Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF MARCH 17, 2011 FBO #3400
SOURCES SOUGHT

D -- Policy Based Management System Enterprise-wide network behavior

Notice Date
3/15/2011
 
Notice Type
Sources Sought
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
Department of the Air Force, Air Mobility Command, Headquarters AMC Contracting, 402 Scott Drive, Unit 2A2, Scott AFB, Illinois, 62225-5320, United States
 
ZIP Code
62225-5320
 
Solicitation Number
AFNICENSE0001
 
Archive Date
4/30/2011
 
Point of Contact
Robert Poulin, Phone: (618) 229-5531, Wade Farrar, Phone: (618) 229-6553
 
E-Mail Address
robert.poulin@us.af.mil, wade.farrar@us.af.mil
(robert.poulin@us.af.mil, wade.farrar@us.af.mil)
 
Small Business Set-Aside
N/A
 
Description
OFADD: AFNIC/ENSE, 203 W. Losey St. RM 2000, Scott AFB IL 62225-5222 SUBJECT: REQUEST FOR INFORMATION POC: Robert Poulin, 618-229-5531, Computer Engineer DESC: This announcement constitutes a Request for Information (RFI) synopsis and market research. Information obtained as a result of this RFI is for planning purposes only. It does not constitute an invitation for Sealed Bid or Requests for Proposal (RFP), nor is it to be construed as a commitment by the Government or the Government issuing a RFP at this time. Background: The Air Force is designing new network architectures for the years 2014 and beyond and is exploring a "Policy Based Management System (PBMS)." A PBMS would provide a consistent, enterprise-wide network behavior by distributing and enforcing policies across the enterprise network. In this context, a policy is a formal representation of the high-level management strategy for the network. Policies should control the following items but are not limited to this list: 1. Firewall rules 2. Routing rules 3. Security devices 4. End devices through the use of white or grey listing 5. Data Storage, retention, transportation and dissemination through the use of metadata tags and user roles NOTE: The following only define capabilities and are not to be construed as a predefined solution. A PBMS could include but is not limited to 1) a policy management tool (PMT), 2) a policy repository (PR), 3) policy decision points (PDP), 4) policy enforcement points (or policy clients) (PEP), and 5) off-line analysis system (OAS). The PMT is the enterprise front end interface which allows the central definition of policies. Normally, polices are created in informal, human language terms, and the PMT must translate those policies into a formal automated language. In addition, the PMT must ensure that policies created will not violate security properties of the of the enterprise network while dealing with or avoiding intractable problems inherent with such a system. If the system should receive a policy that violates the security properties of the enterprise network or the calculation of potential violations is intractable or cannot be conducted in near real time, the system must inform the user of the violation and seek consent before allowing them to proceed. Furthermore, if the calculation is intractable or cannot be conducted in near real time, the PMT should recommend off-line analysis by the OAS (capabilities explained later). Finally, the PMT must support and allow the implementation of predefined network security levels that can be invoked in minimal time to increase or decrease the security posture of the enterprise network. The PR should maintain the complete list of all enforced policies both at the enterprise and at the local level. In addition, it should maintain a log of all network policy states for a predefined period of time. It should also maintain a list of predefined policies for implementation at any moment to achieve predefined security postures. Finally, the PR's database of policies currently enforced should be accessible by the OAS for calculations. The PDP will interface with the PMT and the PEP. PDPs need to enforce polices passed by the PMT and must report compliance or lack of compliance from the PEPs back to the PMT. In addition, the PDP should ensure that any policies from the PMT do not reduce the security properties of the PEPs, to include local security properties under their control and must report any conflicts back to the PMT. The PEP will interface with PDPs and report and enforce current policies. In addition, PEPs will ensure that PMT policies that increase the security posture of the local network override all local policies that conflict and report any conflicts to the PDP. PEPs can include but are not limited to firewalls, intrusion prevention systems, routers, anti-virus systems and host based intrusion systems. The OAS will have the ability to download the current security properties of the network to include local security properties of the enterprise network from the PR for analysis. The OAS will allow the testing of more complicated policies that are beyond the capability of the PMT to conduct near real time analysis. The OAS will still have the ability to identify policy decisions that result in intractable calculations before beginning detailed analysis. Some of the required properties of the PBMS include but are not limited to the following: 1. Handle exceptions to policy for portions of the network. 2. Identify denial of critical and non-critical services. 3. Work in a multi-vendor network environment (Routers, firewalls, etc.). 