Notifications

Dear User,

Dear Buyers,
Sellers Suspended due to non-compliance with GFR Rule 144(xi):
Sellers and Brands listed in the "Sellers Suspended due to non-compliance with GFR Rule 144(xi) " either been determined as non-compliant or have failed to prove their compliance for clause 26 of GTC. till 31.01.2024.
These sellers, the brands owned by them and all the catalogs uploaded by them have been removed from GeM marketplace. These are not eligible for any bid participation on GeM (even through Custom bid and or BOQ bid modes).
Buyers are advised to ensure that they reject such offers received in any bid process form such sellers or other sellers offering products of these brands because of suspension due to noncompliance of GTC clause 26.
GeM reserves the right to cancel such contracts even if placed by the buyer. Buyers are advised to check updated list on regular basis on GeM.
I have gone through the list of Sellers Suspended due to non-compliance with GFR Rule 144(xi). I confirm that I have rejected all such bids which are form such sellers or other sellers offering products of these brands. I understand that this is not an exhaustive listing and I have also done due diligence in respect of remaining sellers for the compliance of GTC clause 26.
Note:
No EMD to be taken from exempt category of sellers even by way of specific clauses mentioned in ATC / STC. Such clauses which are against the GeM GTC, will be treated as null and void.
However, State Government / State Autonomous / State Local Bodies / State PSU / Cooperatives may choose to seek EMD from MSE bidders by specifying the same in ATC / STC of the Bid. In case no such clause is included in ATC / STC, EMD exemption as per para (m) above shall prevail.
Dear Sir/Ma'am,
A technical issue reported in product bids published/drafted since 14th July 2023 9:00 a.m. . The brand name and related information was mentioned in title of the item for the bid created instead of category name of item. Therefore, buyers are advised to cancel such bids and publish fresh bid by 18th July 2023. These bids shall never be treated as PAC bid and they will be brand neutral unless otherwise created as PAC Bid.
Revised IM Policy effective from 1st July'23 - Click here.
Dear Buyer,
Issue of notification regarding OEM / Compatible Cartridge / Consumable (View More)
Some cases have been reported where bidders have claimed non receipt of prior intimation of RA start. In order to ensure that no prospective eligible bidder is left out due to non intimation on time, it has been decide that RA will henceforth start 24 hours after the buyer proceeds for the RA creation and initiated RA. RA Start date and End Date will be notified to both buyer and sellers.
GeM system maintenance activity is planned from 17/06/2023 9:00 PM until 18/06/2023 02:00 PM. While we will work towards avoiding any outages, the system may be unstable intermittently. As a preventive measure, you are requested to either prepone or postpone Bid related activities such as Bid creation, Evaluation, Seek Clarification, Reply Representation and Negotiations etc, to other dates as per your convenience. Also, you may like to avoid keeping Bid end date and Bid Opening dates on or near these dates if feasible.
Please find enclosed OM dated 28.04.2023 on revised format for Registration of bidders from countries sharing land border with India under Rule 144 (xi) for your kind information and necessary action.
Notification regarding Cyber Security Control matrix
Please note that insecure products, solutions, and services lead to exposure to threats and cyber security breaches which affects procuring entities. Assuring cyber security as a feature of products and services require ensuring cyber security compliances as a part of procurement This will also help in building a cyber-security culture. Building awareness in government agencies to adopt cyber security controls as part of the procurement of ICT products and services, as well as engaging industry to put cyber security control requirements into practise, is crucial for meeting the objective of ensuring cyber security.

It is noted that many times due to lack of awareness various clauses, provisions, and guidelines regarding cyber security requirements mandated by MeitY are not being incorporated while making procurements by buyer organisations. In order to give inputs to the procuring authorities regarding these aspects, Indian Computer Emergency Response Team (CERT-In) drafted a discussion paper regarding cyber security control matrix for the procurement of services and solutions by government organisations. The control matrix includes governance and policy, confidentiality, availability, regulatory complexity, audits and situational awareness, data security, application security, and network security. Discussion paper indicates the specification and requirements of different controls as well as indicative methods for verification for each control matrix. A copy of the discussion paper is enclosed herewith.

All the organisations making procurement through GeM are hereby requested to take note of the discussion paper drafted by CERT-In on "Cyber Security Controls Matrix for Procurement of Services and Solutions by Government Organisations ". which is enclosed as Annexure.

It may be noted that procuring entities may select and include appropriate and applicable controls from the control matrix indicated in the discussion paper as a part of their procurement of ICT services and solutions. Procuring entities may also consider adding additional specific controls as per their risk profile and scope of services.

It may also be noted that the adoption of cyber security controls by procuring entities in the procurement process may be kept voluntary (as best practises). However, after a year, based on the outcomes, learning control may be mandated as a part of all ICT-related procurement by government entities.

All buyer organization as well as seller/service providers are requested to note the above.
Push Button Procurement (PBP) functionality enhanced - No need for buyer to certify reasonableness of rates:
GeM has enhanced the Push button Procurement functionality enabled as per DoE OM number F.6/7/2022-PPD dated 11th January 2023. The new guidelines for PBP are as follow:
1. (a) The total procurement value of the specific case may be up to Rs. Five lakhs inclusive of all taxes (No splitting of requirement to be done to bring procurement under this method).
2. (b) This method will be enabled by GeM only for select categories where at least ten sources are listed, and marketplace is sanitized.
3. (c) Once PBP bid is invited on GEM, contract will be placed directly by Gem System without any human intervention i.e., no evaluation or rejection of bids by buyer and without any need for buyer to certify reasonableness of price. Provided conditions as per DoE OM are satisfied, which would be checked by Gem system, - Not by buyer.
4. (d) GeM system would itself check that at least five bids are received (with minimum two Different brands).
5. (e) Individual bidders may quote more than reference price of PBP. GeM system would ensure that order is placed only if lowest price received after PBP is below the GeM marketplace price for identical requirements.
Please refer push button procurement Manual for detailed guidelines. The details of Categories enabled for PBP are available here.
Buyers are advised to comply the latest OM No.F.7/10/2021-PPD (1) dated 23.02.2023 issued by DoE for the restrictions under Rule 144(xi) of the General Financial Rules (GFRs), 2017 while procuring on GeM.
With reference to the clause 4, Section xiii, Sub-section 'm' of GeM GTC, it is to bring to your kind attention that the following categories of Sellers are exempted from furnishing Bid Security:
1. 1. Micro and Small Enterprises who are manufacturer of the Primary Product Category or Service Provider of the Primary Service Category and give specific confirmation to this effect at the time of bid submission and whose credentials are validated online through Udyam Registration / Udyog Aadhaar (as validated by Government from time to time) and through uploaded supporting documents.
2. 2. Start-ups as recognized by Department of Industrial Policy and Promotion (DIPP).
3. 3. KVIC, ACASH, WDO, Coir Board, TRIFED and Kendriya Bhandar.
4. 4. Sellers who have got their credentials verified through the process of Vendor Assessment by Vendor Assessment Agencies for the Primary Product / Primary Service for which Bid / RA has been invited.
5. 5. Sellers/ Service Provider having annual turnover of INR 500 Crore or more, at least in one of the past three completed financial year(s)
6. 6. Micro and Small Enterprises registered with NSIC for the Primary Product Category whose credentials are validated through NSIC database and through uploaded supporting documents.
7. 7. Micro and Small Enterprises registered with DIC for the Primary Product Category whose credentials are validated through DIC database and through uploaded supporting documents.
8. 8. Sellers / Service Providers holding BIS License for the Primary Product Category whose credentials are validated through BIS database and through uploaded supporting documents.
9. 9. Central / State PSUs.
10. 10. Seller / Service Provider registered with designated Agency / Authority as specified in the bid document by the Buyer – such bidder shall have to upload scanned copy of relevant registration document in place of Bid Security document while ] bidding.
Note: No EMD to be taken from exempt category of sellers even by way of specific clauses mentioned in ATC / STC by the Buyers. Such clauses which are against the GeM GTC, will be treated as null and void.
- Get immediate financing through TReDS to pay your MSMEs and show compliance with MSMED Act.
- Benefits of TReDS:
Easy & speedy financing of MSME receivables at highly competitive rates through multiple bank bidding
Uncollateralized finance for Buyers
Assured compliance to MSMED Act, 2006 for making payment to MSMEs as per the Department of Expenditure Payment Order from Goods acceptance date.
Financing period of maximum 180 days.
Automated repayment to financiers on due date through an auto-debit mechanism.
100% digital transactions from anywhere
Lower administration cost for vendor financing, payments, and settlements
How to avail benefits of TReDS?
Not registered with TReDS? Start registration NOW
M1xchange: https://www.m1xchange.comBenefitstoGeMsupplier&Buyer/
Invoicemart: https://www.invoicemart.com/
RXIL: https://rxil.in/Registration-Benefits-GeM-Buyer.html
Registered with TReDS? Now, choose payment through TReDS
With reference to the OM No.F.6/1/2023-PPD dated 06.01.2023, from Dept. of Expenditure, the minimum service charges for the commission based Manpower Outsourcing services has been revised to 3.85%. Procuring entities can also fix the service charges above 3.85% with proper justification on file, wherever required. However, such service charges should not exceed 7% in any case. It is also recommended to use the Least Cost Selection (LCS) especially in High Value Bids, the template for which can be assessed on this link.
DPIIT has issued OM P-45014/33/2021-BE-II (E-64737) dated December 20th, 2022 related to common examples of "Restrictive and discriminatory conditions against the local suppliers" and "Other conditions which make the bid non compliant to PPP-Mll Order''. Buyers are advised to comply with the same and ensure that their tenders are compliant with PPP-MII Order and don't include restrictive and discriminatory conditions against the local suppliers.
Single packet bid has been enabled on GeM and buyers can procure using it. In single packet bidding both technical and financial offerings are being opened simultaneously and buyers evaluate both financial and technical offers simultaneously and publish the evaluation results. Please refer to the user manual for details.
Additional disclaimer and recommendation for buyers for procurement of Drugs/Medicine through Custom/BOQ bids:
All Provisions of Drugs and Cosmetics Act, 1940 and Rules made there under as amended till date will always be applicable. This will include all notifications issued by Central Drugs Standard Control Organisation (CDSCO), Ministry of Health & Family Welfare (MoHFW) and Department of Pharmaceuticals (DOP), Ministry of Chemicals & Fertilizers from time to time in this regard.

The sellers are registered on GeM based on self-declaration of valid Drug License, product certification, test reports etc. However, buyers mandatorily check and validate the details at their end for all applicable licenses and certifications e.g., validity and authenticity/genuineness of drug license, product certification, manufacturer certification/licenses, test reports etc.

In case of custom/BOQ bid, it is recommended to take Notarized Undertaking from private drug manufacturers for necessary compliances. (attached format of "Notarized Undertaking")

Only manufacturers for particular drugs/medicine may be eligible to participate in the bid or quote for the drugs/medicine.
The service category “Healthcare Human Resource Outsourcing Service” has been merged with the other existing manpower outsourcing services which are Manpower Outsourcing Services - Minimum Wage and Manpower Outsourcing Services - Fixed Remuneration . Hence, it has been disabled from the market for all new bids. Buyers can hire the healthcare resources from these 2 manpower outsourcing service categories. There will be no impact on already published bids.
GeM has launched the Push button procurement functionality on experimental basis enabling buyer to buy upto 5 lakhs simplifying the procurement process and require minimal intervention from buyer. This is system driven procurement enabled for the limited 50 categories . This has been enabled vide DoE OM number F.6/7/2022-PPD dated 11th January 2023. The buyer may refer the push button procurement manual for further details. The details of categories enabled for PBP is available here. The key guidelines for PBP are as follow
1. (a) PBP will be made only on GeM through bidding (PBP through Direct Purchase, L-1, Custom-bid etc. are not permitted).
2. (b) The total procurement value of the specific case is not to exceed Rupees Five lakhs, inclusive of all taxes.
3. (c) This will be additional method of procurement and procuring entities are free to use or not to use this additional method of procurement.
4. (d) This method can be used only in case of at least five bids are received. In case of less than five bids are received, the procurement is to restart using usual procurement methods.
5. (e) No splitting of requirement is to be done so as to bring procurement under this method.
6. (f) Once bid is invited on GeM, contract will be placed directly by GeM without any human intervention. (Provided condition 3 (d) above is complied.)
7. (g) This method will be permitted by GeM only for such categories, where at least ten sources are listed.
Load Based Bidding
Bids are currently being evaluated on GeM based on the price quoted by the bidder at the time of bid participation. However, there are some use cases when the buyer publishes a bid and expects certain technical and commercial parameters to be used to evaluate the price, resulting in the evaluated price being different from the bidder's offered price.

