Upload
doankhue
View
218
Download
2
Embed Size (px)
Citation preview
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 1 of 20
Ref. No. GAD – DIT054/1/2015
Expression of Interest (EOI) For
SUPPLY, INSTALLATION,
COMMISSIONING AND
MAINTENANCE OF HARDWARE
SECURITY MODULE (HSM)
SETU, Maharashtra
Directorate of Information Technology,
Government of Maharashtra
7th Floor, Mantralaya,
Madam Cama Road, Nariman Point,
Mumbai 400032
Date of Issuance of EoI 26 February 2015
Pre-Bid Meeting 03rd March 2015 at 11 a.m.
Last Date & Time for Bid Submission 09th March 2015 at 5 p.m.
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 2 of 20
Government of Maharashtra has been a pioneer in promotion of ICT and e-Governance in
India. Maharashtra has been identified as a “Leader” in the area of e-Governance in the
recent study conducted by Government of India. In pursuance to the same speed, DIT
Maharashtra has established the State Resident Data Hub (SRDH). Among other services
offered through SRDH, the Authentication and e-KYC services are utilized by the various
Departments.
State Government Departments would use biometric devices for Authentication and e-
KYC services during service delivery. The State Government departments shall need to
validate the biometric details along with the demographic details of a resident. The
Departments shall produce xml packets which shall be sent to SRDH. SRDH shall encrypt
and digitally sign these xml packets using HSM and send them to CIDR. CIDR would
send back the response which shall have to be decrypted. For this reason, the HSM shall
be procured and used for the encryption & decryption purposes.
In this regard, Directorate of Information Technology, Government of Maharashtra
invites Expression of Interest from OEM / authorized entities of HSM OEMs for SUPPLY,
INSTALLATION, COMMISSIONING AND MAINTENANCE OF HARDWARE
SECURITY MODULE (HSM).
1. Expression of Interest (EOI)
1.1. SETU Maharashtra, a society formed by Government of Maharashtra
(Hereinafter referred to as GoM) vide G. R. dated 23rd August 2002
invites interested OEMs or their authorized entities for SUPPLY,
INSTALLATION, COMMISSIONING AND MAINTENANCE OF HARDWARE
SECURITY MODULE (HSM) AT MAHARASHTRA STATE DATA CENTRE.
1.2. Interested Agencies may submit the application in prescribed forms on or
before the last date of submission i.e. 09th March 2015 at 5 pm at 7th
Floor, DIT, Mantralaya, Mumbai
1.3. Pre-bid meeting will be held on 03rd March 2015 at 11 am in 7th Floor,
DIT, Mantralaya, Mumbai
1.4. The shortlisted agencies shall be eligible to participate in the tender for
SUPPLY, INSTALLATION, COMMISSIONING AND MAINTENANCE OF
HARDWARE SECURITY MODULE (HSM). The agency selected through the
tender shall be awarded the specified work.
2. Overall Process
2.1. The EoI and amendments thereof (if any) shall be published on DIT
website (https://it.maharashtra.gov.in) and can be downloaded by the
interested agencies.
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 3 of 20
2.2. Interested agencies can submit their proposals in prescribed format in a
sealed envelope with Subject Line “Expression of Interest (EOI) for
SUPPLY, INSTALLATION, COMMISSIONING AND MAINTENANCE OF
HARDWARE SECURITY MODULE (HSM) AT MAHARASHTRA STATE
DATA CENTRE”. This envelope should contain the two envelopes namely
Pre-Qualification Proposal and Technical Proposal.
2.3. All the bidders will go through the evaluation process as described in the
EoI document (Refer Section 4). Based on the evaluation, the eligible
bidders will be shortlisted based on the selection criteria (Refer section 4).
2.4. Shortlisted agencies will be informed through email and list of selected
agencies will be published on DIT, Government of Maharashtra website.
2.5. DIT Maharashtra reserves the right to reject any incomplete application,
without attributing any reason.
