Loren Data's SAM Daily™

fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF JANUARY 09, 2020 SAM #6615
SPECIAL NOTICE

63 -- TSA Security Equipment � Cyber Security

Notice Date
1/7/2020 12:42:25 PM
 
Notice Type
Special Notice
 
NAICS
334511 — Search, Detection, Navigation, Guidance, Aeronautical, and Nautical System and Instrument Manufacturing
 
Contracting Office
TRANSPORTATION SECURITY ADMINISTRATION
 
ZIP Code
00000
 
Solicitation Number
TSA25-04-03387
 
Response Due
1/1/2021 8:30:00 AM
 
Archive Date
01/16/2021
 
Point of Contact
Jacqueline Stader, Siobhan Mullen
 
E-Mail Address
jacqueline.stader@tsa.dhs.gov, siobhan.mullen@tsa.dhs.gov
(jacqueline.stader@tsa.dhs.gov, siobhan.mullen@tsa.dhs.gov)
 
Description
The purpose of this special notice is to inform industry of TSA's and airport facilities' quest to merge cybersecurity and information technology.� This and future notifications will provide industry with ongoing meeting overviews and actions that specifically address information security and security screening technologies. �Below are the key requirements for which this notice is focused upon.� These requirements are for the information security and security screening technologies industry to ensure that everyone is working towards a common goal.� Sharing these requirements with Industry and the public will: Increase security levels; raise the bar of cybersecurity across screening solutions; provide vendors an opportunity to demonstrate their cybersecurity credentials; and provide an aligned approach across the industry �making it easier for vendors to adapt to end user requirements. Key Requirements: Cybersecurity culture: adopt a culture of �cybersecurity by design� for Security Equipment �demonstrable Access Control: implement adequate access control and account management practices Access Control: enable multi-level access to equipment resources and ability to restrict users to required access level Password Control: implement and provide capability for airport operator to change system level passwords Identification and Authentication: ensure unique identification of individuals, activity, or access to Security Equipment Audit and Accountability: ensure capabilities to audit events, conduct analysis and reporting, and monitor for appropriate information disclosure Protected Sensitive Screening Algorithms: ensure adequate system protections to protect screening algorithms from compromise, modification, rendering the equipment inoperable and provide immediate alerting when algorithms have been accessed Physical and Environment Protections: ensure physical security measures prohibit unauthorized access to Security Equipment (e.g. ensure USB ports are covered, access to ports, cables, and other peripherals are protected from unauthorized use) Configuration Management: employ automated measures to maintain baseline configurations and ensure system protections are employed to protect these from compromise, modification, rendering the equipment inoperable and provide an immediate alerting when baseline configurations have been accessed, and/or modified Systems and Communications Protections: ensure system adequately manages any internal and external interfaces, encrypts ingress and egress traffic with cybersecurity industry standard technology System and Information Integrity: address/implement methods to update Security Equipment affected by software flaws including potential vulnerabilities resulting from those flaws Security Scanning: ensure security assessment tools run on devices to ensure appropriate configuration, patch levels, and that there are no Indicators of Compromise (IOC) present that may impact screening process system integrity Supported Systems: ensure full Security Equipment hardware, software, and operating system support to remediate any identified vulnerabilities with the Security Equipment or supporting systems (Patching) Data at Rest Encryption: ensure all data at rest on Security Equipment fully utilizes approved encryption method to ensure integrity Supply Chain Management: provide a comprehensive list of all software and hardware (Bill of Materials) that comprise Security Equipment offering Threat update: demonstrate ability to update equipment design and capabilities to align with changing cyber intelligence and threat reporting Personnel Security: ensure all maintenance personnel (local or remote) are vetted by local or country authority including appropriate background checks Ongoing Meetings (Meetings are not for Industry participation.) Prior meetings addressed: Information security risk management Cybersecurity Requirements in Explosive Detection Systems for Cabin Baggage (EDS CB) and Automatic Tray Return Systems (ATRS)/Automatic Screening Lanes (ASL).� Upcoming meetings will address: Security Scanners/Advanced Imaging Technology EDS CB (Dual/Multiview solutions) Progress review
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/fdc87793ced04442b8a34cd6a913749f/view)
 
Record
SN05527869-F 20200109/200107230128 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)

FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.