To capture detailed technical and commercial parameters, GeM has added another feature whereby a buyer can declare the Technical and Commercial Loading Criteria for Bid Evaluation during Bid Creation itself, which will be printed for the bidders' reference in the Bid document.

The selection of the Techno Commercial for Bid Evaluation will be optional for the buyer and the same can be saved as "No," if buyer doesn’t wish to go with the same.

This will be used by the buyer for the limited categories available in the GeM marketplace.

Categories where Load based will be applicable - BIOMASS and types of pumps like HSD, Screw , Fuel, Petrol pump.
Bunching of predefined categories has been enabled now for bidding. Buyer can create bunch bid of items from same category. Buyer can also create bunch bid of items from different categories if such categories are enabled for bunching by GeM. If the item categories that you are trying to bunch are not enabled to be bunched together and you feel that these are items are having same Supplier / OEM base and are required to be bought together and bunching will not lead to restriction in competition, then you may please send an email request to GeM at request-bunch@gem.gov.in for enabling bunching of such categories. Please mention exact name of GeM categories that you are requesting for enabling bunching. Your request would be examined by GeM team and if it is found that such bunching would not lead to restrictive bidding, GeM would enable bunching of those categories. This is a one time exercise and once enabled, all buyers can bunch those categories in all their future bids. Custom and BoQ items are by default enabled to be bunched with other regular categories.
The option of acceptance/ rejection of Direct Purchase/ L1 orders will be discontinued on GeM from 29th July 22 onwards. All the orders placed on GeM shall be auto accepted unless the buyer is red flagged or the order is for a freight intensive item. Only in these cases, the sellers will get an option to Accept/ Reject the order. Even in these cases, the order shall be auto accepted in 5 days if no action is taken by the seller.
The functionality for the collection of interest amount on the delayed payments as per DoE OM No.F.6/18/2019-PPD dated 3rd July 2020 is being made live from 01st August 2022, which would be applicable on all CRAC issued/generated on or after 01st August 2022. If the payment is delayed beyond prescribed timelines, the buyer will be liable to deposit interest as per DoE OM. Interests due showing in the Buyer dashboards for older contracts are being reset to zero and all future interests would have to be paid using online functionality deployed on the GeM using the SBI payment gateway.
Please read DO from CEO GeM regarding misuse of Custom / BoQ based bids.
DP and L-1 purchase for multiple consignee is not allowed. Buyer can add multiple consignees during bid creation.
Bunching of the items has been disabled for Direct Purchase and L1 purchase. For ordering multiple items put the items in separate carts and proceed to checkout in each cart.
GeM is in process to phase out the use of OTP based on authentication process at various stages of procurement like bid floating, bid submissions, invoicing, CRAC generation, Bill process, payment etc. For seamless and hassle-free transition it is advised to get yourself registered for esign or DSC based authentication services and complete all associated formalities. The exact date of disablement of the OTP based authentication will be communicated in near future.
GeM is in a process of development of functionality to deal the statutory variations of contract like GST, VAT etc online. In meantime till such functionality is deployed buyers and sellers are advised to deal variation of taxes OFFLINE at their end with due verification and scrutiny as per enforced tax rates, contract clause and applicable guidelines of organization.
Direct RA is being disabled. Please use BID to RA in place of Direct RA.
Escalation of Tickets – Please raise a ticket while flagging any issue to GeM, it helps better tracking, monitoring, and faster resolution. Further it helps in escalating it to higher level if issue is not resolved within defined timeline. Now tickets can be escalated https://gem.gov.in/gemtickets/create to higher level.
Training for registration and bidding for buyers and sellers - GeM offers self-help trainings for buyers and sellers to register and procure services from the GeM portal without any external help. The link to access these training programs is https://gem.gov.in/training/training_module.
Input Tax Credit - Input Tax Credit and Reverse Charge Mechanism feature in BID has been implemented. Input Tax Credit is required by Buyers who are eligible for Input Tax Credit on GST and GST cess (wherever applicable) in their purchase. Since they get credit of GST therefore, they require financial evaluation of BID considering input tax credit (ITC) so that L1 evaluation is on Net landed Cost to the Buyer. There are three types of sellers in this case. One is regular GST registered seller, unregistered seller and seller registered under composition scheme. This functionality is for all goods and services except services on commission base.
Custom bid and BOQ Bid- GeM strongly recommend use of category based bids - Use of Custom Bid / BoQ bid is not allowed for items for which regular category is available on GeM. Buyer can use the features of Additional parameters also to suit its requirement. Any bid created under Custom / BoQ category shall be cancelled by GeM without any notice, if it is found that regular category is available on GeM for similar items.
Creation of secondary user under different primary user with same mail id: The secondary user registration using an existing email address should be allowed for all the roles - Buyer, Consignee and PAO/DDO.
GeM has revised its Transaction Charge policy. This can be accessed at here
Vaccines and Generic Drugs/Medicine categories - Categories of Vaccines required under the Universal Immunization Program (UIP) of MoHFW have been made live in consultation with them. The categories of TB medicines required under National TB program of MoHFW and other generic drugs/medicines have been made live.
Unlimited RA Auto Extensions - Now there is NO limit on number auto-extensions allowed in reverse auctions, GeM recommends use of unlimited auto extension for best price discovery.
Bid opening from 3 days instead of 10 days only for central Gov & Central CPSE buyers and not applicable on BOQ and custom bids.
BID Life cycle from system has been removed from the system for all types of bids/RA.
Technical evaluator: Evaluation can be based on Single/Multiple evaluator(s) or self, selection for Tender Committee (TC) option shall also be available
Re-blocking of funds - Buyers will now be able to block funds which they had not done at the time of order placement due to reasons like change of financial years etc.
- New Functionalities on Services
L1 negotiation: Buyer now gets an option to negotiate with L1 discovered from the financial evaluation. In case service provider has uploaded the price breakup then service provider gets the option to upload revised price breakup after conducting their negotiations with the buyer.
MSE preference: If buyer has selected MSE preference in bid then buyer will get option to send price match request to MSE if Non MSE bidder is selected as L1 and MSE price quoted is within L1+X% (X as defined in bid) range. In case buyer has not opted for MSE preference then buyer needs to provide competent authority approval with detail of approving authority.
Minimum floor price: A new feature has made live to solve the above problem, minimum floor price feature is available for buyers to define the minimum floor price below which no service provider would be able to quote in bid. This feature will help buyers to get reasonable price offers in bids. This feature is available for all PSUs/CPSEs/State Buyers and MoD.
Online invoicing for services - In order to introduce end to end procurement on GeM Invoicing has been made live on GeM for service providers and buyers to streamline the complete process.
Invoice rejection by consignee - Once the invoice raised by service provider, consignee now has the feature to reject the invoice against some rejection reasons which will be visible to service provider. Based on the comments, service provider will be able to update the invoice and then submit again.
Provision to upload additional SLA and SOW and ATC - Buyer has provision to write or upload document files for all of above features which will further become part of bid document and contract document and service provider has to abide by that. The terms and condition, scope of work or SLA mentioned by buyer will supersede by default conditions mentioned in SLA of the service.
Price breakup - GeM has introduced the functionality where Buyer can request for Price Breakup, Format to be uploaded by buyer for the breakup of components on cost/price offered by Service Provider in the Bid. Format uploaded by buyer may be used by service provider as reference for providing financial breakup. L1 will be evaluated by system basis on lowest price offered. GeM restricts this document to be available only during financial evaluation step, buyer will be able to open this document after financial will be open.
Custom filter for buyer - GeM has introduced feature to choose “Others” option from the list of values of technical parameters in case desired parameter is not available. Buyer has to select “Intent of Buying” as “Bid” to enter the Customized Requirement.
GeM system maintenance activity is planned from 25/06/2022 9:00 PM until 26/06/2022 12:00 Noon. While we will work towards avoiding any outages, the system may be unstable intermittently. As a preventive measure, you are requested to either prepone or postpone Bid related activities such as Bid creation, Evaluation, Seek Clarification, Reply Representation and Negotiations etc, to other dates as per your convenience. Also, you may like to avoid keeping Bid end date and Bid Opening dates on or near these dates if feasible. Please note, during this period Buyers can access all previous and ongoing Bid/RA status and details from their panel.
Forward Auction is a new feature addition into GeM platform enabling integrated B2B (Business to Business) and B2C (Business to Customer) auction featuring pan India auctioneers and bidders. As a GeM registered buyer, user can create “Auction” to sell off goods/materials/immovable assets within GeM portal using Forward Auction application and can reach out pan India bidders at a larger scale. To know more, click here
Advanced Search- https://bidplus.gem.gov.in/advance-search
Please click here to view the service approval process flow.
"Buyer Selected Non-Golden Parameters are now mandatory Bid requirement” - Buyers can now choose both Golden and Non-Golden Parameters for defining the Bid Requirements. This will enable Buyers to impose a non-golden parameter as a mandatory specification for their Bids.

