Loren Data's SAM Daily™

FBO DAILY ISSUE OF APRIL 13, 2005 FBO #1234
SOURCES SOUGHT

D -- Request for Information for a Security Information Manager (SIM) Tool to Manage Network and Computer Security Information at Tier 3 DOD Facilities

Notice Date

4/11/2005
 

Notice Type

Sources Sought
 

NAICS

541512 — Computer Systems Design Services
 

Contracting Office

Defense Information Systems Agency, Procurement and Logistics, DITCO-Scott, P.O. Box 25857, Scott AFB, IL, 62225-5406
 

ZIP Code

62225-5406
 

Solicitation Number

RFI320
 

Response Due

5/9/2005
 

Archive Date

5/24/2005
 

Point of Contact

Anne Keller, Contract Specialist, Phone 618-229-9504, Fax 618-229-9440, - Karen Kincaid, Contract Specialist, Phone 618-229-9707, Fax 618-229-9508,
 

E-Mail Address

kellera@scott.disa.mil, kincaidk@scott.disa.mil
 

Description

THIS IS A REQUEST FOR INFORMATION (RFI) FOR A SECURITY INFORMATION MANAGER (SIM) TOOL TO MANAGE NETWORK AND COMPUTER SECURITY INFORMATION AT TIER 3 DOD FACILITIES 1.0 SUBJECT This document is a Request for Information (RFI) about available Security Information Managers (SIMs) that could potentially be deployed at Tier 3 Department of Defense (DOD) facilities and used to manage network and computer security information collected by disparate types of security sensors and applications on DOD computers and networks. A SIM is a product designed to automate the collection of event log data from security devices and applications and help users make sense of it through a central management console. SIMs aggregate and normalize data from disparate security and network devices, such as Intrusion Detection Systems (IDSs), routers, firewalls, database servers, packet filtering routers, antivirus software, Syslog servers, and vulnerability detection software. SIMs perform correlation and prioritization of the data, and may also automate various processes performed by incident handlers, such as the categorization of events, collection of events into incidents, and generation of reports. This definition includes several sub-categories of software or applications that will be addressed clearly in the requirements documentation. Responses to this RFI are due NLT Monday, May 9, 2005, at 5:00PM Eastern Daylight Time (EDT) (GMT-4). 2.0 DESCRIPTION The Defense Information Systems Agency (DISA), in support of the Computer Network Defense (CND) mission assigned to the United States Strategic Command (USSTRATCOM), is seeking information from industry, academia, and Government that will assist in the deployment of a software and/or appliance SIM product solution at DOD Tier 3 locations to assist in enhancing the CND posture of the DOD computer network systems. The term ?Tier 3? is defined as follows: The DOD is organized into three hierarchical tiers to conduct CND. Tier 1 provides DOD-wide CND operational direction or support to all DOD Components. Tier 2 provides DOD Component-wide (i.e., Military Service-wide) or Theater-wide operational direction or support and responds to direction from Tier 1. Tier 3 provides local operational direction or support to lower echelon Military Service entities and responds to direction from a designated Tier 2 entity. Tier 1 entities include the CDRUSSTRATCOM and subordinate entities such as JTF-GNO, the CND Service Certification Authorities (DISA and NSA), the CND Law Enforcement and Counterintelligence Center, and the National Security Incident Response Center. Tier 2 includes CND Service Providers (CNDSPs) designated by Heads of Components to coordinate Component-wide CND. Tier 3 entities consist of camps, posts, bases, and stations, and include all entities responding to direction from DOD Component Tier 2 CNDSPs, e.g., local network and security control centers (NOSCs) or Systems Control Centers (SYSCONS) that manage and control information systems, networks and services, either forward deployed as tactical units or at fixed DOD Installations. DISA is in search of product solution that can address the requirements below for possible further evaluation. 3.0 REQUIREMENTS This section describes the high-level functional requirements for the Tier 3 SIM. The Tier 3 SIM solution installed on systems or networks shall do the following: Collect data: Receive and/or pull data from computer/network security sensors, such as the following: Firewalls, routers, Network Intrusion Detection Systems (NIDS), Host Intrusion Detection Systems (HIDS), Intrusion Protection Systems (IPS), Anti-Virus (AV) systems, etc. Allow access to raw data generated by sensors Receive and/or pull data from other data sources relevant to security, such as the following: Vulnerability Management (VM) systems (e.g., vulnerability scanners and vulnerability remediation tools), databases, syslog servers, etc. Permit rapid system reconfiguration required to receive and process data from new devices, systems and applications and accommodate changes in new software versions Aggregate data: Aggregate collected data Normalize collected data to facilitate correlation of like event data Store the aggregated data for rapid mining and retrieval Process data: Correlate data Categorize data Prioritize data Forward data: Forward data to Tier 2 SIMs Filter and/or throttle volume of transmitted data to accommodate restricted bandwidth Visualize/Report Data: Generate reports Forward reports Notify operators of activity falling into operator-specified categories Protect data: Protects data at rest (ensures confidentiality, integrity, availability) Protects data in transport (ensures confidentiality, integrity, availability) Design and implementation incorporate general good security practices Support scalability: Processes data from large numbers of data sources Processes large amounts of data Interfaces with other SIMs Ease of Use: Installation, configuration, use, and maintenance require minimal training Graphic user interface is configurable to satisfy user preferences Has built-in help for operators Training and training documentation is provided 4.0 SAMPLE RESPONSE OUTLINE This outline is intended to minimize the effort of the respondent and structure the responses for ease of analysis by the government. Respondents are free to develop their response as they see fit but should answer the fundamental questions provided. Section 1 ? Product Describe a working product as a possible solution to the Tier 3 SIM requirement. Discuss the product and the capability to currently meet the requirements. Please discuss working or developmental functionality. (This should be five to seven pages, including description and diagrams) Please answer the questions accordingly. 1. Specify if the product solution comprises hardware (e.g., an appliance), software, or both software and hardware. Include minimum and optimum hardware requirements, and descriptions of any fail-over capabilities and data archival capabilities. 2. Describe the type of functions performed by the product solution. 3. Describe the data normalization and/or parsing scheme and processes leading to databasing and correlation, to include how it can be applied to new data input streams. Include a description of partnerships with security device vendors to facilitate sharing of new release interface requirements (i.e., such as new signatures for IDSs, newly developed rules for devices, etc.) 4. Describe the system?s means of capturing data from sensors and sources and controlling how it is sent to the aggregation point/server, to include protocols and types of agents used. If agents are used, include a description of the agent?s processes, file size, means of distribution, update, and installation and configuration processes. Describe any impact to existing systems (e.g., necessity of installing agent software directly onto IDS appliance). 5. Describe the type of algorithms used to correlate data, and indicate whether they are viewable and/or customizable by the user. 6. List the operating systems the product supports to include patch and service pack levels. 7. List the types of sensors, including model/version numbers, from which your SIM can collect data. 8. List the types of third-party SIMs, including model/version numbers, with which your SIM can exchange data. 9. Describe architecturally how the client and server interoperate. 10. Describe the recommended deployment architecture and strategy to include installation and maintenance. 11. Describe any testing being conducted for compliance with the Common Criteria for IT Security Evaluation and/or the Cryptographic Module Validation Program (CMVP) described in the National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) 140-2. 12. Provide descriptions and certification of software security assurance practices used. 13. Provide information on existing and planned IPv6 compatibility, with respect to being able to communicate over IPv6 networks and with respect to being able to process data generated by IPv6 security sensors. Section 2 ? Feasibility Assessment Describe the feasibility of the product solution. (2 pages) Section 3 ? Cost and Schedule Estimates Provide cost table estimates in describing licensing agreement, support, and maintenance for non-recurring and annual recurring costs (2-3 pages) to enable the recipient to calculate overall implementation costs for a selected notional model. Section 4 ? Corporate Experience Briefly describe your company, your products and services, history, ownership, financial information, and other information you deem relevant. Describe any projects you have been involved in that are similar in concept to what is described in this RFI, including management and operations approach, requirements, processes, and any relevant lessons learned (1-2 pages per project). Please list government and commercial clients. If for any reason clients cannot be discussed, please describe the number of seats deployed for each client. Section 5 ? Additional Materials Please provide any other materials, suggestions, and discussion you deem appropriate. 5.0 DISCLAIMER THIS RFI IS NOT A REQUEST FOR PROPOSAL (RFP) AND IS NOT TO BE CONSTRUED AS A COMMITMENT BY THE GOVERNMENT TO ISSUE A SOLICITATION OR ULTIMATELY AWARD A CONTRACT. RESPONSES WILL NOT BE CONSIDERED AS PROPOSALS NOR WILL ANY AWARD BE MADE AS A RESULT OF THIS SYNOPSIS. All information contained in the RFI is preliminary as well as subject to modification and is in no way binding on the Government. FAR clause 52.215-3, Request for Information or Solicitation for Planning Purposes (Oct 1977), is incorporated by reference into this RFI. All information received in response to this RFI that is marked Proprietary will be handled accordingly. Responses to the RFI will not be returned. In accordance with FAR 15.202(e), responses to this notice are not offers and cannot be accepted by the Government to form a binding contract. Responders are solely responsible for all expenses associated with responding to this RFI. 6.0 SUBMISSION INSTRUCTIONS How to submit: Option 1 (Preferred): Submission by email; email should be time stamped no later than the due date. If email would exceed 5 Megabytes (MB), then please use option 2, below. Email to Mr. Doug Steinbaum Douglas.steinbaum@disa.mil Option 2: Submission by USPS mail; should be postmarked no later due date. DISA Attn: GE-413, Doug Steinbaum PO Box 4502 Arlington, VA 22204-4502 Due Date Monday, May 9, 2005, at 5:00PM Eastern Daylight Time (EDT) (GMT-4) 7.0 CONTACT INFORMATION Following is the Point of Contact(s) (POCs) for this RFI, including the information exchange meeting: MAJ Jack Mast Acquisition Manager (703) 882-1634 jack.mast@disa.mil Mr. Donald Parker Asst. Acquisition Manager (703) 882-0164 Donald.parker1@disa.mil Mr. Doug Steinbaum Project Leader (703) 882-1570 Douglas.steinbaum@disa.mil DISA Attn: GE-413, Doug Steinbaum PO Box 4502 Arlington, VA 22204-4502
 

Record

SN00785708-W 20050413/050411211557 (fbodaily.com)
 

Source

FedBizOpps.gov Link to This Notice
(may not be valid after Archive Date)

---

| FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |