D -- SECURITY RISK ANALYSIS

Notice Date

April 4, 2001

Contracting Office

Department of the Interior, National Business Center, Acquisition and Property Management Branch, Code D-2940, 7301 W. Mansfield Avenue, Denver, CO 80235-2230

ZIP Code

80235-2230

Solicitation Number

NBCD1I00002

Response Due

April 18, 2001

Point of Contact

Shanta Harrison (303)969-7224

E-Mail Address

National Business Center (Shanta_M_Harrison@nbc.gov)

Description

The Department of Interior's National Business Center (i.e., NBC) Data Center in Denver, Colorado, requests information regarding a Security Risk Analysis of all aspects of its computer center operations. The Data Center operates on five platform layers: IBM mainframe, UNIX-based midrange, Windows NT server, Novell LAN, and NT-based workstations. These platforms support both standalone and n-tier client/server applications. RACF is the primary security software system on the mainframe. Other mainframe security software products (Natural Security, ORACLE Security, etc.) are also used in concert with RACF. Security system software that comes bundled with Netware, UNIX, and NT-Server are used for those platforms. The NBC Data Center has a large network incorporating a variety of connectivity methods including ATM, Frame Relay, ISDN, TCP/IP, SNA, and analog dial-in. A security risk analysis will be performed that will include, but not be limited to, the following areas: organization and management; physical access and environmental controls; logical access; computer operations; network security; change management; configuration management; business resumption, disaster recovery, and incident response handling. The National Business Center is requesting interested vendors to submit examples of prior security risk analyses that have been performed by their organizations. Emphasis on describing the methodology used by your organization to assess risk (e.g., how you determine the vulnerability to a particular threat, how you determine the likelihood of the threat occurring, and what is your criteria for determining when the risk should be mitigated, etc.) is desired. THIS SYNOPSIS IS FOR INFORMATION AND PLANNING PURPOSES AND IS NOT TO BE CONSTRUED AS A COMMITMENT BY THE GOVERNMENT. THIS IS NOT A SOLICITATION ANNOUNCEMENT FOR PROPOSALS AND NO CONTRACT WILL BE AWARDED FROM THIS ANNOUNCEMENT. NO REIMBURSEMENT WILL BE MADE FOR ANY COSTS ASSOCIATED WITH PROVIDING INFORMATION IN RESPONSE TO THIS ANNOUNCEMENT AND ANY FOLLOW-UP INFORMATION REQUESTS. RESPONDENTS DEEMED FULLY QUALIFIED WILL BE CONSIDERED IN ANY RESULTING SOLICITATION FOR THE REQUIREMENT. THE GOVERNMENT RESERVES THE RIGHT TO CONSIDER A SMALL BUSINESS SET-ASIDE OR 8(A) SET-ASIDE BASED ON RESPONSES HERETO. THE APPLICABLE NAICS CODE IS 541690. CLOSING DATE FOR RESPONSES IS 4:00 PM MDT ON APRIL 18, 2001. IF A SOLICITATION IS ISSUED AT A LATER DATE THE AWARD WILL BE MADE BY A SOURCE SELECTION PROCESS. THIS NOTICE CONTAINS ALL INFORMATION. THERE ARE NO OTHER ATTACHMENTS.

Web Link

Website unavailable at this time. Please call for information. (www.den.nbc.gov)

Record

Loren Data Corp. 20010406/DSOL005.HTM (W-094 SN50I2O5)