Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF JULY 27, 2012 FBO #3898
MODIFICATION

99 -- Questions & Answers

Notice Date
7/25/2012
 
Notice Type
Modification/Amendment
 
Contracting Office
Department of the Treasury, Bureau of the Public Debt (BPD), Division of Procurement, Avery 5F, 200 Third Street, Parkersburg, West Virginia, 26106-5312, United States
 
ZIP Code
26106-5312
 
Solicitation Number
RFI-OFR-12-0102
 
Archive Date
8/22/2012
 
Point of Contact
Lisa Stanley, Phone: 304-480-7213
 
E-Mail Address
psb3@bpd.treas.gov
(psb3@bpd.treas.gov)
 
Small Business Set-Aside
N/A
 
Description
1. FIPS 199 provides the guidelines for categorizing data (or a system) as LOW, MODERATE, or HIGH. There is also the NIST SP 800-53 standard that identifies the security controls to be implemented. That standard specifies different controls based upon that LOW, MEDIUM, or HIGH categorization. Is it the intent of OFR to have vendors translate the original requirement as being able to implement the SP 800-53 MODERATE or HIGH controls? The OFR will not handle any data of National Security sensitivity, therefore the guidance is not necessarily applicable to the data the OFR will handle. The OFR data will be stored in the Treasury Datacenters which are FISMA High rated and any system build in the Treasury DC will have to meet the same standard. The OFR data is highly sensitive and we require very high levels of security, auditing and monitoring but not of National Security level. 2. SP 800-53 specifies 165 controls (not all of which would actually be applicable to a database system itself). Over half of the controls are not even specific to a product but address things like security awareness and training. Each control has a baseline that applies to either LOW, MODERATE, or HIGH. Many controls also have enhancements to the baseline that would apply to MODERATE or HIGH configurations. This is not a question; it is a paraphrase of the NIST standard. 3. Is OFR asking whether or not the system can be configured and operated using the MODERATE and HIGH controls? No, the OFR is stating that we operate in a FISMA high environment and as such we must have systems that will pass a FISMA high C&A. 4. Can you provide examples of where you have implemented these controls? All Treasury DO systems. 5. Do your requirements relate in any way to the Department of Defense security requirements? NO, please see answer 1 above. 6. Would having installations in classified environments in the DoD meet your requirements? NO, we don't require controls in par with National Security sensitivity level. Please see answer 1 above.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/TREAS/BPD/DP/RFI-OFR-12-0102/listing.html)
 
Record
SN02814646-W 20120727/120725235622-5349986284ba28b3fd029ff9d43d8e13 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.