99 -- DESKTOP SECURITY INCIDENT MEASUREMENT

Notice Date

September 14, 2001

Contracting Office

Department of the Air Force, Air Combat Command, HQ AIA, HQ AIA/LGCK 251 Kirknewton, Bldg 2088, Kelly AFB, TX, 78243-7034

ZIP Code

78243-7034

Solicitation Number

F5AFIW11790700

Response Due

September 21, 2001

Point of Contact

David Keith, Contract Specialist, Phone (210) 977-2821, Fax (210) 977-2980, Email david.keith@lackland.af.mil -- Terry Aquiles, Contracting Officer, Phone 210-977-2821 ext 9034, Fax 210-977-3945, Email terry.aquiles@lackland.af.mil

Description

This is a combined synopsis/solicitation for a commercial item prepared IAW the format in FAR 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; proposal is being requested and a written solicitation will not be issued. Therefore, this synopsis shall serve as a request for proposal, numbered F5AFIW11790700. This is a FY 02 requirement and funds are not currently available. This request is subject to the availability of funds. The Government intends to negotiate a sole source follow-on contract under the authority of FAR 6.302 with Tiny Software, Santa Clara CA, for Desktop Security Incident Measurement IAW with Statement of Work below. The Government shall continue to perform alpha and beta testing of the contractor's enhanced product in both lab and operational environments. The contractor shall provide a site license for unlimited use within the Department of the Air Force. The items required are: CLIN 0001 DSIM Intrusion Detection System (IDS) Enhancement AA Alpha DSIM Version-Alpha version of software for Government review and comments; AB Beta DSIM Version-Beta version of software for Government review and comments; AC Final DSIM Version and US Air Force License-; and 0002 Data-shall be submitted IAW SOW (Not Separately Priced). Period of Performance is 1 Oct 01-30 Sep 02. This synopsis and incorporated provisions/clauses are in effect through the Federal Acquisition circular 97-27. The North American Industry Classification System (NAICS) for this acquisition is 541490, $5.0M. The following Provisions/Clauses apply to this acquisition: FAR 52.212-1, Instructions to Offerors-Commercial Items; FAR 52.212-4, Contract terms and Conditions-Commercial Items; and FAR 52.212-5, Contract Terms and Conditions required to Implement Statutes of Executive Orders-Commercial Items. Offeror shall include a complete copy of the provisions of FAR 52.212-3, Offeror's Representations and Certifications-Commercial Items with their offer. DFAR 252.204-7004, Required Central Contractor Registration applies. Award cannot be made to the contractor who is not registered in the Central Contractor Registration at time of award. Offers are due no later than 21 Sep 01 at HQ AIA/LGCK, Attn: David Keith, 251 Kirknewton, San Antonio TX 78243-7034. Fax your quote to David Keith at (210) 977-2980. If you have any questions or problems faxing, please call David Keith at (210) 977-2821x9028. =20 STATEMENT OF WORK FOR DESKTOP SECURITY INCIDENT MEASUREMENT SCOPE: The primary object of this SOW is to provide AFIWC/IOT with continued development and enhancement of the Desktop Security Incident Measurement (DSIM) initiative. Current Air Force security tools monitor and protect physical networks with the assumption that hosts are protected indirectly. The goal of DSIM is to provide a hybrid intrusion detection system (IDS) with firewall capabilities to the workstation level. The DSIM firewall capabilities will provide a dual-sided firewall that will help enforce security policy and that can be remotely configured and controlled. The dual-sided firewall is designed to protect the desktop originating attacks. The DSIM IDS component will monitor for suspicious activity, malicious activity, attempted intrusion, and actual intrusion and will report this activity to the DSIM server and then to the Common Intrusion Detection Director System (CIDDS). 1.1 Background: 1.1.1 The Air Intelligence Agency (AIA) is the US Air Force executive agent for command and control warfare (C2W). C2W consists of two portions: information protection (IP) and counter C2W. This task supports the IP portion of this mission, implemented in part by the Air Force Information Warfare Center (AFIWC) Information Operations Technology Division (IOT) through the Computer Security Assistance Program (CSAP). 1.1.2 CSAP has several major functional teams: the (1) Air Force Emergency Response Team (AFCERT), (2) Computer Security Engineering Team, (3) Countermeasures Engineering Team (CMET), (4) Security Technology Insertion and Test Team, and (5) Countermeasures Division (IOTT). 1.1.3 CSAP has several major projects including intrusion detection systems (i.e., Automated Security Incident Measurement (ASIM), On-Line Surveys, CSAP Database System (CDS), CSAP Network Mapping, and CSAP for the 21st Century). 1.1.4 This task order supports the CMET. The CMET supports CSAP by (1) developing security countermeasures for worldwide, Department of Defense (DoD), and National agency computer systems and networks, (2) implementing current technology and developing new technology to counter existing and emerging threats to US Air Force computer systems and networks, including mission-critical computer systems, (3) supporting AFCERT in responding to security incidents on command, control, communications and computer (C4) systems, and (4) assist law enforcement agencies in collection of evidence in computer security incident investigations. This task order will assist in providing continued development in enhancing the capabilities of DSIM. 1.1.5 The DoD has directed the US Air Force to use commercial off-the-shelf (COTS) products as much as possible. This project is utilizing a COTS product and funding enhancements. 