All Golden parameters of the category and only those non-Golden parameters which Buyer has selected while creating bid (with values as selected by the Buyer or better than that), will now form part of the overall item specifications in Bid and will be published in the Bid document. Please note that the Non-Golden Parameters which are not specifically selected by the Buyer will now be discarded from bid and will not be published in bid and Sellers can offer a product with any of the allowed values for such non-golden parameters. If buyer want to make any non-golden parameter a part of bid, he must select that parameter and select its allowed values while creating bid, else GeM system would presume that buyer has no specific choice for that parameter and will accept any value for that parameter. No bid can then be rejected for such non selected parameter.
It is also to be noted that the values of the reference product are no longer part of the bid and only allowed values will be part of bid. For Golden parameters, by default GeM would incorporate all values that are better than the reference product's values in the bid. Buyer can select and allow any more values that he feels appropriate so that the bid is as generic as possible to attract maximum competition. Similarly for Buyer chosen non-golden parameters also, reference product's value and better values would be allowed by default and Buyer can add more values of his choice.
Sellers would now need to mandatorily comply with complete Bid specifications to proceed with Bid participation. Since bidders will now be pre-filtered and allowed to offer only those products which are matching with allowed values of Golden as well as non-Golden parameters (Buyer selected), there would now be no need for Buyer's to check or reject any bid on the ground of specification mis-match as far as GeM catalogues are concerned.

Please be informed that all the buyers registered on the GeM portal have to update the GSTIN details mandatorily. You may log into your buyer account and get the option to update GSTIN under the "My Account" section. Also please note that if you do not have a GSTIN number, you will have to give acceptance to the declaration that you are not liable to fall under the ambit of GST on your buyer dashboard.

Request you to please do the needful at the earliest.

