Patch & Firmware upgrade.
Bidder must carry out on site installation, testing and commissioning. OEM must support bidder for one time installation.
2.0 Technical Specification for Firewalls (Type 2) :-
Sl.No Item Description Technical Specification Compliance
1 Make To be mentioned by the bidder/ Vendor (as per Annexure I)
2 Model No. To be mentioned by the bidder/ Vendor (as per Annexure I)
3 Country of Origin To be mentioned by the bidder/ Vendor (as per Annexure I)
4 Hardware Architecture The proposed hardware-based firewall should not consume more than 1RU Rack-mountable space
Proposed Firewall should not be proprietary ASIC based in nature & should be multi-core CPU's based architecture to protect latest security threats.
5 Performance & Scalability Appliance must have one Console port, dedicated one management Port, two USB port and redundant power supply
The device should have 8 x 1G Copper ports, 2 x 10G SFP+ ports, 2 x 10G Copper ports from day 1. Should be scalable to 16 x 1G Copper ports, 4 x 10G SFP+ ports and 2 x 40Gig ports in the same chassis.
Appliance should have 1 TB or more Built in Storage from day 1.
Appliance should support 20 Gbps or more IPS throughput.
Appliance should support 15 Gbps or more Threat Protection throughput including IPS, Gateway AV, Anti- Spyware, Anti-BOT, URLF/Content Filtering and Application control enabled.
14
The device should have Concurrent Sessions: 8 Million or higher & New connection/Sec: 150,000 or higher
Firewall Should support at least 15 Gbps or more IPsec VPN throughput and 5000 IPSec Site-to-Site VPN tunnels & 3000 IPSec VPN clients.
Firewall Should support at least 8 Gbps or more TLS/SSL inspection & decryption throughput and 1000 SSL VPN clients. The appliance should have 600,000 SSL DPI connections.
The above-mentioned performance figures should be substantiated with documentary evidence from public website. OEM declaration on letterhead will not be entertained.
6 General Firewall Features
Solution should provide unified threat policy like AV/AS, IPS, URL & Content filtering, Application control, Malware protection, Bandwidth management, policy & policy-based routing on firewall rules to secure connectivity between Internet & internal network and security controls must be applied on inter zone traffic.
Should support BGP, OSPF, RIP v1/v2 routing protocol and IPv4 & IPv6 functionality (Both phase 1 and Phase2).
Firewall should support manual NAT and Auto-NAT, Static NAT, Dynamic PAT, PAT etc
Should have Layer 2 bridge or transparent mode, Wire mode, Sniffer mode /Tap mode
Should support Zero-Touch registration & provisioning using mobile App.
Solution should support policy-based routing, Application based routing and also Multi Path routing.
Application Control: The proposed system shall have the ability to detect, log and take action against network traffic based on over 3500 application signatures
Should have extensive protocol support to identify common protocols such as HTTP/S, FTP, SMTP, SMBv1/v2 and others, which do not send data in raw TCP, and decode payloads for malware inspection, even if they do not run on standard, well-known ports.
Firewall should support Link aggregation (static and dynamic) to provide additional level of redundancy.
Firewall should support static routing, Dynamic Routing and WAN load-balancing for redundant or backup Internet connections.
The appliance should be capable of scanning raw TCP streams on any port bi-directionally preventing attacks that they to sneak by outdated security systems that focus on securing a few well-known ports.
Should support deep packet SSL to decrypt HTTPS traffic for scanning (IPS, Gateway Antivirus, Content Filtering, Application control) transparently and send to destination if no threat found.
15
The Firewall should Support for TLS 1.3 to improve overall security on the firewall. This should be implemented in Firewall Management, SSL VPN and DPI.
Firewall should support clientless SSL VPN technology or an easy to manage IPSec client for easy access to email, files, computers, intranet sites and applications from a variety of platforms.
Should support Redundant VPN gateway when primary and secondary VPN can be configured to allow seamless, automatic failover and failback
Solution should have inbuilt support of DES, 3DES, AES 128/192/256 encryption MD5, SHA and Pre- shared keys & Digital certificate-based authentication connection tunnel.
Should support Route-based VPN that allow dynamic routing over VPN links to ensure continuous uptime in the event of a temporary VPN tunnel failure, by seamlessly re-routing traffic between endpoints through alternate routes.
Solution should support Dead Peer Detection, DHCP Over VPN, IPSec NAT Traversal, Route-based VPN over OSPF, RIP, BGP.
Proposed solution must support application inspections on following protocols DNS, FTP, H.323, SMTP, SQLnet, RTSP, Skinny, SMBv1/v2,SIP, NetBios, TFTP,SNMP etc.
Solution should support User identification and activity available through seamless AD/LDAP/Citrix/Terminal Services SSO integration combined with extensive information obtained through Deep Packet Inspection.
Proposed solution must have Mac IP Spoof Prevention, Jumbo frames support & IP Helper for other than DHCP.
Firewall should have Pictorial view of a particular access rule, NAT and Routing rule which helps in finding real-time statistics. Should display the rules which are actively used or not being used & enabled or disabled.
7 Firewall Security Features
Firewall should scan for threats in both inbound and outbound and intra-zone traffic for malware in files of unlimited length and size across all ports and TCP streams by GAV & Cloud AV.
The proposed firewall should support Bi-directional raw TCP inspection that scans raw TCP streams on any port and bi-directionally to detect and prevent both inbound and outbound threats
Antivirus should provide real-time detection of viruses and malicious code at the gateway for SMTP, POP3, HTTP, FTP etc
Firewall must support Proxy-less and non-buffering inspection technology for DPI scanning without introducing file and stream size limitations, and can be applied on common protocols as well as raw TCP
16
streams.
Solution should have single-pass DPI architecture simultaneously scans for malware, intrusions and application identification and ensuring that all threat information is correlated in a single architecture
Firewall must have integrated IPS shall be able to scan packet payloads for vulnerabilities and exploits, covering a broad spectrum of attacks and vulnerabilities. Should have at least 20,000 IPS Signatures or 20K DPI signatures, 50 million Could AV signatures.
Should protect against DDoS/DoS attack using both Layer 3 SYN proxy and Layer 2 SYN blacklisting technologies. It protects against DOS/DDoS through UDP/ICMP flood protection and connection rate limiting.
Should have facility to block the URL's based on categories, granular control like Allow/Block, Bandwidth Management, Passphrase override, Notify. URL database should have at least 15-20 million sites and 55 + categories.
Shall be able to configure traffic shaping on a per policy basis for specific application/ Specific networks and should be able to define guaranteed bandwidth and maximum bandwidth per policy.
Should have advanced QoS that guarantees critical communications with 802.1p, DSCP tagging, and remapping of VoIP traffic on the network.
Firewall should support HTTP Request tempering protection, Directory traversal prevention, SQL injection Protection, Cross-site scripting Protection (XSS) & DNS security
Should provide complete protection by performing full decryption and inspection of TLS/SSL and SSH encrypted connections regardless of port or protocol.