2.6. The successful bidder (referred to as ‘Vendor’) shall be selected from the
shortlisted bidder through a tendering procedure.
3. Indicative Scope of work of the Vendor
3.1. The vendor shall be required to supply, install, commission, maintain and
support the HSM devices to Government of Maharashtra.
3.2. The detailed scope will be subject to change and shall be specified in the
tender document.
3.3. The vendor shall be responsible for supply, installation, commissioning
and maintenance of HSM devices as per the minimum specifications given
in the RFP. The detailed scope of work is provided in subsequent sections.
3.4. The 2 (Two) HSM shall have to be supplied by the vendor at 4th Floor,
New Administrative Building, Opposite Mantralaya, Madam Kama Road,
Mumbai - 400032. All costs related to transportation, taxes and other
regulatory requirements shall have to be borne by the shortlisted bidder
and no separate payment shall be made. The vendor shall also provide
the associated drivers, user manuals, technical documentation, etc. to the
Purchaser.
3.5. The vendor shall be responsible for installation and commissioning of
supplied HSM at the State Data Center. This shall include but not be
limited to physical mounting, installation of associated software,
configuration on device, associated servers & network / security elements
(such as firewall), installation of private & public keys, creation of users &
roles, etc.
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 4 of 20
3.6. The vendor shall be responsible to demonstrate a duly working HSM. It
shall also provide necessary support in acceptance testing of the supplied
devices.
3.7. The vendor shall be responsible to provide one-time necessary training to
technical officials to setup, install, configure and operate the supplied
devices. The shortlisted bidder shall be responsible to provide one-time
necessary training to software developers for integration of HSM in their
software application.
3.8. The supplied HSM Devices should carry a 60 months comprehensive
onsite replaceable warranty from the date of acceptance sign off provided
by Purchaser. The vendor shall be responsible for the maintenance and
support as per the specified warranty.
4. Evaluation Process of Proposals
4.1. There shall be a three-stage evaluation procedure for shortlisting of
bidders for EOI. The three stages are pre-qualification evaluation,
technical evaluation and device evaluation. The agencies selected in first
stage shall be considered for second stage. The agencies selected in
second stage shall be considered for third stage. The agencies selected in
third stage shall be considered as shortlisted agencies and shall be eligible
to participate in the tender.
4.2. In any of the stage, if the bidder fails to meet the specified criteria or
does not furnish the necessary documents / software / devices will be
considered disqualified.
4.3. Pre-Qualification Stage (Stage-1)
# Pre-qualification Criteria Supporting
Requirement
1. Bidder must be a company Registered in
India under the Company's Act 1956
Certificate of
Incorporation
2. Bidder should be in the business of Supply,
Installation and Maintenance of Hardware
Security Module (HSM) in India for last one
year as on date of submission of bid
Purchase Order and
Completion Certificate
issued by the client
3. Bidder should be Authorized Entity of the
OEM of HSM
Authorization Letter from
OEM
4. The bidder should be registered for Sales
Tax / VAT and should have valid PAN
Copy of Sales Tax / VAT
Registration, Copy of PAN
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 5 of 20
number Card
5. The firm should not have been blacklisted
by Central Government or any State
Government organization / department in
India at the time of submission of the Bid
Self-Declaration
Note: Consortium / Joint Venture is not allowed.
4.4. Technical Evaluation (Stage-2)
# Description Supporting
Documents
Max.
