Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF MARCH 15, 2007 FBO #1935
SOURCES SOUGHT

D -- Security Monitoring Services

Notice Date
3/13/2007
 
Notice Type
Sources Sought
 
NAICS
541690 — Other Scientific and Technical Consulting Services
 
Contracting Office
Department of Education, Contracts & Acquisitions Management, Contracts (All ED Components), 550 12th Street, SW, 7th Floor, Washington, DC, 20202, UNITED STATES
 
ZIP Code
00000
 
Solicitation Number
Reference-Number-eia070007
 
Response Due
3/27/2007
 
Archive Date
4/11/2007
 
Small Business Set-Aside
Total Small Business
 
Description
The Department of Education (ED) is conducting a market survey to identify small business firms with the requisite knowledge, skills and capacity for an up-coming requirement. The performance objectives and related tasking for this requirement are to provide scanning, monitoring and analysis of ED enterprise network security, build validation services, as well as quality assurance and EDNet log auditing. The Department's EDNet contractor shall continue to provide all the operational security aspects of support. It is envisioned that the contractor supporting this requirement shall be part of an integrated solution team consisting of the current EDNet contractor and Government management. In order to ensure proper separation of duties and to provide demonstrable internal controls, ED is seeking a contractor separate from its security operations contractor, to provide the specific services previously listed. It would be expected that the successful contractor would have security services as its core competency and be able to immediately provide a quantum improvement in ED's security posture by implementing their proven security routines. Accordingly, the contractor selected for this requirement must possess the ability to monitor and validate the continuity of operations and support ED security services management objectives, inclusive of identifying vulnerabilities, improving security, and protecting sensitive Department of Education information. The Contractor would also conduct and validate a full range of scanning and security/vulnerability analysis, log auditing, validation and monitoring services for perimeter and internal networks, to include; but not limited to host and network, security information manager (SIM), and event notification. In response to this request for information interested vendors should provide a capability statement that addresses the following: (1) business size, (2) NAICS code recommendation, (3) suggested contract type, (4) a listing of all active GSA or other Government Wide contracts held, and (5) a listing of all active certifications and security clearances, as they relate to this requirement. Additional information to be included in the response is shown in Item C. A. DEADLINE FOR SUBMISSION OF COMMENTS Electronic submissions are due by 2:00 EDT on March 27, 2007. B. ADDRESS FOR SUBMISSION OF CAPABILITY STATEMENTS Contract Specialist's Email: Veronica.Price@ed.gov Contract Specialist's Email: Amanda.Woodard@ed.gov Contracting Officer's Email: James.Hairfield@ed.gov C. SUBMISSION REQUIREMENTS All submissions shall not exceed 10 pages (to include cover page, text, graphic, tables, etc.). Responses should be submitted in MS Word with page sizes of 8.5 x 11 inches, Times New Roman Font Size, 10-12 pitch, with no less than single spacing between lines. Lastly, submissions shall address each element/core competency shown below: I. Security Policies, Procedures, and Federal Regulations Possession of a comprehensive set of documented, current policies that are periodically reviewed, updated, and enforced. II. Contingency Planning; Operational and Disaster Recovery Business continuity and disaster recovery (BC/DR) plans for critical assets which have been tested and found effective. III. Physical Security Ability to control (monitor and review) physical access to information assets and IT services and resources based on their importance. IV. Data Handling Ability to handle client data in accordance with the data's classification (e.g., confidential, sensitive, public) and compliance with client data handling requirements (policies, procedures, regulations). V. Authentication and Authorization Implementation of appropriate levels of user authentication and control of user access. VI. Access Control Ability to assure that appropriate access restrictions are in-place. VII. Software Integrity Ability to verify the integrity of installed software ensuring they remain free from all viruses, worms, Trojan horses, and other malicious software. Possession of the most efficient and effective intrusion detection systems and processes. VIII. Secure Asset Configuration Implementation of documented procedures and processes to ensure the secure configuration of all client information assets throughout their life cycle (installation, operation, maintenance, retirement). IX. Monitoring and Auditing Ability to monitor and audit client systems and networks. X. Incident Management The ability to evaluate and define the types of Incident reporting and triage, to include escalation policies and procedures, and the means for correlation and aggregation of various log and data points. XI. Intrusion detection: This element is primarily concerned with incident response processes and intrusion detection devices. XII. Vulnerability Management: Ability to conduct vulnerability management and remediation and related activities such as identification and mitigation efforts, database and application scanning and remediation, and external penetration testing. XIII. Service Level Agreement The contractor shall allow for client-specific requirements for performance and remediation (restoration of service, customer service, response time), monitoring and verification of SLA metrics. XIV. Reporting Requirements Relevant areas under this element are: types of reports (i.e. trend analysis, performance planning, capacity planning), provisions for real-time access to network and system security status, timely security event and service outage reporting, and report confidentiality protection. XV. Security Engineering Requirements Relevant areas under this element are: security architecture analysis, review, reporting, classification efforts, security patches, new project life-cycle management, maintenance of all secure configuration documentation activity in accordance with industry best practices and agency policy and procedure. Additionally, evaluation of IPv6 security components in accordance with industry best practices and agency policy and procedure. XVI. Audit Support The ability to provide as-needed data for various audits to include IG, Financial, C&A, and Federal audits. DISCLAIMER This Sources Sought Notice (SSN) is being issued for information and planning purposes only and does not constitute a solicitation. The Government does not intend to award a contract on the basis of this SSN or to otherwise pay for information received in response to this SSN. All information received in response to this SSN that is marked "Proprietary" will be handled accordingly. Responses to the SSN will not be returned. Information provided in response to this SSN will be used to assess alternatives available for determining how to proceed in the acquisition process. In accordance with Federal Acquisition Regulation (FAR) 15.201(e), responses to this SSN are not offers and cannot be accepted by the Government to form a binding contract. Responders are solely responsible for all expenses associated with responding to this SSN. Vendors should be aware that, due to the nature of this requirement, there is a potential for conflict of interests with an offeror's current or future business arrangements. An example of such a conflict of interest would include the delivery of services that support this requirement and the provision of any operation of those services.
 
Place of Performance
Address: The principle place of performance shall be at a contractor-owned and operated site.
Zip Code: 20202
Country: UNITED STATES
 
Record
SN01249503-W 20070315/070313220250 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.