Solution should support an on premise based Multi- engine Sandboxing for preventing zero-day threats. One on-premise Sandbox solution should be proposed which should integrate with both Firewall Type 1 and Firewall Type 2. Both the Sandbox appliance and Firewalls Type 1 & Type 2 should be essentially from the same OEM.
17
The Sandbox should have technology that detects and blocks malware that does not exhibit any malicious behavior and hides its weaponry via encryption. Should detect and block mass-market, zero-day threats and unknown malware. The technology should discover packed malware code that has been compressed to avoid detection, the technology should allow the malware to reveal itself by unpacking its compressed code in memory in a secure sandbox environment. It should see what code sequences are found within and compares it to what it has already seen. The Firewall should have the capability to block/prevent from Side Channel attacks like Meltdown, Spectre, Foreshadow, Foreshadow-NG, Portsmash etc.
Should support both for analysis of a broad range of file types, either individually or as a group, including executable programs (PE), DLL, PDFs, MS Office documents, archives, JAR, and APK plus multiple operating systems including Windows, Android, Mac OS X and multi-browser environments.
Should have ability to prevent potentially malicious files from entering the network and those files sent to the sandbox for analysis to be held at the gateway until a verdict is determined.
Deep packet SSL should be available on the same platform & License for DPI SSL should be along with appliance.
The Firewall solution should have detection and prevention capabilities for C&C communications and data exfiltration.
Firewall Identifies and controls network traffic going to or coming from specific countries to either protect against attacks from known or suspected origins of threat activity, or to investigate suspicious traffic originating from the network. Ability to create custom country and Botnet lists to override an incorrect country or Botnet tag associated with an IP address.
8 High-Availability Features The proposed solution should support Hardware redundancy in High Availability configuration using security license/subscription.
The proposed solution should support active-passive / standby / high availability. The Firewalls should support Active-Passive with State Sync configuration from day 1.
The device should support stateful session failover to a standby appliance in the event of a hardware failure without any manual intervention.
9 Visibility and Monitoring
Should provide real-time monitoring and visualization provides a graphical representation of top applications, top address, top users and intrusion by sessions for granular insight into traffic across the network.
18
The system should provide GUI panels and actionable dashboards with general information, system status, system usage, network interface status, security services information & High availability status.
Solution should support granular network visibility of network topology along with host info.
Solution should have real-time visibility of infected hosts, critical attacks, encrypted traffic information & observed threats.
10 Management & Reporting
Feature
The management platform must be accessible via a web-based interface and without any additional client software
Firewall should support management via CLI, SSH, GUI and support for SNMPv2/3..
The solution should support Centralize management which should include configuration, logging, monitoring, reporting & analytics and should be performed by the Management Centre on-prem/virtual appliance.
The Centralize management platform should support multidevice firmware upgrade, certificate management, global policy template to push config across multiple firewall in single click.
The Centralize management platform should support account lockout security & account access control through whitelisted IPs.
The on-prem / virtual appliance centralize management platform should support closed network deployment with High Availability & 2FA via mail/MS/Google authenticator.
The solution should store syslog in local storage or remote appliance. OEM can offer individual solution for logging and reporting based architecture to meet the requirements.
Firewall should have reporting facility to generate reports on virus dedicated over different protocols, top sources for viruses, destination for viruses, top viruses etc.
Should have options to generate reports in terms of which are the frequent attacks as well as top sources and destination for attacks in different formats such as PDF/TEXT/ CSV
The solution should have configurable options to send the alert emails based on event type & reports as a mail to the designated email address
Analytics platform support Real-time risk monitoring and analysis of all network and user traffic that passes through the firewall ecosystem
The solution should support Cloud-based configuration backup.
The solution should support IPFIX or NetFlow protocols for real-time and historical monitoring and reporting
19
The solution should support Application Visualization and Intelligence - should show historic and real-time reports of what applications are being used, and by which users. Reports should be completely customizable using intuitive filtering and drill-down capabilities.
Logging and reporting solution should be supported. Should have Multi-Tenant and Device Group level management
Should have reporting facility to generate reports on virus dedicated over different protocols, top sources for viruses, destination for viruses, top viruses etc.
The solution shall have readymade templets to generate reports like complete reports or attack reports, bandwidth report etc.
The Firewalls (Type 1 & Type 2) should be from the same OEM. The Firewalls and Security Management Software should be from the same OEM. The Firewalls (Type 1 & Type 2) & Sandbox appliance should be from the same OEM.
11 Certification, Warranty, Installation, Testing and
Commissioning
The Firewall solution offered must be ICSA certified for Network Firewall, Anti-virus, Advanced Threat Defense, Common Criteria NDPP (Firewall and IPS) – Certification.
The Firewall OEM should be having "recommended rating" by NSS Labs for consecutive three years in the last six years. OEM should have scored minimum 97% in Exploit Block rate in the last NSS Lab for NGFW report (2019).
The Firewall OEM should have NetSec Open certification in FY2020 for Network Security / NGFW product performance testing and should have overall Block rating of 98% and above.
Proposed Solution should support 24x7x365 telephone, email and web-based technical support.
OEM should have TAC and R&D center in INDIA.
Manufacturers warranty should be mentioned minimum 05 (five) years warranty including all services like Gateway AV, IPS, Anti Spyware, Anti-Malware, URLF, Application control, BOT protection, Advance Sandboxing, Patch & Firmware upgrade.
Bidder must carry out on site installation, testing and commissioning. OEM must support bidder for one time installation.
IV BIDDING SYSTEM
1. Bids will be submitted in hard copies at NIXI office Delhi. There is no electronic or digital submission is allowed.
2. The bid should be submitted in two parts. Part-I is Technical Bid and Part-II will be Financial/Commercial bid.
3. Technical will contain all the documents/compliance asked in General Term of conditions along with Technical Compliance, which is to be enclosed in Envelope
20
A. Technical Bid will also have unpriced BOM as per Annexure-I. Please do not put Financial Bid/Commercial bid in Technical bid/ Envelope A this would lead to summary rejection of the bid. The Financial Bid has to be enclosed in Envelope B.
4. Financial/Commercial bid will contain schedule of prices as per the Financial/Commercial Bid format.
5. Both Technical and Financial/Commercial bid should be kept in separate envelope and this envelops should be kept in on large envelope. All the envelopes should be properly sealed.