Incident management policy has been revised, please click here to view the new policy.
Please click here to see the important updates about the Payments OM
As per the OM issued by the Department of Expenditure, Ministry of Finance (No.F.6/18/2019.PPD), the following provisions have been enabled on GeM -

Proof of Delivery Submission

The system would not allow the seller to generate an invoice, if the delivery period of an order has passed. The sellers must also submit the proof of their delivery to the consignee's location before the delivery date of the orders has passed, for their shipments to be eligible for Auto PRC and Auto CRAC
Auto PRC and Auto CRAC

Auto PRC

In case if the seller has submitted the proof of delivery before the order's delivery date has passed, their shipments would be eligible for auto PRC. This means that if the consignee does not generate the PRC within 4 days from the date of delivery as per the proof of delivery submitted by the seller, then the system would generate an auto PRC, marking all the shipped quantities as PRC accepted. At this point, the consignee would have 2 more days to make any modifications. In case, if still no action has been taken by the consignee within these 2 days, then this system generated auto PRC would be considered as the final PRC which could no longer be modified.
Auto CRAC

In case if the seller has submitted the proof of delivery before the order's delivery date has passed and the final PRC is also completed (through the system or by the consignee), then their shipments would be eligible for auto CRAC. This means that if the consignee has not generated the CRAC within 10 days from the date of delivery as per the proof of delivery submitted by the seller, then the system would generate an auto CRAC, marking all the PRC quantities as CRAC accepted. At this point, the consignee would have 3 more days to make any modifications. In case, if still no action has been taken by the consignee within these 3 days, then this system generated auto CRAC would be considered as the final CRAC which could no longer be modified.
Supplementary Invoice

For product orders where the consignee has made some rejections at the PRC or CRAC stage, the sellers would now have an option to issue a supplementary invoice against these rejected quantities. This option would be available to the seller before the delivery date of the order has passed.

For more information on the OM, please click here.

All transactions on Gem 2.0 can be accessed here.

Home

Information Technology Broadcasting and Telecommunications

Software

Network Security Equipment

Vulnerability Management / Assessment Software (V2) (Q2 Category)

VMDR VULNERABILITY MANAGEMENT/ASSESSMENT SOFTWARE With Subscription License

VMDR^R

(Qualys VMDR)

Product Details

Our Price: ₹2,963.00

18%

You Save: ₹637.00 (18%)

Price For : 1 pieces

MRP/Unit: ₹3,600.00

Offer Price/Unit: ₹2,963.00

Availability: 100000 In Stock

Min. Qty. Per Consignee: 10000

Product id: 5116877-582919690

With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the

Country Of Origin: India, United States of America

Local Content (MII): 50%

Seller Details

Sold by: OEM

OEM verified catalogue

View All Sellers

₹2,963.00

Specifications

Category Software ,Appliance ,Virtual appliance

Scanner based on Software ,Hardware ,Virtual appliance

Scanner Deployment modes Active-Active ,Active-Passive ,Standalone ,Manual ,Multi tenancy ,Zero Touch Deployment ,Scanner proxy for VPC (Virtual Private Container) envirnonment ,Support Integration with SIEM and Open Stack, ,End to End Vulnerability Management Work Flow Creation ,User Acceptance Testing of Offered Modules ,On Premise Solution ,On Cloud Solution

Scanner Functioning Load balancing ,Task peering ,Automatic failover

Type of Centralized Management Hardware ,Software ,Terraform ,Ansible ,Heat template ,AWS lamba ,Azure ARM ,Elastic Beanstalk ,CLI8-SSH 9 -GUI ,NA

Type of License Subscription

Type of IP Scanning OS ,Firmware ,Appliction ,Database

Installation and Demonstration No

No of days Training Provided at Site from OEM 1

Number of Years upto which Support is available from OEM during the warranty period 1

OEM SUPPORT Features 24 x 7 x 365 Support by respective OEM. ,OEM office in India ,Support offices Pan India. ,Provides direct & its own payroll employee based onsite professional services for installations, configuration, validations, support etc. ,Updating for patches and bug fixes after immediate realise by OEM. ,Upgradation of version after immediate realise by OEM ,NA

IPv6 support and scan by hostname/IP supported Yes

Capability of creating users in the offered product unlimited

Global Threat Intelligence support DBIR( Data Breach Investigations Report) ,SANS TOP20 ,NA

ASSET INVENTORY FEATURES Actionable intelligence from ThreatIntel Sources. ,CMDB (Configuration Management Database Integration) Integration. ,To be customized based on a Asset search query & tool able to convert clicks to search query . ,Allow user to drag and drop of widgets to reposition it on dashboard. ,Widgets to be color coded so that user can measure risk appetite. ,Highlight and risk rank criticality of assets. ,Drilldown capability from the UI (User Interface) ,Capable to identify EOL (End of Life)/EOS (End os support). ,Capable to identify and Tag every software for commerical or Open source software. ,Capable to allow daily trending within a widget 11- Flexible widgets like Pie chart, Bar chart, Value bases and list based. ,NA

Asset visibility Features Provision for User to create assets inventory hierarchically like Site:- Data Centre Name,Project name,Assets Groups(IPs). ,Continuous discovery of assets ,Inventory visibility with elastic search like querying ,Real-time continuous inventory. ,Updates and keep hardware inventory like CPU type, Memory size and disk partitions too. ,Elastic query base assets and vulnerability search. ,Capable to generate graphical discovery map for discovered devices and provide reports of added and removed devices on daily basis. ,Capable to convert a query into a widget. ,Capable to show DNS information for every asset. ,Capable to allow saving a query so that it can be reused. ,NA

GENRIC FEATURES of ASSET INVENTORY Single Management Console with RBAC (Role Based Access Control) . User site / project/ asset group to be able handle scanning reporting quering, asset group creation and deletion independently. ,Easy deployment. ,Scalable and extendable. ,Minimal impact on systems and networks. ,Ability to handle virtualized environments and Complete coverage for Container host, image and registry ,Configurable color coded widgets for visual analytics ,Provision to engine pooling with multiple engines grouped together to run any single scan to reduce and improve scanning time by load sharing. ,Ability of Database queries to run against reporting data model, without using third-party tools, within the solution. ,Scanning engine to be able to scan IPs simultaneously and the rest of the IP's /asset scheduled for scanning (in any site) to be able to put in the scanning queue and run automatically. ,While scanning is running in one or more than one sites the user to be able to add new assets in the Group and to be able to put the same into scanning queue. ,Scanner to be able to scan duplicate or overlapping IP ranges ,NA