Score
Cut
Off
Mark
A. Technical Evaluation Framework
1. Bidders Turnover: Total Annual
average turnover of Bidder in last
3 financial years (FY 2013-14,
2012-13, 2011-12)
> 5 Cr = 20 Points
2.5-5 Cr = 15 Points
1 - 5 Cr = 10 Points
CA Certificate 20 55
2. Turnover from HSM device:
Bidder’s turnover from supply,
installation, maintenance and
commission of HSM devices in last
3 financial years (FY 2013-14,
2012-13, 2011-12)
> 1 Cr = 10 Points
0.75 – 1.00 Cr = 07 Points
0.50 – 0.75 Cr = 05 points
Agreement /
Purchase Order(s),
Completion
Certificate, and
Project Details
(Annexure-C)
10
3. HSM devices supplied: Number
of HSM devices supplied in the
last 3 financial years (FY 2013-
14, 2012-13, 2011-12):
>10 devices = 20 points
6 – 10 devices = 15 points
1 – 5 devices = 10 points
Agreement /
Purchase Order(s),
Completion
Certificate, and
Project Details
(Annexure-C)
20
4. Experience in Government:
Experience of supplying HSM
Agreement /
Purchase Order(s),
20
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 6 of 20
devices (at least one pair)
supplied to Government (Central,
State, ULB, PSB, PSU) in India
>3 Projects = 20 points
2-3 Projects = 15 Points
1 Project = 10 Points
Completion
Certificate, and
Project Details
(Annexure-C)
5. Aadhaar Utilization: OEM’s HSM
device utilized for Aadhaar
Authentication and e-KYC (UIDAI,
ASA/KSA, AUA/KUA)
1 or more project = 5 Points
No projects = 0 points
Agreement /
Purchase Order(s),
Completion
Certificate, and
Project Details
(Annexure-C)
5
B. Demonstration / Presentation
1 Demonstration / Presentation of
the Product by the Bidder
Device Datasheets,
Specifications, etc.
25 15
Total 100 70
Bidders who succeed in getting 55 or higher marks in S. No (A1-A5) would
be invited for presentation and demonstration (approx. duration of 45
minutes) with respect to proposed devices. Technical proposal of bidders
scoring less than 55 in S. No (A1 - A5) shall be considered as non-
responsive and their bids shall not be evaluated any further.
Tendering Authority reserves right to visit (or conduct telephonic
verification) with bidder’s customers where such a similar project
execution has taken place.
Bidders who score overall 70 marks or higher in the technical evaluation,
as per the criteria mentioned above, shall be considered for further
evaluation.
4.5. Device Evaluation (Stage – 3)
The bidders shall be required to supply and install a sample device (of the
proposed make and model of the same capacity or higher) to Purchaser
for evaluation on below mentioned parameters.
Checking of the minimum device specifications
Compatibility with the existing DIT Setup
Compatibility with various relevant applications as desired by DIT
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 7 of 20
The bidder should ensure the device is supplied to the State Data Centre
within 15 days of the issuance of instructions by the DIT.
5. Minimum Device Specifications
Sr. No.
Parameter Specifications
1. Power Indian power specifications in terms of Phase, Voltage, Frequency, etc.
2. Physical Rack Mountable Redundant/hot-swappable power supply
3. Public Key Algorithm
RSA (Encrypt / Decrypt), RSA (Sign / Verify), ECC (Electric Curve Cryptography)
4. Algorithms Support Asymmetric Algorithm: RSA (1024 - 4096), Diffie-Hellman, KCDSA, ECDSA, ECDH
Symmetric Algorithm: AES, DES, TripleDES, MD5, SHA1, SHA2, SHA256
Hash/HMAC algorithm: MD-5, SHA-1, SHA-2, SHA 256
Key Exchange Mechanism: DES / TripleDES, AES Algorithm
Cryptographic algorithms: Asymmetric Key with Diffie-Hellman (1024-4096 bit), RSA (512-4096 bit) and (PKCS#1 v1.5, OAEP PKCS#1 v2.0), Digital Signing via RSA (1024-4096-bit), DSA (512-1024-bit), EC Brainpool Curves Suite B Algorithm Support and ARIA support
Full Suite B implementation
5. Signing Speed More than 300 transactions per second with RSA-2048 bits
6. Certifications FIPS 140-2 Level 3
7. Standards ROHS, FCC Part 13 Class B, CC EAL+
8. Key Length Support
1024 to 4096
9. APIs Published API for various functionalities to integrate with the Application software
10. Compatibility PKCS#11, CAPI, OpenSSL, JCE/JCA
11. Connectivity Ethernet Network based appliance, Should have Network Connectivity over TCP/IP for cryptographic communication between applications and HSM
12. OS Support Windows 2008 (32 & 64 bits) and above, Red Hat Linux (32 & 64 bits) Version 6 and above
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 8 of 20
Virtual: VMware, Hyper-V
13. Key Generation, Digital Signing and Verification, and Storage
Onboard key generation, Digital Signing & Verification process to be done inside the HSM only for better performance and security
Private Keys should always be securely generated in the Hardware and securely stored in the Hardware.
