Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF JUNE 16, 2011 FBO #3491
SOLICITATION NOTICE

70 -- USSOCOM password policy enforcer - Additional Documents

Notice Date
6/14/2011
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
443120 — Computer and Software Stores
 
Contracting Office
Department of the Air Force, Air Mobility Command, 6th Contracting Squadron, 2606 Brown Pelican Ave., MacDill AFB, Florida, 33621-5000, United States
 
ZIP Code
33621-5000
 
Solicitation Number
F2VUJ01147AC01
 
Archive Date
7/21/2011
 
Point of Contact
Thomas M. Armstead, Phone: 8138281091, Alyson Gowin, Phone: 813-828-1872
 
E-Mail Address
thomas.armstead@us.af.mil, alyson.gowin@macdill.af.mil
(thomas.armstead@us.af.mil, alyson.gowin@macdill.af.mil)
 
Small Business Set-Aside
Total Small Business
 
Description
USSOCOM M 380-3 DODI 8500.2 DISA Standard Technical Implementation Guides (STIG) This is a combined synopsis/solicitation for a commercial product prepared in accordance with the format in FAR Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will NOT be issued. This is a Request for Quote (RFQ) and the solicitation number is F2VUJ01147AC01. This acquisition is set aside for 100% small business competition. The 6th Contracting Squadron, MacDill AFB, Florida, requires the following: a password policy enforcer unlimited user subscription license with a base and four option years. DESCRIPTION OF REQUIREMENT CLIN 0001 - password policy enforcer unlimited user subscription license POP: 1 OCT 2011- 30 SEPT 2012 CLIN 1002 - password policy enforcer unlimited user subscription license POP: 1 OCT 2012- 30 SEPT 2013 CLIN 2003 - password policy enforcer unlimited user subscription license POP: 1 OCT 2013- 30 SEPT 2014 CLIN 3004 - password policy enforcer unlimited user subscription license POP: 1 OCT 2014- 30 SEPT 2015 CLIN 4005 - password policy enforcer unlimited user subscription license POP: 1 OCT 2015- 30 SEPT 2016 Please provide a BRAND NAME OR EQUAL quote. If an or equal quote is submitted, the proposal will be sent to the technical advisor for compatibility verification. ANY OFFEROR PROVIDING AN OR EQUAL PRODUCT SHOULD DESCRIBE THOROUGHLY HOW THEIR PRODUCT MEETS ALL THE CHARACTERISTICS LISTED BELOW IN THE STATEMENT OF OBJECTIVES. FAILURE TO DO SO WILL MAKE THAT OFFEROR NON-RESPONSIVE AND WILL NOT BE CONSIDERED FOR AWARD. STATEMENT OF OBJECTIVES Password Policy Enforcement Product Description USSOCOM requires an Enterprise Password Policy Enforcement tool that improves network security by ensuring users choose strong passwords. The product should check every new password for compliance with password policies outlined in USSOCOM M 380-3 and DISA Standard Technical Implementation Guides (STIG)(attached documents) for Microsoft Operating Systems requiring sites to have a password complexity software product. The product must be able to immediately reject non-compliant passwords. Microsoft Windows has a basic password complexity rule, but it accepts many weak passwords like "Secret1" and "Pa$word". We require a software tool that allows us to enforce almost any password policy imaginable. Also need the capability to create multiple password policies and assign them to individual users, groups, and Organizational Units. SPECIFICALLY THE PRODUCT MUST: a. Help users to choose passwords Help users to choose a compliant password, thereby reducing the number of password related helpdesk calls. Users can see the password policy as they enter their password, and are told exactly why their password was rejected. Administrators can customize the policy and rejection messages. b. Multiple password policies Enforce multiple password policies in each domain. Policies can be assigned to users, groups, and Organizational Units. Should be able to exempt some accounts from the PPE password policy, or allow administrators to bypass the policy when resetting a user's password. c. Powerful password policy rules Possess highly configurable rules. Require users to comply with all rules, or enforce a more tolerant policy by allowing partial compliance. Relax the password policy requirements when a passphrase (long password) is used. Rules can be combined to create complex requirements such as "password must contain a numeric character, but not in the first position". d. Advanced dictionary rule The dictionary rule is the most important rule because it detects the most vulnerable passwords and has the greatest impact on server performance. It should allow administrators to control non-alpha character detection, character substitution detection, bidirectional analysis, wildcard analysis, and match tolerance to give administrators granular control over their password policy. The dictionary must have no impact on server performance. e. Controlled