Defense Information Systems Agency, DITCO-NCR, 701 South Court House Road, Arlington, VA 22204-2199

D -- AUTOMATIC DATA PROCESSING AND TELECOMMUNICATION SERVICES DUE 112499 POC Randolph S. Grey, Contracting Officer (703) 607-6905 REQUEST FOR INFORMATION ABOUT ELECTRONIC WORKFLOW SYSTEM. The Defense Information Systems Agency (DISA) is seeking sources that are capable of providing an enterprise electronic workflow system (EWS). Here are the responses to the questions below: 1) DISA supports both Lotus Notes v 4.6 and DMS Outlook v 2.1 2) An appropriate response to this requirement would be to list or categorize those tools with which the responder's tool/system interpolates. 3) We are dealing with business situation where coordination needs to go across domain such as between .mil and .com domains or between dla.mil and disa.mil domains. Therefore "extranet" to us means that the product can support routing across multiple network domains. 4) DISA may decide to do one or the other, or some third option depending on the responses to the RFI. 5) Both. Versions are specified in the DII COE. 6) An appropriate response to this requirement would be to list or categorize those products with which the responder's tool/system interoperates. 7) An appropriate response to this requirement would be to list or categorize those file formats with which the responder's tool/system interoperates. 8) Standards are developed/generated by industries standard bodies such as the Workflow Management Coalition (WFMC), IEEE, Internet Engineering Task Force (IETF), etc. Standard for electronic mail such as Simple Mail Transfer Protocol (SMTP) are being used to make sure email COTS products can integrate to one and another. Email can be viewed as an administrative function or a warfighting function. So we look to standards to solve interoperability questions. For workflow standards, the WFMC has published the Workflow Application Program Interface (WAPI) covering the workflow client application interface and the workflow interoperability specification (URL: http://www.aiim.org/wfmc/mainframe.htm). Our RFI under item 1.8 checks whether the product is in compliant with the WFMC and that should be a valid criterion. 9) DISA Network not working can not access the DII COE page. But I think on the COE page there is an email to request documentation on-line. 10)Ask them to provide a written response to each RFI item. We need to see the current strength of the products before calling them in for a demo. 11) This will support DoD and DISA in various areas to include: organizational workflow/tracking system, electronic commerce related applications, combat support related applications. 12) I do not think we want the product to be able to merge different file into one. One can do that in MS Word. But the capability to append multiple files and file types in the coordination process is required. 13) The news below should explain the rationale why we want to stay away from ActiveX for a while: October 7, 1999 DAILY BRIEFING DoD weighs ban on advanced Web technology By Nancy Ferris nferris@govexec.com RICHMOND, Va.-To head off network security breaches, high-ranking Pentagon officials are drafting a policy that would ban Defense Department use of the software that drives leading-edge sites on the World Wide Web. Such a ban could be a major setback for electronic government and perhaps even for commercial use of the latest Web technology. Marvin J. Langston, deputy chief information officer for DoD, said his office is putting the finishing touches on a directive that would prohibit DoD use of JavaScript and ActiveX, two software products that enable Web sites to interact with PCs over the Internet. Turning off these capabilities could limit DoD Web sites to providing little more than documents. Without them, it would be difficult to carry out many of the current and planned uses of the Web in buying and selling, distance learning and other kinds of transactions. JavaScript and especially ActiveX are powerful tools that permit the use of software programs within Web sites, greatly increasing their capability to handle transactions. However, the same technology that enables a site to look up a customer in a database and update records can be used maliciously to wipe out the database or alter records with little trace. The software that moves over the network in the interaction between a Web browser and a server is known as "mobile code." It can act like a computer virus, but with more devastating effects. Microsoft Corp., maker of ActiveX, and Netscape Corp., maker of JavaScript, have included in their products controls that can be activated to limit misuse of the technology. For example, Jeff Raikes, Microsoft's vice president for worldwide sales and support, said in a speech at an IT industry conference here, an Air Force browser can be configured to accept mobile code only from an Air Force server. But making sure that these controls are properly activated in every DoD PC and server, and then updated to keep the security policies current, is impossible, in the view of many. "JavaScript and ActiveX are security problems that we don't know how to deal with," Langston told those attending an electronic government workshop at the conference. Later, Langston acknowledged that the proposed ban would reduce the functionality of DoD Web sites. He said the draft policy has met with great resistance within the department and agreed that "there are big issues here." But he said preparation of the draft policy is continuing and it probably will be presented to Langston's boss, DoD CIO Arthur Money, for signature before the end of the year. Security is "the Achilles heel to everything that's going on right now" with electronic government initiatives, Langston said at the workshop. He compared today's information warfare threat to the nuclear missile threat that dominated the defense horizon in the 1950s. Several companies offer security products to enforce protection policies and keep them up to date against threats from mobile code. However, new vulnerabilities emerge regularly, leading many in the information technology industry to liken the situation to a cat-and-mouse game. For each new security protection on the market, malicious hackers come up with a new way to attack protected systems. http://www.govexec.com/dailyfed/1099/100799n1.htm We have extended the due date for responces to 19991124. Potential firms who wish to respond to this sources sought should contact Randy Grey at Defense Information Systems Agency, ATTN: DISCA, 701 South Courthouse Road, Arlington, VA 22204. Telephone (703) 607-6905, fax (703) 607-4340 E-mail address greyr@ncr.disa.mil. Posted 11/16/99 (W-SN401100). (0320)

Loren Data Corp. http://www.ld.com (SYN# 0030 19991118\D-0011.SOL)