Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JULY 25, 2014 FBO #4626
SPECIAL NOTICE

D -- Enterprise Web Proxy RFI - RFI

Notice Date
7/23/2014
 
Notice Type
Special Notice
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Department of Health and Human Services, Program Support Center, Division of Acquisition Management, 12501 Ardennes Avenue, Suite 400, Rockville, Maryland, 20857, United States
 
ZIP Code
20857
 
Solicitation Number
HHS-OCIO-RFI-14-001
 
Archive Date
9/4/2014
 
Point of Contact
Wendy C. Cruz, Phone: 301-443-3086, Susan Bechtel, Phone: 301-443-6925
 
E-Mail Address
Wendy.Cruz@psc.hhs.gov, Susan.Bechtel@psc.hhs.gov
(Wendy.Cruz@psc.hhs.gov, Susan.Bechtel@psc.hhs.gov)
 
Small Business Set-Aside
N/A
 
Description
RFI Document This is a Request for Information (RFI). This is NOT a solicitation for proposals, proposal abstracts, or quotations. The purpose of this RFI is to obtain knowledge and information for project planning purposes. INTRODUCTION: The mission of the U.S. Department of Health and Human Services (HHS) is to enhance the health and well-being of Americans by providing for effective health and human services and by fostering strong, sustained advances in the sciences, underlying medicine, public health, and social services. The HSS Chief Information Officer (CIO) and the Office of Information Security (OIS) are responsible for providing the secure computing resources for daily operations of the HSS Office of the Secretary, Staff Divisions (StaffDivs), and various of the smaller Operating Divisions (OpDivs), while coordinating the protection of critical public health systems and data and initiatives to improve the overall security posture of the Department. In pursuit of HHS's mission to serve the Nation's public health needs in an efficient and secure fashion, HSS is currently considering input from vendors that will be able to deliver content filtering web proxy solutions to a larger, federated environment. As part of this security initiative, HHS is looking for solutions and product(s) that will enable web traffic inspection and filtering at a centralized point while maintaining the ability of operational divisions to manage exceptions for their users. PURPOSE: This Request for Information (RFI) will provide HHS with information that will be used in determining a path forward in its goal of implementing enterprise web proxy services within HHS. The principle objective of this RFI is for HHS to receive information from industry that would assist to: 1. Provide recommended approaches to web proxy such as, but not limited to, content filtering, SSL decryption, policy management, or other solutions. 2. Define the requirements for the implementation of a Web Proxy solution. 3. Define the steps and processes involved in rolling out a Web Proxy solution to such a large and technically diverse organization such as HHS. 4. Enable sub-divisions of HHS the ability to grant needed exceptions on a user by user basis without the need to forfeit control over independent domain structures. BACKGROUND: The HHS is comprised of multiple sub-organizations (OpDivs and StaffDivs), each with their own unique and often separate missions. The goal of this effort is to develop web proxy and web filtering capability at a small number of controlled ingress and egress points such that the services can be provided to the operational divisions with minimal duplicative implementation. HHS seeks a best practice solution which would allow it to meet its goal of delivering the required functionality. For the purposes of this RFI, the responder can assume HHS consists of multiple operational divisions with independent networks that utilize centralized access points to access untrusted networks. Further, the responder can assume that some of these subnets span multiple physical locations. The proposed solution should address supporting the HHS operational divisions and their disparate networks with the ability to manage multiple filtering policies and allow user exceptions, without causing undue damage to the independence of those operational divisions. PROJECT REQUIREMENTS: Scope HHS is investigating the options available to consolidate web proxy solutions to a small number of controlled access points. The current solutions support a combined total of approximately 150,000 users across the enterprise. This solution should scale to the entire department and be able to potentially support up to 200,000 users across the various HHS OpDivs. The solution must be able to support 10 GB throughput (full-duplex) and the solution must have the ability to scale up to 100 GB. The solution should meet all mandated requirements for Federal Government computing systems, including 508 Compliance, FIPS, IPv6, HSPD-12, and NIST Special Publication, and Continuous Diagnostics and Mitigation requirements. The