14. Administration, Backup and Disaster Recovery
Should support hardware based secure Backup & Restoration, Disaster Recovery and should support Remote Management & Administration with multiple factor Authentication.
15. Others It should support secure transportation of HSM device from one facility to another.
It should also ensure that it is tamper proof and in case of any tampering, necessary information/logs are captured
16. Number of Keys Should be able to support at least 100 keys
17. Number of Applications
Should be able to support at least 25 applications
18. Scalability Should be scalable up through additional devices and/or device upgrade.
19. Additional Software Additional / specific software’s if any, required to support multiple HSM appliances to be provided
20. Support OEM should provide 24x7 telephonic and email based support. For telephonic support, an Indian Telephone Number (preferably toll-free) should be available
21. End-of-Life The proposed product / solution should not be End-of-life and shall not reach End-of-life within 24 months from the date of submission of bid or 12 months from the date of acceptance, whichever is later
22. Upgrades, Patches, etc.
Provide new version upgrades, updates, patches, etc. for all the components / sub-components through the period of contract
23. End-of-support The proposed product / solution should not reach end-of-support during the currency of contract
6. Terms and Conditions
6.1. This EOI is for OEMs or their authorized entities
6.2. The bidder will provide an unit for evaluation purpose and for the duration
as desired by the department
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 9 of 20
6.3. EOI empaneled agencies must sign Non-Disclosure Agreement (NDA)
(Annexure B) with Government of Maharashtra
6.4. Force Majeure: For the purpose of this clause, ‘Force Majeure’ shall mean
an event that is unforeseeable, beyond the control of the parties and not
involving the parties’ fault or negligence. Such events may include acts of
the Government either in its sovereign or in its contractual capacity, war,
civil war, insurrection, riots, revolutions, fire, floods, epidemics,
quarantine, restrictions, freight, embargoes, radioactivity and
earthquakes. The empaneled Agency / Individual shall not be liable if the
delay in the discharge of its obligations under this agreement is the result
of an event of Force Majeure as defined above.
If a Force Majeure situation arises the OEM/ Authorized entities shall
promptly notify to the DIT in writing of such conditions and the cause
thereof. Unless otherwise directed by DIT in writing, the shall continue to
perform its obligations, as far as it is reasonably practical and shall seek
all reasonable means of performance not prevented by the Force Majeure
event.
7. Contact Details
Email ID [email protected]
Contact Person Shri. Ravindra Dhamnikar
State Nodal Officer UID
Government of Maharashtra
Phone No. 022-22026534
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 10 of 20
Annexure A
Expression of Interest form for SUPPLY, INSTALLATION, COMMISSIONING AND
MAINTENANCE OF HARDWARE SECURITY MODULE (HSM), DIT Maharashtra
OEM / Auth. Entity’s Name
Contac Person
Contact Mail Id
Contact Number
Contact Details (You must complete at least line 1 and 2 and the post code)
Office / Workplace
address
Post code
Contact Number
Mobile phone
Annual Turnover
2011-12 2012-13 2013-2014
Turnover from HSM Device
2011-12 2012-13 2013-2014
Documents Required
Profile of the OEM / Authorized Entities in maximum 5 pages (attach on different paper sheet)
PoA / Board Resolution authorizing the Proposal Signatory and OEM Signatory
Certificate of Incorporation
CA Certificate stating the annual turnover and turnover from HSM Device
Agreement / Purchase Order and Completion Certificate issued by the client
(including details as per Annexure-C)
Authorization Letter from OEM
Copy of Sales Tax / VAT Registration, Copy of PAN Card
Non - Blacklisting Self-Declaration (as per Annexure – D)
Compliance Declaration by OEM (as per Annexure-E) * Note: EOI applicant may attach separate sheets to elaborate more information in Annexure A.