4. Communicate securely with PDPs and PEPs ensure proper authentication. Additional Information: The following papers are identified as reference material. These papers suggest capabilities and are not listed to endorse or recommend any particular solution and should only be used to clarify the capabilities sought. Adel El-Atawy, Taghrid Samak, Zein Wali, Ehab Al-Shaer. "An Automated Framework for Validating Firewall Policy Enforcement." 7 Dec 2010. <http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.70.9587&rep=rep1&type=pdf> Geoffrey G. Xie, Jibin Zhan, David A. Maltz, Hui Zhang, Greenberg, Gisli Hjalmtysson, Jennifer Rexford. "On Static Reachability Analysis of IP Networks." 7 Dec 2010. <http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.91.2472&rep=rep1&type=pdf> J. Burns, A. Cheng, P. Gurung. S. Rajagopalan, P. Rao, D. Rosenbluth, A.V. Surendran. "Automatic Management of Network Security Policy." 7 Dec 2010. <http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.18.2277&rep=rep1&type=pdf> Other: Responses should also provide answers to the following questions: Cost of Ownership: • What is the general projected Total Cost of Ownership (TCO)? Please provide a generic commercial cost of hardware/software investment needed to stand up a solution for 5000 users across multiple autonomous systems and the recurring annual cost(s). Also address associated training costs. • What equipment will be required to fulfill the solution? How does the solution use existing equipment? Is any of the equipment proprietary? List equipment by Make, Model and Mfg. Security: • Does the solution support Common Access Card (CAC)/DOD Public Key Infrastructure (PKI)? • Describe how the solution addresses Network Access Protection (NAP) and Network Access Control (NAC) considerations in an environment that includes mixed clients. • What capabilities does the solution provide for containing viruses and malicious code? System Administration: • What is the expected administrator to user ratio? • Explain how the solution load balances resources and ensures high availability/continuity of operations during high periods of high volume usage and outages? Are there any critical points of failure and what are mitigating actions? • How is the solution managed over a WAN? - Consider an enterprise that serves hundreds of thousands of users in many countries and in many autonomous systems. • How will the solution automatically and securely accept and apply centrally (AFNETOPS) pushed patches and upgrades? Will manual processes be required to apply patches? Environment: • How does the solution scale over an enterprise? Does it operate over a Wide Area Network (WAN)? What is the largest deployment you have accomplished with your proposed solution? • What are the infrastructure requirements for local area networks (LANs), metropolitan area networks (MANs) and WANs? What limitations, if any, exist for each case? • What are the physical server space requirements per user? What about power and cooling requirements? • What actions are required by the AF to prepare our environment (storage, user profile changes, email applications) to ensure successful implementation of your product? Data Backup and Recovery: • What kind of data backup method is used? Business Case: • From a business case perspective, how does your product improve operations for your customers? What kinds of returns do they see? • Can you provide positive examples of the benefits resulting from adoption on your solution? • What has been the impact on performance and security for customers switching to your technology? • Can you provide examples of savings reported by your customers resulting from decreased system management/support costs? • Can you provide examples of total cost of ownership savings reported by your customers as a resulting of implementing your solution? • Has or can your product provide benefit to users working in a multi-domain security environment? Has its use been evaluated/accredited in such an environment? Responders are encouraged to submit additional information regarding all solutions they believe will meet some or all the requirements. In your response to this RFI, please identify other developer/vendor products that are interoperable with your solutions. Businesses responding to the market research are requested to provide information regarding what they have available meeting some or all of the above capabilities within 30 days of the posting date of this notice. This date will not be extended. AFNIC/ENSE may host vendors for on-site meetings or demonstrations after the initial response period if needed. Potential vendors should express interest, make comments and ask questions only via electronic mail to the Air Force Network Integration Center, Future Technology and Innovation Branch at afnic.ense@us.af.mil. All comments and questions must be in writing and identify the company source, address, contact person, and telephone number. EMAIL: afnic.ense@us.af.mil EMAILDESC: Air Force Network Integration Center, Future Technology and Innovation Branch, Scott AFB, IL.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/USAF/AMC/HQAMCC/AFNICENSE0001/listing.html)
 
Place of Performance
Address: AFNIC/ENSE, 203 W Losey St, Scott AFB, Illinois, 62225, United States
Zip Code: 62225
 
Record
SN02401570-W 20110317/110315235302-747dc0c5e48e0e38fdee5d755a28042d (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.