Minimum volume of IP threat can be scanned simultaneously by each scan engine 10

Support for Container technology RED HAT OPENSHIFT ,OPEN STACK ,UBERNETES ,Discover , track and continuously secure containers from build to run time. ,Container ready security and comliance platform. ,Complete visibility of container host on premises environment. ,Container run time protection . ,Gathers comprehensive topographic information about container projects including images, registries and containers spun from the images etc. ,Identify images that have specific vulnerabilities, or that have vulnerabilities above a certain severity threshold. ,Integration with various container registry like Docker registry, Quay, Harbor for scheduled or on-demand scan. ,NA

User to be able to handle Scanning ,Reporting ,Query assets group creation ,deletion

Sorting and Filtering Centralized ,Customizable

Scanning and Vulnernability assessment data Fast ,Accurate ,Actionable

"Correlated list of features in Vulnerability Management " Metasploit exploit modules available for each vulnerability ,Malware kits available for each vulnerability ,Automatic workflow to validate vulnerability in Metasploit ,NA

Capability of the software to calculate risk for each detected vulnerability including Risk scoring CVSS scoring, ,Asset exploitability, ,Susceptibility to malware kits

Prioritization capabilities with respect to vulnerabilities and remediation tasks Yes

Type of detection Agent-based detection ,Agentless detection ,Agent support FreeBSD ,Mobile devices agent based detection ,Agent-based detection (On-Premises)

VULNERABILITY MANAGEMENT FEATURES Configurable monitoring and alerting features ,Auto updating & Self managing scanners and agents. ,Ability to Track the status of vulnerability with each iterative scan ,Capable to suport user login with 2 factor authentications. ,Provision for defining policy for console access with IP white listing. ,The offered product capable to convert running golden image of hardened OS into policy template. ,Agent and scanner capable to communicate directly with mangement console over encryption without any other intermediate device. ,The offered product capable to encrypt scan result database. ,Offered product capable to support plugins for CI-CD pipelines for build tools.( like Bamboo, jenkin, Gitlabs etc.) ,Offered product capable to support cloud workloads in Azure/VMware/OpenStack etc. laaS on premises. ,Capable to auto eliminate superseding patches, vulnerabilites that can be fixed with a configuration change. ,Provision for providing information if the vulnerability has a virtual patch available. ,Capable to support API's Script/tools and zero touch deployment of scanner and agents. ,Report generation through API in cloud.

GENRIC FEATURES OF VULNERABILITY MANAGEMENT Scanners running on hardened OS with no root or sudo access to it. ,Ability to track ongoing progress against vulnerability management objectives. ,Physical VA scanner appliance with feature of self updatating and self managed. ,VA scanner capable to support tenant based virtual appliance and VPC environment. ,Agent not to work like local VA scanner. ,Agent capable to self updating and tamper resistant. ,Agent capable to use a proxy and do data compression. ,VA scanner capable to check credentials authentication before launching scan. ,Ability to fine tune agent for CPU, memory and bandwidth. ,Scanner work password less key communciation to run Agent & VA scanner and communicate between them

Provision of Alerts/ Flags/Reports for Newly opened ports, ,Changes to ports, ,New services on ports, ,Closing of ports, ,Common vectors for attack and exploit, ,Certificate health, ,Application installation / un-installation, ,Installation of new or unauthorized software, ,Upgrades or downgrades or removals of existing software

Monitoring FEATURES Provision to detect and alert new assets in the network. ,Provision to Targeted alerts based on a security policy. ,Certificate data insight and certificate based vulnerabilities. ,Provide alerts based on threat intelligence ,Provision to monitor SSL certificates and alert on expiring SSL certificate ,Provision to altert on installation or removal of software. ,Whenever a asset/IP is scanned multiple time, user to be able to fetch/download each and every report of that asset/IP. ,Each scan corresponding to that IP/asset to have unique scan ID. ,NA

GENRIC FEATURES OF MONITORING Target alerts for each issue to the people responsible for fixing them. ,Provision of calendar based alerts dashboard. ,Provide alert rule creation using AND / OR / ONLY-IF kind of logic. ,Reduced risk of system changes going unnoticed ,Provide alerts via email and CEF(Common Event Format)/Syslog. ,Provide alerting for both External and Internal IPs ,NA

CONTEXTUAL THREAT DASHBOARD FEATURES Live Threat Intelligence Feed and threat categorization. ,Displays entire threat posture at a glance. ,Group vulnerabilities that have public exploit available, can result in DoS and can propagate via lateral movement. ,Provision for search results to be further sorted, filtered and refined. ,Shareable Dashboards allow import / Export to JSON(Java Script Object Notation) format for reuse and sharing in open standard. ,Dynamic, customizable on premises Dashborads, Displaying organization complete inventory and security postures from containers to hosts. ,Threat identification, impact assessment and remediation prioritization. ,Provision to categorize every vulnerabilities with external threat intelligence categories e/g. malware, potential DOS,Easy to exploit, Lateral movement, High data loss. ,Inbuilt threat feeds dashboard giving view of zero days, malware and PoC of exploitable vulnerabilities ,Make configurable dashboard with widgets from threat and asset query results. ,NA

Craft ad-hoc queries with multiple variables and asset criteria Asset class, ,Vulnerability type, ,Operating system

Technology coverage Host, ,OS, ,Network Device, ,Storage Device ,Database ,Application ,Security Device ,Running containers ,Mobile OS

Database scanning Coverage MS-SQL(All versions) ,MySQL (All versions) ,Oracle (All versions) ,PostgreSQL (All versions) ,DB2 ,Sybase. ,MariaDB (All version) ,Mongo DB (All version) ,NA

Support reporting Customizable reports, ,Scheduled Reports, ,CIS(Centre For Internet Security) ,To collect policy data along with vulnerability scan itself ,MS Word ,Open office document ,PDF ,CSV ,XML ,MS Excel ,NA