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 11 of 20
ANNEXURE B
NON-DISCLOSURE AGREEMENT
This ("Agreement") is made and entered into ______day
of________month__________year (effective date) by and between Government of
Maharashtra and _____________________________________ (Agency / Individual).
Whereas, Government of Maharashtra and Agency / Individual have entered into an
Agreement ("Agreement") _________________ Effective _______________ for
____________________________; and whereas, each party desires to disclose to the
other party certain information in oral or written form which is proprietary and
confidential to the disclosing party, ("CONFIDENTIAL INFORMATION").
NOW, THEREFORE, in consideration of the foregoing and the covenants and agreements
contained herein, the parties agree as follows:
1. Definitions. As used herein:
1.1 The term “Confidential Information” shall include, without limitation, all
information and materials, furnished by either Party to the other in connection
with citizen/users/persons/customers data, products and/or services, including
information transmitted in writing, orally, visually, (e.g. video terminal display)
or on magnetic or optical media, and including all proprietary information,
customer & prospect lists, trade secrets, trade names or proposed trade names,
methods and procedures of operation, commercial or marketing plans, licensed
document knowhow, ideas, concepts, designs, drawings, flow charts, diagrams,
quality manuals, checklists, guidelines, processes, formulae, source code
materials, specifications, programs, software packages, codes and other
intellectual property relating to the disclosing party’s data, computer database,
products and/or services. Results of any tests, sample surveys, analytics, data
mining exercises or usages etc. carried out by the receiving party in connection
with the Department’s Information including citizen/users/persons/customers
personal or sensitive personal information as defined under any law for the time
being in force shall also be considered Confidential Information.
1.2 The term, “Directorate Information Technology (DIT) Maharashtra” shall include
the officers, employees, agents, consultants, contractors and representatives of
Department.
1.3 The term, “Agency/Individual” shall include the directors, officers, employees,
agents, consultants, contractors and representatives of Company, freelance
developer, students, and research associates.
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 12 of 20
2 Protection of Confidential Information. With respect to any Confidential
Information disclosed to it or to which it has access, Agency / Individual affirms that
it shall:
2.1 Use the Confidential Information as necessary only in connection with Project
and in accordance with the terms and conditions contained herein;
2.2 Not to make or retain copy of any commercial or marketing plans,
citizen/users/persons/customers database, Proposals developed by or originating
from Department or any of the prospective clients of Department except as
necessary, under prior written intimation from Department, in connection with
the Project, and ensure that any such copy is immediately returned to
Department even without express demand from Department to do so;
2.3 Not disclose or in any way assist or permit the disclosure of any Confidential
Information to any other person or entity without the express written consent of
the other party; and
2.4 Return to the other party, or destroy, at Department’s discretion, any and all
Confidential Information disclosed in a printed form or other permanent record,
or in any other tangible form (including without limitation, all copies, notes,
extracts, analyses, studies, summaries, records and reproductions thereof)
immediately upon the earlier to occur of (i) expiration or termination of either
party’s engagement in the Project, or (ii) the request of the other party
therefore.
2.5 Not to discuss with any member of public, media, press, any or any other person
about the nature of arrangement entered between Department and Agency /
Individual or the nature of services to be provided by the Agency / Individual to
the Department.
