Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF JULY 30, 2005 FBO #1342
SOURCES SOUGHT

D -- INTEGRATED INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS MANAGEMENT ASSET REPOSITORY SYSTEM

Notice Date
7/28/2005
 
Notice Type
Sources Sought
 
NAICS
541618 — Other Management Consulting Services
 
Contracting Office
Department of Agriculture, Office of Procurement and Property Management, Procurement Operations Division, 300 7th Street, S.W., Room 377, Reporters Building, Washington, DC, 20024
 
ZIP Code
20024
 
Solicitation Number
RFI-OPPM-05-1020
 
Response Due
8/31/2005
 
Archive Date
9/15/2005
 
Description
The United States Department of Agriculture (USDA) Office of Chief Information Officer (OCIO), Associate Chief Information Officer Telecommunications Services and Operations is issuing this Sources Sought Notice (SSN) as part of market research for a USDA integrated Information Technology (IT) and Telecommunications Managed Asset Repository System (MARS) to track, monitor, and report information on all IT assets within USDA. In addition to the database elements, this solution must assess the security posture of all networked devices in real-time and react accordingly by engaging USDA security controls to quarantine and notify both USDA departmental personnel and the customer agency of any non-standard actions or conditions. This activity must occur prior to accessing any USDA network assets. USDA network assets will not be exposed to customer agency devices that introduce unacceptable risk to the department as a whole. This solution will also remediate discovered risks where possible and apply appropriate patches/configuration changes to bring devices into compliance prior to allowing access to USDA network assets. USDA desires a free and open discussion of all ideas and comments. All responses and information shall be in written format (MS-Word 2000, Version 9.0) and transmitted electronically to the contracting office listed in this sources sought. Comments and ideas are strongly encouraged from all sources currently operating under the General Services Administration Government ?Wide Acquisition Contract(s). In addition to responses from industry, USDA encourages responses from other Federal agencies, State governments and from any source that have or plans to implement a similar system. This SSN is for planning purposes only. The government will not be obligated to pay for this information. All vendors responding to this SSN must provide written information on their company?s ability to meet these requirements as described below. USDA recognizes the likelihood that no single vendor can fully respond to this RFI without the inclusion of components from other vendors/providers. Consequently, USDA requests that any references to processes/products not directly provided by the respondent be expressed in vendor-neutral terms and/or that all copyright and trademark rights be observed and declared. Telephonic inquires and responses will not be accepted. This request in no way constitutes a request for products or services by USDA. The results of this RFI may or may not result in any additional procurement. USDA consists of 8 program mission areas, 29 agencies and 12 Staff offices. All program mission offices and staff offices are located in Washington, DC. USDA has approximately 14000 locations throughout the United States and Europe. There are several hundred thousand IT assets installed and operating in all these locations. The current IT environment employs a number of different solutions based on mission area as well as agency/organization based management systems. USDA is seeking a consolidated solution for asset/system management that can be leveraged department wide. Responses should include information on scalability, and capabilities to operate in a distributed, centralized, and multi-tiered environments. USDA OCIO is exploring ways to implement a centralized integrated Managed Asset Repository System (MARS). The purpose of the MARS will be to (1) monitor, track, and report the status of all IT assets on USDA networks, (2) assist USDA in management of network resources via Network Admission Control providing for near real-time security vulnerability reporting and remediation on all IT systems and networks, (3) ensure all IT assets are protected from intrusions and compromises. Through these discrete functions, MARS should provide the lowest overall total cost of ownership, and best in practice quality of service. In terms of functionality, USDA is seeking an integrated solution that will improve USDA?s ability to manage IT assets throughout their lifecycle. This should include the ability to track an asset from initial acquisition through final disposal, understanding that an individual asset could see several deployments and transfers of agency ownership within this time frame. This system should combine existing data sources/functionality with new capabilities. It should also provide a mechanism for consolidated reporting and analysis to enable an enterprise view of IT assets throughout USDA. This system should have the capability to determine the security health of internal and external USDA customer devices. This system should provide for the subsequent routing/quarantine of those customer devices not meeting specific standards. Also It should be flexible to meet