6. Each page of the tender bid should be signed and sealed by authorized signatory.
7. No bid will be accepted post the last date and time mentioned in the tender document. However, NIXI reserves the right to extend the date and time of bid submission. 4.1 Schedule table
Name of Work Cyber Security Revamp at NIXI Exchange POPs (Point of Presence)
Bid Submission Start Date 24th September, 2021
Last Date for bid submission 08th October, 2021
4.2 Assistance to bidders
Any queries relating to the tender document and the terms and conditions contained therein should be addressed to the following email id abhishek.gautam@nixi.in and soumen@nixi.in
4.3 Bid Evaluation Criteria
a. Tender committee will first evaluate the Technical bid and technical BOM. They
can seek any clarification/documents/confirmation, should they need the same for further clarity.
b. Financial/Commercial bids of those Bidders whose Pre-Qualification &Technical bids are found suitable by the committee, will be opened.
c. Contract will be awarded to L1 bidder, which will arrive at as per Financial/Commercial Bid format inclusive of taxes.
4.4 Bid Validity
I. All the bids (Technical and Financial) will be valid for a period of 75 days from the last date of submission of the tender for execution of Contract. This can be extended if so required with the approval of the Competent Authority.
II. In exceptional circumstances, prior to expiry of the original time limit, the NIXI may request the bidders to extend the period of validity for a specified additional period beyond the original validity of 75 days. The request and the bidders' responses shall be made in writing/Email. The bidders, not agreeing for such
4.5 Modification / Substitution/ Withdrawal of bids
I. No Bid shall be modified, substituted, or withdrawn by the Bidder after the bids due date.
II. Any alteration/ modification in the bid or additional information supplied subsequent to the bid's due Date, unless the same has been expressly sought for by the Authority, shall be disregarded.
4.6 Rejection of the Bid:
The bid submitted shall become invalid if:
I. The bidder is found ineligible.
II. The bidder does not provide all the documents as stipulated in the bid document.
4.7 Right to reject or scrap the process
The Employer reserves the right to accept or reject any Tender, and to scrap/ cancel the Tender process and reject all Tenders, at any time prior to the award of Contract, without thereby incurring any liability to the affected Tenderer or Tenderers or any obligation to inform the affected Tenderer or Tenderers of the grounds for the Employer's action.
4.8 Evaluation of Bids.
a. The responsive bids will first be evaluated for technical compliance. Non-submission of essential documents stipulated will result in a bid liable for disqualification at technical evaluation stage.
b. Bids determined to be substantially responsive will be checked by NIXI for any arithmetical errors in computation and summation. Where there is discrepancy between rates/amounts given in figures and in words, the rates/amounts given in words will prevail.
c. NIXI shall evaluate the financial bids of eligible bidders to determine the L-1 bidder on the basis of lowest total cost of support services for all items in the financial/price bid form.
4.9 General Instructions for Bidding process
Bids should be completed in all respects, must be submitted on or before the last date specified in the
schedule of events. The NIXI may, at its own discretion, extend the last date for submission of tenders. All the bids are valid for a period of 75 days from the last date of submission of the tender for execution of
Contract. It may be extendable.
The bid submitted shall become invalid if: -
i) The bidder is found ineligible. ii) The bidder does not provide all the documents as stipulated in the bid document.
iii) The bidder has knowingly concealed & misrepresented the facts for shortlisting.
22
V. EARNEST MONEY DEPOSIT (EMD)
Due to the Pandemic conditions prevailing in the country, there is slowdown in economy. Therefore,
Ministry of Finance vide their OM No F. 9/4/2020-PPD dated 12-11-2020 has decided that no provision
regarding Bid Security should be kept in Bid Documents in future and only provision of „Bid Security
Declaration should be kept in the Bid Documents. It is further proposed by Ministry of Finance that the
Security Deposit shall also be brought down from 10% to 3%. (Copies Enclosed)
VI. SECURITY DEPOSIT (PERFORMANCE BANK GUARANTEE)
Due to the Pandemic conditions prevailing in the country, there is slowdown in economy. Therefore,
Ministry of Finance vide their OM No F. 9/4/2020-PPD dated 12-11-2020 has decided to reduce
Security Deposit. Keeping in view these constraints the Security Deposit/ PBG is kept as 6%.
a. The successful bidder should arrange to have Performance Bank Guarantee/ Security Deposit amounting to 6% of the awarded contract value furnished within 10 days of submission of Letter of Acceptance in the case of contracts, and within 10 days of submission of draft Contract Agreement. b. The notification of award will constitute the formation of the Contract, subject only to the furnishing of a Performance Bank Guarantee/ Security Deposit in accordance with the provisions of this Clause. c. Upon the furnishing by the successful Tenderer of the Security deposit, the Employer will promptly notify the other Tenderers that their Tenders have been unsuccessful. d. Subject to any provision elsewhere in the contract regarding forfeiture or appropriation in full or part thereof, the Performance Bank Guarantee/ Security Deposit shall be released at the time of expiry / non-renewal / termination of the contract. e. The Performance Bank Guarantee/ Security Deposit may be either in the form of Demand Draft in favour of NIXI, New Delhi, or as Bank Guarantee in the format at Form No. -V of this document. f. In case Bank Guarantee is furnished as Performance Bank Guarantee/ Security Deposit, the same should be valid by more than sixty (60) days after the expiry of the contract including AMC. g. In case Bank Guarantee is furnished as Performance Bank Guarantee/ Security Deposit, it should be sent to NIXI by the concerned Bank, and not by the bidder itself. h. The Performance Bank Guarantee/ Security Deposit amount is interest free. g. NIXI has the right to encash/ appropriate the whole amount of Performance Bank Guarantee/ Security Deposit in accordance with the contract conditions and also to deduct any amount due from the contractor at the time of the termination/expiry of the contract.
23
# Basic
Bid
PQ-1 Legal Entity The bidder shall be a company registered under the Companies Act, 2013 or the Companies Act, 1956 or a Limited Liability Partnership (LLP) registered under the LLP Act, 2008 or Indian Partnership Act 1932.
Copy of Certificate of Incorporation/ Registration/Partnership deed signed by Authorized Signatory of Bidder.
PQ-2 Relevant Experience
The bidder shall have experience of carrying out similar work : at least 1 (one) similar project with order value not less than Rs. 2 Cr in Public Sector Undertakings (PSU) companies/ Urban Local Bodies/ Central Government / State Government Organizations in last seven (7) financial years. OR at least 2 (two) similar projects with order value not less than Rs. 1 Cr in Public Sector Undertakings (PSU) companies/ Urban Local Bodies/ Central Government / State Government Organizations in last seven (7) financial years. OR at least 3 (three) similar projects with order value not less than Rs. 60.0 Lakhs in Public Sector Undertakings (PSU) companies/ Urban Local Bodies/ Central Government / State Government Organizations in last seven (7) financial years.
Work Order + Work Completion Certificates from the client;
OR Work Order + Milestone /
Phase Completion Certificate (for ongoing projects) from the client.
PQ-3 Turnover Bidder should have an average minimum overall annual turnover of at least Rs. 6 Crores in last 3 financial years (FY 18-19, FY 19-20, FY 20-21).
Audited Balance Sheet and Profit & Loss Account Statement of the Bidder for each of the last 3 audited financial years (FY 18-19, FY 19-20, FY 20-21).
