SOURCES SOUGHT
70 -- host-based monitoring and digital forensics software
- Notice Date
- 11/16/2012
- Notice Type
- Sources Sought
- NAICS
- 511210
— Software Publishers
- Contracting Office
- Department of Homeland Security, Transportation Security Administration, Headquarters TSA, 601 S. 12th Street, TSA-25, 10th Floor, Arlington, Virginia, 20598, United States
- ZIP Code
- 20598
- Solicitation Number
- 2113203RFICIO575
- Archive Date
- 12/6/2012
- Point of Contact
- Douglas W Gerard, Phone: 571-227-5202, Kristin S Fuller, Phone: 571-227-2740
- E-Mail Address
-
douglas.gerard@tsa.dhs.gov, kristin.fuller@dhs.gov
(douglas.gerard@tsa.dhs.gov, kristin.fuller@dhs.gov)
- Small Business Set-Aside
- N/A
- Description
- SECTION I: Purpose Product, Service or Outcome Needed: Focused Operations (FO) is in need of a tool to monitor and conduct digital forensics at the host-based level. Networked monitoring solutions are not the purpose of this procurement. Scope of the Product, Service, or Outcome: The scope of this procurement is an enterprise solution to host-based monitoring and the collection of digital forensics information. SECTION II: Background The Information Assurance & Cyber Security Division (IAD)/Focused Operations (FO) Branch supports areas of cyber threats and digital forensics. FO is seeking an enterprise technology that will automate enterprise-wide host-based monitoring. TSA has approximately 25,000 host nodes in its enterprise. SECTION III: Technical Requirements/Tasks/Outcomes FO is seeking a technology that will focus at the user host level. The following is a list of requirements that the technology must perform: 1. Ability to monitor activities through a. Keystroke monitoring/logging b. Chat monitoring/logging c. Email monitoring/logging d. Attachment monitoring/logging e. Website monitoring/logging f. Network activity monitoring/logging g. Files transferred monitoring/logging h. Document tracking monitoring/logging i. Screenshot capture j. Program activity monitoring/logging 2. All activities that are being monitored/logged must call back to a central enterprise command infrastructure and transfer its collected data a. If a host is connected to the TSA network, it will communicate with the central command b. If a host is not connected to the TSA network, it will continue collecting on the host. Once it connects back to the TSA network, it will then transfer its collected data automatically 3. The end user must not have the ability to detect this technology. 4. The end user must not have the ability to kill the process or service. 5. All communications to and from the host and the central command must be encrypted with FIPS approved algorithms. 6. Ability to alert based on specific criteria such as a name and/or combination of names 7. Ability to mine through all the collected data using built-in or third party tools 8. The configurations must be customizable to eliminate operational impact to the end user 9. Ability to monitor Windows based systems at the host and retrieved via network connection. 10. Potentially have the ability to monitor MacOSX at the host and retrieved via network connection. 11. The technology must be able to comply with FISMA requirements. 12. Ability to transfer licenses from one host to another. Due to the limited budget surrounding this initiative, the technology must be able to automatically transfer licenses from one host to another. Additionally, the offeror must provide formal training of their proposed technology. SECTION IV: Submission instructions Submissions shall not exceed 5 pages, single sided, in length. Submissions should include detailed information that communicates the products(s) ability to meet the requirements described in the Section III of this RFI.
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/DHS/TSA/HQTSA/2113203RFICIO575/listing.html)
- Place of Performance
- Address: TSA HQ, 701 S. 12th ST, Arlington, Virginia, 20598-6011, United States
- Zip Code: 20598-6011
- Zip Code: 20598-6011
- Record
- SN02933090-W 20121118/121116235225-8fa9efcbe076002333ee882b8b84d33f (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |