Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF APRIL 27, 2002 FBO #0146
SOURCES SOUGHT

D -- Security Registration System sources sought

Notice Date
4/25/2002
 
Notice Type
Sources Sought
 
Contracting Office
Attn: Department of Veterans Affairs Austin Automation Center, (316), 1615 Woodward Street, Austin, Texas 78772
 
ZIP Code
78772
 
Solicitation Number
SS01
 
Response Due
5/16/2002
 
Point of Contact
Contracting Officer - Nancy Lawson, Contract Specialist, null
 
E-Mail Address
Email your questions to Nancy Lawson
(nancy.lawson@mail.va.gov)
 
Description
The Dept. of VA, Austin Automation Center is seeking sources for software to replace our current customer(user)registration/security administration software. This software is called the ?Registration System? or RS. RS can be defined by its four primary features: 1) RS accepts manual input through a keyboard and formatted screen. RS will format this information into commands that are processed by the platform?s security software. Although RS can be programmed through templates to generate practically any command, it is primarily used to generate commands for Computer Associates? Top Secret security software that runs on an OS/390 platform. Department administrators are called RS Points of Contact (POCs). The RS POCs can create and manipulate customers (userIDs), and assign shared access profiles without knowing Top Secret commands. Some administrators, the RS system administrator (SA), must know the Top Secret commands in order to build the templates. 2) RS provides a limited set of the SA?s administrative functionality to POCs. RS also provides scope for the POCs and Tasks. 3) RS Tasks are what POCs use to assign permissions to a customer. A Task is defined by a collection of information system resources or assets. For example, a Task may provide a customer with access to Facility TSO and Data Set Name DPCPRD.TMP, Access Level READ. This is the simplest example. Tasks are similar to CA-Top Secret profiles, but they exist at a higher level. POCs cannot deal with profiles directly. POCs can only affect user ID profiles through a Task. With RS, several Tasks can be assigned to a customer. This creates a ?combination? CA-Top Secret profile. RS has a facility for constructing and modifying Tasks. It is only available to the RS SA. Each Task has an owner (person) who is responsible for knowing and controlling the business aspects of the Task?s contents. RS maintains the association of the Task and Task owner. 4) RS provides reports from its IDMS database of customer information and Task information. It can display the Tasks assigned to a customer and when they were assigned or revoked. RS can also display the composition of a Task, that is, the facilities and data set names that comprise the Task. This is also cross-referenced. Statistical information is available. RS can also display a directory of POCs. GENERAL REQUIREMENTS OF THE REPLACEMENT SYSTEM The VA/AAC would like the new RS to be the highest level of management of accessors and access groups/profiles (Tasks) among heterogeneous platforms. We would like it to apply changes to, and reflect changes of, underlying systems with immediate results. 1. Conversion Support a. Import RS customer and Task information from its IDMS database. b. Import accessor and resource information from platforms running OS/390, UNIX or NT. i. Must support CA-Top Secret and IBM RACF for OS/390. 2. Manage user profiles. a. Instantly create user profiles. i. Collect, store, display, and associate miscellaneous information about the customer (user). ii. Have programmable means of automatically specifying a customer ID name with an optional override for top-level administrators. iii. Create ID and assign ID to resources on any platforms needed to accomplish the job described by the Task. 1. TSO including TSO alias 2. IDMS 3. ORACLE 4. UNIX 5. NT 6. Others iv. Generate a default password. v. Compose and address physical notification letter. 1. Have interface to automated means of stuffing and mailing notification letter. vi. If ID is deleted or expires, show the ID and related information in ?deleted? status for six months. b. Allow instant modifications, inquiries, deletions, undeletions, and renaming of ID and other customer information. 3. Manage shared access groups/profiles (Tasks) with immediate results. a. Track a shared access group/profile owner (person). b. Create, modify, display, delete, undelete, shared groups/profiles. i. One shared group/profile may be defined by resources from various platforms or environments. c. Assign users to shared groups/profiles. d. Allow conditions (e.g. UNTIL) and extras (e.g. AUDIT) and all other similar features of current release of underlying security software. e. Graphically display/manipulate group/profile content. f. Graphically display/manipulate relationship of users and shared groups/profiles. 4. Basic Reporting - exportable to document (MS Word), Email (Outlook) or spreadsheet (MS Excel) format. Provide ?search? and/or ?filter? capabilities on each available field. a. Statistical registration activity. b. Temporal registration activity. i. When groups/profiles were added/deleted to and from which users. ii. When and how groups/profiles themselves were changed. c. Point of Contact directory (department administrator). d. System Manager of Record directory (shared group/profile owner). e. Customer directory listed by location. f. Customer directory listed by shared group/profile membership. g. Copies of notification letters. h. Task list and composition. i. Task composition listed by resource (cross-reference of 4.h.). j. Creation, deletion, modification of users for various major business systems. 5. Programmable Reports and Queries for Auditing purposes. a. CA-Top Secret example: Combined WHOHAS and LIST command resulting in NAME extraction. 6. Have secure access, communications/connections, storage, and logging. 7. Provide various definable levels or cross-sections of administrative powers. 8. Manually entered native commands by an SA or DBA should be reflected in any graphic displays of user or resource information. It is requested that sufficient documentation be provided to allow this office to evaluate the ability of your company's product to meet the Government's requirements. This is not a request for proposal and there is no solicitation document available at this time. All documentation should be submitted electronically to nancy.lawson@mail.va.gov or via fax at 512-326-6028 no later than 3:30 pm CST on May 16, 2002.
 
Web Link
RFI SS01
(http://www.bos.oamm.va.gov/solicitation?number=SS01)
 
Record
SN00066189-W 20020427/020425213237 (fbodaily.com)
 
Source
FedBizOpps.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.