SOURCES SOUGHT
D -- The Transportation Security Administration (TSA) is seeking sources for Enterprise Digital Rights Management (EDRM)
- Notice Date
- 2/24/2010
- Notice Type
- Sources Sought
- NAICS
- 541519
— Other Computer Related Services
- Contracting Office
- Department of Homeland Security, Transportation Security Administration, Headquarters TSA, 601 S. 12th Street, TSA-25, 10th Floor, Arlington, Virginia, 20598, United States
- ZIP Code
- 20598
- Solicitation Number
- EDRM
- Point of Contact
- Renee Grace, Phone: 571-227-1411, Tonya R Pruitt, Phone: 571-227-3892
- E-Mail Address
-
renee.grace@dhs.gov, tonya.pruitt@dhs.gov
(renee.grace@dhs.gov, tonya.pruitt@dhs.gov)
- Small Business Set-Aside
- N/A
- Description
- Title: The Transportation Security Administration (TSA) is seeking sources for an Enterprise Digital Rights Management (EDRM) System. Description: The Transportation Security Administration (TSA) is seeking sources for Enterprise Digital Rights Management (EDRM) System technologies that are currently available in the marketplace. This is a Sources Sought Notice only and vendors will not be compensated for the information provided. No solicitation will be issued at this time. The Transportation Security Administration (TSA) mission is to protect the Nation's transportation systems and to ensure freedom of movement for people and commerce. To support this mission, TSA is evaluating Enterprise Digital Rights Management (EDRM) products/solutions that can provide the ability to enforce usage restriction of content generated within the TSA environment. The product/solution should allow administrators and end-users to assign usage restrictions to documents that align with document sensitivity and user roles and responsibilities, generate reports based on the creation, usage, and disposition of DRM-protected documents, and integrated with existing document generation and management tools. Please provide a detailed description on how the product works and what differentiates it in the Enterprise Digital Rights Management market space. Please include at a minimum the following information: • Describe how your product manages and enforces enterprise rights across multiple types of information technology systems. Please provide specific information on centralize administration, reporting, and configuration capabilities. • Describe how your product detects, records, and prevents end-users from performing the following actions against files containing sensitive information: o Accessing or attempting to access files containing sensitive information o Accessing or attempting to access excerpts of files containing sensitive information o Creating excerpts of files containing sensitive information by utilizing the operating system clipboard (copy-and-paste), or the save-as function of an application o Modifying files containing sensitive information o Printing files containing sensitive information o Retransmitting files containing sensitive information, either internally, externally, or onto removal media o Creating a screenshot of documents containing sensitive information o Utilizing virtualization tools in an attempt to circumvent any detection or prevention controls • Describe how your product interoperates with existing software systems and tools including the following: o Microsoft Office Suite, Active Directory, Visio, Project, Outlook, Exchange, SharePoint, Communicator o Credant Mobile Guardian Shield o Altiris o Adobe Acrobat o Symantec System Endpoint Protection • Describe the automatic and manual mechanisms by which content can be marked, labeled, and tagged to indicate sensitivity, and by which appropriate access controls can be enforced. • Describe the automatic responses which can be configured to occur as a result of an end-user attempting to perform unauthorized actions against protected content. Include a discussion of automatic encryption and quarantining if applicable. • Describe the mechanisms by which content is protected and rights are enforced both within the internal network, and once it has left the internal network. • Describe the mechanisms by which documents containing sensitive information can be made to expire upon a set date or by remote control, both within the internal network, and once it has left the internal network. • Describe how the product protects against malicious attempts to circumvent the digital rights framework, including attacks based on private key recovery, reading of decrypted content directly from RAM, and the recording of information once it reaches analog form. • Describe a typical work-flow for utilization of the product including required end-user responsibilities, administrator responsibilities, and content-owner responsibilities. Describe end-user processes for updating access attributes on a DRM protected document. • Describe how your product implements or integrates into existing PKI and identity management systems. Describe mechanisms used by your product to provide DRM protected content to non-TSA (i.e. external/third party) users. • Describe the inherent limitations with any digital rights management solution and how your product attempts to mitigate the risks associated with these limitations. • Describe the product architecture and provide a representative diagram(s) if available. Include at a minimum the following product information: o User Interfaces o Directory Integration o Role-based Administration o Policy Creation and Management o System Administration, Reporting, and Other features • Provide additional features/capabilities that differentiate your product from other product/solutions in the market. o Product roadmap o Third party products that have been successfully integrated including Data Loss Prevention, SIEM, and forensic tools • Provide company information and product history o Main Products/Services o Number of Years in the marketplace o Number of deployments, Number of federal government deployments o Professional Services capabilities and partnerships ADMINISTRATIVE All interested parties should submit a capability statement to the TSA Office of Acquisition (OA). The capability statement should clearly explain the contractor's abilities and experience directly related to the tasks listed in this notice. Submissions shall not exceed five (5) pages in length. A company must identify its business size status, type of small business, and applicable NAICS code(s) in the capability statement. Capability statements are required to be received electronically via email to renee.grace@tsa.dhs.gov. Subject: TSA Enterprise Digital Rights Management (EDRM) System, no later than March 10, 2010 at 5:00 p.m. Eastern Time. Responses received after this deadline will not be reviewed. TSA's primary point of contact is the Contracting Officer Renee Grace, who can be reached via e-mail at renee.grace@dhs.gov. Any questions regarding this notice shall be directed to Mrs. Grace in writing, via email by March 3, 2010 at 5:00 p.m. Eastern Time. Companies responding to this Sources Sought Notification are responsible for all expenses associated with responding to this Notification. (Note: TSA will not pay any costs associated with this effort). The TSA is not seeking or accepting unsolicited proposals. Since this Sources Sought Notification is for information and planning purposes, no evaluation letters or results will be issued to respondents. Contracting Office Address: 601 S. 12th Street TSA-25, 10th Floor Arlington, Virginia 20598 United States
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/DHS/TSA/HQTSA/EDRM/listing.html)
- Place of Performance
- Address: United States
- Record
- SN02073623-W 20100226/100224234956-2ac85947ec7637440290b112f99f4925 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |