Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF MARCH 01, 2009 FBO #2652
SOLICITATION NOTICE

D -- The Austin Information Technology Center is requesting information for a field reporting application per the attached document

Notice Date
2/27/2009
 
Notice Type
Presolicitation
 
NAICS
518210 — Data Processing, Hosting, and Related Services
 
Contracting Office
Department of Veterans Affairs, VA Center for Acquisition Innovation (Austin), VA CAI Austin, Department of Veterans Affairs;Acquisition Management Section/00D;Acquisition Management Section/00D;Austin TX 78772
 
ZIP Code
78772
 
Solicitation Number
VA-200-09-RP-0128
 
Response Due
3/13/2007
 
Archive Date
5/12/2007
 
Point of Contact
Naomi Gilbert512-326-6975<br />
 
Small Business Set-Aside
N/A
 
Description
RFI FOR REPORTING APPLICATION v003b CURRENT ENVIRONMENT The Austin Information Technology Center (AITC) is looking for a reporting tool to support several VA applications. The VA applications provide services that include human resources, medical, payroll, and financial. Data contained in these systems include financial data, Privacy Act data, Personally Identifiable Information (PII) data, and Health Insurance Portability and Accountability Act (HIPAA) data. All information is processed and stored at the AITC on a predominantly mainframe system with both mainframe and web front end accessibility with desktop access only from within the VA firewalls. Examples of data throughput include: Payroll reports detail a bi-weekly process paying 260,000+ employees. The payment system processes 50,000 daily payments using a database of 50,000 payees and 175,000 venders. Current reports stored and used include daily, weekly, bi-weekly, quarterly, and annual, at a minimum. STATEMENT OF NEED AND REQUIREMENTS AITC shall identify an improved solution set for online report storage, indexing, archive, retrieval, management, and secure presentment. A.Help Menu. Application shall include a robust help menu and entries which are intuitive and detailed for user assistance. Technical administrators require 24 hour phone support. B.Certification Standards. The report application should be accreditable to Certification and Accreditation standards using the requirements set forth in NIST SP 800-37. C.Search Scope. Flexible search criteria (as opposed to tightly-defined forms) shall be user-friendly. Searches across all reports for an entire retention period (e.g., one year) shall be available to users. D.Search Speed. Performance of any search, simple or complex, shall match or exceed current report application's timeframes. E.Access Speed. Retrieval, view, or export of report data shall match or exceed current report application's timeframes. F.Conversion (import) into desktop software. Extraction of selected report data into a document, spreadsheet, database, or message shall be available to end users (workstation-based data manipulation is implied). G.Data Processing. Data integrity between host (mainframe) and electronic report is essential. H.Data Transfer. Any intersystem data transfer shall be protected, at a minimum, through the use of FIPS 140-2 approved encryption algorithms and products. I.Workflow & Collaborative Utility (email, SharePoint, etc.). Report information should be easily exportable to government-used applications such as Microsoft Office products and SharePoint for formatting, manipulation and additional report creation. J.Reports. Online reports shall replicate the essential contents of mainframe output without exception. K.Report Accessibility. Application shall provide access to reports stored in various formats: Adobe Acrobat.pdf, ASCII, microfiche, and legacy systems. L.Product Scalability. Application shall store from 2-1,000+ reports per month and allow new reports to be added. M.Production Availability. Current reporting system has reports available in application within of 2-7 days after production. New application should match or exceed current timeframes. N.Version Control. Multiple versions of the same report, sometimes from the same date, shall be made available. O.Report Retention. Reports shall remain available for real-time use for a minimum of three years with near real-time restoration for previous years. P.Archive Format & Reliability. Aged reports shall be archived and restored in real-time or near real-time. Q.Printing Alternatives. Multiple formats (forms, raw text, Adobe Acrobat, MS Word, etc.) shall be available to end users. R.User Community. All users with access to the payroll and human resources data shall be U.S. citizens with a valid and current background investigation or mutually agreed upon U.S. Government or Department of Defense (DoD) level background clearance and shall operate within the borders of the U.S.A. or its territories. Users shall protect the payroll and human resources system data in accordance with the Privacy Act and Trade Secrets Act (18 U.S. Code 1905) and the Unauthorized Access Act (18 U.S. Code 2701 and 2710). S.User Authentication. Currently the authenticator in use by the VA is password authentication. The report application shall require user authentication via a unique UserID and password, at a minimum, with only three login attempts before lock-out. T.Session Termination. In accordance with VA Handbook 6210, policy requires that open sessions be terminated after 10 minutes of inactivity. Re-establishment of the session may take place only after the user has provided the proper password. After 10 minutes of website inactivity, the user should be notified that the session is being terminated. If the user does not respond, the session is terminated and the user must re-enter their credentials in order to regain system access. U.SmartCard: The VA is in the process of instituting SmartCard identification which will require the use of an access card inserted into a card reader to access equipment within the VA. V.Report-level security. Access shall be restricted by reports, roles, and organization, in addition to other criteria. W.Audit Trail, Reports, Logs. The report application shall provide, at minimum, an audit trail of time-stamped events such as user identification, station identification, removals, success or failure of access attempts, logs/reports of security-relevant events, and security actions taken by system administrators or security officers. Audit reports shall be regularly and automatically produced and made available to security officials. Audit logs shall be retained for a minimum of one (1) year. X.System Interfaces, Hardware Interfaces, and Communication Interfaces Unix/Oracle - (VA applications) Top Secret (TSS) IDMS Central version RSD (Rogers Development Software - reports repository) ROSCOE - (MF environment, editor, etc) XXX Catalogue - (alias' of TSO userid's) Command file from TSS (VA application) Various VA reports applications New customer applications, for future Various Hardware - supporting UNIX and Windows servers Additional Concerns for Reporting Application "Operating system used by potential reporting application "Support required for web-based vs. thick/thin client based applications. "Hosting platform and/or database required by reporting application "Hidden costs such as separate licenses for supporting applications needed by reporting application "Data encryption standards used "Maintenance base required "Maintenance support options, if any "Process and schedule for application updates, upgrades, releases, patches "Ease of use (GUI-application "look and feel") "Compatibility with security provisioning such as Active Directory "Ability to define user identifications and password complexity "User security levels, initial setup and modification "User setup batch capability "Definition of concurrent user, number concurrent users authorized, and maximum number of concurrent users allowed "Ease of adding new reports or correcting misloads "Search capabilities, search process method (desktop vs. server), and effects on system response "Indexing & re-indexing capacity of reports "Export functionality and output formats of that data "Import functionality and formats accepted "Script capacity for automation of repetitive tasks "Print functionality; for example, full and/or partial report printing, search results, etc.). "Pricing structure "Application's ability to handle local clustering or failover and remote site disaster recovery CONSTRAINTS - REGULATORY, AND OTHER "Federal Information Processing Standards Publication (FIPS) 200, "Minimum Security Requirements for Federal Information and Information Systems" "FIPS 201, "Personal Identify Verification (PIV) of Federal Employees and Contractors" "NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems "NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems "OMB Circular A-130 Appendix III, "Security of Federal Automated Information Resources" "OMB Memorandum M-04-04, "E-Authentication Guidance for Federal Agencies" "VA Directive & Handbook 6210, "Automated Information Systems Security" "VA CIO memo entitled "Implementation of Strengthened Access Controls for Information Security, dated 1/21/2000 "AAC Directive & Handbook 0712, "Information and Physical Security"
 
Web Link
FedBizOpps Complete View
(https://www.fbo.gov/?s=opportunity&mode=form&id=4024817b6c19bebf4840bcda88ed0085&tab=core&_cview=1)
 
Record
SN01758610-W 20090301/090227215742-4024817b6c19bebf4840bcda88ed0085 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.