|
COMMERCE BUSINESS DAILY ISSUE OF AUGUST 5,1999 PSA#2403U.S. Department of Education, Contracts and Purchasing Operations, CPO,
7th & D Streets SW, Room 3624/MS4446, Washington, D.C. 20202-4443 D -- D-CENTRALIZED COMPUTER SECURITY ADMINISTRATION DUE 082099 POC
James Hairfield, 202/708-8529,Contracting Officer, John King,
202/708-8367 Centralized Computer Security Administration -- Statement
of Objectives-The US Department of Education's Student Financial
Assistance Program (SFAP) requires an Enterprise Security
Administration platform for consolidation of security systems across
the 12 major applications which comprise the SFAP network. This privacy
architecture has been detailed in the Modernization Blueprint for
Project EASI (Easy Access for Students and Institutions). Details of
this proposal are available in the "Business and Technical Architecture
-- Appendix G. Privacy Architecture" document available from the
Project EASI web site --
http:/easi.ed.gov/inside_projecteasi/HTML/techinfo/modbp/indexbp.c fm
The operating environment for the SFAP network comprises a mixture of
mainframe, mid-range, and network server computing platforms which are
centrally located at the Department of Education's Virtual Data Center
in Meridan, Connecticut. Over 20,000 users are enrolled across the
various SFAP applications and platforms.Department of Education policy
for security and enrollment management is enforced by Computer
Security Officers (CSO) using different standards and security methods
for individual applications. Requirements for Centralized Security
Management shall include -- 1. Commercial Items as defined in the
Federal Acquisition Regulation Subpart 2.101 2. Consolidation
management of security servers maintained on Mainframe (RACF, ACF2, Top
Secret, VMS), Midrange (Solaris, NT, HP-UX) and DBMS (Oracle, DB2,
Informix, IDMS) platforms. 3. User Authentication and Role-Based Access
Control (RBAC) across network, operating system, process and database
administration boundaries. 4. Education Security Policy and Audit
Management requirements ( enforcing access-control and single-sign-on
capabilities). Education security standards supplement OMB Circular
A130 while providing clear policy for system administration (see
http://csrs.nist.gov/secplcy/a130.txt). 5. Password synchronization
across all SFAP enterprise computing systems. 6. Centralized security
alerts from a consolidated administration workstation. 7. Enterprise
security management capable of supporting the multiple OSFA computing
platforms and user populations. Vendors are requested to respond to
this RFI with two (2) copies of the following information only- 1.
Commercial product literature (security management features,
specification sheets, brochures) 2. Capacity management information
(how many users are supported) 3. Hardware/software compatibility
statement (platforms/operating systems supported). Please note,
extensive marketing materials are not desired, commercial product
literature and brief, 2 pages or less, letters explaining software
capability and capacity management information is all that is desired.
Interested parties may submit relevant portions of their GSA Schedule
or other Government schedule if appropriate. The due date for the RFI
response shall be no later that 4:00 p.m. August 20, 1999. Posted
08/03/99 (I-SN362519). (0215) Loren Data Corp. http://www.ld.com (SYN# 0023 19990805\D-0010.SOL)
D - Automatic Data Processing and Telecommunication Services Index Page
|
|