Support CIS(Centre For Internet Security) for Databases ,Network Firewalls ,IPS (Intrusion prevention system) ,DDOS( Distributed denial of service) ,Routers, ,Switches, ,WAF(Web Application Firewall), ,Load Balancer ,UTM Device

Free Upgradation to Higher Version within support period including API, Firmware, Signatures, etc YES

Features

BASIC INFORMATION

Category	Software,Appliance,Virtual appliance
Scanner based on	Software,Hardware,Virtual appliance
Scanner Deployment modes	Active-Active,Active-Passive,Standalone,Manual,Multi tenancy,Zero Touch Deployment,Scanner proxy for VPC (Virtual Private Container) envirnonment,Support Integration with SIEM and Open Stack,,End to End Vulnerability Management Work Flow Creation,User Acceptance Testing of Offered Modules,On Premise Solution,On Cloud Solution
Scanner Functioning	Load balancing,Task peering,Automatic failover
Type of Centralized Management	Hardware,Software,Terraform,Ansible,Heat template,AWS lamba,Azure ARM,Elastic Beanstalk,CLI8-SSH 9 -GUI,NA
Type of License	Subscription
Duration of Subscription in months (Hint Select zero if not applicable)	12
Type of IP Scanning	OS,Firmware,Appliction,Database
Number of Licences for IP Scanning	1
Name of Software / Appliance	VMDR
Name of the OEM	Qualys
OEM Model / Part No	VMDR
Software / Appliance Description	Vulnerability Mgmt
Software / Appliance Version & Date of Launch	latest, 1999
Installation and Demonstration	No
No of days Training Provided at Site from OEM	1
Number of Years upto which Support is available from OEM during the warranty period	1
OEM SUPPORT Features	24 x 7 x 365 Support by respective OEM.,OEM office in India,Support offices Pan India.,Provides direct & its own payroll employee based onsite professional services for installations, configuration, validations, support etc.,Updating for patches and bug fixes after immediate realise by OEM.,Upgradation of version after immediate realise by OEM,NA
IPv6 support and scan by hostname/IP supported	Yes
Capability of creating users in the offered product	unlimited
Global Threat Intelligence support	DBIR( Data Breach Investigations Report),SANS TOP20,NA
Agents Size in MB	2

APPLIANCE CAPACITY

Hard disk capacity (in TB) (Hint :- Select '0' if not applicable)	0
RAM size (in GB) (Hint :- Select '0' if not applicable)	0
Physical CPU core required	0

ASSET INVENTORY

ASSET INVENTORY FEATURES	Actionable intelligence from ThreatIntel Sources.,CMDB (Configuration Management Database Integration) Integration.,To be customized based on a Asset search query & tool able to convert clicks to search query .,Allow user to drag and drop of widgets to reposition it on dashboard.,Widgets to be color coded so that user can measure risk appetite.,Highlight and risk rank criticality of assets.,Drilldown capability from the UI (User Interface),Capable to identify EOL (End of Life)/EOS (End os support).,Capable to identify and Tag every software for commerical or Open source software.,Capable to allow daily trending within a widget 11- Flexible widgets like Pie chart, Bar chart, Value bases and list based.,NA
Asset visibility Features	Provision for User to create assets inventory hierarchically like Site:- Data Centre Name,Project name,Assets Groups(IPs).,Continuous discovery of assets,Inventory visibility with elastic search like querying,Real-time continuous inventory.,Updates and keep hardware inventory like CPU type, Memory size and disk partitions too.,Elastic query base assets and vulnerability search.,Capable to generate graphical discovery map for discovered devices and provide reports of added and removed devices on daily basis.,Capable to convert a query into a widget.,Capable to show DNS information for every asset.,Capable to allow saving a query so that it can be reused.,NA
GENRIC FEATURES of ASSET INVENTORY	Single Management Console with RBAC (Role Based Access Control) . User site / project/ asset group to be able handle scanning reporting quering, asset group creation and deletion independently.,Easy deployment.,Scalable and extendable.,Minimal impact on systems and networks.,Ability to handle virtualized environments and Complete coverage for Container host, image and registry,Configurable color coded widgets for visual analytics,Provision to engine pooling with multiple engines grouped together to run any single scan to reduce and improve scanning time by load sharing.,Ability of Database queries to run against reporting data model, without using third-party tools, within the solution.,Scanning engine to be able to scan IPs simultaneously and the rest of the IP's /asset scheduled for scanning (in any site) to be able to put in the scanning queue and run automatically.,While scanning is running in one or more than one sites the user to be able to add new assets in the Group and to be able to put the same into scanning queue.,Scanner to be able to scan duplicate or overlapping IP ranges,NA
Minimum volume of IP threat can be scanned simultaneously by each scan engine	10
Support for Container technology	RED HAT OPENSHIFT,OPEN STACK,UBERNETES,Discover , track and continuously secure containers from build to run time.,Container ready security and comliance platform.,Complete visibility of container host on premises environment.,Container run time protection .,Gathers comprehensive topographic information about container projects including images, registries and containers spun from the images etc.,Identify images that have specific vulnerabilities, or that have vulnerabilities above a certain severity threshold.,Integration with various container registry like Docker registry, Quay, Harbor for scheduled or on-demand scan.,NA
User to be able to handle	Scanning,Reporting,Query assets group creation,deletion
Sorting and Filtering	Centralized,Customizable
Scanning and Vulnernability assessment data	Fast,Accurate,Actionable
"Correlated list of features in Vulnerability Management "	Metasploit exploit modules available for each vulnerability,Malware kits available for each vulnerability,Automatic workflow to validate vulnerability in Metasploit,NA
Capability of the software to calculate risk for each detected vulnerability including Risk scoring	CVSS scoring,,Asset exploitability,,Susceptibility to malware kits
Prioritization capabilities with respect to vulnerabilities and remediation tasks	Yes
If yes, then mention for available path/ solution links/ patch link(OEM recommended)	www.qualys.com