3 Onus. Agencies / Individual shall have the burden of proving that any disclosure or
use inconsistent with the terms and conditions hereof falls within any of the
foregoing exceptions.
4 Exceptions. These restrictions as enumerated in section 1 of this Agreement shall
not apply to any Confidential Information:
4.1 Which is independently developed by Agency / Individual or lawfully received
from another source free of restriction and without breach of this Agreement;
or
4.2 After it has become generally available to the public without breach of this
Agreement by Agency / Individual; or
4.3 Which at the time of disclosure to Agency / Individual was known to such
party free of restriction and evidenced by documentation in such party’s
possession; or which Department agrees in writing is free of such restrictions.
4.4 Which is received from a third party not subject to the obligation of
confidentiality with respect to such Information.
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 13 of 20
5 Remedies. Agency / Individual acknowledges that (a) any actual or threatened
disclosure or use of the Confidential Information by Agency / Individual would be a
breach of this agreement and may cause immediate and irreparable harm to
Government of Maharashtra (GoM); (b) Agency / Individual affirms that damages
from such disclosure or use by it may be impossible to measure accurately; and (c)
injury sustained by GoM may be impossible to calculate and remedy fully.
Therefore, Agency / Individual acknowledges that in the event of such a breach,
GoM shall be entitled to specific performance by Agency / Individual of Agency /
Individual’s obligations contained in this Agreement. In addition Agency / Individual
shall indemnify Department of the actual and liquidated damages which may be
demanded by Department. Moreover, Department shall be entitled to recover all
costs (including reasonable attorneys’ fees) which it or they may incur in connection
with defending its interests and enforcement of legal rights arising due to a breach
of this agreement by Agency / Individual.
6 Need to Know. Agency / Individual shall restrict disclosure of such Confidential
Information to its employees and/or consultants with a need to know (and advise
such employees of the obligations assumed herein), shall use the Confidential
Information only for the purposes set forth in the Agreement, and shall not disclose
such Confidential Information to any affiliates, subsidiaries, associates and/or third
party without prior written approval of the disclosing party.
7 Intellectual Property Rights Protection. No license to a party, under any
trademark, patent, copyright, design right, mask work protection right, or any other
intellectual property right is either granted or implied by the conveying of
Confidential Information to such party.
8 No Conflict. The parties represent and warrant that the performance of its
obligations hereunder do not and shall not conflict with any other agreement or
obligation of the respective parties to which they are a party or by which the
respective parties are bound.
9 Authority. The parties represent and warrant that they have all necessary authority
and power to enter into this Agreement and perform their obligations hereunder.
10 Dispute Resolution. If any difference or dispute arises between the Department
and the Agency / Individual in connection with the validity, interpretation,
implementation or alleged breach of any provision of this Agreement, any such
dispute shall be referred to the Principle Secretary, Information Technology, and
Maharashtra Government.
10.1 The arbitration proceedings shall be conducted in accordance with the
(Indian) Arbitration & Conciliation Act, 1996 & amendments thereof.
10.2 The place of arbitration shall be Mumbai.
10.3 The arbitrator’s award shall be substantiated in writing and binding on the
parties.
10.4 The proceedings of arbitration shall be conducted in English language.
10.5 The arbitration proceedings shall be completed within a period of 180
days from the date of reference of the dispute to arbitration.
11 Governing Law. This Agreement shall be interpreted in accordance with and
governed by the substantive and procedural laws of India and the parties hereby
consent to the exclusive jurisdiction of Courts and/or Forums situated at Mumbai,
India only.
12 Entire Agreement. This Agreement constitutes the entire understanding and
agreement of the parties, and supersedes all previous or contemporaneous
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 14 of 20
agreement or communications, both oral and written, representations and under
standings among the parties with respect to the subject matter hereof.
