SPECIAL NOTICE
63 -- TSA Security Equipment � Cyber Security
- Notice Date
- 1/7/2020 12:42:25 PM
- Notice Type
- Special Notice
- NAICS
- 334511
— Search, Detection, Navigation, Guidance, Aeronautical, and Nautical System and Instrument Manufacturing
- Contracting Office
- TRANSPORTATION SECURITY ADMINISTRATION
- ZIP Code
- 00000
- Solicitation Number
- TSA25-04-03387
- Response Due
- 1/1/2021 8:30:00 AM
- Archive Date
- 01/16/2021
- Point of Contact
- Jacqueline Stader, Siobhan Mullen
- E-Mail Address
-
jacqueline.stader@tsa.dhs.gov, siobhan.mullen@tsa.dhs.gov
(jacqueline.stader@tsa.dhs.gov, siobhan.mullen@tsa.dhs.gov)
- Description
- The purpose of this special notice is to inform industry of TSA's and airport facilities' quest to merge cybersecurity and information technology.� This and future notifications will provide industry with ongoing meeting overviews and actions that specifically address information security and security screening technologies. �Below are the key requirements for which this notice is focused upon.� These requirements are for the information security and security screening technologies industry to ensure that everyone is working towards a common goal.� Sharing these requirements with Industry and the public will: Increase security levels; raise the bar of cybersecurity across screening solutions; provide vendors an opportunity to demonstrate their cybersecurity credentials; and provide an aligned approach across the industry �making it easier for vendors to adapt to end user requirements. Key Requirements: Cybersecurity culture: adopt a culture of �cybersecurity by design� for Security Equipment �demonstrable Access Control: implement adequate access control and account management practices Access Control: enable multi-level access to equipment resources and ability to restrict users to required access level Password Control: implement and provide capability for airport operator to change system level passwords Identification and Authentication: ensure unique identification of individuals, activity, or access to Security Equipment Audit and Accountability: ensure capabilities to audit events, conduct analysis and reporting, and monitor for appropriate information disclosure Protected Sensitive Screening Algorithms: ensure adequate system protections to protect screening algorithms from compromise, modification, rendering the equipment inoperable and provide immediate alerting when algorithms have been accessed Physical and Environment Protections: ensure physical security measures prohibit unauthorized access to Security Equipment (e.g. ensure USB ports are covered, access to ports, cables, and other peripherals are protected from unauthorized use) Configuration Management: employ automated measures to maintain baseline configurations and ensure system protections are employed to protect these from compromise, modification, rendering the equipment inoperable and provide an immediate alerting when baseline configurations have been accessed, and/or modified Systems and Communications Protections: ensure system adequately manages any internal and external interfaces, encrypts ingress and egress traffic with cybersecurity industry standard technology System and Information Integrity: address/implement methods to update Security Equipment affected by software flaws including potential vulnerabilities resulting from those flaws Security Scanning: ensure security assessment tools run on devices to ensure appropriate configuration, patch levels, and that there are no Indicators of Compromise (IOC) present that may impact screening process system integrity Supported Systems: ensure full Security Equipment hardware, software, and operating system support to remediate any identified vulnerabilities with the Security Equipment or supporting systems (Patching) Data at Rest Encryption: ensure all data at rest on Security Equipment fully utilizes approved encryption method to ensure integrity Supply Chain Management: provide a comprehensive list of all software and hardware (Bill of Materials) that comprise Security Equipment offering Threat update: demonstrate ability to update equipment design and capabilities to align with changing cyber intelligence and threat reporting Personnel Security: ensure all maintenance personnel (local or remote) are vetted by local or country authority including appropriate background checks Ongoing Meetings (Meetings are not for Industry participation.) Prior meetings addressed: Information security risk management Cybersecurity Requirements in Explosive Detection Systems for Cabin Baggage (EDS CB) and Automatic Tray Return Systems (ATRS)/Automatic Screening Lanes (ASL).� Upcoming meetings will address: Security Scanners/Advanced Imaging Technology EDS CB (Dual/Multiview solutions) Progress review
- Web Link
-
SAM.gov Permalink
(https://beta.sam.gov/opp/fdc87793ced04442b8a34cd6a913749f/view)
- Record
- SN05527869-F 20200109/200107230128 (samdaily.us)
- Source
-
SAM.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's SAM Daily Index Page |