Loren Data's SAM Daily™

fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF SEPTEMBER 21, 2011 FBO #3588
MODIFICATION

70 -- Data Loss Prevention (DLP)

Notice Date
9/19/2011
 
Notice Type
Modification/Amendment
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Defense Logistics Agency, DLA Acquisition Locations, DLA Contracting Services Office - Philadelphia, 700 Robbins Avenue, Philadelphia, Pennsylvania, 19111-5096, United States
 
ZIP Code
19111-5096
 
Solicitation Number
SP4701-11-R-0021
 
Archive Date
10/8/2011
 
Point of Contact
Mark Sullivan, Phone: 215-737-4851
 
E-Mail Address
mark.sullivan@dla.mil
(mark.sullivan@dla.mil)
 
Small Business Set-Aside
N/A
 
Description
The following Minimum Technical Requirements are hereby added to this combined synopis/solicitation: MINIMUM TECHNICAL REQUIREMENTS: Federal Information Processing Standards (FIPS) 140-2 Compliance: Technology solutions within the federal government, and more specifically the DoD, must use cryptographic modules that meet the FIPS 140-2 cryptography standard for encryption, authentication, digital signature, and key management functions. This requirement ensures the security of storage and transmission of Sensitive Information (see DoDI 8500.2 for definition and requirement). Department of Defense Common Access Card (CAC) Authentication: Technology that requires user authentication must be capable of utilizing the DoD CAC and its associated infrastructure as the mechanism in which users are authenticated to and by the system. This requirement uses the inherent enhanced security of two-factor authentication found within the CAC and is a critical requirement to ensure the safety of Sensitive Information. Ability to complete DLP scanning of Microsoft Outlook Archive Files (.pst): DLA's three years of DLP operational experience has demonstrated that there exists identified instances of PII in unencrypted/non-password protected.pst files. Like many DoD organizations, DLA enterprise uses Microsoft technology, including Microsoft Outlook for its email capability. Thus users take advantage of Microsoft Outlook's capability to store and archive email messages, attachments and other Outlook items into archive files (.pst). DLA's operational experience has shown the potential for storage of PII in unencrypted / non-password protected.pst files. Therefore, the DLA DLP solution must be capable of scanning Microsoft Outlook.pst files for improperly stored PII. Single DLP product solution for multifaceted Data Loss Prevention (Data-at-Rest and Data-in-Motion): To ensure the stability of the DLA DLP service, the technology solution leveraged by DLA must be sourced from a single vendor and cannot be an amalgamation of disparate vendor solutions. OMB Memorandum A-130, Section 8.b.(4)(c), requires DLA to "acquire off-the-shelf software from commercial sources, unless the cost effectiveness of developing custom software is clear and has been documented through pilot projects or prototypes." Acquiring software from more than a single DLP product vendor will require development of custom software in order to integrate the two product vendor's products. Through prior experience, DLA has determined technology solutions that leverage extended partnerships between vendors of different products increase total cost of ownership, drive up cost of integration and increase the complexity of management and operations Ability to identify Social Security Numbers and detect false positives using keyword proximity: DLA issues over 8,000 contract actions per day for various items. Each of these items is assigned a National Stock Numbers (NSN). The NSN is a nine digit number. DLA is also an international organization. Some international phone numbers are nine digits as well. The Social Security Number (SSN) is also a nine digit number. DLA's three years of DLP operational experience has demonstrated that searching only for nine digit numbers that "look" like SSNs produces a false positive rate (FPR) of approximately 25%. A FPR of this magnitude required significant manual effort by field activity information assurance (IA) staff and customized development to augment the solution. This was determined to be unacceptable because of the labor hours expended and the associated budgetary costs incurred. Therefore the DLA DLP solution must be capable of eliminating SSN false positives through the use of keyword proximity validation without extensive additional custom development. The ability to exclude false positive findings by leveraging specific keywords that are in proximity to the incorrectly identified PII, will allow DLA to provide a much more streamlined remediation process and reduce the number of hours field activity staff spend managing incorrectly identified PII violations
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DLA/J3/DSCP-PB/SP4701-11-R-0021/listing.html)
 
Place of Performance
Address: 8725 John J. Kingman Road, Fort Belvoir, Virginia, 22060, United States
Zip Code: 22060
 
Record
SN02582806-W 20110921/110919235742-bd9cb808b5bd73f37dd74390455560ad (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)

FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.