Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF JANUARY 28, 2011 FBO #3352
SOURCES SOUGHT

D -- Identity and Access Management Solution Sources Sought

Notice Date
1/26/2011
 
Notice Type
Sources Sought
 
NAICS
541511 — Custom Computer Programming Services
 
Contracting Office
Department of Commerce, National Institute of Standards and Technology (NIST), Acquisition Management Division, 100 Bureau Drive, Building 301, Room B129, Mail Stop 1640, Gaithersburg, Maryland, 20899-1640
 
ZIP Code
20899-1640
 
Solicitation Number
SB1341-11-NISTIDAM
 
Archive Date
3/1/2011
 
Point of Contact
Keith Bubar, Phone: 3019758329
 
E-Mail Address
keith.bubar@nist.gov
(keith.bubar@nist.gov)
 
Small Business Set-Aside
N/A
 
Description
This sources sought notice is issued for information and planning purposes only. This announcement is not a Request for Proposals (RFP) and does not commit the Government to solicit or award a contract now or in the future. No solicitation is available at this time. The purpose of this notice is to identify sources with the requisite qualifications that could provide the service stated herein. All small business concerns (SB, 8(a), SDB, WOSB, HUBZone, VOSB and SDVOSB) capable of performing the requirement indicated below are encouraged to respond to this notice. The Department of Commerce (DOC), National Institute of Standards and Technology (NIST) has a requirement for an Identity and Access Management (IDAM) solution to be implemented, customized, integrated and configured for NIST to remain in compliance with regulations ad detailed below. Currently, the core of NIST's IDAM solution consists of the NIST Locator and the Account Management System (AMS). They are linked to NIST's directory services through various third party applications custom developed import and export routines and manual processes. The NIST Locator and AMS system were designed over thirteen years ago and are based on legacy technology, systems and processes. They will be replaced by the new IDAM solution. NIST's IT Authentication and Authorization Infrastructure NIST has implemented the Windows Active Directory (Windows Server 2008R2) as the primary authentication and authorization infrastructure for IT systems. The Active Directory infrastructure also provides username and password authentication and authorization for applications utilizing LDAP. The NIST Windows Active Directory infrastructure is synchronized with the NIST Locator and Account Management System through a NIST developed process utilizing Directory Wizards SimpleSync. Hitachi ID Password Manager is currently used to allow NIST users to change their Active Directory passwords and perform self-service recovery of forgotten passwords. NIST's IT System Environment NIST currently utilizes approximately 140 applications for general business and administrative functions. These applications may be in-house developed and operated systems, COTS applications operated in-house or applications hosted and operated externally to NIST. Approximately 10% of NIST's applications currently utilize the NIST Windows Active Directory for authentication and less than 5% are automatically provisioned through the current NIST IDAM solution. The remaining applications are provisioned and maintained independently often through distributed manual processes. Applications may be operated out of either the Gaithersburg or Boulder facilities, some applications have a presence in both facilities. Most applications support users at both sites and some support non-NIST users located at other DoC facilities. NIST's Physical Access Control Environment NIST currently operates Physical Access Control systems (PACS) at both its Gaithersburg and Boulder campuses. These systems are currently disconnected from the logical environment and from each other. In addition, the Boulder PACS supports the entire Boulder campus including non-NIST occupants from other DoC Bureaus. New IDAM Solution Goals In order to implement Homeland Security Presidential Directive 12 (HSPD-12) and to comply with the November, 2010 Office of Management and Budget (OMB) passback (OMB M-10-15), which requires that all Federal agencies implement HSPD-12 and align their Identity, Credential, and Access Management (ICAM) activities with the Federal ICAM Roadmap, NIST is seeking a solution that will modernize its IDAM system and processes. The purpose of this solution is to enable NIST to meet the Goals and Objectives outlined in the Federal ICAM Roadmap, to improve the efficiency of NIST and to support the diverse NIST IT environment. The solution shall perform the following: • Centralize the access request, approval, and management processes • Facilitate the use of Personal Identity Verification (PIV) credentials for authentication, digital signatures, and encryption • Enable NIST to implement role-based user provisioning by linking users' access to assigned business roles • Allow for the access rights of managed users to be quickly audited across the NIST enterprise • Enable the provisioning of new users and accounts across the NIST enterprise in less than one hour • Enable the de-provisioning of users and accounts across the NIST enterprise in less than one hour. • Reduce the transmission and re-keying of (Personally Identifying Information) PII and identity data by interfacing / integrating with authoritative data sources and dependent