Certificate duly signed by Chartered Accountant of the Bidder for total turnover.
PQ-4 Financial Strength
The Bidder should be of positive net worth during each of the last 3 financial years (FY 18- 19, FY 19-20, FY 20-21).
Copy of the Audited Balance Sheet of the Company(s).
24
Certificate duly signed by Chartered Accountant of the Bidder certifying the positive Net Worth.
PQ-5 Certificate The bidder should have ISO 9001:2015, ISO 20000:2011 and ISO 27001:2013, valid certificates as of date of completion of submission.
Valid copy of the Certificates.
PQ-6 Blacklisting The Bidder should not be debarred/ blacklisted by any Government body/PSU in India as on the date of submission of the bid.
Affidavit that the bidder has not been debarred/ blacklisted by any Govt./ Semi-Govt. organization
PQ-7 OEM Certified Recourses
Bidder should have the following certified resources on their payroll: 1) Network OEM Certified Recourses – 3
Numbers 2) Firewall OEM Certified Recourses – 3
Numbers
Valid copy of the Certificates should be attached
PQ-8 MAF The bidder must submit Manufacturer’s Authorization Form (MAF) for all the products being quoted, MAF should be specific for this particular project.
Valid copy of the Certificate on OEM letter head.
PQ-9 Resources Bidder should have on their payroll strength of at least 50 technical qualified resources as on the day of the bidding.
Self-Declaration from Authorized Signatory of HR Department of the bidder for exact number of technical qualified resources on the rolls of the Company.
PQ-10 OEM Qualification
Each of the proposed OEMs should have existing capability and infrastructure to provide 24x7x365 technical support in India with Indian Toll or Toll-Free call-in numbers.
OEM products or technology quoted should not
be end of-sale till 24 months from the date of
RFP release and should not be end-of-support till
5 years from date of RFP release.
OEM should be present in India for atleast 10
years.
Note:
1) Start-up/ MSME exemption for turnover/ past performance/ experience will be
granted as per Government of India notifications. To claim same bidder has to
submit the copy of certificate from Department Industry Policy and trade
promotion.
2) Every party has to sign and submit the declaration that the information given by them is
25
true, correct and complete as per Annexure V. 3) Please use two separate envelopes for Technical Bid and Financial Bids
VIII. AWARD OF WORK
a. Letter of Award: NIXI will notify the successful bidder by post or by fax or email that his/her bid has been accepted. The notification of award will constitute the formation of the Contract upon the furnishing by the successful bidder of a performance security/security deposit in accordance with relevant clause. b. Letter of Acceptance: Within 7 days of receipt of notification of award, the successful bidder shall furnish Letter of Acceptance to NIXI conveying willingness to accept the work/supply order in accordance with the provisions of this tender and the Letter of Award. c. Selection of Firm: In case L-1 bidder does not submit Letter of Acceptance as above, NIXI may at its discretion issue Letter of Award to the L-2 bidder on L-1 rates. In case, L-2 bidder is not agreeable to provide services on L-1 rates then the contract may be awarded to L-3 bidder on L-1 rates.
IX SIGNING OF AN AGREEMENT
After submission of Letter of Acceptance, the successful bidder shall prepare and submit to NIXI the Contract Agreement on the basis of the format provided. After receipt of Performance Bank Guarantee/ Security Deposit as per clause of PBG/ SD, NIXI shall return the Agreement after scrutiny, and the successful bidder shall get the same engrossed, have the correct amount to stamp duly adjudicated by Superintendent of Stamps and thereafter return the same duly signed and executed on behalf of the successful bidder, all at its own cost, within two weeks from the receipt of the approved Agreement. Agreement shall be executed on the stamp paper of Rs 100/-, which will be purchased by the bidder after receiving the award letter from NIXI.
The Agreement will incorporate all agreements between the Employer and the successful Tenderer. It will be kept ready for signature of the successful Tenderer in the office of Employer within 30 days following the notification of award along with the Letter of Acceptance. Within 20 days of receipt, the successful Tenderer will sign the Agreement and deliver it to the Employer.
X PAYMENT TERMS
Remarks
1 Delivery of Equipment 80 Payable upon delivery
2 Satisfactory completion of installation and running duly certified by NIXI team
20 Payable upon successful installation.
The vendor shall charge all applicable taxes as per the prevailing tax laws in India. All the
26
payment to the contractor shall be subject to tax deductions under the prevailing tax laws of India. Every party has to sign and submit the Bank Details to NIXI, which is mandatory for releasing the e-payments as per the tender conditions (Annexure IX).
XI FORCE MAJEURE
11.1 Definition:
For the purposes of this Contract, “Force Majeure” means an event which is beyond the reasonable control of a Party. It is neither foreseeable nor unavoidable, which has:
a) not brought about by or at the instance of the Party claiming to be affected by such
events.
b) caused the non-performance or delay in performance.
c) makes a Partys performance of its obligations hereunder impossible or so impractical as
reasonably to be considered impossible in the circumstance.
d) not involved the contractor's fault or negligence, either in its sovereign or contractual
capacity.
11.2 Force Majeure shall include Acts of God, wars or revolutions, fires, floods, epidemics, quarantine restrictions and fright embargoes including war, riots, civil disorder, earthquake, fire, explosion, storm, flood or other extreme adverse weather conditions, strikes, lockouts or other industrial action. 11.3 Notwithstanding the provisions of clauses contained in this RFS document; the contractor shall not be liable to forfeit: (a) Security deposit for delay and (b) termination of contract; if he is unable to fulfill his obligation under this contract due to Force Majeure conditions. 11.4 Whether a “Force majeure” situation exists or not, shall be decided by NIXI and its decision shall be final and binding on the contractor and all other concerned. 11.5 The party will be relieved of his obligations during the force majeure period. In the event that such force majeure extends beyond six months, the agreement will be terminated provided that it is not caused by the negligence or intentional action of a Party or by or of such Partys employee. 11.6 No breach of Contract: The failure of a Party to fulfil any of its obligations hereunder shall not be considered to be a breach of, or default under this Contract in so far as such inability arises from an event of Force Majeure, provided that the Party affected by such an event has taken all reasonable precautions, due care and reasonable alternative measures, all with the objective of carrying out the terms and conditions of this Contract. 11.7 Measures to be taken: The party affected by an event of Force Majeure shall continue to perform its obligations under the Contract as far as is reasonably practical, and shall take all reasonable
27
measures to minimize the consequences of any event of Force Majeure. 11.8 The party affected by an event of Force Majeure shall notify the other Party of such event as soon as possible, and in any case not later than fourteen (14) days following the occurrence of such event, providing evidence of the nature and cause of such event, and shall similarly give written notice of the restoration of normal conditions as soon as possible. 11.9 Any period within which a Party shall, pursuant to this Contract, complete any action or task, shall be extended for a period equal to the time during which such Party was unable to perform such action as a result of Force Majeure. 11.10 During the period of their inability to perform the Services as a result of any event of Force Majeure, the Contractor, upon instructions by NATGRID, shall either: i. Demobilize; or ii. Continue with the Services to the extent possible, in which case the Contractor shall continue to be paid proportionately and on pro rata basis, under the terms of this Contract. 11.11 In case of disagreement between the Parties as to the existence or extent of Force Majeure, the matter shall be settled according to Clause XIII..
