Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF FEBRUARY 02, 2012 FBO #3722
SPECIAL NOTICE

D -- Access Control Policy Tool Phase II Development

Notice Date
1/31/2012
 
Notice Type
Special Notice
 
NAICS
541690 — Other Scientific and Technical Consulting Services
 
Contracting Office
Department of Commerce, National Institute of Standards and Technology (NIST), Acquisition Management Division, 100 Bureau Drive, Building 301, Room B129, Mail Stop 1640, Gaithersburg, Maryland, 20899-1640
 
ZIP Code
20899-1640
 
Solicitation Number
NB733030-12-01272
 
Archive Date
2/25/2012
 
Point of Contact
Divya Soni, Phone: 3019756394
 
E-Mail Address
divya.soni@nist.gov
(divya.soni@nist.gov)
 
Small Business Set-Aside
N/A
 
Description
Notice of Intent - Sole Source The National Institute of Standards and Technology (NIST) Acquisition Management Division, on behalf of the NIST Computer Security Division (CSD), intends to negotiate with North Carolina State University, on a sole source basis under the authority of FAR Subpart 13.106-1 (b), Soliciting from a Single Source, to obtain the services described below. Background: Since 2009, CSD has developed a prototype system - the Access Control Property Tool (ACPT), which allows a user to compose, verify, test and generate access control policies. ACPT has been successfully completed and made available as beta version in http://csrc.nist.gov/groups/SNS/acpt/index.html. The ACPT beta version allows policy authors to compose and combine policies based on predefined templates of practical policy models such as Mandatory Access Control (MAC), Attribute Based Access Control (ABAC), Multi-Level security, and workflow models. ACPT converts resulting models with user-provided attributes to machine-readable Extensible Access Control Markup Language (XACML) representation, which can be directly enforced by information sharing entities. In addition to policy composition and combination, the ACPT verifies the composed/combined access control models and rules against the policy author specified security or privacy properties to ensure that there is no contradiction or leakage from the access control rules and properties. At the end, the ACPT generates access control test suites through combinatorial test generator, which generates tests with the same effectiveness as exhausting testing enables and with capability of finding faults in the policy implementations such as those written in XACML or other application languages. The Department of Computer Science of North Carolina State University (NC State) has worked in cooperation with the NIST Computer Security Division for the research of Property Verification of Access Control Policy and ACPT tool prototyping since 2007 performing the following: 1. NC State developed a Graphical User Interface (GUI) based Access Control Policy Testing (ACPT) tool system for designing, verifying, and testing access control policies. with the following functions: a) The model templates allow the privacy and security policy composition and combination. The templates support policy models based on the local and federal policy status applied to shared entities. b) The property verification function verify the conformance of the composed and combined policy models against the security and privacy properties specified by predicate logic with policy attributes. c) Generation of an XACML-represented access control policy from the resulting model of steps a) and b). The XACML policy complies with the XACML standard version 2.0 and supports the Policy Decision Point (PDP) operation of information sharing entities. d) Generation of a combinatorial test suite based on NIST's ACTS (Advanced Combinatorial Testing System) technology. The test suite contains the access requests in the form of recognized access queries for shard resources access for testing the implementation of the access control policy. 2. NC State delivered the code, technical user manuals, and operation guidance for ACPT as described in item 1 to NIST, and present resulting publications in conferences including international conferences. 3. NC State provides sample privacy and security policies that demonstrate all functions of the ACPT as stated in item 1 for the NIST implemented information sharing test bed. NIST has a requirement for continued development of the ACPT, which requires 1), the knowledge gained from previous developing work, 2), the knowledge of the access control policy testing resulted from NC State's research work, which market research demonstrated that other research institutes do not have. The NAICS Code is 541690. NIST anticipates negotiating and awarding a firm-fixed-price purchase order to North Carolina State University for this requirement for a period of nine months. Interested parties that believe they could satisfy the requirements listed above for NIST to provide the required services may clearly and unambiguously identify their capability to do so in writing on or before February 10, 2012 at 4 pm EST. This notice of intent is not a solicitation. Information submitted in response to this notice will be used solely to determine whether competitive procedures could be used for this acquisition. Any questions regarding this notice must be submitted in writing via email to Divya Soni at divya.soni@nist.gov.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOC/NIST/AcAsD/NB733030-12-01272/listing.html)
 
Record
SN02664304-W 20120202/120131234439-806e54fb142534ea13bae30319702c55 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.