13 Amendments. No amendment, modification and/or discharge of this Agreement
shall be valid or binding on the parties unless made in writing and signed on behalf
of each of the parties by their respective duly authorized officers or representatives.
14 Binding Agreement. This Agreement shall be binding upon and inure to the
benefit of the parties hereto and their respective successors and permitted assigns.
15 Severability. It is the intent of the parties that in case any one or more of the
provisions contained in this Agreement shall be held to be invalid or unenforceable in
any respect, such provision shall be modified to the extent necessary to render it, as
modified, valid and enforceable under applicable laws, and such invalidity or
unenforceability shall not affect the other provisions of this Agreement.
16 Waiver. If either party should waive any breach of any provision of this Agreement,
it shall not thereby be deemed to have waived any preceding or succeeding breach
of the same or any other provision hereof.
17 Survival. Both parties agree that all of their obligations undertaken herein with
respect to Confidential Information received pursuant to this Agreement shall survive
till perpetuity even after any expiration or termination of this Agreement.
18 Non-solicitation. During the term of this Agreement and thereafter for a further
period of two (2) years Agency / Individual shall not solicit or attempt to solicit
Department’s employees and/or consultants, for the purpose of hiring/contract or to
proceed to conduct operations/business similar to Department with any employee
and/or consultant of the Department who has knowledge of the Confidential
Information, without the prior written consent of Department. This section will
survive irrespective of the fact whether there exists a commercial relationship
between Agency / Individual and Department.
19 Term. Subject to aforesaid section 17, this Agreement shall remain valid up to ………
Years from the “effective date”.
IN WITNESS HEREOF, and intending to be legally bound, the parties have executed this
Agreement to make it effective from the date and year first written above.
For Government of Maharashtra For OEM/Agency
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 15 of 20
Annexure C - Format of project experience
Summary Table for Relevant Project Experience
Sl. No. Name of Project Year of Project Page Number
1.
2.
3.
4.
5.
Detailed Project Experience (please provide separate table for each project)
Project Information
Name of the project
Client for which the project was
executed
Name and contact details of the
client
Project Details
Description of the project
Scope of services
Start date
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 16 of 20
Completion date
Duration of the project
Other Relevant Information (if any)
Supporting Documents enclosed (√):
Work Order received from Client/ Copy of Contract signed between
Implementation Partner and client
Scope of Work highlighted(Y/N)
Period of Contract Highlighted(Y/N)
Other (if any)
Date: Signature of Authorized Representative
Name of Bidder:
Full Address:
Telephone No.:
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 17 of 20
Annexure D – Self-declaration by bidder for not being
blacklisted
[ON BIDDERS LETTERHEAD]
Date: DD/MM/YYYY
To
The Director,
Directorate of Information Technology,
Government of Maharashtra,
7th Floor, Mantralaya,
Madam Cama Road,
Mumbai – 400032
Sub: Declaration of no valid ineligibility for corrupt or fraudulent practices or blacklisted
with any of the Government agencies in India during the last three years
Ref: <<RFP Title >> (Bidding Document No: __________ Dated: __/__/____) Sir,
In response to the above mentioned RFP I,_______________, as ________
<Designation>______ of M/s_____________, hereby declare that our Company / Firm
__________is having unblemished past record and is not declared blacklisted or
ineligible to participate for bidding by any State/Central Govt., Semi-government or PSU
/ PSB due to unsatisfactory performance, breach of general or specific instructions,
corrupt / fraudulent or any other unethical business practices during the last three years.
Date: Signature of Authorized Representative
Name of Bidder:
Full Address:
Telephone No.:
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 18 of 20
Annexure E – Compliance to Device Specification
[ON OEM LETTERHEAD]
Date: DD/MM/YYYY
To
The Director,
Directorate of Information Technology,
Government of Maharashtra,
7th Floor, Mantralaya,
Madam Cama Road,
Mumbai – 400032
Sub: Compliance to HSM Device Specifications, UIDAI Guidelines, CCA Guidelines and IT
Act
Ref: <<RFP Title >> (Bidding Document No: __________ Dated: __/__/____) Sir,
We, <Name of OEM>, hereby declare that the device <Make and Model Number>,
proposed in this EOI response is completely compliant with UIDAI Guidelines, CCA
Guidelines and IT Act 2000 (including Amendments). The detailed compliance regarding
the Minimum Specifications specified in the EOI document is provided below.
