Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF MARCH 29, 2012 FBO #3778
SOURCES SOUGHT

70 -- Email Encryption Software - Sources Sought with Diagrams

Notice Date
3/27/2012
 
Notice Type
Sources Sought
 
NAICS
511210 — Software Publishers
 
Contracting Office
Social Security Administration, Office of Budget, Finance, and Management, Office of Acquisition and Grants, 1st Floor, Rear Entrance, 7111 Security Blvd., Baltimore, Maryland, 21244
 
ZIP Code
21244
 
Solicitation Number
SSA-RFI-12-1029
 
Archive Date
4/25/2012
 
Point of Contact
Deborah R Wilson, Phone: (410) 966-2818, Jane W Quinn, Phone: 4109659588
 
E-Mail Address
debbie.r.wilson@ssa.gov, jane.quinn@ssa.gov
(debbie.r.wilson@ssa.gov, jane.quinn@ssa.gov)
 
Small Business Set-Aside
N/A
 
Description
Sources Sought with Diagrams The Social Security Administration (SSA) is attempting to identify responsible Contractors that are capable of providing an email encryption software product and accompanying maintenance support. The encryption system will allow its employees to send and receive email to other agencies and private citizens securely. Encryption will help protect SSA and its clients from loss of Personally Identifiable Information (PII). Federal regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX), the Graham-Leach-Bliley Act (GLBA) and at least one state law, Massachusetts 201 CMR 17.00, have been passed with the protection of individual's PII in mind. With the growth of the Internet, email has become a convenient method of world-wide communication. In order for SSA to use email as a means of conversing with the public, that communication must be encrypted. The public--and to some extent the business community-- cannot be counted on to have the resources to implement "their side" of the encryption process. To that end, an email solution that allows SSA to meet the requirements of State and Federal regulations must be provided solely by SSA. An email encryption system needs to provide the following capabilities: •· Server/appliance based encryption - capable of being administered locally; •· Email is encrypted during the following portion of its travel: •o Send from SSA: SSA gateway to remote desktop •o Reply to SSA: Remote desktop to SSA gateway; •· Product must meet SSA's security official's approval; •· Capability for individual user to initiate encrypted email to SSA; and •· Policy based application of encryption. An email encryption solution should not have the following dependencies: •· Require hardware or software purchase by email recipients; •· Require storage of emails on SSA host(s); •· Require maintenance of certificates by email recipients; •· Require hosting of email on Non-SSA infrastructure; •· Are Endpoint only; and •· Preferably, the encryption system should not store keys - but generate keys on the fly. Interaction with the encryption solution must be transparent - both to SSA and remote users. If the user on either end to the email conversation has to interact with the solution, the ability to send unencrypted email still remains with the user. Detailed requirements (see attachment) An example of secure Portable Document Format (PDF) encryption Generic functionality of encrypted email "send" process The steps of sending an encrypted email from SSA to the Internet •· SSA user composes email in Outlook and clicks [SEND] •· The email is routed to SSA's encryption server •· SSA encryption server applies its policy - to determine if the email should be encrypted •· If the email is to be encrypted: •· If the SSA encryption server already has the internet recipient's public key, the key is used to encrypt the email. •· If the SSA encryption server does not have the internet recipient's public key, the email is held temporarily, and a message to the internet recipient is generated, with instructions on obtaining a public key. •· The encrypted email(or instructions for public key) is sent to the internet recipient The diagram below shows the components necessary to have a system capable of sending and receiving encrypted emails to and from SSA - without cost or configuration to remote recipients. Such a system guarantees that SSA can have a fully encrypted email conversation with its partners and the public, and SSA can control the entire process. Generic functionality of encrypted email "receive" process The steps of receiving an encrypted email from SSA over the Internet •· Internet recipient receives encrypted message or notification in inbox •o If the internet user already has public key, message should either: •§ Display immediately or possibly •§ Require internet user to click a link or payload file to read email •o If the internet user needs to get a public key, the instructions in the delivered email should direct the user on obtaining a public key. •o After the internet user has obtained a public key, the temporarily held email should be encrypted and sent to the internet user. Generic functionality of sending an encrypted "reply" email to SSA from the Internet The steps involved in sending an encrypted email from the Internet to SSA •· Internet user has already created credentials with SSA encryption server(to receive the email) •· Internet user clicks a "reply" link in the received email and is taken - via SSL to SSA encryption host to generate and send a reply. Generic functionality of initiating an encrypted email to SSA from the Internet Internet users need to ability to send encrypted emails to SSA. This can be enforced - if SSA offers an encryption solution to non-SSA users at no cost to the non-SSA users. •· Internet already has credentials - from a previously received encrypted SSA email. Or Internet user can go to SSA email encryption web portal to get credentials. •· Internet user then composes and sends encrypted email to SSA from SSA secure email web portal. Generic functionality of administering the email encryption system The administrator of SSA's encryption will need to have a level of control over the encryption process. •· Ability to block "Reply All", "Forward" and forward to domain •· Ability to revoke(basically cancel) an encrypted message •· Remote administration of encryption infrastructure by SSA personnel. •· Preferably require minimum or no backup •· Support levels of administrator privileges Format of Response : The Government does not intend to reimburse for any information or materials submitted in response. The SSA will not notify respondents of the results of the evaluation. The Government will not issue a contract award based on the responses received. SSA is issuing this Sources Sought Notice as part of a market research to determine the availability of services, products, and capabilities in the market place. The Agency is not issuing a solicitation at this time. This notice shall not be construed as a commitment by the Government to issue a solicitation or ultimately award a contract, nor does it restrict the Government to a particular acquisition approach. Information obtained from the industry responses to this notice may be used in the development of the acquisition strategy and future request for quotes.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/SSA/DCFIAM/OAG/SSA-RFI-12-1029/listing.html)
 
Place of Performance
Address: Social Security Administration, National Computer Center, Woodlawn, Maryland, 21235, United States
Zip Code: 21235
 
Record
SN02707096-W 20120329/120327235848-c7ad0e49928aacaa94a31cbf9b20198b (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.