XII. INTEGRITY PACT The Central Vigilance Commission (CVC) being an apex vigilance institution, advise and guide Central Government agencies on the vigilance matters in planning, executing, reviewing and reforming their vigilance work. Realizing the importance of Integrity Pact as a vigilance tool in controlling corruption in public contracting and procurement, CVC has, through its Office Orders No. 41/ 12/07 dated 04.12.07 and 43/12/07 dated 28.12.07 and Circulars No. 18/05/08 dated 19.05.08 and 24.08.08 dated 05.08.2008, recommended adoption of Integrity Pact to all the Secretaries to the GoI, all CMDs of PSUs and PSB, and all CVOs, and provided basic guidelines for its implementation in respect of major procurements in the Government Organizations. On May 18, 2009, it issued Standard Operating Procedure spelling out all the details. The copy of the Integrity Pact is placed at Annexure . which shall be signed and stamped by the bidder as well as NIXI.
XIII. SETTLEMENT OF DISPUTES
13.1 Amicable Settlement: In case dispute arises between the parties regarding any matter under the contract, either Party of the contract may send a written Notice of Dispute to the other party. The Party receiving the Notice of Dispute will consider the Notice and respond to it in writing within 30 days after receipt. If that party fails to respond within 30 days, or the dispute cannot be amicably settled within 60 days following the response of that party, Clause GC 3.21.2 shall become applicable.
28
13.2 Arbitration: In the case of dispute arising upon or in relation to or in connection with the contract between NIXI and the Contractor, which has not been settled amicably, any party can refer the dispute for Arbitration under the Arbitration and Conciliation Act 1996. i. Arbitration proceedings shall be held in New Delhi and the language of the arbitration proceedings and that of all documents and communications between the parties shall be English. ii. The decision of the arbitrator(s) shall be final and binding upon both parties. iii. The expenses of the arbitrator(s) as determined by the arbitrator(s) shall be shared equally by NIXI and the Contractor. However, the expenses incurred by each party in connection with the preparation & presentation of their cases shall be borne by the party itself. iv. All arbitration awards shall be in writing and shall state the reasons for the award. 13.3 Jurisdiction of Courts etc.: The courts/any other Tribunal or Forum in New Delhi alone shall have exclusive jurisdiction with regard to any matter/dispute relating to or arising out this contract.
The Purchaser and the Bidder shall make every effort to resolve amicably by direct informal negotiations, any disagreement or disputes, arising between them under or in connection with the Contract.
In case of dispute between the purchaser and bidder, the dispute may be resolved through arbitration process as per the Arbitration & Reconciliation Act 1996 with its seat at New Delhi.
XIV. CHANGE MANAGEMENT
The selected agency shall give prior intimation at least two weeks before changing their
workforce personnels and other resources during the course of an ongoing assignment.
It is further added that an agency shall ensure that there is proper knowledge transfer as
well as handing over of necessary resources so as to avoid any kind of dislocation of work.
XV. LIQUIDATED DAMAGES In the event of failure to deliver/dispatch the equipment/stores within the stipulated date/period in accordance with the terms and conditions and the specifications mentioned in the supply order and in the event of breach of any of the terms and conditions mentioned in the supply order, NIXI, shall be entitled at its option to enforce the following: a) To recover from the successful Bidder as agreed Liquidated Damages, a sum not less than 0.5%(Half Percent) of the price of any stores which the successful Bidder has not been able to supply as aforesaid for each week or part of a week during which the delivery of such stores may be in arrears limited to 10% (TEN Percent). Where felt necessary the limit of 10% can be increased to 15% at the discretion of Head of the Materials Management Division. b) To cancel the supply order or a portion thereof, and if so desired to purchase the stores at the risk and expenses of the defaulting supplier and also/or
29
c) To purchase elsewhere after notice to the successful Bidder on the account and at the risk of the defaulting supplier, the equipment/stores not supplied or others of similar description without cancelling the supply order in respect of the consignment not yet due for supply/or d) Whenever under this contract any sum of money is recoverable from and payable by the supplier, NIXI shall be entitled to recover such sum by appropriating in part or in whole by deducting any sum or which at any time thereafter may become due to the successful Bidder in this or any other contracts. Should this sum be not sufficient to recover the full amount recoverable, the successful Bidder shall pay on demand to NIXI the balance amount. The supplier shall not be entitled to any gain on any such purchase. e) To extend the period of delivery with or without Liquidated Damages as may be considered fit and proper. The Liquidated Damages, if imposed, shall not be more than the agreed Liquidated Damages referred to in Clause XV (a) above, except in case of Force Majeure condition. f) To forfeit the Security Deposit/ PBG fully or in part.
XVI. DELIVERY, INSTALLATION & COMMISSIONING
The vendor should agree to deliver the equipment and install and commission all the equipment at the specific location identified by NIXI at the respective POP locations. NIXI shall reject the component/equipment supplied if it does not comply with the specifications or does not function properly after installation. The contractor shall replace the non-functioning or defective equipment or its spares immediately and ensure proper functioning of all equipment.
XVII. WARRANTY, AMC & WARRANTY
I. Warranty shall include free maintenance of the whole equipment supplied including free
replacement of parts and all software updates and upgrades.
II. The on-site comprehensive warranty will start from the date of successful installation of equipment by NIXI. All items shall be covered with five-year on-site comprehensive warranty (as per scope of work).
III. The vendor shall assure to maintain the inventory of spare parts for maintenance of the equipment supplied for a period of 5 years.
IV. All ongoing software upgrades for all major and minor releases should be provided during
the warranty period without any additional payment by NIXI.
V. The vendor shall ensure that that there is a back-to-back agreement with OEM to meet above hardware and software warranty terms.
30
VI. During the period of support, the vendor shall:
a) Support the entire hardware/software of equipment. b) Diagnose the hardware/software faults and rectify the hardware/software faults detected. c) Repair and replace the faulty parts or part thereof. d) Upkeep the software periodically including implementation of patches, if required. e) Contractor shall carry out support activities as per requirement of NIXI.
VII. Bidder would enter into the Annual Maintenance contract post the expiry of warranty period,
if NIXI wishes so. Bidder will have to upgrade the hardware with equivalent or better model, if same has been declared end of life by OEM and no longer being supported during the five- year original contract period.
XVIII. USE OF DEFECTIVE & SUB-STANDARD EQUIPMENTS:
If any of the equipment supplied by the Tenderer is found to be substandard, refurbished, un-merchantable or not in accordance with the description /specification or otherwise faulty, NIXI will have the right to reject the equipment or its part. The prices of such equipment shall be refunded by the Tenderer with 18% interest if such payments for such equipment have already been made to him. All damaged or unapproved goods shall be returned at suppliers cost and risk and the incidental expenses incurred thereon shall be recovered from the supplier. Defective part in equipment, if found before installation and/or during warranty period, shall be replaced within 45 days on receipt of the intimation from this office at the cost and risk of supplier including all other charges.
XIX. CONFIDENTIALITY DISCLOSURE This is Confidentiality Clause or Non-Disclosure Clause of the contract, which bounds the successful party to ensure and agree that specific type of sensitive or proprietary information that is furnished by NIXI for taking up the work assigned to them will remain confidential. Any disclosure in violation shall be deemed a breach of this Agreement
This clause also covers the Non-Disclosure of documents containing Confidential Information,
including without limitation:
(i) any documents, notes, memoranda, summaries, analyses, paper works, sketches,
designs, charts, specifications, prints, compilations, or any other writings relating to
Confidential Information, and any other materials embodied in drawings, floppy discs,
tapes, CD ROM, hard drives, software or in any other possible way containing or
relating to Confidential Information or any part thereof, whether or not prepared by
Company or on its behalf,
(ii) all documents received, used, or that shall be received or used, by the party in relation
with their employment with Company, and/or
(iii) the contents of such Confidential Documents as stored in their memory.
The successful part, while taking up the work, must sign and submit the Confidentiality
31
XX. GENERAL CONDITIONS OF TENDER
1. The Bidder should be public or private limited company registered /incorporated under The
Companies Act, 1956.
2. CSP should be empaneled with MeitY (Ministry of Electronics and Information technology as
provider for government cloud and data centre services.
3. CSP should have not blacklisted by any Government (Central/State) Department/Undertaking or
PSU. A declaration of Non-Blacklisting will be submitted by bidder.
4. CSP should have TAC (Technical Assistance Centre) or Call Centre for all level of support for
24X7 support.
5. Bids should be submitted in physical form in sealed envelope at NIXI office. 6. NIXI can reject any bid any time without giving any reasons. 7. Any Political/bureaucratic/commercial pressure (directly/indirectly) will amount to disqualification
of bid.
8. Court jurisdiction will be Delhi/NCR in case dispute required to be settled in Court.
9. The provisions of Guarantee shall be clearly defined so as to avoid any kind of ambiguity arising
at the stage of post purchase service.
10. An undertaking shall be given by the bidder that that the information furnished by them is true,
complete and correct to the best of their knowledge and belief (See Annexure)
11. The vendor shall obtain necessary road permits or documentation pay all necessary taxes and duties in delivering the equipment at respective locations. NIXI is not responsible for the same.
XXI. SPECIAL CONDITIONS OF TENDER
Following are the special terms & conditions are for this tender. The bidder/OEM should provide necessary documentary evidence of compliance as follows. Failure to do so for any of the Criteria mentioned below shall result in disqualification of the Bidder.
1. The Bidder should be public or private limited company registered / incorporated
under The Companies Act, 1956.
2. Bidder/OEM should have not blacklisted by any Government (Central/State)
Department/Undertaking or PSU. A declaration of Non-Blacklisting will be submitted
by bidder.
3. Bidder should have minimum average turnover of 06 Crores in last three financial
years. (CA Certificate or Certified copy Balance Sheet or equivalent should be
submitted for FY 2017-18, 2018-19, 2019-20)
4. Bidder should have executed at least one order of Cyber Security product and service
for a value of at least INR Fifty lakhs in last five Financial Years.
5. The Bidder should be authorized by Manufacturers / OEM to supply, install, and
support the products required by NIXI being proposed for this RFP. They should have
expertise in Cyber Security and should have trained manpower for same. Certificate
32
of this effect should be provided from OEM.
6. The product offered should be from an OEM product listed in the Magic Quadrant as
per the 2019 Gartner Reports / NSS labs report. Document/certificate of same should
be provided along with bid.
7. There should be complete compliance of product as mentioned in Annexure-1.
8. OEM of product should have TAC (Technical Assistance Centre) or Call Centre for all
level of support in India.
9. Start-up/MSME exemption for turnover/ past performance/ experience will beranted as
per Government of India notifications. To claim same bidder has submit the copy of
certificate from Department Industry Policy and trade promotion.
10. The equipment is planned to be utilised to Internet Exchange of NIXI at Noida,
Mumbai & Chennai.
(Technical Bill of Material for Each Location)
Sl. No.
1
Firewall Type 1 in HA with Security Management & Reporting along with 5 years Subscription & Support. Additional Advance On-prem Sandbox appliance (only in Noida location) with 5 years support and subscription as per specification mentioned in Technical Specification Annexure.
2
2
Mumbai (2 locations) & Chennai Locations – Firewall Type 2 in HA with 5 years Subscription & Support as per specification mentioned in Technical Specification Annexure.
6
34
(Bill of Material for Each Location)
Sl.
No.
NIXI EXCHANGE BOQ:
1
Noida Location – Firewall Type 1 in HA with Security Management & Reporting along with 5 years Subscription & Support. Additional Advance On-prem Sandbox appliance (only in Noida location) with 5 years support and subscription as per specification mentioned in Technical Specification Annexure.
2
2
Mumbai (2 locations) & Chennai Locations – Firewall Type 2 in HA with 5 years Subscription & Support as per specification mentioned in Technical Specification Annexure.
6
SUB TOTAL FOR NIXI:
Note: All Prices should be inclusive of implementation and deployment. Any third- party product or services needed to make the solution operational should be provided at NO-COST by the bidder.
35
Bid Security Declaration Form Date:--------------------_
Tender No.---------------------- To (insert complete name and address of the purchaser) ------------------ ------------------ I/We. The underslgned, declare that: 7We understand that, according to your conditions, bids must be supported by a Bid Securing Declaration. l/We accept that /We may be dlsqualified from bidding tor any contract with you for a period of one year from the date of notiflcation if I am /We are in a breach of any obligation under the bid conditlons, because /We
a) have withdrawn/modified/amended, impairs or derogates from the tender, my/our Bid during the perlod of bid validity specified in the form of Bid; or b) having been notified of the acceptance of our Bid by the purchaser during the period of bid valldity
(i) fail or reuse to execute the contract, if required, or (ii) fall or refuse to furnish the Performance Security, in accordance with the Instructions to Bidders.
I/we understand thls Bid Securing Declaratlon shall cease to be valid if I am/we are not the successful Bidder, upon the earlier of
(i) the receipt of your notiflcatlon of the name of the successful Bidder; or (ii) thirty days after the expiration of the validity of my/our Bid.
Signed: Name: Capacity: On behalf of (insert complete name of Bidder) Dated on----------------------- day of-------------------- (insert date of signing) Corporate Seal (where appropriate) (Note: In case of a Joint Venture, the Bid Securlng Declaration must be in the name of all partners to the Joint Venture that submits the bid)
36
ANNEXURE IV
INTEGRITY PACT
(To be executed on plain paper and submitted along with technical bid/tender documents . To be signed by the bidder and NIXI.)