VULNERABILITY MANAGEMENT

Type of detection	Agent-based detection,Agentless detection,Agent support FreeBSD,Mobile devices agent based detection,Agent-based detection (On-Premises)
VULNERABILITY MANAGEMENT FEATURES	Configurable monitoring and alerting features,Auto updating & Self managing scanners and agents.,Ability to Track the status of vulnerability with each iterative scan,Capable to suport user login with 2 factor authentications.,Provision for defining policy for console access with IP white listing.,The offered product capable to convert running golden image of hardened OS into policy template.,Agent and scanner capable to communicate directly with mangement console over encryption without any other intermediate device.,The offered product capable to encrypt scan result database.,Offered product capable to support plugins for CI-CD pipelines for build tools.( like Bamboo, jenkin, Gitlabs etc.),Offered product capable to support cloud workloads in Azure/VMware/OpenStack etc. laaS on premises.,Capable to auto eliminate superseding patches, vulnerabilites that can be fixed with a configuration change.,Provision for providing information if the vulnerability has a virtual patch available.,Capable to support API's Script/tools and zero touch deployment of scanner and agents.,Report generation through API in cloud.
GENRIC FEATURES OF VULNERABILITY MANAGEMENT	Scanners running on hardened OS with no root or sudo access to it.,Ability to track ongoing progress against vulnerability management objectives.,Physical VA scanner appliance with feature of self updatating and self managed.,VA scanner capable to support tenant based virtual appliance and VPC environment.,Agent not to work like local VA scanner.,Agent capable to self updating and tamper resistant.,Agent capable to use a proxy and do data compression.,VA scanner capable to check credentials authentication before launching scan.,Ability to fine tune agent for CPU, memory and bandwidth.,Scanner work password less key communciation to run Agent & VA scanner and communicate between them
Sensors, scanners, agents provide visibility for	Continous Visibility,Trend Visibility

MONITORING

Provision of Alerts/ Flags/Reports for	Newly opened ports,,Changes to ports,,New services on ports,,Closing of ports,,Common vectors for attack and exploit,,Certificate health,,Application installation / un-installation,,Installation of new or unauthorized software,,Upgrades or downgrades or removals of existing software
Monitoring FEATURES	Provision to detect and alert new assets in the network.,Provision to Targeted alerts based on a security policy.,Certificate data insight and certificate based vulnerabilities.,Provide alerts based on threat intelligence,Provision to monitor SSL certificates and alert on expiring SSL certificate,Provision to altert on installation or removal of software.,Whenever a asset/IP is scanned multiple time, user to be able to fetch/download each and every report of that asset/IP.,Each scan corresponding to that IP/asset to have unique scan ID.,NA
GENRIC FEATURES OF MONITORING	Target alerts for each issue to the people responsible for fixing them.,Provision of calendar based alerts dashboard.,Provide alert rule creation using AND / OR / ONLY-IF kind of logic.,Reduced risk of system changes going unnoticed,Provide alerts via email and CEF(Common Event Format)/Syslog.,Provide alerting for both External and Internal IPs,NA

CONTEXTUAL THREAT DASHBOARD

CONTEXTUAL THREAT DASHBOARD FEATURES	Live Threat Intelligence Feed and threat categorization.,Displays entire threat posture at a glance.,Group vulnerabilities that have public exploit available, can result in DoS and can propagate via lateral movement.,Provision for search results to be further sorted, filtered and refined.,Shareable Dashboards allow import / Export to JSON(Java Script Object Notation) format for reuse and sharing in open standard.,Dynamic, customizable on premises Dashborads, Displaying organization complete inventory and security postures from containers to hosts.,Threat identification, impact assessment and remediation prioritization.,Provision to categorize every vulnerabilities with external threat intelligence categories e/g. malware, potential DOS,Easy to exploit, Lateral movement, High data loss.,Inbuilt threat feeds dashboard giving view of zero days, malware and PoC of exploitable vulnerabilities,Make configurable dashboard with widgets from threat and asset query results.,NA
Craft ad-hoc queries with multiple variables and asset criteria	Asset class,,Vulnerability type,,Operating system
GENRIC FEATURES OF CONTEXTUAL THREAT DASHBOARD	Provides dynamic, customizable views with specific stats, such as assets with active zero-day vulnerabilities.,Allows fine-tuning of feed list byfiltering and sorting items according to a variety of criteria.,Allow threat hunting queries.,NA

SECURE CONFIGURATION ASSESSMENT

Technology coverage	Host,,OS,,Network Device,,Storage Device,Database,Application,Security Device,Running containers,Mobile OS
Database scanning Coverage	MS-SQL(All versions),MySQL (All versions),Oracle (All versions),PostgreSQL (All versions),DB2,Sybase.,MariaDB (All version),Mongo DB (All version),NA
Support reporting	Customizable reports,,Scheduled Reports,,CIS(Centre For Internet Security),To collect policy data along with vulnerability scan itself,MS Word,Open office document,PDF,CSV,XML,MS Excel,NA
Support CIS(Centre For Internet Security) for	Databases,Network Firewalls,IPS (Intrusion prevention system),DDOS( Distributed denial of service),Routers,,Switches,,WAF(Web Application Firewall),,Load Balancer,UTM Device
Scanner Policy	Hardened,Tamper resistant
Integration with	GRC (Governance , Risk and Compliance),SIEM ( Security Information and Event Management ) tools,NA
Optimized Controls for	Performance,Scalability,Accuracy,User management

HARDWARE REQUIREMENT FOR SOFTWARE

Hard Disk Space Required	0
RAM Size required	0
CPU required	0
Operating Systems supported (Driver)	0
Supported Servers	0

GENERIC PARAMETERS

Free Upgradation to Higher Version within support period including API, Firmware, Signatures, etc	YES
OEM to provide Certification on-site	No
List of items included in the scope of supply	Software Lincense
Hyper link for Data sheet	www.qualys.com/
Number of Software deployment/Installed in Govt Department (Central/State/PSU/PSB,etc) from OEM	5
Details of Government Department email, phone no Of concerned authority where Software /Appliance installed for above	UIDAI, NIC