U.S. Arms Control and Disarmament Agency (ACDA), Attn: IVI/IC, 320 21st Street, Room 5726, NW., Washington, DC 20451

D -- SOFTWARE AND HARDWARE SECURITY CRITICAL NETWORK-POTENTIAL SOURCES SOUGHT POC Kate Rodriguez, (202) 647-8516. The U.S. Arms Control and Disarmament Agency has been notified that the Provisional Technical Secretariat (PTS) for the Organization for the Prohibition of Chemical Weapons (OPCW), a new international organization created by the Chemical Weapons Convention (CWC), is seeking to identify companies or individuals qualified to offer software and hardware to implement security critical measures for the OPCW information management system (IMS). The PTS has requested that each Member State identify potential companies interested in supplying or developing these measures. Security measures have been outlined already in a document entitled, ``PTS IMS Security Study,'' dated November 2, 1995, which is available from the PTS Point of Contact (POC) listed below. Specific security measures to be implemented in this contract are: (1) auditing use of removable storage devices, including auditing on all read and write attempts on storage devices; (2) auditing the use of printing devices; (3) analysis of audit logs, including logs generated by SUN Solaris and Windows NT operating systems, and Oracle, Ingres and SyBase relational database management systems (RDBMS); (4) analysis of audit logs of systems developed for the OPCW; (5) auditing the process of system management, process management, device management, system shutdown, time settings, backup/restore functions, printer management, user management and network management; (6) auditing and control of use of SUID and SGID programs; (7) auditing, control and restriction of the activities of the individual uses, including the system log-ins, and the creation and deletion of files or data sets; and (8) provision of encrypted backup for servers. The expected platform for the security critical environment is described below. Please note that the PTS will use trusted versions of the products mentioned as the following. SIZE OF THE NETWORK -- approximately 60 to 100 user terminals, SUN and PCs mixed; minimum one SUN Sparc 10/20 server; several (minimum 4 or 5) Compaq ProLiant servers running Windows NT, partially for Lotus Notes, partially for the RDBMS products and partially for file server purposes; SERVER HARDWARE -- Sun Sparc 10/20 and Compaq ProLiant; CLIENT HARDWARE -- Different SUN workstations (not X terminals) and generic Pentium PCs; SERVER OPERATING SYSTEMS -- SUN Solaris 2.5 and Windows NT 4.0; CLIENT OPERATING SYSTEMS -- SUN Solaris 2.5, Windows NT Client and Windows 95; NETWORK PROTOCOLS -- TCP/IP, NetBui, IPX/SPX; RDBMS -- Oracle, Ingres, SyBase; and OTHER -- Lotus Notes 4.X (server and client). Interested companies are requested to submit their proposals and qualifications directly to the PTSPOC: Chantal Quincy -- Jones, Head of Information Systems Branch, Provisional Technical Secretariat, Laan van Meerdervoort 51, 2517 AE The Hague, The Netherlands. Telephone: 31-70-376-1700; FAX: 31-70-360-0944. The deadline for responses is January 31, 1997. For general information on the OPCW, see the organization's world wide website at http://www.opcw.n1. (0003)

Loren Data Corp. http://www.ld.com (SYN# 0015 19970107\D-0002.SOL)