requirements for different classes of internal and external customers (teleworkers, federal travelers, inside contractors, outside contractors, on-site employees, general public etc?). USDA will seek to leverage existing IT security investments within MARS. A list of current USDA security/tracking systems is attached to assist in accomplishing this goal. Requirements: OCIO has identified 8 key areas where an integrated IT asset(s) management system could provide significant operational improvements. However, discussions/responses should not be limited to these key areas if the respondents perceive gaps in the USDA approach to overall security. The goal is to protect USDA IT assets through the implementation of ?Best Practices? and the recognition that we will have to continue to address emerging threats. These are high-level functional and technical requirements that should be tightly integrated into the final solution. Wherever possible, USDA seeks enterprise wide solutions that will maximize USDA?s IT investment. Responses to these requirements should include specific details for each area and recommendations of additional requirements, if required. USDA is seeking a solution that will track all information necessary to provide oversight and administration of USDA?s systems. The solution should not represent an operational or financial burden to USDA during its lifecycle. USDA is seeking information on full lifecycle and administrative costing associated with a solution of this nature (implementation strategy and maintenance). The requirements are; 1. Asset Security Management USDA is seeking a solution that will track information regarding installed security management software (i.e. Anti-Virus, patch management, Vulnerability assessment, etc.). Coupled with this requirement is the need to correlate between discovered security deficiencies and associated remediation strategies and the ability to automate the remediation of these deficiencies. 2. IP Address Management, USDA is seeking a solution that will track information associated with the Internet Protocol (IP) address assigned to USDA system(s) IP Address, Machine Access Code (MAC) address, Physical Location, Point of Contact (POC), Primary/Secondary function, Agency ownership and System Configuration 3. Software Configuration Management USDA is seeking a solution that will track system configuration information during the full lifecycle of USDA systems; to include all installed software components present on the system (Operating Systems, application software, and communications software) 4. Hardware Configuration Management System USDA is seeking a solution that will track system configuration information during the full lifecycle of USDA systems, to include all installed hardware components present on the system (inventory of all hardware assets present), 5. Network Admission Control USDA is seeking a solution that will authenticate system configuration information during the initial connection to a USDA network. This information will be utilized to determine if the system should be granted access to the network, placed in an isolated segment for remediation or to have its connection rejected.(agent-based client, Redefine DMZ requirements, firewall management, automated quarantine, and encryption management), 6. IT Cost Management USDA is seeking a solution that will track IT investments during the full lifecycle of USDA systems, to include the ability to correlate between systems to reveal redundancy and potential cost savings. Monitor and audit software usage for license compliance, effectiveness and under use that will allow USDA to make the best use of its software investment. Optimize asset deployment and increase asset utilization Manage agreements with external and internal partners to increase the effectiveness of Service Level Agreements (SLA), contracts and acquisitions. 7. User Configuration Management USDA is seeking a solution that will track user configurations on USDA systems. This should include the ability to identify current and previous users of a specific system as well as report on improper user configuration (insufficient password, unused accounts, etc.) (Rule set management, and authentication management), 8. Device/System Security History USDA is seeking a solution that will track security incident information during the device/system lifecycle, (obtained from Intrusion Detection Systems (IDS) Intrusion Prevention Systems (IPS), Security Information Managers (SIM), other Network Management tools, and interconnection security agreements). This solution should also track IT Security incidents from discovery through resolution. All information should be received by the technical point of contaact, Dr. Heshmat Ansari by close of business, August 31, 2005. There is no solicitation document available to this announcement. USDA will review the submitted information prior to determining whether or not procurement activity will follow. Technical Point of Contact for this announcement is DR. Heshmat Ansari, Deputy Associate Chief Information Officer, Telecommunications Services and Operations, Email Heshmat.ansari@usda.gov. All inquires shall be through email. Telephone inquires will not be accepted.
 
Record
SN00856611-W 20050730/050728211851 (fbodaily.com)
 
Source
FedBizOpps.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.