systems. NIST's Authoritative Identity Data Source In preparation for the new IDAM solution NIST has implemented an authoritative identity data source, the Central People Table (CPT). The digital identity information of all NIST users is stored in a single Oracle database, the CPT. The CPT creates digital identities from NIST's two on-boarding applications-the NIST Associates Information System-Web (NAIS-Web), which tracks NIST Associates (contractors and guest researchers), and the NIST Human Resources Employee Arrival and Departure System (HRADS), which tracks NIST federal employees. While most individuals hold a single "position" at NIST, those in the CPT have a one-to-many relationship with regard to positions. This allows the CPT to support the following NIST situations: 1. A NIST Associate has relationships (agreements) with multiple NIST organizations. 2. A person changes from a NIST Associate to an Employee (Hire) or from an Employee to Associate (Retirement) 3. A NIST Employee who fills several organizational positions usually has additional roles in an "Acting" capacity. Projected Scope NIST anticipates the award of an Indefinite-Delivery, Indefinite-Quantity (IDIQ) contract to establish a vehicle for NIST to upgrade its Identity, Credentialing and Access Management (ICAM) infrastructure and processes to be compliant with HSPD-12 to comply with the November, 2010 OMB pass back (OMB M-10-15) and to align NIST's ICAM infrastructure with the Federal ICAM Roadmap. NIST anticipates that tasks issued under this contract will include professional services and technologies required to transition from the current NIST IDAM state, which is based on disconnected manual processes and decentralized provisioning, authentication and authorization, to a centrally managed and maintained state which is aligned with the Federal ICAM Roadmap and leverages PIV cards as the primary authentication mechanism. It is intended that the core component of the IDAM target implementation will be a commercial-off-the-shelf (COTS) Identity and Access Management solution. It is intended that the IDAM system in the target state shall: • Be integrated with internal (NIST operated) and external (not-NIST operated) identity repositories, directories, systems, applications, Logical Access Control systems and Physical Access Control systems. • Centrally perform full lifecycle identity, credential and access management for all NIST sites for NIST systems (internal and external). • Enable PIV card authentication to systems. Additional components and services may include any technologies (software or hardware) required to meet the detailed IDAM solution requirements, to integrate with NIST systems (internal and external) or to support the use of the PIV card. Professional support services may include, but may not be limited to: • Design of the solution • Installation and configuration of solution components • Integration of the solution with authoritative data sources • Integration of the solution with managed systems • Interface with external data sources and authentication providers • Operations and maintenance of the solution components • Help desk support • Continuity of operations support • Training of system users • System and security documentation • Customization and enhancement of solution components • Testing of solution, solution component, and integration. NIST anticipates the award of an IDIQ contract for a base period of one year, followed by four, one-year option periods. The total estimated value of this contract vehicle is $5 million over the life of the contract, inclusive of cost of services and products/licenses. The applicable NAICS code for this requirement is 541511 - Custom Computer Programming Services, with an SBA size standard of $25 million. Sources that have the ability to provide this contracting support are asked to respond to this notice with a corporate capability statement of a maximum of ten (10) pages to provide a clear and complete narrative of current capabilities to meet the NIST requirements as described in this notice. Those sources are requested to respond to this notice and in so doing, provide the following information within their narrative: information on the capabilities of their COTS IDAM solution, information on the relationship between the source and the manufacturer of the COTS IDAM solution if applicable, information regarding the breadth of services the source has performed on their COTS IDAM solution. In addition, those sources are requested to provide the following organization information: organization information to include company name and address, size of business as it relates to NAICS code 541511 (size standard $25 million), current point of contact (including telephone number, facsimile number and e-mail address), list of current GSA schedule contracts under which your company can provide services in one or more of the applicable task areas, and a list of contracts within the past three (3) years under which the interested party has performed the same or similar work. All responses shall be emailed to keith.bubar@nist.gov no later than 5:00 pm EST February 14, 2011.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOC/NIST/AcAsD/SB1341-11-NISTIDAM/listing.html)
 
Record
SN02367145-W 20110128/110126234232-cfd89cae8902a54f18a84fe2a4e8fd15 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.