Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF MAY 04, 2005 FBO #1255
MODIFICATION

R -- COTS Property Management System

Notice Date
4/28/2005
 
Notice Type
Modification
 
NAICS
334611 — Software Reproducing
 
Contracting Office
National Science Foundation, Division of Contracts & Complex Agreements, DCCA, 4201 Wilson Boulevard Room 475, Arlington, VA, 22230
 
ZIP Code
22230
 
Solicitation Number
RFQ-DCCA-050053
 
Response Due
5/5/2005
 
Point of Contact
Marion Jones, Contract Administrator, Phone (703) 292-5398, Fax (703) 292-9140/9141,
 
E-Mail Address
mjones@nsf.gov
 
Description
The purpose of this solicitation is twofold: 1. The requirement to submit a capabilities and qualification statement is deleted in it’s entirety. The NSF expects only a proposal. 2. The RFQ contains inconsistencies for the due date for proposals. All references to proposal due dates are changed to April 18, 2005, 3:30p.m. (Daylight savings time). g procedures. Excerpt from: National Science Foundation (NSF) Consolidated Procedures and Standards Volume I: Management - Client/Server dated June 23, 2004 …. 5.2. Policies and Standards All systems development/acquisition projects must follow these major steps and the management review process described below. Exceptions can be made with the prior approval of the Director of DIS. 1. The Federal Information Security Management Act (FISMA) of 2002 superseded Public Law 100-235; The Computer Security Act of 1987, there is no longer a statutory provision to allow for agencies to waive mandatory Federal Information Processing Standards (FIPS). The waiver provision had been included in the Computer Security Act of 1987; however, FISMA supercedes that Act. Therefore, the references to the "waiver process" contained in many of the FIPS are no longer operative. 2. The project manager must conduct a risk-based analysis to assess the scope and magnitude of risks associated with the information system, and to use as a aid to develop and implement steps required to mitigate, or else to accept those risks. A threat and vulnerability analysis examines the potential source(s) of damage to the system, the nature of the damage that they might cause, and estimates the impact on the mission of the damage due to abuse, inappropriate disclosure of confidential information or degradation of performance related to the system. It also evaluates the effectiveness of systems security controls in providing protection against exploitation of vulnerabilities. The process consists of: identifying all sensitive hardware, software, and data, their vulnerabilities, and potential threat sources; determining the magnitude of damage, an estimate of the probability of occurrence, determining the rough cost of each security control; and identifying cost-effective protective measures for mitigation. 3. A threat and vulnerability analysis is a document that permits management to make informed decisions relating to implementation of cost-effective computer security measures. The threat and vulnerability analysis must take place in the requirements definition phase of the life cycle. Management must review this report and must determine if the remaining unmitigated level of risk is acceptable to them. 4. The threat and vulnerability analysis must take place at the following times: · Prior to approval of security requirements specifications for new major systems and their supporting general support systems · When a significant change occurs to the system · At least every three years 5. An application threat and vulnerability analysis must be conducted by the project manager and focuses on the application-specific technical and operational (procedural) security control techniques, the interface between the operating system’s security controls and the application’s security controls, and the threat sources inherent in the operating environment. 6. All sensitive systems must control and limit user access based on the identification and authentication of the user, and discretionary access control mechanisms. NOTE: THIS NOTICE MAY HAVE POSTED ON WWW.FEDBIZOPPS.GOV ON THE DATE INDICATED IN THE NOTICE ITSELF (28-APR-2005). IT ACTUALLY APPEARED OR REAPPEARED ON THE FEDBIZOPPS SYSTEM ON 02-MAY-2005, BUT REAPPEARED IN THE FTP FEED FOR THIS POSTING DATE. PLEASE CONTACT fbo.support@gsa.gov REGARDING THIS ISSUE.
 
Web Link
Link to FedBizOpps document.
(http://www.eps.gov/spg/NSF/DCCA/CPO/RFQ-DCCA-050053/listing.html)
 
Record
SN00799588-F 20050504/050502212909 (fbodaily.com)
 
Source
FedBizOpps.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.