following Software, Protocols, Directory and Management Tools and capabilities are currently used to support, manage and secure HHS computers. These tools should be taken into consideration in relationship to the current configuration and the proposed solution: • Configuration and patch management solutions • Integration with enterprise information technology (IT) infrastructure & network management tools (e.g. SolarWinds, OpenNMS, InterMapper, etc...) • Microsoft Active Directory - Network Directory System, with 8 or more domains. These domains are not within a common forest, and may themselves contain separate domain trees. These separate forests may or may not have trust relationships between themselves and other forests. The proposed solution should address the following questions: Company Background 1. Provide a brief profile of the company, its management team, the company's vision, technology awards/recognitions and the current financial status. 2. Provide a summary of the current client base, highlighting similar sized clients within the Federal Government sector and distinguishing factors with competing products. 3. Identify at least one successful Web Proxy installation of similar size and complexity in the Federal Government. Solution Overview and Architecture 1. Describe the recommended solution/product's overall approach to web proxy and content filtering. 2. Provide examples of successful past implementations in large diverse organizations, including any Federal Government installations of comparable size and scope. 3. Describe in both narrative and illustration (e.g., Visio drawing), a proposed logical and physical architecture for the deployment of a Web Proxy for HHS and associated OpDivs/StaffDivs as described above, including discussion of appliance-based versus vendor or HHS provided hardware/software based) equipment and any platform dependencies. 4. Describe features native to the technology to ensure fault tolerance, high availability, and disaster recovery options, both local and remote hardware (e.g., clusters at multiple locations, total or partial failure of a cluster, etc.) 5. Describe the level of transparency to the user, i.e. how intrusive is the proxy into a user's workflow. Technical Design 1. Describe how your solution accomplishes web traffic decryption and how the user experience is affected. 2. Describe how your solution allows for multiple administrators to manage subsets of users. 3. Describe how your solution handles user exceptions in an environment where access to a Domain Controller may be limited. 4. Describe any "best practices" guidelines for you product. 5. Describe any additional proxy-based capabilities your product offers, such as web-based malware protection, DLP, SSL decryption, or others. Deployment & Installation 1. In similar installations, what is the typical project timeframe from initial procurement to fully installed status? Describe the common project and/or technology challenges experienced in at least three similar sized installations. 2. Based on the proposed size and complexity, what is the typical support component size in FTEs for initial deployment, fine tuning and ongoing product life cycle support? What levels of experience and person hour support times are required for ongoing maintenance of the product as represented by HHS proposed sizing? 3. What is the methodology for software updates, patches, product testing, client driven new feature requests and hardening of the solution? 4. Provide an overview of onsite support provided during the installation phase and ongoing health checks. System Management 1. Describe the process to install, configure, and roll out a proxy solution for a group of users. 2. Describe the management user interface to include the type of graphical presentation used, specific browser requirements, Java or other intermediate compiled language requirements, OS requirements, end user access requirements (root/admin access privileges) and any required client software management workstation. 3. Describe native tools available to assist with user exception management. 4. Describe the access control mechanism to allow administrators to control filtering policies and user exceptions. 5. Describe the integration with SEIM solutions. 6. Describe the granular reporting capabilities for separate organizational units, and the RBAC for the separation of those reporting capabilities (i.e. how do separate OpDivs get individual reports without seeing each other's traffic?) Compliance and Security 1. Describe demonstrated compliance with all federal laws/regulations, OMB Circulars/Appendices, FIPS 140-2, NIST guidance and Presidential Directives applicable to federal agencies? 2. Describe compliance mapping of the solution with Trusted Internet Connection, NIST Special Publication 800-53 and FIPS 199 for low, medium and high impact systems. 