Sr. No.
Parameter Specifications Compliance (Compliant and Non-Compliant)
1. Power Indian power specifications in terms of Phase, Voltage, Frequency, etc.
2. Physical Rack Mountable Redundant/hot-swappable power supply
3. Public Key Algorithm
RSA (Encrypt / Decrypt), RSA (Sign / Verify), ECC (Electric Curve Cryptography)
4. Algorithms Support
Asymmetric Algorithm: RSA (1024 - 4096), Diffie-Hellman, KCDSA, ECDSA, ECDH
Symmetric Algorithm: AES, DES, TripleDES, MD5, SHA1, SHA2, SHA256
Hash/HMAC algorithm: MD-5, SHA-1, SHA-2, SHA 256
Key Exchange Mechanism: DES / TripleDES, AES Algorithm
Cryptographic algorithms: Asymmetric
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 19 of 20
Key with Diffie-Hellman (1024-4096 bit), RSA (512-4096 bit) and (PKCS#1 v1.5, OAEP PKCS#1 v2.0), Digital Signing via RSA (1024-4096-bit), DSA (512-1024-bit), EC Brainpool Curves Suite B Algorithm Support and ARIA support
Full Suite B implementation
5. Signing Speed More than 300 transactions per second with RSA-2048 bits
6. Certifications FIPS 140-2 Level 3
7. Standards ROHS, FCC Part 13 Class B, CC EAL+
8. Key Length Support
1024 to 4096
9. APIs Published API for various functionalities to integrate with the Application software
10. Compatibility PKCS#11, CAPI, OpenSSL, JCE/JCA
11. Connectivity Ethernet Network based appliance, Should have Network Connectivity over TCP/IP for cryptographic communication between applications and HSM
12. OS Support Windows 2008 (32 & 64 bits) and above, Red Hat Linux (32 & 64 bits) Version 6 and above
Virtual: VMware, Hyper-V
13. Key Generation, Digital Signing and Verification, and Storage
Onboard key generation, Digital Signing & Verification process to be done inside the HSM only for better performance and security
Private Keys should always be securely generated in the Hardware and securely stored in the Hardware.
14. Administration, Backup and Disaster Recovery
Should support hardware based secure Backup & Restoration, Disaster Recovery and should support Remote Management & Administration with multiple factor Authentication.
15. Others It should support secure transportation of HSM device from one facility to another.
It should also ensure that it is tamper proof and in case of any tampering, necessary information/logs are captured
16. Number of Keys Should be able to support at least 100 keys.
EOI for Procurement of HSM February 26, 2015
SETU | For Government of Maharashtra For OEM/Agency Page 20 of 20
17. Number of Applications
Should be able to support at least 25 applications
18. Scalability Should be scalable up through additional devices and/or device upgrade.
19. Additional Software
Additional / specific software’s if any, required to support multiple HSM appliances to be provided
20. Support OEM should provide 24x7 telephonic and email based support. For telephonic support, an Indian Telephone Number (preferably toll-free) should be available
21. End-of-Life The proposed product / solution should not be End-of-life and shall not reach End-of-life within 24 months from the date of submission of bid or 12 months from the date of acceptance, whichever is later
22. Upgrades, Patches, etc.
Provide new version upgrades, updates, patches, etc. for all the components / sub-components through the period of contract
23. End-of-support The proposed product / solution should not reach end-of-support during the currency of contract
Date: Signature of OEM’s Authorized Representative
Name of Bidder:
Telephone No.: