MODIFICATION
70 -- Data Loss Prevention (DLP)
- Notice Date
- 9/19/2011
- Notice Type
- Modification/Amendment
- NAICS
- 541519
— Other Computer Related Services
- Contracting Office
- Defense Logistics Agency, DLA Acquisition Locations, DLA Contracting Services Office - Philadelphia, 700 Robbins Avenue, Philadelphia, Pennsylvania, 19111-5096, United States
- ZIP Code
- 19111-5096
- Solicitation Number
- SP4701-11-R-0021
- Archive Date
- 10/8/2011
- Point of Contact
- Mark Sullivan, Phone: 215-737-4851
- E-Mail Address
-
mark.sullivan@dla.mil
(mark.sullivan@dla.mil)
- Small Business Set-Aside
- N/A
- Description
- The following Minimum Technical Requirements are hereby added to this combined synopis/solicitation: MINIMUM TECHNICAL REQUIREMENTS: Federal Information Processing Standards (FIPS) 140-2 Compliance: Technology solutions within the federal government, and more specifically the DoD, must use cryptographic modules that meet the FIPS 140-2 cryptography standard for encryption, authentication, digital signature, and key management functions. This requirement ensures the security of storage and transmission of Sensitive Information (see DoDI 8500.2 for definition and requirement). Department of Defense Common Access Card (CAC) Authentication: Technology that requires user authentication must be capable of utilizing the DoD CAC and its associated infrastructure as the mechanism in which users are authenticated to and by the system. This requirement uses the inherent enhanced security of two-factor authentication found within the CAC and is a critical requirement to ensure the safety of Sensitive Information. Ability to complete DLP scanning of Microsoft Outlook Archive Files (.pst): DLA's three years of DLP operational experience has demonstrated that there exists identified instances of PII in unencrypted/non-password protected.pst files. Like many DoD organizations, DLA enterprise uses Microsoft technology, including Microsoft Outlook for its email capability. Thus users take advantage of Microsoft Outlook's capability to store and archive email messages, attachments and other Outlook items into archive files (.pst). DLA's operational experience has shown the potential for storage of PII in unencrypted / non-password protected.pst files. Therefore, the DLA DLP solution must be capable of scanning Microsoft Outlook.pst files for improperly stored PII. Single DLP product solution for multifaceted Data Loss Prevention (Data-at-Rest and Data-in-Motion): To ensure the stability of the DLA DLP service, the technology solution leveraged by DLA must be sourced from a single vendor and cannot be an amalgamation of disparate vendor solutions. OMB Memorandum A-130, Section 8.b.(4)(c), requires DLA to "acquire off-the-shelf software from commercial sources, unless the cost effectiveness of developing custom software is clear and has been documented through pilot projects or prototypes." Acquiring software from more than a single DLP product vendor will require development of custom software in order to integrate the two product vendor's products. Through prior experience, DLA has determined technology solutions that leverage extended partnerships between vendors of different products increase total cost of ownership, drive up cost of integration and increase the complexity of management and operations Ability to identify Social Security Numbers and detect false positives using keyword proximity: DLA issues over 8,000 contract actions per day for various items. Each of these items is assigned a National Stock Numbers (NSN). The NSN is a nine digit number. DLA is also an international organization. Some international phone numbers are nine digits as well. The Social Security Number (SSN) is also a nine digit number. DLA's three years of DLP operational experience has demonstrated that searching only for nine digit numbers that "look" like SSNs produces a false positive rate (FPR) of approximately 25%. A FPR of this magnitude required significant manual effort by field activity information assurance (IA) staff and customized development to augment the solution. This was determined to be unacceptable because of the labor hours expended and the associated budgetary costs incurred. Therefore the DLA DLP solution must be capable of eliminating SSN false positives through the use of keyword proximity validation without extensive additional custom development. The ability to exclude false positive findings by leveraging specific keywords that are in proximity to the incorrectly identified PII, will allow DLA to provide a much more streamlined remediation process and reduce the number of hours field activity staff spend managing incorrectly identified PII violations
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/DLA/J3/DSCP-PB/SP4701-11-R-0021/listing.html)
- Place of Performance
- Address: 8725 John J. Kingman Road, Fort Belvoir, Virginia, 22060, United States
- Zip Code: 22060
- Zip Code: 22060
- Record
- SN02582806-W 20110921/110919235742-bd9cb808b5bd73f37dd74390455560ad (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |