Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF JULY 04, 2003 FBO #0582
SOURCES SOUGHT

70 -- Intrusion Detection System and Security Information Management System

Notice Date
7/2/2003
 
Notice Type
Sources Sought
 
Contracting Office
Railroad Retirement Board, Bureau of Supply and Service, Purchasing Division, 844 North Rush Street, 9th Floor NE, Chicago, IL, 60611-2092
 
ZIP Code
60611-2092
 
Solicitation Number
2003-RFI-03
 
Response Due
8/1/2003
 
Archive Date
8/16/2003
 
Point of Contact
Karen Haskins-Brewer, Contract Specialist, Phone (312) 751-4615, Fax (312) 751-4923,
 
E-Mail Address
haskinkj@rrb.gov
 
Description
The U.S. Railroad Retirement Board (RRB) seeks sources capable of providing a computer network Intrusion Detection System (IDS) and Security Information Management System (SIMS) to integrate and improve our Enterprise Security System architecture. Proposed solutions should address the following: Objective. To provide a centralized, real-time, auto-notification and active-response Enterprise Security System. The vendor will demonstrate the capability to provide both an Intrusion Detection System (IDS) and a Security Information Management System (SIMS) console as components of the Enterprise Security System. The system must provide for secure collection, analysis and storage of raw logs, analyzed data (meta-data) and reports that will allow their admission as legal evidence in a court of law and meet established chain of custody procedures. I. Security Information Management System (SIMS) and Intrusion Detection System (IDS) requirements: a. Provide centralized monitoring and control of security tools. It must securely integrate, normalize and analyze security event data from multiple sources; firewalls, intrusion detections systems, internetworking devices (routers, switches), anti-virus, servers, workstations and other network devices that are capable of providing security data. The Enterprise Security System should operate using either the Microsoft Windows 2000 or Cisco operating systems. The ability to integrate and work with an IBM OS/390 mainframe environment is desirable, but not a requirement. b. Primarily operate using a rules-based environment with dynamic, automatic updates, but also provides anomaly detection capability. c. Provide the ability for a programmable, easy to use and understand Graphical User Interface (GUI). Through this interface, security policy, alert notification, automated (or manual) response, and automatic/manual reporting can be configured. d. Provide the ability for hierarchical SIMS architecture. The master SIMS console should allow for remote management of the SIMS and allow the Enterprise Security Staff to create and manage customized SIMS remote management consoles for the use of technical support staff (WAN Engineer, Firewall Administrator, Anti-virus Administrator, System Administrator, etc.) and management staff (status and reporting). e. The security policy module should create customized security policies for users, groups and devices. The policies should provide the event type, event description, alert threshold setting, alert notification method and active-response action choices. The policies should be hierarchical, allowing for automatic inheritance of higher level policies and individual policy customization. f. The SIMS/IDS appliance/application/agents should be secure and hardened from attack. It must ensure that intruders cannot compromise the Enterprise Security System environment. Only minimal device maintenance (i.e. security patch management) is required. The vendor must provide explicit information allowing the RRB to understand that the system is compatible in a Windows/Cisco TCP/IP environment. Describe what technical skills will be required to operate, maintain, and support the system. g. Provide Network-based Intrusion Detection System (NIDS) allowing for supplemental Host-based Intrusion Detection System (HIDS) as needed. h. Monitor up to gigabyte speed network traffic. i. Must not degrade current network bandwidth and capability. j. The vendor must provide specific minimum and recommended operational hardware/operating system/application information/requirements. k. The vendor must provide technical information on how the system is hardened and operates. Comparison/independent testing results against similar products is highly desirable, but not required. l. Product documentation and initial and follow-up/refresher training on the proper installation, configuration, operation and maintenance of the product for key system operators is required as part of the package. m. The vendor must provide information on their standard and enhanced remote and on-site packages and pricing. n. The vendor must allow for a limited duration product evaluation and testing period at no expense or obligation to the government. II. RFI Submission Requirements. a. Potential vendors should respond with detailed data including, technical literature, pricing details and information describing the degree to which they can comply with the requirements outlined above. Anticipated additional equipment and material purchases should be discussed. b. Due to the nature of this notice, a question and answer period shall not be entertained. Any open issues or questions can be submitted along with the RFI package. The user group shall review all packages and clarify the statement of work should a formal solicitation be issued. c. Responses to this notice must be submitted within 30 calendar days from the date of publication of this notice. d. No telephone calls will be accepted. e. The RRB does not intend to award a contract on the basis of this request or to pay for information solicited. f. THIS IS NOT A SOLICITATION FOR OFFERS OR BIDS. g. The RRB will not transmit acknowledgement of receipt of vendor submissions and will not return any written data or solutions submitted to this office. III. A current operational summary of the Railroad Retirement Board network follows. Current RRB Operational Network Summary: 1. The RRB operates out of a Headquarters facility located in Chicago, Illinois with 50+ field offices located throughout the United States. 2. The network interconnectivity consists of: a. T3 Internet connectivity with Dedicated T1 WAN lines to the field service centers. b. VPN access to off-site employees, web hosting and remote network support contractors. c. Limited dial-up service for remote users. 2. The major enterprise systems are: a. IBM OS/390 mainframe system. b. Microsoft Windows ? 2000 Active Directory TCP/IP based network. i. Single root forest with 3 subordinate domains. ii. 70+ domain controllers. iii. 50+ file/application/print servers. iv. Exchange 2000 and SQL 2000 applications. v. 1,200+ personal computers (desktops & notebooks). 4. Cisco managed internetworking devices. a. PIX ? series firewalls. b. 140+ Routers and switches. 5. Network Attached Storage (NAS) system in the form of a shared IBM Enterprise Storage Server.
 
Place of Performance
Address: 844 North Rush Street, Chicago, IL 60611-2092
 
Record
SN00363105-W 20030704/030702214044 (fbodaily.com)
 
Source
FedBizOpps.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.