Loren Data's SAM Daily™

fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF AUGUST 29, 2008 FBO #2468
SOURCES SOUGHT

D -- RFI for Protection of DoD Controlled Unclassified Information

Notice Date
8/27/2008
 
Notice Type
Sources Sought
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
General Services Administration, Federal Technology Service (FTS), FEDSIM, Crystal Plaza 3, 2100 Crystal Drive, Ste 800, Arlington, Virginia, 22202, United States
 
ZIP Code
22202
 
Solicitation Number
GSC-TFMG-08-RX02
 
Point of Contact
Barbara C. Johnson,, Phone: 703-589-2659
 
E-Mail Address
barbara.c.johnson@gsa.gov
 
Small Business Set-Aside
N/A
 
Description
D – Request for Information for Protection of DoD Controlled Unclassified Information (CUI) Classification Code: Systems integration design services Network systems integration design services NAICS Code: 541512 REQUEST FOR INFORMATION Closing Date: September 10, 2008 The Program Executive Office for Enterprise Information Systems (PEO EIS) in partnership with the Assistant Secretary of the Army for Acquisition, Logistics, and Technology (ASA(ALT)) is conducting market research to identify industry capabilities involving the acquisition, processing, transfer, and storage of controlled unclassified information (CUI). CUI, as defined in Presidential Memorandum entitled “Designation and Sharing of Controlled Unclassified Information,” dated May 9, 2008, is information that does not meet the standards for National Security Classification under Executive Order 12958, as amended, but is pertinent to the national interests of the United States or to the important interests of entities outside the U.S. Federal Government, and under law or policy requires protection from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination. This memorandum applies to CUI provided by either party for use under or produced under a DoD contract, cooperative agreement, grant, other transaction, or any other legal relationship. For DoD contracts and programs, this includes information such as: •Technical data in accordance with DoDD 5230.24, Distribution Statements on Technical Documents and DoDD 5230.25, Withholding of Unclassified Technical Data from Public Disclosure. •Data subject to export control under International Traffic in Arms Regulations (ITAR). •Data subject to export control under the Commerce Control List (CCL) for dual-use technology (e.g., Militarily Critical Technologies). •Data designated as Critical Program Information (CPI) in accordance with DoD Directive 5200.39, Security, Intelligence, and Counterintelligence Support to Acquisition Program Protection. Reference AR 25-2, the term “information system” means set of information resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination, disposition, display, or transmission of information. Includes Automated Information Systems (AIS) applications, enclaves, and outsourced Information Technology (IT) based processes, and platform IT interconnections. The Government is seeking information on how industry partners maintain Information Assurance (IA) programs to provide sufficient safeguards to ensure that all CUI (including all sensitive data, whether digital or non-digital) in the possession of the Contractor is identified, marked, and protected from unauthorized access and release. This includes, but is not limited to, how industry partners protect CUI that is transported or displayed on any information system that they own, operate, control, or utilize. Additionally, how do industry partners handle CUI data at rest using NIST FIPS 140-2, certified crypto module. This includes data stored on corporate servers, mobile devices, and portable storage media. The Government is also interested in industry’s standard procedures for handling, assessing whether there has been a breach, assess what has been compromised, fixing the problem, and preventing the compromise, exfiltration, or other loss of CUI in the future. PEO EIS is planning to include requirements for the protection of CUI in future acquisitions and is seeking information from industry partners regarding programs and processes used to mitigate compromise of CUI on Defense Industrial Base (DIB) unclassified networks in order to include language in future acquisitions to ensure measures are in place for the protection of CUI on DIB networks. PEO EIS is seeking to establish requirements for the protection of CUI and would like to include established industry best practices that exceed areas such as ISO and NIST standards and Information Assurance, where possible. Interested sources will provide a white paper describing Information Systems Security Plans, Information Assurance Program Plans, or similar plans, that are currently in place to protect controlled unclassified information (CUI) and the type of contract language industry recommends for future RFPs to ensure sharing of responsibility and interaction with the Government to protect CUI. The white paper should also include a description of non-technical policies and practices that are used to protect against unauthorized disclosure and data extraction of CUI. RFI Purpose and Limitations: The Government understands that malicious parties exist and try to obtain information on DoD/Army programs, and their efforts extend to attempts to obtain information from our industry partners’ information systems. The Government’s intention is to better understand the current, state-of-the-art capabilities and strategies to determine the best solution. Industry feedback is vitally important and the Government will be receptive to any and all ideas received from industry. This RFI is an expression of the Government’s interest only and does not obligate the Government to pay for the requested information nor respond to any submissions. Responses to this notice are not offers and cannot be accepted by the Government to form a binding contract. Proprietary information is not being solicited; however, if it is submitted, it should be properly marked. Please limit your formal white paper submission to no more than ten (10) pages, not including the cover letter or any attachments. In addition, you may include up to five attachments that consist of briefing slides, suggested contract language, current plans, or standard operating procedures. Electronic submissions are strongly encouraged. All items must be compatible with Microsoft Office 2000 or Adobe PDF format and free of all computer viruses. Technical questions and industry responses shall be submitted via email to GSA FEDSIM Contracting Officer, Barbara C. Johnson: barbara.c.johnson@gsa.gov. Additionally, please provide electronic copies to: Dr. Mark Thomas, mark.thomas2@us.army.mil Responses must be received no later than 2:00 PM Eastern Standard Time, on September 10, 2008. All material submitted in response to this RFI must be unclassified and properly marked. Points of Contact: Contractual: Barbara C. Johnson, Contracting Officer (barbara.c.johnson@gsa.gov), 703-589-2659. Technical: Dr. Mark A. Thomas (mark.thomas2@us.army.mil) THIS IS A REQUEST FOR INFORMATION (RFI) ONLY This RFI is issued as Market Research, solely for information and planning purposes. It shall not be considered as an Invitation for Bid (IFB), Request for Quotation (RFQ), Request for Proposal (RFP), or as an obligation on the part of the Government to acquire any products or services. Any response to this synopsis will be treated as information only. No entitlement to payment of direct or indirect costs or charges by the Government will arise as a result of contractor submission of responses to this synopsis or the Government for use of such information. The information provided may be used by the Army in developing its acquisition strategy and in its Statement of Work/Statement of Objectives and Performance Specifications. Not responding to this RFI does not preclude participation in any future RFP, if issued. If a solicitation is issued, it will be synopsized on the Federal Business Opportunities (FedBizOpps) website. It is the responsibility of any potential offeror to monitor these sites for additional information pertaining to this requirement.
 
Web Link
FedBizOpps Complete View
(https://www.fbo.gov/?s=opportunity&mode=form&id=66db1462de18d0b15e1c8a10fdfb7383&tab=core&_cview=1)
 
Record
SN01652601-W 20080829/080827221045-66db1462de18d0b15e1c8a10fdfb7383 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)

FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.