Loren Data's SAM Daily™

fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF MAY 01, 2011 FBO #3445
SOURCES SOUGHT

D -- HSPD-12 to Support Identity Management, PIV Card Management, Access Control, and Biometric Technologies Requirements

Notice Date
4/29/2011
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
Office of the Chief Procurement Officer, Washington, District of Columbia, 20528, United States
 
ZIP Code
20528
 
Solicitation Number
RFI-HSPD-12
 
Archive Date
6/4/2011
 
Point of Contact
Rachel Cook, Phone: 2024475464, Tanya M. Hill, Phone: (202) 447-5511
 
E-Mail Address
rachel.cook@hq.dhs.gov, Tanya.Hill@dhs.gov
(rachel.cook@hq.dhs.gov, Tanya.Hill@dhs.gov)
 
Small Business Set-Aside
N/A
 
Description
Request for Information Continued Implementation of the Homeland Security Presidential Directive (HSPD) 12 to Support Identity Management, Personal Identity Verification (PIV) Card Management, Access Control, and Biometric Technologies Requirements SOURCES SOUGHT NOTICE & REQUEST FOR INFORMATION. THIS IS A REQUEST FOR INFORMATION (RFI) ONLY. This RFI is for planning purposes only and shall not be construed as an obligation on the part of the Government. This is NOT a Request for Quotations or Proposals. No solicitation document exists, and a formal solicitation may or may not be issued by the Government as a result of the responses received to this RFI. The Government will not pay for any response or demonstration expenses. Any information received will become the property of the Government and will not be returned to the submitter. Interested parties are responsible for adequately marking proprietary or competition sensitive information contained in their response. The offices of the Chief Security Officer (OCSO) and Chief Information Officer (OCIO) of the Department of Homeland Security (DHS), Management Directorate (MGMT) issue this Request for Information (RFI) for an end-to-end Identity Credential and Access Management (ICAM) solution, to include, PIV Card Management & Usage, Physical & Logical Access Control, Access Provisioning & Deprovisioning, and Biometric Technologies to meet requirements of ensuring the security of DHS assets and guarantee DHS information technology environments are safe. BACKGROUND In support of the ongoing effort by the DHS to meet the requirements of HSPD-12 and the Federal ICAM Roadmap, DHS is looking for an end-to-end solution for new and innovative technical approaches for: • Identity Management; • PIV Card Management; • PIV Card Usage for Physical and Logical Access Control; • Access Management to include but not limited to access provisioning, deprovisioning; • Federation and Interoperability; and • Biometric Collection (fingerprint, facial images, iris, voice, etc.) and implementation, biometric image/sample quality analysis, transmission to the DHS authoritative fingerprint biometric database, receipt, and match results. To provide a baseline for these efforts, DHS is gathering information on new product innovations and capabilities available in the current state-of-the-art via existing commercial and government products in the areas listed above. The intent is to procure a fully integrated, end-to-end solution that supports DHS and its Components. For DHS to acquire a fully integrated, end-to-end solution, it must be mobile, upgradeable/scalable, flexible, customizable, and tested in the field and operational environments to identify the solutions' performance characteristics, reliability, interoperability, and operations concept. This RFI requests industry to provide information on approaches, best practices, and technologies for accomplishing identity management, PIV card management, physical & logical access controls, and biometric collection, implementation, and matching. REQUIREMENTS Responses should address the following requirements about the envisioned enterprise end-to-end solution and/or technologies. Topic 1 - Identity and Card Management Systems (1) Provide an enterprise end-to-end identity management and PIV credentialing solution that that complies with NIST FIPS 201, NIST supporting special publications, and other federal standards. The solution should have: a. the ability to provide a PIV card provisioning solution to include Identity Management System (IDMS) and Card Management System (CMS) based on an enterprise approach; b. the ability to provide Issuance and Enrollment workstations, associated workflow, and peripherals to ensure a complete end-to-end solution from PIV card data acquisition to physical card production/distribution. A workstation may be a desktop, a laptop, a tablet or other handheld device, or other solution; c. the flexibility to support additional future credentialing initiatives as they are identified; d. the ability to move enrollment information from the vendor-supplied HSPD-12 solution database into the DHS Information Technology (IT) infrastructure and to use this information to create and update user accounts; e. the ability to create a unique end-user identity to be placed in the PIV card's Authentication Certificate to include the generation of a federally unique Microsoft compliant User Principle Name (UPN), using the existing data from the NIST SP 800-73 defined Federal Agency Smart Credential Number (FASC-N); f. the ability to create a federally unique end-user e-mail account name derived from the NIST SP 800-73 defined FASC-N; g. remote, web-based, online ability to provide for PIV card updates, and PIN resets; h. the abilility to provide a complete Life Cycle Management of PIV cards; and i. the ability to provide user self service functions to facilitate credential management and updates. This should include but not limited to: card updates, PIN unblock, PIN change, and PIN reset. (2) Provide an open standards based interface (compliant with DHS security standards) to various systems to allow for information exchanges to occur. (3) Provide configuration and integration services necessary to meet specific identity management/access controls business processes. (4) Provide a consolidated view of identity data and associated attributes to DHS applications, data sources, and personnel from disparate authoritative data sources. (5) Provide card inventory information and secure management of card stock (and associated materials) and provide options for secure transit of "personalized" cards to distribution facilities. The solution must provide the ability to "activate" cards through processes defined in NIST FIPS 201 and supporting NIST special publications. (6) Provide a means to track card issuance, applicant enrollment, system status, device status, etc. in real time through a web-accessible dashboard application. The solution must provide a mobile application to allow for real time monitoring of systems via a mobile device. (7) Provide a means of testing for the HSPD-12 program that includes unit, functional, integration, and regression, system acceptance, security, and any post-deployment testing, to include Disaster Recovery (DRP) and Business Continuity (BCP). (8) Define the process by which to accept, use, operate, and maintain the new or updated enterprise end-to-end solution. a. Provide transition plans that address aspects of transition management (including training, parallel operation, transition timing, staging of transition, contingency measures if the steps are not successful, etc.) which pertain to the actual acceptance, use, operations, and maintenance of the enterprise solution. b. Provide training materials (manuals, reference guides, operating instructions, support procedures, etc.) and methods (online, train-the-trainer, classroom, etc.) to facilitate a smooth transition to the new or updated end-to-end solution/system. (9) Provide Operations and Maintenance (O&M) support of the enterprise end-to-end solution/system. The solution should have the ability to: a. provide 24x7 tier/level 2 and 3 Help Desk support through subject matter experts/vendors and problem diagnosis documentation for tier/level 1 help desk. Level 1 help will be performed by DHS help desks that are already in place. All help desk and self service capabilities must be web based; b. provide Inventory and Asset Management records of the end-to-end solution that can be imported/exported into the corresponding DHS inventory/ asset management system; c. record and maintain a Configuration and Change Management file of the end-to-end solution/system to include correcting all deviations from the baseline configuration, and any other relevant data such as the impact of proposed Change Requests; d. provide preventive and corrective maintenance support for the enterprise system and all subsystem elements to include product warranties and maintenance agreements. Additionally, provide maintenance procedures and the recommended periodicity of maintenance procedures enterprise components and support audit of maintenance actions; e. perform remote diagnostics and troubleshooting of end-to-end solution; f. enable usage of Voice Biometric for additional authentication and faster response/queue times; and g. provide a Continuity of Operations (COOP)/Disaster Recovery (DR) site and the process for Business Continuity. Topic 2 - Physical Access Control Systems (PACS) (1) Provide the Concept of Operations, functionality, and basic components of the PACS solution including but not limited to technologies used for physical security: electronic access, biometric authentication, IP video surveillance, alarm management, security monitoring systems, electronic locks, etc. The solution shall be capable of demonstrating access control for facilities security levels 1-5 (FSL 1-5). (2) Provide a solution that supports convergence of Physical and Logical Access Control Systems across an enterprise to improve access management and auditability. (3) Have the ability to support multiple authentication modes suitable for controlling access and capability to switch between PIV authentication mechanisms in response to changes in threat level. (4) Have the ability to support for PIV Interoperable (PIV-I) cards that may need access to a controlled facility and the capability to enable PIV-I visitors as well as temporary PIV-I cardholding employees to use the access control system. (5) Define the process if the current PACS infrastructure cannot support the notional requirements, including but not limited to evaluating existing infrastructure, steps to full implementation, cost, timeline, emerging networks, and/or needed technologies. (6) Provide the means for the PACS provider to administer and support the need to accommodate multiple PACS from an individual customer to an enterprise end-to-end solution. Topic 3 - Logical Access Control Systems (LACS) A LACS is an automated system that controls a user's ability to access one or more computer system resources such as a workstation, network, application, or database. A LACS requires validation of an individual's identity through some mechanism such as a PIN, card, biometric, or other token. It has the capability to assign and enforce different access privileges to different persons depending on their access needs within the organization. Modernized LACS implementations are capable of delivering significant value and return on investment to federal agencies in the form of streamlined, validated, and controlled access control processes; easier compliance with legal and regulatory controls; and reduced administrative burden on resource owners and administrators. (1) Provide the architecture, components, and key design requirements common to LACS solutions and provides reference architecture diagrams to illustrate how LACS solution components interact with each other. (2) Provide common technical considerations for deploying LACS solutions and their supporting infrastructure within federal agencies, including workstations, servers, and networks. (3) Provide governance, investment planning, and schedule planning considerations that are necessary to properly plan for a logical access deployment within DHS. (4) Address Key functional requirements: a. Authentication • Supports many methods and assurance levels including PIV card support • Supports multiple methods (PKI, OpenID, Kerberos, etc.) to meet HSPD-12 and e-Authentication requirements • Web and thick/thin client authentication • Smartphone and Mobile Device authentication b. Authorization • Enables authorization to resources, systems, networks, and applications by role (RBAC), attribute (ABAC), policy (PBAC), etc. • Enables resource elements in both structured and unstructured data to have the correct labels or attributes assigned to ensure access by authorized individuals • Provides for authorized access controls for resources and data that are outside the control of system networks and applications c. Automated Audit • Provides for activity review of privilege change and application access • Attestation and Certification allows system and data owners to attest to the privileges of users under their control and certify that the assigned entitlements are accurate d. Workflow & Automated Provisioning and De-Provisioning • Automates explicit permissions and policies including establishing, activating, modifying, reviewing, disabling, and removing user accounts • Rich set of connectors to systems, applications, networks, frameworks to enable the provisioning/de-provisioning of user accounts e. Meta-Directory Services (include virtual) • Reconciles identities and associated attributes across databases, directories and applications • Identifies Authoritative Sources of data and correlates directory information • Rich set of pre-built interfaces to other vendors' directory sources f. Single/Reduced Sign-on Support (Web & Client) • Single and reduced sign-on with or without PIV card • Ability to manage user password to Legacy systems g. Event Monitoring, Alerts, and Logging • Should integrate to existing Security Incident and Event Management software products • Alert managers when request for access control requires escalation • Log management that enables discovery of suspicious user behavior h. Delegation • Logically centralized functions that can be virtually delegated to Lines Of Business (e.g., workflow-provisioning) • Delegation should allow authorizers for a configurable time period • Delegation should allow selected management functions to authorizing officials i. Access Control Policy Management (ACPM) • LACS ACPM will provide Policy Enforcement Point (PEP) and Policy Decision Point (PDP) services j. Self-Service • User Self Service allows user to manage their personal information that is under their direct control • User Self Service allows users to make requests for services and engage in automated business processes. • Customer Self Service addresses customer support, technical support and employee support inquiries in an on-demand fashion • Manager Self Service allows managers to administer rights of access to employees under their control k. Federation • Federate using SAML2.0 standard within and across agencies enabling distributed identification, authentication, and authorization across organizational and platform boundaries Topic 4 - Biometric Collection (1) Define the approach for identifying biometric collection environments to include but not limited to varying: distances, lighting, subject motion and orientation, atmospheric turbulence, occlusion, etc. (2) Define the approach for management of biometric outlier populations for each biometric modality. (3) Define the approach for the usage of multiple biometrics and their associated use cases in a PIV usage model for both physical and logical access. (4) Confirmation that all biometrics capture meets or exceeds the biometric image standards requirements for each modality. RESPONSE We are requesting industry to provide a written Statement of Capability to this RFI that includes the following tasks: (1) A Rough Order of Magnitude (ROM) cost estimate for implementing an enterprise end-to-end solution per year for five years. (2) Describe an approach to introduce an enterprise end-to-end identity management solution that supports Issuance and Enrollment workstations, associated workflow, and peripherals to ensure a complete end-to-end solution from PIV data acquisition to physical card production/ distribution. (3) Describe the capability of the integrated, end-to-end solution to show all the requirements outlined in Topics 1 through 4. (4) Describe an approach for consolidating all physical security access control systems into one physical access control environment to include but not limited to technologies used for physical security: electronic access, IP video surveillance, alarm management, security monitoring systems, electronic locks, etc. (5) A general explanation of how the physical and logical access control system or technologies meets the technical requirements outlined in Topics 1 through 4. (6) Demonstrate an approach for identifying a comprehensive list of biometric collection environments to include but not limited to varying: distances, lighting, subject motion and orientation, atmospheric turbulence, occlusion, etc. (7) Explain the commercial software licensing approach, if applicable, that minimizes license management costs and leverages COTS products availability under DHS enterprise license vehicles. (8) A general explanation of applicable products and services that are on the GSA FIPS-201 Approved Products List (APL) and are in compliance with the current version of the Standard and its supporting Publications. The page limit for the response is ten (10.) Responses should also include the company profile (to include, but not limited to, history, business size and socioeconomic category, applicable North American Industry Classification [NAICS], and primary line of business.) Your response must be delivered via email to the address identified herein. Response due date: no later than 5:00 p.m. Eastern Time on Friday, May 20, 2011. Attn: Ms. Rachel Cook, Contract Specialist, email: Rachel.Cook@dhs.gov, Phone: (202) 447-5464 and Tanya M. Hill, Contracting Officer, email: Tanya.Hill@dhs.gov, Phone: (202) 447-5511
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DHS/OCPO/DHS-OCPO/RFI-HSPD-12/listing.html)
 
Place of Performance
Address: TBD, United States
 
Record
SN02436617-W 20110501/110429234434-28314ea3df4ba556be2aced19393e290 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)

FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.