Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF DECEMBER 06, 2020 SAM #6947
SOLICITATION NOTICE

70 -- Request for Information (RFI) - Data Centricity Tagging & Marking (TED) Tool

Notice Date
12/4/2020 6:51:16 AM
 
Notice Type
Presolicitation
 
NAICS
5415 —
 
Contracting Office
HQ USCENTCOM CCJ6 TAMPA FL 33621-5512 USA
 
ZIP Code
33621-5512
 
Solicitation Number
RFI-175753
 
Response Due
12/23/2020 9:00:00 AM
 
Archive Date
01/07/2021
 
Point of Contact
Darryl Cowan, Phone: 8135296632
 
E-Mail Address
darryl.r.cowan.civ@mail.mil
(darryl.r.cowan.civ@mail.mil)
 
Description
This is a Request for Information (RFI) issued by the United States Central Command (USCENTCOM). USCENTCOM is conducting this RFI as market research to determine the solutions available to address the prospective requirement described below. This is not a formal Request for Proposal (RFP) or Quote (RFQ) and no submissions will be accepted as official offers for a contract.�USCENTCOM will not reimburse respondents for any expenses associated with this RFI. Background and Prospective Requirement: � United States Central Command (USCENTCOM) is seeking a metadata tagging tool that will mark documents in accordance with the United States Intelligence Community XML Data Encoding Specification for Trusted Data Format (IC-TDF) and North Atlantic Treaty Organization (NATO) Standardization Agreement (STANAG) Allied Data Processing Publication ADatP-4774 Confidentiality Label Syntax data formats. These standards allow entities to securely exchange information through a data centric environment by wrapping the original artifact or payload with an Extensible Markup Language (XML) header. The metadata within the header contains attributes which specify such things as clearance, dissemination, caveats (or releasable to), derived from, etc. USCENTCOM seeks to acquire a tool that will facilitate the metadata tagging process in accordance with the above standards.� Vendors should use the core capabilities criteria below to describe their offering; however, we strongly encourage vendors to provide additional detail on cutting edge or innovative features of their product. Vendors must limit responses to 20 total pages, which includes cover sheet, table of contents, index, and acronyms. Vendor Introduction: Provide company details, partnerships, and point of contact information� CORE CapabilitiES: Web based solution in accordance with NIST Secure Web Coding standards Ability to Single Sign On (SSO) from Windows domain joined users Ability to use PKI with Smartcard, RSA tokens, and/or Username/password for logon Ability to leverage user attributes to trim encoding access and options Encode file object to xml and encode xml payload portion according to the standards mentioned above Ability to encode all standard file types specifically Microsoft Office products, Portable Document Format (PDF) and image files Ability to encode (wrap) and decode (unwrap) artifact accordingly: Artifact to STANAG Artifact to IC-TDF Artifact to STANAG to IC-TDF (resulting item would be an IC-TDF file) Ability to verify the encoded artifact for correctness in format and attribute contents Ability to digitally sign the artifact Ability to encrypt the contents of the payload with Hybrid RSA OAEP and AES 256 GCM Ability to interpret and correctly apply applicable metadata information such as properties/tags contained within Microsoft Office products and Titus tagged artifacts to the standards above Ability to gather missing metadata from the user to complete attributes needed for encoding standards Ability to encode and decode a single artifact, multiple artifacts, or a folder of artifacts in one operation. Note: Must enter missing metadata for each artifact if needed. Ability to select where the encoded or decoded files are placed once the process is completed. Note: Separate artifacts based clearance, releasable to, etc. Ability to provide an administrative web based to add/or adjust configurations, modify data attributes offerings, and perform up to three levels of approval to change attributes and access (change entry, approver1, approver2) Provide the capability to change existing attributes, incorporate new attribute categories, and ensure multiple caveats are properly encoded Ability to encode mixed artifact types in one operation, i.e. Microsoft Office products, PDF files and image files Ability to directly interface with On Premise and Microsoft cloud based Microsoft SharePoint (2016 and higher) and provides the option to direct encoded artifacts to SharePoint document repositories using user�s credentials. The ability to directly interface with similar web based repositories is a plus. Ability to be Policy Enforcement Point (PEP) capable for access and object control. Ability to provide locally stored logs and to store logs to a remote location. Log data will contain the following type of� information: logon/logoff attempts to application and artifact processing (date/time, user, file name, file type, security caveats (e.g. NATO, FVEY))� Supports operations at USCENTCOM Headquarters, USCENTCOM Forward Headquarters (CFH), Washington Liaison Office (WLNO) and Site-X Must meet USCENTCOM security requirements for NIPRNet, SIPRNet, and the CENTCOM Partner Network (CPN)� Must provide system Operations and Maintenance (O&M) upgrades to include Operating System (OS) patches, hardware firmware upgrades, and upgrades to address security vulnerabilities Must non-disruptively and independently patch OS, software defined storage solution, hardware firmware, and other applications associated with the solution Provide support services: 24/7 technical support (phone/email/web portal) Four hour onsite hardware services for Security Level 1 outage Integrated software (firmware) updates Common Criteria Evaluation Assurance (EA) Level 3 certified Verification requirements: Verification that product conforms to DoD/Federal standards (i.e. Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) compliant) Verify solution meets required capabilities Verify that the solution conforms to USCENTCOM, DISA, and US Cyber Command security requirements Verify the product and service is supportable by USCENTCOM�s Operations & Maintenance (O&M) and service delivery model Validate the product can be used in a Secret Releasable (SECRET//REL) environment Validate the solution is Trade Agreements Act (TAA) complaint and is Common Criteria Evaluation Assurance (EA) Level 3 certified Installation and Support MODEL: Identify the support model for your product. Include installation/integration support, System Design Document (SDD), Operations and Maintenance (O&M) support, and elevated support Define out-year maintenance cost for all related items including base year and option period costs Identify on-site/off-site skill types and levels required to sufficiently O&M the solution Identify user roles, including super user roles, required to sustain the solution Define out-year maintenance cost for all related items Ability to provide 24/7/365 support including troubleshooting escalation support after training is complete Provide critical patches/updates via an email distribution list Identify the total computer and storage environment that the vendor�s system requires to operate� Vendor support staff must possess a U.S. SECRET clearance or above Licensing: Provide detailed information on your license model. Describe the licensing model and modular (i.e. ala carte) deployment options to tailor procurement and maintenance costs. Provide additional information if multiple licensing models is available (per terabyte, per network, per user, entire enterprise).� Vendor should provide licensing agreement along with instructions on how to self-audit for license compliance. Identify all proprietary, GOTS or COTS software applications that need to be licensed in order to deploy and sustain the solution Training: Identify support options after solution is deployed and cost incurred for multiple year options Provide details on administrator and user training options for your product including costs incurred Provide training for five (5) technicians to operate and maintain the solution Provide a training platform that offers introductory data user level to advanced and in-depth training for data curators Provide detail on the skill set required to support the solution and specify pre-certification levels and subsequent training applicable for these certifications Specify training roles that the vendor will provide system admin, cyber security, and end user training PAST PERFORMANCE: Provide examples (no more than three) of successful past performance with Department of Defense organizations. At minimum, please identify product name, contract number, DoD organization supported, dates of support, and a short description of support. Statement of Limitations 1.�USCENTCOM represents that this RFI, submissions from respondents to this RFI, and any relationship between USCENTCOM and respondents arising from or connected or related to this RFI, are subject to the specific limitations and representations expressed below, as well as the terms contained elsewhere in this RFI. By responding to this RFI, respondents are deemed to accept and agree to this Statement of Limitations. Respondents to this RFI acknowledge and accept USCENTCOMs rights as set forth in the RFI, including this Statement of Limitations. 2.�USCENTCOM reserves the right, in its sole discretion, without liability, to utilize any or all of the RFI responses in its planning efforts.�USCENTCOM reserves the right to retain and utilize all the materials, information, ideas, and suggestions submitted in response to this RFI. 3. This RFI shall not be construed in any manner to implement any of the actions contemplated herein, nor to serve as the basis for any claim whatsoever for reimbursement of costs for efforts expended in preparing a response to the RFI. 4. The submission of an RFI response is not required to participate in any potential future solicitation. 5. To the best of USCENTCOMs knowledge, the information provided herein is accurate. 