Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF NOVEMBER 26, 2010 FBO #3289
SOURCES SOUGHT

D -- Situational Awareness/Threat Assessment Needs

Notice Date
11/24/2010
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
U.S. Department of State, Office of Logistics Management, Acquisition Management, P.O. Box 9115, Rosslyn Station, Arlington, Virginia, 22219
 
ZIP Code
22219
 
Solicitation Number
1019-130001
 
Archive Date
12/21/2010
 
Point of Contact
Theresa J. Hunt, Phone: (703) 875-6019
 
E-Mail Address
huntt@state.gov
(huntt@state.gov)
 
Small Business Set-Aside
N/A
 
Description
The U.S. Department of State (DoS) is conducting market research to determine industry interest and capabilities in providing tools, technologies and products to address situational awareness/threat assessment needs. This is a Request for Information (RFI) announcement only. This is not a solicitation or request for proposal and in no way commits the Government to award a contract. The Government does not intent to award a contract(s) based solely on the submissions of this RFI nor does it intend to pay for any costs incurred in response to this announcement. This RFI is solely intended for information and planning purposes and does not constitute a solicitation. Responses to this notice will not be considered as offers and cannot be accepted by the Government to form a binding contract. Respondents are solely responsible for expenses associated with this RFI. Respondents will not be briefed on the Government's review of submissions to this RFI. MARKET RESEARCH - REQUEST FOR INFORMATION (Capability Statement) Instructions: 1. The Request for Information (Capability Statement) response should be concise and focused and not exceed ten (10) pages including cover pages, table of contents etc. 2. Sale brochures, videos, and other marketing information materials are not solicited and will not be reviewed. 3. Do not submit cost or price information with the response. 4. Interested companies shall submit an electronic copy of their capability statements via email to Theresa Hunt at huntt@state.gov. The due date and time for submission of responses is Monday, December 6, 2010 at Noon (EST). 5. No phone calls related to this RFI will be accepted. All correspondence shall be via email. In general, responses to this RFI should address the described needs in terms of experience and capabilities. Interested vendors should describe experience with program engineering, production control and delivery of modernized information technology systems. Once DoS has concluded its market research, it may issue single or multiple solicitations and award one or more contracts to have access to the full range of solutions and expertise. Vendors may describe both government and commercial experience. Information provided on experieince should include customer names and addresses, description of work performed/delivered, description of types/complexity of systems worked on, description of strategies to accomplish the work, description of communication strategies with the customer, and significant information technology issues resolved. Vendors should be able to demonstrate their ability to perform services with only U.S. based companies. Most importantly, vendors should include an analytical comparison of their capability with the needs described in this RFI. All vendors with products or services that significantly address the needs described in this RFI are invited to submit a Capability Statement and contact information. The Capability Statement should discuss the vendor's product or service capabilities relative to the described needs, as well as, the product's or services specifications and any other pertinent information that would enhance the understanding of the product or service. Include a brief description of experience in providing similar products/services including the number of units sold. Any proprietary information contained in the capability statement must be marked accordingly. Interested sources may submit brief capability statements signed by a corporate official with authority to bind the company and verify that the company can provide a solution to the identified needs. Vendors should address the following in their response to this RFI. Company and Contact Information: 1. Company Name and Address; 2. Contact Name, Title, Phone Number, Fax Number, and e-Mail Address; 3. Organizational history and capabilities statement; 4. Geographic location(s) of office(s) and number of employees at each domestic and international location; 5. Current Facility Clearance Level; 6. General Services Administration (GSA) Schedule Contract Number(s) if applicable 7. Provide your Business Size Standards (small, large, 8(a), SDV, Woman-Owned, etc.) 1. Expose potential attack paths a. Identify attack paths across a whole network, or specified subparts, from a specified start point(s) and to specified target(s). b. Analyze potential paths of access between security zones. c. This assumes that the product is provided the following kinds of data about the network to be analyzed: • Vulnerability Scan results • Configuration Setting on Hosts • Router, Switch, Firewall configurations and rules. • Access Control Lists/Rules d. Vendor should specify what other information may be necessary. e. Vendor should specify what interfaces they have to receive this data from specific product lines or device manufacturers. f. How is the product configured to accept this data (and resulting attack plans) and protect these from adversaries? g. What kind of supply chain management does the vendor follow to ensure that the product itself is free from backdoors and other mechanisms that might allow exfiltration of data and information? h. Highlight (actual and/or potential) changes to the network and compute attack surface reduction/increase, also identify/highlighting weaknesses created. i. Cover paths discussed in a-b, and network status described in c-e. j. Reducing the attack surface means increasing the number of steps required to reach a given percentage of the targets; and increasing the complexity of the remaining steps. k. Manage metadata about proscribed network state (based on enterprise, role-based, local policy (including exceptions) and identifies actual deviations and their impact. l. As part of this analysis, identify redundant, disabled, expired, or unused accounts, network routing rules, access rules, etc. m. Provide same coverage as h-j. 2. Produce a remediation roadmap a. Network Remediation: Identify steps that can most efficiently reduce the attack surface, listing the weaknesses to be fixed in priority order for remediation. b. Cover paths in 1. a, and network status described in 1. b. c. Data Remediation: Correlate data from various sources and/or uses other methods) to identify parts of the network not covered (in a timely manner) for vulnerability, configuration, rules and any other data. 3. Dashboard and Workforce Management a. Provide a dashboard to support use of the data collected and information produced (including attack paths, prioritized actions, change analyses, what-if analyses, and data problems) by the appropriate people in the organization. Identifies steps that can most efficiently reduce the attack surface, listing the weaknesses to be fixed in priority order for remediation. b. Information in the dashboard is timely, and the vendor's product is scalable to process data on large Federal networks in a reasonable time. c. Information in the dashboard is targeted (to provide the right information to each potential user group) without information overload. It should intuitively enable non-technical staff to know what to do. d. Information in the dashboard in the dashboard is scored (prioritized) using a flexible scheme that accommodates the kind of scoring currently used by DoS and alternates being developed by NSA. 4. Integration and Information Management a. Information in the dashboard should serve to potentially replace a trouble ticket system for tracking the specific items (actions) covered (recommended) by this dashboard. b. Extra credit will be given to products which can be traced to "trouble ticket" systems. c. Has a mechanism to safely provide transfer of recommended actions and scoring to a dashboard in a less secure domain (for example, with recommendations and "scores" but without attack paths. d. Maintains data and recommendations in an open architecture that allows flexible and customizable analysis/reporting. e. Provide adequate documentation of processes, analyses, conclusions, recommendations, scores, and results to assure auditors of the effective management of business risk. 5. All vendors should feel free to include a narrative of any other features that your product offers (that does not map directly to the capabilities outlined above) that you think the government should consider. Please also advise the government if you believe that any of the above capabilities would unfairly limit competition.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/State/A-LM-AQM/A-LM-AQM/1019-130001/listing.html)
 
Place of Performance
Address: Washington, DC, United States
 
Record
SN02333793-W 20101126/101124234352-ce015c7f286693e0c2f60f6dc976374a (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.