password expiry Need a Maximum Age rule, allowing us to gradually expire passwords over days or weeks. Microsoft Windows expires passwords when they reach their maximum age, possibly triggering hundreds or thousands of forced password changes when the maximum password age rule is first enabled. Password expiry modes limit the number of daily expirations, so the helpdesk can deal with any additional load. f. Customizable e-mail reminders Send up to three e-mail reminders to users before their passwords expire. This is especially useful for users who logon infrequently, and for remote users who access the network without logging on to the domain. g. Integrated policy testing Integrated policy testing would allow us to quickly test your password policy before enforcing it. Use the test results to identify and correct configuration errors, and to determine if the password policy meets our security requirements. h. Password synchronization Allow synchronization the user's password with other systems or applications. i. Password Reset integration Require the capability for a self service password management system that allows users to reset their password and unlock their account without calling the helpdesk. j. Product Deployment The password policy enforcer software deployment must be able to be configured and deployed across the USSOCOM Enterprise without using any hours from the existing workforce. It also must not require any new training for SIE network operators. This software must also meet the following DODI 8500.2 controls: IAIA-1 & 2 Individual Identification and Authentication DoD information system access is gained through the presentation of an individual identifier (e.g., a unique token or user logon ID) and password. For systems utilizing a logon ID as the individual identifier, passwords are, at a minimum, a case sensitive, 8-character mix of upper case letters, lower case letters, numbers, and special characters, including at least one of each (e.g., emPagd2!). At least four characters must be changed when a new password is created. The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-50 effective 16 May 2011, DFAR DPN 20110518 effective 18 May 2011 and AFFAR AFAC 2011-0421 effective 21 April 2011. The North American Industry Classification System code (NAICS) 423430 Computer and Computer Peripheral Equipment and Software Merchant Wholesalers. A firm fixed price contract will be awarded. All interested parties must bid on all items. BASIS FOR AWARD: Award will be made to the offeror that is determined to be technically acceptable and in the best interest of the Government. 52.212-2 Evaluation -- Commercial Items (Jan 1999) (a) The Government will award a contract resulting from this solicitation to the responsible offeror whose offer conforming to the solicitation will be most advantageous to the Government, price and other factors considered. The following factors shall be used to evaluate offers: (i) technical capability of the item offered to meet the Government requirement and all characteristics listed above (ii) price; Award will be made to the offerror with the lowest price technically acceptable bid. (b) A written notice of award or acceptance of an offer, mailed or otherwise furnished to the successful offeror within the time for acceptance specified in the offer, shall result in a binding contract without further action by either party. Before the offer's specified expiration time, the Government may accept an offer (or part of an offer), whether or not there are negotiations after its receipt, unless a written notice of withdrawal is received before award. (End of Provision) DELIVERY ADDRESS: United States Special Operations Command (US SOCOM), MacDill AFB (Tampa), FL 33621. PROVISIONS/CLAUSES: The following Federal Acquisition Regulation (FAR), provisions and clauses apply to this solicitation and are incorporated by reference (provisions and clauses may be obtained via the internet: http://farsite.hill.af.mil, http://www.arnet.gov/far/, or http://safaq.hq.af.mil/contracting): FAR 52.204-7, Central Contractor Registration; FAR 52.209-6 Protecting the Government's Interest; FAR 52.211-6 Brand Name or Equal; FAR 52.212-1, Instruction to Offerors-Commercial Items; FAR 52.212-4, Contract Terms and Conditions; FAR 52.247-34, F.O.B. Destination. The following FAR clauses apply to this solicitation and are incorporated in full text: FAR 52.212-3, Offeror Representation and Certifications-Commercial Items (Offeror must submit a completed copy of this prevision with its proposal for the proposal to be considered. See https://orca.bpn.gov/ for online submittal); FAR 52.212-5, Contract Terms and Conditions Required to Implement Statutes Or Executive Orders-Commercial Items, within FAR 52.212-5, the following clauses apply: FAR 52.204-10 Reports on Subcontracting; FAR 52.217-8 Option to Extend Services (fill-in = 30 days); FAR 52.217-9 Option to Extend the Term of the Contract (fill-ins = 60 days, 30 days respectively); FAR 52.219-6, Total Small Business Set-Asides, FAR 52.219-28, Small Business Representations; FAR 52.222-3, Convict Labor; FAR 52.222-19, Child Labor-Cooperation with Authorities and Remedies; FAR 52.222-21, Prohibition of Segregated Facilities; FAR 52.222-26, Equal Opportunity; FAR 52.222-36, Affirmative Action for Workers with Disabilities; FAR 52.223-18, Text Messaging While Driving; FAR 52.225-13 Restrictions on Certain Foreign Purchases; FAR 52.232-33 Payment By Electronic Funds Transfer-Central Contractor Registration; FAR 52.252-2, Clauses Incorporated by Reference. The following Defense Federal Acquisition Regulation Supplement (DFARS) clauses apply to this solicitation and are incorporated by reference: DFARS 252.204-7003 Control of Government Personnel Work Product; 252.243-7001, Pricing of Contract Modifications; 252.204-7004 (Alt 1), Required Central Contractor Registration; 252.232-7010, Levies on Contract Payments. The following DFARS clauses apply to this solicitation and are incorporated in full text: DFARS 252.212-7000, Offeror Representations and Certifications-Commercial Items; DFARS 252.212-7001, Contract Terms and Conditions Required to Implement Statutes or Executive Orders Applicable to Defense Acquisitions of Commercial Items, within DFARS 252.212-7001, the following clauses apply: DFARS 252.203-7000, Requirements Relating to Compensation of Former DoD Officials; DFARS 252.225-7001, Buy American Act and Balance of Payment Program; DFARS 252.225-7036 Buy American Act, Free Trade Agreements, Balance of Payment Programs; DFARS 252.232-7003, Electronic Submission of Payment Requests; DFARS 252.247-7023(Alt 3) Transportation of Supplies by Sea. The following Air Force Federal Acquisition Regulation Supplement (AFFARS) clause applies and is incorporated in full text: AFFARS 5352.201-9101, Ombudsman: (a) An ombudsman has been appointed to hear and facilitate the resolution of concerns from offerors, potential offerors, and others for this acquisition. When requested, the ombudsman will maintain strict confidentiality as to the source of the concern. The existence of the ombudsman does not affect the authority of the program manager, contracting officer, or source selection official. Further, the ombudsman does not participate in the evaluation of proposals, the source selection process, or the adjudication or protests or formal contract disputes. The ombudsman may refer the party to another official who can resolve the concern. (b) Before consulting with an ombudsman, interested parties must first address their concerns, issues, disagreements, and/or recommendations to the contracting officer for resolution. Consulting an ombudsman does not alter or postpone the timelines for any other processes (e.g., agency level bid protests, GAO bid protests, requests for debriefings, employee-employer actions, contests of OMB Circular A-76 competition performance decisions). (c) If resolution cannot be made by the contracting officer, concerned parties may contact the Center/MAJCOM ombudsman Mr. Michael R. Jackson, HQ AMC/A7K, 507 Symington Drive, Scott AFB, IL 62225-5022, (618) 229-0267, fax (618) 256-668, email: Michael.Jackson@scott.af.mil. Concerns, issues, disagreement, and recommendations that cannot be resolved at the MAJCOM/DRU level, may be brought by the concerned party for further consideration to the Air Force ombudsman, Associate Deputy Assistant Secretary (ADAS) (Contracting), SAF/ACQ, facsimile number (703) 588-1067. (d) The ombudsman has no authority to render a decision that binds the agency. (e) Do not contact the ombudsman to request copies of the solicitation, verify offer due date, or clarify technical requirements. Such inquiries shall be directed to the Contracting Officer. (End of clause) Also your quote must list your DUNS number, CAGE code, and Federal TIN with Company name, POC and phone number. If you need to obtain or renew a DUNS number or CAGE code, please visit www.ccr.gov. Lack of registration in the CCR database will make an offeror ineligible for award. DEADLINE: Offers are due on 6 July 2011 by 9:00 AM EST. Submit offers or any questions to the attention of Thomas Armstead 6CONS/LGCB by email to thomas.armstead@us.af.mil.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/USAF/AMC/6CS/F2VUJ01147AC01/listing.html)
 
Place of Performance
Address: Macdill AFB, Tampa, Florida, 33579, United States
Zip Code: 33579
 
Record
SN02472291-W 20110616/110614234945-a5192ac3e7ac239758da61f0c2dd0687 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.