6. This RFI is issued solely for information and planning purposes and does not constitute a solicitation. Responses to this notice are not an offer and cannot be accepted by�USCENTCOM to form a binding contract. Submission of Responses: All interested parties should submit their proposed solutions to darryl.r.cowan.civ@mail.mil with appropriate supporting information clearly marked Response to RFI JIDC Tagging & Marking Tool, no later than 12/23/2020 at 12:00PM EST. This is a Request for Information (RFI) issued by the United States Central Command (USCENTCOM). USCENTCOM is conducting this RFI as market research to determine the solutions available to address the prospective requirement described below. This is not a formal Request for Proposal (RFP) or Quote (RFQ) and no submissions will be accepted as official offers for a contract.�USCENTCOM will not reimburse respondents for any expenses associated with this RFI. Background and Prospective Requirement: � United States Central Command (USCENTCOM) is seeking a metadata tagging tool that will mark documents in accordance with the United States Intelligence Community XML Data Encoding Specification for Trusted Data Format (IC-TDF) and North Atlantic Treaty Organization (NATO) Standardization Agreement (STANAG) Allied Data Processing Publication ADatP-4774 Confidentiality Label Syntax data formats. These standards allow entities to securely exchange information through a data centric environment by wrapping the original artifact or payload with an Extensible Markup Language (XML) header. The metadata within the header contains attributes which specify such things as clearance, dissemination, caveats (or releasable to), derived from, etc. USCENTCOM seeks to acquire a tool that will facilitate the metadata tagging process in accordance with the above standards.� Vendors should use the core capabilities criteria below to describe their offering; however, we strongly encourage vendors to provide additional detail on cutting edge or innovative features of their product. Vendors must limit responses to 20 total pages, which includes cover sheet, table of contents, index, and acronyms. Vendor Introduction: Provide company details, partnerships, and point of contact information� CORE CapabilitiES: Web based solution in accordance with NIST Secure Web Coding standards Ability to Single Sign On (SSO) from Windows domain joined users Ability to use PKI with Smartcard, RSA tokens, and/or Username/password for logon Ability to leverage user attributes to trim encoding access and options Encode file object to xml and encode xml payload portion according to the standards mentioned above Ability to encode all standard file types specifically Microsoft Office products, Portable Document Format (PDF) and image files Ability to encode (wrap) and decode (unwrap) artifact accordingly: Artifact to STANAG Artifact to IC-TDF Artifact to STANAG to IC-TDF (resulting item would be an IC-TDF file) Ability to verify the encoded artifact for correctness in format and attribute contents Ability to digitally sign the artifact Ability to encrypt the contents of the payload with Hybrid RSA OAEP and AES 256 GCM Ability to interpret and correctly apply applicable metadata information such as properties/tags contained within Microsoft Office products and Titus tagged artifacts to the standards above Ability to gather missing metadata from the user to complete attributes needed for encoding standards Ability to encode and decode a single artifact, multiple artifacts, or a folder of artifacts in one operation. Note: Must enter missing metadata for each artifact if needed. Ability to select where the encoded or decoded files are placed once the process is completed. Note: Separate artifacts based clearance, releasable to, etc. Ability to provide an administrative web based to add/or adjust configurations, modify data attributes offerings, and perform up to three levels of approval to change attributes and access (change entry, approver1, approver2) Provide the capability to change existing attributes, incorporate new attribute categories, and ensure multiple caveats are properly encoded Ability to encode mixed artifact types in one operation, i.e. Microsoft Office products, PDF files and image files Ability to directly interface with On Premise and Microsoft cloud based Microsoft SharePoint (2016 and higher) and provides the option to direct encoded artifacts to SharePoint document repositories using user�s credentials. The ability to directly interface with similar web based repositories is a plus. Ability to be Policy Enforcement Point (PEP) capable for access and object control. Ability to provide locally stored logs and to store logs to a remote location. Log data will contain the following type of� information: logon/logoff attempts to application and artifact processing (date/time, user, file name, file type, security caveats (e.g. NATO, FVEY))� Supports operations at USCENTCOM Headquarters, USCENTCOM Forward Headquarters (CFH), Washington Liaison Office (WLNO) and Site-X Must meet USCENTCOM security requirements for NIPRNet, SIPRNet, and the CENTCOM Partner Network (CPN)� Must provide system Operations and Maintenance (O&M) upgrades to include Operating System (OS) patches, hardware firmware upgrades, and upgrades to address security vulnerabilities Must non-disruptively and independently patch OS, software defined storage solution, hardware firmware, and other applications associated with the solution Provide support services: 24/7 technical support (phone/email/web portal) Four hour onsite hardware services for Security Level 1 outage Integrated software (firmware) updates Common Criteria Evaluation Assurance (EA) Level 3 certified Verification requirements: Verification that product conforms to DoD/Federal standards (i.e. Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) compliant) Verify solution meets required capabilities Verify that the solution conforms to USCENTCOM, DISA, and US Cyber Command security requirements Verify the product and service is supportable by USCENTCOM�s Operations & Maintenance (O&M) and service delivery model Validate the product can be used in a Secret Releasable (SECRET//REL) environment Validate the solution is Trade Agreements Act (TAA) complaint and is Common Criteria Evaluation Assurance (EA) Level 3 certified Installation and Support MODEL: Identify the support model for your product. Include installation/integration support, System Design Document (SDD), Operations and Maintenance (O&M) support, and elevated support Define out-year maintenance cost for all related items including base year and option period costs Identify on-site/off-site skill types and levels required to sufficiently O&M the solution Identify user roles, including super user roles, required to sustain the solution Define out-year maintenance cost for all related items Ability to provide 24/7/365 support including troubleshooting escalation support after training is complete Provide critical patches/updates via an email distribution list Identify the total computer and storage environment that the vendor�s system requires to operate� Vendor support staff must possess a U.S. SECRET clearance or above Licensing: Provide detailed information on your license model. Describe the licensing model and modular (i.e. ala carte) deployment options to tailor procurement and maintenance costs. Provide additional information if multiple licensing models is available (per terabyte, per network, per user, entire enterprise).� Vendor should provide licensing agreement along with instructions on how to self-audit for license compliance. Identify all proprietary, GOTS or COTS software applications that need to be licensed in order to deploy and sustain the solution Training: Identify support options after solution is deployed and cost incurred for multiple year options Provide details on administrator and user training options for your product including costs incurred Provide training for five (5) technicians to operate and maintain the solution Provide a training platform that offers introductory data user level to advanced and in-depth training for data curators Provide detail on the skill set required to support the solution and specify pre-certification levels and subsequent training applicable for these certifications Specify training roles that the vendor will provide system admin, cyber security, and end user training PAST PERFORMANCE: Provide examples (no more than three) of successful past performance with Department of Defense organizations. At minimum, please identify product name, contract number, DoD organization supported, dates of support, and a short description of support. Statement of Limitations 1.�USCENTCOM represents that this RFI, submissions from respondents to this RFI, and any relationship between USCENTCOM and respondents arising from or connected or related to this RFI, are subject to the specific limitations and representations expressed below, as well as the terms contained elsewhere in this RFI. By responding to this RFI, respondents are deemed to accept and agree to this Statement of Limitations. Respondents to this RFI acknowledge and accept USCENTCOMs rights as set forth in the RFI, including this Statement of Limitations. 2.�USCENTCOM reserves the right, in its sole discretion, without liability, to utilize any or all of the RFI responses in its planning efforts.�USCENTCOM reserves the right to retain and utilize all the materials, information, ideas, and suggestions submitted in response to this RFI. 3. This RFI shall not be construed in any manner to implement any of the actions contemplated herein, nor to serve as the basis for any claim whatsoever for reimbursement of costs for efforts expended in preparing a response to the RFI. 4. The submission of an RFI response is not required to participate in any potential future solicitation. 5. To the best of USCENTCOMs knowledge, the information provided herein is accurate. 6. This RFI is issued solely for information and planning purposes and does not constitute a solicitation. Responses to this notice are not an offer and cannot be accepted by�USCENTCOM to form a binding contract. Submission of Responses: All interested parties should submit their proposed solutions to darryl.r.cowan.civ@mail.mil with appropriate supporting information clearly marked Response to RFI JIDC Tagging & Marking Tool, no later than 12/23/2020 at 12:00PM EST.
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/d4ff7f145b284202ba4234bec0fedc93/view)
 
Place of Performance
Address: Tampa, FL 33621, USA
Zip Code: 33621
Country: USA
 
Record
SN05867207-F 20201206/201204230141 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.