Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF AUGUST 27, 2009 FBO #2833
SOURCES SOUGHT

D -- DISA Implementation of Web Audit Log Collection and Analysis Tools

Notice Date
8/25/2009
 
Notice Type
Sources Sought
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
Defense Information Systems Agency, Procurement Directorate, DITCO-Scott, 2300 East Dr., Building 3600, Scott AFB, Illinois, 62225-5406, United States
 
ZIP Code
62225-5406
 
Solicitation Number
DISAWEBAUDIT
 
Archive Date
9/16/2009
 
Point of Contact
Anne K Keller, Phone: 618-229-9504
 
E-Mail Address
anne.keller@disa.mil
(anne.keller@disa.mil)
 
Small Business Set-Aside
Total Small Business
 
Description
Contracting Office Address Defense Information Systems Agency (DISA), Acquisition Directorate, DITCO-Scott, 2300 East Drive Bldg 3600, Scott AFB, IL, 62225-5406 1.0 DESCRIPTION: THIS IS A REQUEST FOR INFORMATION (RFI) FOR SOURCES SOUGHT IN SUPPORT OF THE IMPLEMENTATION OF WEB AUDIT LOG COLLECTION AND ANALYSIS TOOLS 1.1 SUBJECT The purpose of this Request for Information (RFI) is to seek a qualified source for this program with an authoritative knowledge of application log analysis, network security, network flow (NetFlow) data analysis, and network profiling. The source must have experience with Department of Defense (DoD) and other US government network defense systems, provide such systems commercially, and be actively engaged with the academic community. DISA is seeking information from industry of a source for the implementation of data collection and analysis tools in support of the Web Audit Log Pilot. 1.2 HIGH-LEVEL CAPABILITIES The vendor must meet the following high-level capabilities: The vendor must have an authoritative knowledge of network security, network flow (NetFlow) data analysis, network profiling and analysis of application log in support of network defense; The vendor must have experience with DoD and other U.S. government flow analysis, network profiling systems, and DISA's Web Audit Log pilot; The vendor must be actively engaged with the academic community; The vendor must offer the use of a system with connectivity to either a real or simulated internet backbone link with greater than 10-gig capacity that can be used to test tools and procedures; The vendor will be required to illustrate results and provide presentations to the community; strong background in design; and The vendor must provide general systems engineering and administration support closely integrated with cutting-edge research and development capabilities. •1.3 CAPABILITY REQUIREMENTS Vendors are asked to address the areas below. In an appendix, please d escribe two of the company's current data collection and analysis tools implementations to provide these kinds of capabilities, including management and operational approach, requirements, processes, and any relevant lessons learned. List major government and commercial clients. •1. Experience with analyzing application log data, specifically web site related logs, in conjunction with other network-related data to detect malicious activity in support of DISA's Web Log Audit Pilot. •2. Experience implementing data collection and analysis tools for major DoD computer network defense (CND) programs. •3. Experience with Commercial off the Shelf (COTS), Government off the Shelf (GOTS) or open source sensors and monitors that generate unsampled flow data for security analysis on 10-gig enterprise networks, in particular Analytic Metadata Producer (AMP) and Yet Another Flow-aggregator (YAF). •4. Experience researching new applications of flow data, with at least 6 peer-reviewed publications in the last four years on traffic analysis and empirical network security. •5. Experience installing and using computer network defense tools for security analysis, including deep packet inspection, on large scale networks. •6. Experience providing both products and services to the commercial sector in this field and demonstrate an understanding of best practices in industry. •7. Experience implementing major network profiling and inventory systems in support of DoD CND initiatives. For security reasons, the vendor must have received the network profiling and inventory systems through the NSA Technology Transfer Office. The vendor must be able to refine/fine-tune application source code to achieve optimum program results •8. Understanding of network exploitation through either the Red Team or Intelligence Community. •9. Experience supporting, evaluating, and implementing new analytical techniques, including identifying and transferring approaches from research systems to an operational environment, evaluating GOTS systems and developing new analytical systems. •10. Demonstrate the ability to provide architectural techniques and metrics for evaluating the efficiency and coverage of large data collection and analysis systems. Demonstrate the ability to develop advanced training and analytical material for use within the DoD. •11. Vendor must be able to provide the subject matter expertise in flow analysis, network profiling and analysis, and data integration. •12. Vendor's staff must possess, at a minimum, SECRET level clearances; TOP SECRET level clearances are preferred, for key personnel. •13. Vendor must describe their experience with use, understanding and development of the following GOTS systems: CENTAUR, TRICKLER, EINSTEIN, AMP, YAF, SiLK. 2.0 DISCLAIMER THE GOVERNMENT DOES NOT INTEND TO AWARD A CONTRACT ON THE BASIS OF THIS RFI OR OTHERWISE PAY FOR INFORMATION RECEIVED IN RESPONSE TO THIS RFI. This RFI is issued for information and planning purposes only and does not constitute a solicitation. All information received in response to the RFI that is marked Proprietary will be handled accordingly. The Government shall not be liable for or suffer any consequential damages for any proprietary information not properly identified. Proprietary information will be safeguarded in accordance with the applicable Government regulations. Responses to the RFI will not be returned nor will the Government confirm receipt of the RFI response. Whatever information is provided in response to this RFI will be used to assess tradeoffs and alternatives available for determining how to proceed in the acquisition process. In accordance with FAR 15.201(e), responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract. The anticipated North American Industry Classification System Code (NAICS) for this requirement is 541512 (size standard $25M). Other consideration NAICS 541519 (size standard $25M). The government anticipates that this acquisition will be accomplished with a small business set-aside. Small businesses are strongly encouraged to provide responses to this RFI, in order to assist DISA in determining the potential levels of interest, competition and technical capability to provide the required services within the Small Business community. In addition, this information will also be used to assist DISA in establishing a basis for developing any subsequent potential subcontract plan small business goal percentages. 3.0 SUBMISSION INSTRUCTIONS Responses should include the (1) business name and address; (2) name of company representative and their business title; (3) cost estimate for the technical services described above (broken out by base year and 4 option years); and (4) contract vehicles available that would be available to the Government for the procurement of the product and service, to include General Service Administration (GSA) Federal Supply Schedules (FSS), or any other Government Agency contract vehicle. The responses should be in a white paper format, no longer than fifteen (15) pages in length. Address the capabilities posed in section 1.2 and 1.3, and add one (1) appendix that consists of at least two past performances to include Government points of contact describing the vendor's capabilities. Firms who wish to respond to this should send responses via email NLT Tuesday, 01 September 2009, at 5:00 PM Eastern Daylight Time (EDT). The response should not exceed a 5 MB mail limit for all items associated with the RFI response. Interested vendors should forward their capabilities and other information to be considered to PEO_IANACQUISITION@disa.mil. 4.0. CONTACT INFORMATION All inquiries and questions related to this RFI should be sent to the following Point of Contact: Maj. Paul Alelino, 703-882-1354, paul.avelino@disa.mil.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DISA/D4AD/DITCO/DISAWEBAUDIT/listing.html)
 
Record
SN01926217-W 20090827/090826001524-118f060b17bf2c7e2d9d90b3b489d0f4 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.