2.0 REQUIREMENTS: =20 2.1 The contractor shall continue to enhance their COTS product to meet the additional requirements of this SOW. 2.2 The product should include, but is not limited to the following requirements: 2.2.1 The product shall report attempted unauthorized user activity and suspected intrusion activity to the DSIM server based upon a set of host-based rules that take precedence during client inactivity (i.e. when no user is currently logged in). 2.2.2 The product shall allow integration and reporting of other host-based auditing type IDS to the Desktop Security Engine (DSE) to be forwarded to the DSIM server. The host-based auditing type IDS would alert and deny malicious applications or executables from operating on a client. =20 2.2.3 The product shall allow the DSIM server to report activity to the CIDDS for correlation and analysis of host-based activity. =09 2.3 The contractor shall continue to support IOTT personnel in defining additional technical requirements for this product. 2.4 The final product shall include an unlimited number of software licenses for use only on US Air Force computers. 3.0 DELIVERABLES: The contractors shall deliver the following products and services to AFIWC/IOTT and AIA/LGP. All documents will be delivered utilizing Microsoft Office software. Negative reports are required. 3.1 The contractor shall provide IOTT a management plan draft (to include a schedule) within one month of the award of the contract. The Government will provide comments within 5 working days of receipt. The final plan shall be provided to IOTT 15 working days after receipt of Government comments. (CDRL A001) 3.2 The contractor shall provide status reports on the various items in section 2.0 at the request of the government. (CDRL A002) 3.3 The contractor shall provide IOTT minutes within 15 working days after all technical interchange meetings (TIM). (CDRL A003) 3.4 The vendor will hold all original proprietary rights to the products developed by the vendor. 4.0 VERIFICATION AND TESTING: AFIWC/IOTT shall work with the contractor to provide testing of the software product at milestones to be determined. AFICW/IOTT shall provide the test results to the contractor within 30 to 45 days of receiving software to be tested. 4.1 The contractor and AFIWC/IOTT shall co-develop a test plan for each software version. The AFIWC CIDDS team shall also be involved with this effort. (CDRL A004)=09 4.2 The AFIWC/IOTT shall perform the Alpha and Beta testing in both a lab and an operational environment. This will require at least two test deliveries of the product. The first being used for lab testing and the second for operational testing. Alpha software shall be delivered 120 days after first technical interchange meeting (held 30 days after award). Beta and final software versions shall be delivered 60 days after receipt of Government approval and comments. 5.0 TRAVEL: Contractor travel shall be required to support the above deliverables. 5.1 The contractor shall make one trip to Kelly AFB to hold meetings at AFIWC/IOTT facilities. This visit should include no more than three persons and will be directed as necessary. The contractor shall travel one time to support deliverables and others as needed. AFIWC/IOTT and the contractor shall determine the necessity of the trips but the focus will be to establish/assist in functionality of deliverables in a test lab environment.=09 6.0 DELIVERABLES DELIVERY SCHEDULE:=09 6.1 The contractor shall hold an initial TIM at the contractor's facility with AFIWC/IOTT personnel within 30 days after delivery order award. Task initiation shall be agreed upon between contractor and AFIWC/IOTT personnel. The requirements shall be prioritized at the initial TIM. Additional TIMs will be held as required. The contractor shall develop and deliver all TIM minutes within 15 working days to the government and the government shall review and return comments to the contractor within 10 working days. (CDRL A003) 6.2 The contractor shall provide a US Air Force site license for the use of these products on an unlimited number of Air Force computers. 6.3 The following deliverables schedule is established: see attachment 1. 7.0 SECURITY REQUIREMENTS: 7.1 All work on this contract is to be conducted at the Unclassified level, but as a result of information aggregation, a minimum of Secret level is required 8.0 GOVERNMENT FURNISHED EQUIPMENT: Will be provided as determined necessary (such as during testing). Necessity will be determined by AFIWC/IOTT. The Government will provide the contractor the complete development suite of Oracle software if required.=09 9.0 PACKAGING, PACKING, AND SHIPPING INSTRUSTIONS: Not Applicable 10.0 INSPECTION AND ACCEPTANCE CRITERIA: Acceptance criteria shall be based upon testing conducted by the government and the government meeting the timelines to provide the testing results to the contractor. =09 ATTACHMENT ONE DELIVERY SCHEDULE Para. # Work Product CDRL# DID# Milestones 3.1 Management Plan A001 DI-MGMT-80004 Draft-within 1 month of award to IOT. Final-15 working days after receipt of Government comments=20 3.3 Status Report A002 DI-MGMT-80368 1 month after award and monthly thereafter to IOT and AIA/LGPA 3.4 Technical Interchange Meeting Minutes A003 DI-ADMN-81250A Within 15 working days after TIM to IOT 4.1 Test Plan (one for each version) A004 DI-NDTI-80566 Within 30 working days before software delivery to IOT =09

Web Link

Visit this URL for the latest information about this (http://www.eps.gov/spg/USAF/ACC/HQAIA/F5AFIW11790700/listing.html)

Record

Loren Data Corp. 20010918/99SOL008.HTM (D-257 SN50X6E2)