3. Describe the security options available in your product/solution, to include but not limited to, security event logging thru a SIEM, IDS, firewalls, account management, timeouts, application control. Pricing and Licensing (Optional) 1. Describe the hardware/software licensing model for all components included in the solution proposed and any external licensing requirements for components not included. This will include per CPU fees, support requirements, client licenses, test environment licensing, disaster recovery environment licensing, bandwidth consumption, storage capacity and/or agent licensing. 2. Describe the product licensing methodology and the process for obtaining activation keys, encryption keys and emergency access to the solution and/or data. 3. Describe data storage licensing for temporary and long term storage. This will include any external dependencies for separate SQL (Microsoft and/or Oracle) or other RDBMS licensing. 4. Describe the costs for training, professional services at various tiers and onsite support during installation and post-installation. 5. Describe ongoing fees for upgrades, maintenance and recurrent training. 6. Describe support fees for 24x7 access to upper tier support levels by HHS staff. CAPABILITY STATEMENT/INFORMATION SOUGHT: Respondents must provide, as part of their response, a capability statement, "white paper," answers to questions/issues, etc. The response must include written descriptions of the solution, technical papers describing typical solutions, marketing brochures, descriptive articles, and other informative materials that may be helpful to HHS's understanding of deploying a web proxy to our diverse environment. INSTRUCTIONS: • Please limit your response to no more than twenty (25) pages, 8.5x11 page size, with a twelve (12) point font. The RFI should contain a cover page and index of topics addressed. The cover page, index of topics, pricing and licensing section is excluded from the 25 page response limitation. • Responses to the RFI should be provided as a Microsoft Word or Adobe PDF file. • Telephone and facsimile responses will not be accepted. Cover Page should contain: 1. Respondents' DUNS number, organization name, complete address, and size and type of business (e.g., 8(a), HUBZone, etc.) pursuant to the applicable NAICS code. 2. Respondents' technical and administrative points of contact, including names, titles, addresses, telephone and fax numbers, and e-mail addresses. SUBMISSION DEADLINE: Questions Questions relating to this RFI shall be submitted to Wendy Cruz via electronic mail at wendy.cruz@psc.hhs.gov and Susan Bechtel at Susan.Bechtel@psc.hhs.gov. All e-mail inquiries shall have "HHS-OCIO-RFI-14-001_Enterprise Web Proxy" listed in the subject line. Questions relating to this acquisition shall be submitted as an excel spreadsheet using the following table: # Question* Identify Section Identify Page # 1 2 3 4 * One question per row. Responses Responses to this RFI must be submitted no later than August 20, 2014 by 5:00PM Eastern Standard Time (EST). The response should be submitted to Wendy Cruz via electronic mail at wendy.cruz@psc.hhs.gov. All e-mail submissions shall have "HHS-OCIO-RFI-14-001_Enterprise Web Proxy" listed in the subject line. DISCLAIMER AND IMPORTANT NOTES: Disclaimer This notice does not obligate the Government to award a contract or otherwise pay for the information provided in response. The Government reserves the right to use information provided by respondents for any purpose deemed necessary and legally appropriate. Any organization responding to this notice should ensure that its response is complete and sufficiently detailed. Information provided will be used to assess tradeoffs and alternatives available for the potential requirement and may lead to the development of a solicitation. Respondents are advised that the Government is under no obligation to acknowledge receipt of the information received or provide feedback to respondents with respect to any information submitted. Any solicitation resulting from the analysis of information obtained will be announced to the public in Federal Business Opportunities in accordance with the FAR Part 5. However, responses to this notice will not be considered adequate responses to a solicitation. Confidentiality No proprietary, classified, confidential, or sensitive information should be included in your response. The Government reserves the right to use any non-proprietary technical information in any resultant solicitation(s). Note: The enclosed RFI document is a duplicate of the information provided above.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/HHS/PSC/DAM/HHS-OCIO-RFI-14-001/listing.html)
 
Record
SN03435672-W 20140725/140724000250-87ea596068e3ddd3c0797f39d14407d8 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.