Loren Data's SAM Daily™

FBO DAILY ISSUE OF MAY 10, 2007 FBO #1991
SOURCES SOUGHT

D -- Request for Information for the Information Assurance services in support of the U.S. Army Medical Information Technology Center (USAMITC), Fort Sam Houston, TX.

Notice Date

5/8/2007
 

Notice Type

Sources Sought
 

NAICS

519190 — All Other Information Services
 

Contracting Office

US Army Medical Research Acquisition Activity, ATTN: MCMR-AAA, 820 Chandler Street, Frederick, MD 21702-5014
 

ZIP Code

21702-5014
 

Solicitation Number

W81XWH-IA-USAMITC
 

Response Due

5/18/2007
 

Archive Date

7/17/2007
 

Small Business Set-Aside

N/A
 

Description

Description: RFI for Information Assurance services in support of the U.S. Army Medical Information Technology Center (USAMITC), Fort Sam Houston, Texas. 1.0 THIS IS A REQUEST FOR INFORMATION (RFI) FOR INFORMATION ASSURANCE SERVICES ONLY. 2.0 The USAMITC Information Assurance Office supports a myriad of systems and organizations in a broad range of information assurance activities for internal MITC operations and to the U.S. Army Medical Command at large as their Information Assurance Techn ical Control. 3.0 U.S. Army Medical Information Technology Center (USAMITC) requests information on the full array of information assurance services including, but not limited to: 3.1 Certification and accreditation (C&A) services as described by the U.S. Armys implementation of the Department of Defense Information Assurance Certification and Accreditation Program (DIACAP). The vendor shall provide staff able to participate throu ghout the system acquisition/development process at all phases and levels of the C&A process as part of an integrated process team. Vendors will identify applicable information assurance (IA) controls; evaluate the effectiveness and appropriateness of IA control implementation; develop IA controls and implementation methods; develop and propose risk mitigation strategies; and produce supporting DIACAP documentation. As necessary, the vendor will develop U.S. Army specific DIACAP C&A and certificate of Net worthiness documentation required to allow Medical Healthcare Services, Tricare Management Agency, and sister service systems, to operate on U.S. Army networks. 3.2 Compliance verification services, including technical security audits and evaluations of small to large network enclaves, systems, and network security devices and architectures using a variety of automated tools; review of local policy and procedures; personnel interviews; on site physical inspections; evaluation of network device and computer system configuration; evaluation of site disaster recovery and continuity of operations preparedness, etc. The vendor must be familiar with, and able to apply t he requirements of the Health Insurance Portability and Accountability Act (HIPAA) security rule and applicable DoD and DA best business practices, regulations, directives, instructions and guidance to all inspection findings and recommendations. The vend or will provide detailed written reports in a standardized format describing technical and procedural issues, recommended improvements, and cite supporting regulatory guidance or best business practice for each finding. 3.3 Independent validation services as described by the U.S. Armys DIACAP best business practices. The vendor must be able to provide technical assessments of the effectiveness and appropriateness of complex software, system, and network security archite cture, controls, methods, as well as supporting manual processes and procedures and risk mitigation plans. This activity is assumed to require subject matter experts in the various information systems, devices and technologies present on military medical networks. Vendors will provide detailed documentation in standard format supporting their findings and recommendations. 3.4 Incident management and response, including enterprise-wide incident tracking; classification; analysis; distant site notification; reporting, etc. The vendor shall be able to provide detailed analysis of trends, systemic weaknesses, and suggested mit igating strategies. The vendor will enter, normalize, and maintain incident data in a database and generate and disseminate standardized reports as necessary. 3.5 IA training services, includes providing DIACAP implementation training, industry standard security certification training, operating system certification training and testing. The vendor shall be able to provide approved or industry standard curricul um, qualified instructors and authorized student testing for a vari ety of Army, Industry, and vendor-specific certifications including vendor specific operating system certifications, and network device certifications, and vendor neutral, industry standard certifications such as Security+, CISSP, etc. 3.6 Web Portal design, administration and maintenance expertise to support an enterprise Information Assurance portal for the U.S Army Medical Command. Daily management of the portal shall include the publication of IA and INFOSEC related information, sta tus reports, management of portal areas, extensive knowledge of portal security. 3.7 Change management and configuration management for a CCB ITIL 3.8 The vendor shall provide technical support to USAMITC, MEDCOM and their subordinate Components, the DOD Services and Agencies, by identifying IA requirements and specifications; participating in staff assistance visits for data gathering, performing te chnical analyses, and documenting IA requirements; conducting studies and preparing evaluations regarding the feasibility of using new technology; and analysis of customer requirements. The vendor shall provide technical support in assessing the Warfighter s information needs and develop the required documents. The vendor shall base the need development on operational plans and a thorough knowledge of the Warfighter and warfighting, as well as on the current technology. 3.9 Other services include product research and evaluation, reporting, and analysis on a variety of security related topics. Specific requirements include data entry; production of information papers; trend analysis and reporting using Microsoft Office an d other tools; technical writing; development and maintenance of web content, including database-driven reports; maintenance of document libraries; and web content management. 3.10 USAMITC is specifically interested in learning of other information assurance services and capabilities that respondents may be able to provide. 4.0 Point of Contact: 4.1 Mr. Martin Horan, Information Assurance Manager, 4.2 Phone: 210-295-3533, Fax: 210-295-3509 4.3 Email: Martin.Horan@us.army.mil
 

Place of Performance

Address: US Army Medical Research Acquisition Activity ATTN: MCMR-AAA, 820 Chandler Street Frederick MD

Zip Code: 21702-5014

Country: US
 

Record

SN01289892-W 20070510/070508221054 (fbodaily.com)
 

Source

FedBizOpps Link to This Notice
(may not be valid after Archive Date)

---

| FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |