U.S. Department of Education, Contracts and Purchasing Operations, CPO, 7th & D Streets SW, Room 3624/MS4446, Washington, D.C. 20202-4443

D -- D-CENTRALIZED COMPUTER SECURITY ADMINISTRATION DUE 082099 POC James Hairfield, 202/708-8529,Contracting Officer, John King, 202/708-8367 Centralized Computer Security Administration -- Statement of Objectives-The US Department of Education's Student Financial Assistance Program (SFAP) requires an Enterprise Security Administration platform for consolidation of security systems across the 12 major applications which comprise the SFAP network. This privacy architecture has been detailed in the Modernization Blueprint for Project EASI (Easy Access for Students and Institutions). Details of this proposal are available in the "Business and Technical Architecture -- Appendix G. Privacy Architecture" document available from the Project EASI web site -- http:/easi.ed.gov/inside_projecteasi/HTML/techinfo/modbp/indexbp.c fm The operating environment for the SFAP network comprises a mixture of mainframe, mid-range, and network server computing platforms which are centrally located at the Department of Education's Virtual Data Center in Meridan, Connecticut. Over 20,000 users are enrolled across the various SFAP applications and platforms.Department of Education policy for security and enrollment management is enforced by Computer Security Officers (CSO) using different standards and security methods for individual applications. Requirements for Centralized Security Management shall include -- 1. Commercial Items as defined in the Federal Acquisition Regulation Subpart 2.101 2. Consolidation management of security servers maintained on Mainframe (RACF, ACF2, Top Secret, VMS), Midrange (Solaris, NT, HP-UX) and DBMS (Oracle, DB2, Informix, IDMS) platforms. 3. User Authentication and Role-Based Access Control (RBAC) across network, operating system, process and database administration boundaries. 4. Education Security Policy and Audit Management requirements ( enforcing access-control and single-sign-on capabilities). Education security standards supplement OMB Circular A130 while providing clear policy for system administration (see http://csrs.nist.gov/secplcy/a130.txt). 5. Password synchronization across all SFAP enterprise computing systems. 6. Centralized security alerts from a consolidated administration workstation. 7. Enterprise security management capable of supporting the multiple OSFA computing platforms and user populations. Vendors are requested to respond to this RFI with two (2) copies of the following information only- 1. Commercial product literature (security management features, specification sheets, brochures) 2. Capacity management information (how many users are supported) 3. Hardware/software compatibility statement (platforms/operating systems supported). Please note, extensive marketing materials are not desired, commercial product literature and brief, 2 pages or less, letters explaining software capability and capacity management information is all that is desired. Interested parties may submit relevant portions of their GSA Schedule or other Government schedule if appropriate. The due date for the RFI response shall be no later that 4:00 p.m. August 20, 1999. Posted 08/03/99 (I-SN362519). (0215)

Loren Data Corp. http://www.ld.com (SYN# 0023 19990805\D-0010.SOL)