National Internet Exchange of India (NIXI) hereinafter referred to as “The Principal”.
AND
PREAMBLE
The Principal intends to award, under laid down organizational procedures, contract/s for . The Principal values full compliance with all relevant laws of the land, rules, regulations, economic use of and of fairness/transparency in its relations with its Bidder(s) and/or Contractor(s).
In order to achieve these goals, the Principal will appoint an Independent External Monitor (IEM), who will monitor the tender process and the execution of the contract for compliance with the principles mentioned above.
Action 1 – Commitments of the Principal.
1. The Principal commits itself to take all measures necessary to prevent
corruption and to observe the following principles: -
a) No employee of the Principal, personally or through family members, will in
connection with the tender for, or the execution of a contract, demand, take a promise for or accept, for self or third person, any material or immaterial benefit which the personal is not legally entitled.
b) The Principal will during the tender process treat all Bidder(s) with equity and
reason. The Principal will in particular, before and during the tender process, provide to all Bidder(s) the same information and will not provide to any Bidder(s) confidential/additional information through which the Bidder(s) could obtain an advantage in relation to the process or the contract execution.
37
c) The Principal will exclude from the process all known prejudiced persons.
38
2. If the Principal obtains information on the conduct of any of its employees which is a criminal offence under the IPC/PC Act, or if there be a substantive suspicion in this regard, the Principal will inform the Chief Vigilance Officer and in addition can initiate disciplinary actions.
Section 2 – Commitments of the Bidder(s)/Contractor(s)
1. The Bidder(s)/Contractor(s) commit himself to take all measures necessary to
prevent corruption. He commits himself to observe the following principles during his participation in the tender process and during the contract execution.
a. The Bidder(s)/contractor(s) will not, directly or through any other persons or
firm, offer promise or give to any of the Principals employees involved in the tender process or the execution of the contract or to any third person any material or other benefit which he/she is not legally entitled to, in order to obtain in exchange any advantage or during the execution of the contract.
b. The Bidder(s)/Contractor(s) will not enter with other Bidders into any
undisclosed agreement or understanding, whether formal or informal. This applies in particular to prices, specifications, certifications, subsidiary contracts, submission or non-submission of bids or any other actions to restrict competitiveness or to introduce cartelization in the bidding process.
c. The Bidder(s)/Contractor(s) will not commit any offence under the relevant IPC/PC Act; further the Bidder(s)/Contractors will not use improperly, for purposes of competition or personal gain, or pass on to others, any information or documents provided by the Principal as part of the business relationship, regarding plans, technical proposals and business details, including information contained or transmitted electronically.
d. The Bidder(s)/Contractor(s) of foreign origin shall disclose the name and
address of the Agents/representatives in India, if any. Similarly, the bidder(s)/contractor(s) of Indian Nationality shall furnish the name and address of the foreign principals, if any. All the payments made to the India agent/representative have to be in Indian Rupees only.
e. The Bidder(s)/Contractor(s) will, when presenting his bid, disclose any and all payments he has made, is committed to or intends to make to agents, brokers or any other intermediaries in connection with the award of the contract.
f. The Bidder(s)/Contractor (s) who have signed the Integrity Pact shall not approach the courts while representing the matter to IEMs and shall wait for their decision on the matter.
2. The Bidder(s)/Contractor(s) will not instigate third persons to commit offences outlined above or be an accessory to such offences.
Section 3: Disqualification from tender process and exclusion from future contract
39
If the Bidder(s)/Contractor(s), before award or during execution has committed a transgression through a violation of Section 2 above or in any other form such as to put his reliability or credibility in question, the Principal is entitled to disqualify the Bidder(s)/Contractor(s) from the tender process or to terminate the contract, if already signed, for such reasons.
Section 4 : Compensation for Damages
1. If the Principal has disqualified the Bidder(s) from the tender process prior to
the award according to Section 3, the Principal is entitled to demand and
recover the damages equivalent to Earnest Money Deposit/Bid Security.
2. If the Principal has terminated the contract according to Section3, or if the
Principal is entitled to terminate the contract according to Section3, The Principal shall be entitled to demand and recover from the Contractor liquidated damages of the Contract value or the amount equivalent to Performance Bank Guarantee.
Section 5 : Previous Transgression
1. The Bidder declares that no previous transgressions occurred in the last three years with any other company in any country conforming to the TIIs anti- corruption approach or with any other public sector enterprise in India that could justify his exclusion from the tender process.
2. If the bidder makes incorrect statement on this subject, he can be disqualified
from the tender process and appropriate action can be taken including termination of the contract, if already awarded, for such reason.
Section 6: Equal treatment of all Bidders / Contractors / Sub -contractors.
1. In case of sub –contracting, the Principal Contractor shall take the responsibility of adoption of Integrity Pact by the Sub – Contractor.
2. The Principal will enter into agreements with the identical conditions as this one with all bidders and Contractors.
3. The Principal will disqualify from the tender process all bidders who do not sign this Pact or violate its provisions.
Section 7: Criminal charges against violation Bidder(s) / Contractor(s) / Sub- contractors(s).
If the Principal obtains knowledge of conduct of a Bidder(s)/ Contractor(s) which constitutes corruption, or if the Principal has substantive suspicion in this regard, the
40
Principal will inform the same to the Chief Vigilance Officer.
Section 8 : Independent External Monitor/Monitors
1. The Principal appoints competent and credible Independent External Monitor for this Pact after approval of Central Vigilance Commission. The task of the Monitor is to review independently and objectively, whether and to what extent the parties comply with the obligations under this agreement.
2. The Monitor is not subject to instructions by the representatives of the parties and
performs his functions neutrally and independently. The Monitor will have access to all contract documents, whenever required. It will be obligatory for him to treat the information and documents of bidders /contractors as confidential. He reports to the Chief Executive Officer, NIXI.
3. The Bidder(s)/Contractor(s) accepts that the Monitor has the right to access
without restriction to all project documentation of the Principal including that provided by the Contractor. The Contractor will also grant the Monitor, upon his request and demonstration of a valid interest, unrestricted and unconditional access to his project documentation. The same is applicable to Subcontractors.
4. The Monitor is under contractual obligation to treat the information and documents
of the Bidder(s)/Contractor(s)/Subcontractor(s) with confidentiality. The Monitor has also signed declarations on “Non – Disclosure of Confidential Information” and of “Absence of Conflict of Interest” In case of any conflict of interest arising at a later date, the IEM shall inform Chief Executive Officer, NIXI. and recuse himself/herself from the case.
5. The Principal will provide to the Monitor sufficient information about all meetings
among the parties related to the Project provided such meetings could have an impact on the contractual relations between the Principal and the Contractor. The parties offer to the Monitor the option to participate in such meetings.
6. As soon as the Monitor notices, or believes to notice, a violation of this
agreement, he will so inform the Management of the Principal and request the Management to discontinue or take corrective action, or to take other relevant action. The monitor can in this regard submit non-binding recommendations. Beyond this, the Monitor has no right to demand from the parties that they act in a specific manner, refrain from action or tolerate action.
7. The Monitor will submit a written report to the Chief Executive Officer, NIXI
within 8 to 10 weeks from the date of reference or intimation to him by the Principal and, should the occasion arise, submit proposals for correcting problematic situations.
8. Monitor shall be entitled to compensation on the same terms as being extended to/provided to Independent Directors on BFL Board.
9. If the Monitor has reported to the Chief Executive Officer, NIXI, a substantiated suspicion of an offence under relevant IPC/PC Act, and the Chief Executive Officer, NIXI has not, within the reasonable time taken
41
visible action to proceed against such offence or reported it to the Chief Vigilance Officer, the Monitor may also transmit this information directly to the Central Vigilance Commissioner.
10. The word “Monitor” word include both singular and plural.
Section 10 : Pact Duration
This pact begins when both parties have legally signed it. It expires for the Contractor 12 months after the last payment under the contract, and for all other Bidder 6 months after the contract has been awarded.
If any claim is made/lodged during this time, the same shall be binding and continue to be valid despite the lapse of this pact as specified above, unless it is discharged/determined by Chief Executive Officer, NIXI.
Section 11 : Other Provisions
This agreement is subject to Indian Law. Place of performance and jurisdiction is the registered office of the Principal i.e.
9th Floor, B-Wing, Statesman House, 148,
Barakhamba Road, New Delhi-110 001 India
Changes and supplements as well as termination notices need to be made in
writing. Side agreements have not been made.
If the contractor is a partnership or a consortium, this agreement must be
signed by all partners or consortium members.
Should one or several provisions of this agreement turn out to be invalid, the remainder of this agreement remains valid. In this case, the parties will strive to come to an agreement to their original intentions.
Issues like Warranty/Guarantee etc. shall be outside the purview of the IEMs.
In the event of any contradiction between the Integrity Pact and its Annexure, the clause in the Integrity Pact will prevail.
(For & on behalf of the Principal) (For & on behalf of Bidder/Contractor)
(Office Seal) (Office Seal)
________________________________ _____________________________
________________________________ _____________________________
UNDERTAKING
I/ we, hereby declare that the information furnished above is true, complete and correct to the best of my knowledge and belief. I undertake the responsibility to inform you of any changes therein, immediately. It is further declared that I/ we will provide the proofs if desired by NIXI, failing which our bid can be rejected. I understand that in the event of my information being found false or incorrect at any stage, my/ our proposal shall be liable to cancellation / termination without notice or any compensation in lieu thereof.
43
SIGNATURES
AFFIX SEAL OF COMPANY
Annexure VI CONFIDENTIALITY DECLARATION
I/We, the undersigned, do hereby declare and confirm that I am aware that I have been assigned to render certain services (the “Services”) for the Office of the National Internet Exchange of India (NIXI) in connection with the Agreement, dated ____ 2017, between NIXI and me/ us________________(Full name of the Contractor). In connection therewith, I hereby undertake and agree as follows:
1. Certain Definitions
(a) “Confidential Information” means any data, documents, materials or other information disclosed to me in connection with the Services, in any form whatsoever, whether orally, visually, in writing or otherwise (including in computerized or electronic form). (b) “Permitted Purpose” means the use of the Confidential Information to perform the Services.
2. The Contractors Confidentiality Obligations
(a) I understand that the Contractor is subject to confidentiality obligations pursuant to the Contract. (b) I have read and understand Clause XIX of tender document of NIXI, which will be strictly adhered to.
3. Undertakings
(a) I undertake to conduct myself and render services with a view to ensuring full compliance by the Contractor in view of the Clause XIX. In case of any doubt, I shall consult with NIXI or their nodal officer for their advice.
44
(b) I shall: (i) use the same care and discretion to avoid disclosure, publication or dissemination of the Confidential Information as I use with my own similar information that I do not wish to disclose, publish or disseminate; and, (ii) use the Confidential Information solely for the Permitted Purpose.
(c) Upon the request NIXI, or upon the termination or expiry of my/ our contract, I/ we shall immediately return NIXI all Confidential Information disclosed to me/ us or to which I/we had access during or as a result of the performance of the Services, together with all copies thereof. I/ we further undertake that no information (as per Clause XIX), or documents or stored in the memory shall be disclosed to anyone or misused in any way.
SIGNED: __________________________
Name: ___________________________
BETWEEN
National Internet Exchange of India (NIXI) (hereinafter referred to as “the Purchaser”) which expression shall unless repugnant to the context or meaning thereof mean and be deemed to include its authorized agents, representatives, and permitted assigns of the First Part.
AND
The Party (hereinafter referred to as “the Bidder”) which expression shall unless repugnant to the context or meaning thereof mean and be deemed to include their successors and permitted assigns having its registered office at of the Second Part.
WHEREAS
The Purchaser had invited Tenders vide their Tender (hereinafter referred to as „Tender Document) for “Cyber Security Revamp AT NIXI Exchange POPs” The Bidder had submitted its proposal dated (hereinafter referred to as the „Tender) for the provision of such services in accordance with its proposal as set out in its Tender and in accordance with the terms and conditions of the Tender and this Contract.
45
The Purchaser has agreed to appoint the Bidder for the provision of such product & services and the Bidder has agreed to provide Product and services as are represented in the Tender, including the terms of this Contract, the Schedules attached hereto and in accordance with the terms of the Tender, and in terms of the discussions, negotiations and clarifications in relation to the implementation of the scope of work. In consideration of the foregoing and the mutual covenants and promises contained herein and other good and valuable consideration the receipt and adequacy of which is hereby acknowledged, the parties intending to be bound legally.
46
NOW THIS AGREEMENT WITNESSETH AS FOLLOWS: In this Agreement words and expressions shall have the same meanings as are respectively assigned to them in the General Conditions of Contract referred to.
The following documents shall be deemed to form and be read and construed as part of this Agreement viz:
the Scope of Work/Purchase order the General Conditions of Contract mentioned in tender document.
In consideration of the payments to be made by the Purchaser to the Bidder as hereinafter mentioned, the Bidder hereby covenants with the Purchaser to provide the Product & Services and to remedy defects therein in conformity in all respects with the provisions of the Contract.
The Purchaser hereby covenants to pay the Bidder in consideration of the provision of the Product /Services and the remedying of defects therein, the Contract Price or such other sum as may become payable under the provisions of the Contract at the times and in the manner prescribed by the Purchase order.
IN WITNESS whereof the parties hereto have caused this Agreement to be executed in accordance with their respective laws the day and year first above written
Signed, Sealed and Delivere