Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF AUGUST 29, 2002 FBO #0270
MODIFICATION

D -- Internet Information Security Subscription Services

Notice Date
8/27/2002
 
Notice Type
Modification
 
Contracting Office
Department of Justice, Federal Bureau of Investigation, Telecommunications Contracts and Audit Unit/PPMS, 14800 Conference Center Drive, Suite 202, Chantilly, VA, 20151
 
ZIP Code
20151
 
Solicitation Number
RFQ-075050
 
Response Due
8/27/2002
 
Point of Contact
Deanna Davis, Contracting Officer, Phone 703-814-4851, Fax 703-814-4787,
 
E-Mail Address
tcau.finance@fbi.gov
 
Description
Questions concerning RFQ 075050 Internet Information Security Subscription Services NOTE: The President of the United States has proposed a major reorganization of the Executive Branch of the Federal government, calling for the creation of a new Department of Homeland Security. The U.S. Congress is considering this proposed reorganization and may produce legislation on it. While it is premature to predict exactly what such legislation may call for, such a reorganization, if approved by Congress and signed by the President, may well affect the name, location and organization of the National Infrastructure Protection Center (NIPC). For purposes of this RFQ, the term "NIPC" shall mean the National Infrastructure Protection Center (as currently organized), or its successor organization. A - Answer R - Response Item #1 "We typically price on the number of IP addresses to perform our vulnerability analysis. 1. "Do you have the number of IP addresses to be monitored? If not could you give me the person responsible for answering this question?" A: The NIPC expects the vendor to provide unclassified analyzed intelligence on newly discovered cyber threats to and vulnerabilities of hardware and software in common usage by critical elements of information and telecommunications infrastructures in the United States. The purpose of such intelligence is to warn owners and operators of those infrastructures what cyber threats and vulnerabilities they should be most concerned with (i.e., what cyber threats and vulnerabilities would pose the most significant risks) and what measures, if taken, would reduce or eliminate the risks associated with those threats and vulnerabilities. The NIPC does not stipulate or require that a particular methodology be used to arrive at such intelligence, so long as the results prove accurate and credible for cyber warning purposes. Also, the NIPC expects the vendor to be able to provide its own sources for lawfully gathering intrusion detection and related information, independent of the NIPC. If the vendor's information sources should reveal an obvious and recent network attack (e.g., Denial of Service), then the NIPC would like to know the parameters associated with the attack, such as: apparent source country, IP address of apparent source, Internet service provider, time date, methodology. Item #2 1. Looking at the CLINs - it appears that your costing model is based on some s/w package. Is this correct, and Do you have a preferred supplier for this project - or is there an incumbent for similar work? R: The costing model is based on the way we are currently paying for the services. We do not have a preferred supplier for this project, but there is an incumbent and they will be given an opportunity to submit a proposal. 2. "Reading the Task & Deliverables - it can be interpreted as having our personnel work with the FBI to predict threat trends, to perform analysis, get access to cyber incident databases, and finally to produce an InfraGard [product]. The pricing model really suits the last task - redistribution. For the first three tasks - do you want a different costing proposal -- i.e., one that is better suited for work that will be frequently re-directed by NIPC staff?" A: The vendor's personnel would not be expected to "work with" NIPC or FBI personnel, as on site, but rather, would be expected to work independently to analyze cyber threat and vulnerability information affecting networked infrastructures (see response to Vendor #1, above). As a result, NIPC personnel would have access to the products containing the vendor's analyses or incident data. We do not want a different costing proposal, since we do not expect re-direction by NIPC staff. 3. Is there a small business set aside on this procurement? R: No. 4. "Can the work be done remotely - i.e. from Detroit - at a local FBI facility? or perhaps from overseas? or is the work to be exclusively done at the FBI building in DC?" A: Yes, the work may be performed remotely, but must be pertinent to networked critical infrastructure systems employed in the United States. With the exception of the quarterly in-person summary updates called for in Deliverable 2, the final product either needs to be electronically delivered (or "pushed") to the NIPC or be electronically accessible to NIPC personnel (who currently reside in the FBI headquarters building), whichever is more appropriate. 5. "Is there any level of clearance required for the performers? Is US citizenship a requirement?" A: There are no requirements for vendor personnel to hold security clearances and the work need not be performed by U.S. citizens. As a point of information, vendor personnel who visit the NIPC would be expected to undergo the same basic personnel security screening process that any vendor personnel doing business with the FBI would undergo. Item #3 "General 1. "Question: "Place of performance" is listed as the FBI Hoover Building. You're requesting a service. Please clarify! Question are you requiring the analyst within Task 2 to be on site?" A: As stated in the response to Vendor #2, Question 4 (above), the work may be performed remotely, but must be pertinent to networked critical infrastructure systems employed in the United States. With the exception of the quarterly in-person summary updates called for in Deliverable 2, the final product either needs to be electronically delivered (or "pushed") to the NIPC or be electronically accessible to NIPC personnel (who currently reside in the FBI headquarters building), whichever is more appropriate. "Within Task #2 you request analysis support of 'security incidents'. 1. "Question: how many 'security incidents' will we be required to support?" A: The NIPC has three levels of warning products; in order of increasing severity, they are: assessments, advisories and alerts (please see the "Warnings" page on the <www.nipc.gov> website). The types of cyber security incidents referred to in the RFQ would need to be significant enough to warrant an advisory or alert. Ideally, the NIPC would like to predict and prevent major cyber security incidents, but occasionally such incidents occur without warning. In these cases, the NIPC expects the vendor to provide an analysis of the incident based on the best information available to the vendor. It is impossible to predict how many such incidents would necessarily occur, but in the past three years, they have numbered between one and five incidents per year. Examples include the "Love-letter/Love Bug Virus," the Distributed Denial of Service Attacks of February 2000, the Lion Worm, Leave(s) Worm, Code Red and Code Red II Worms, Nimda Worm, and cyber attacks on U.S. sites as a result of politically motivated cyber conflicts. 2. Question would you accept a FFP labor rate for this work and a block of hours? If so how many hours should we provide? R: We are looking for a Firm Fixed Price per month for the services. "Within Task #3 "The federal agencies are typically not willing to share their incident database with a vendor. FedCIRC controls a centralized federal civil incident database and is also typically not willing to share that with a vendor. 1. "Please further explain what your intent is or your meaning of 'given access to existing cyber incident databases.' " A: If the vendor maintains a database or databases that contain information on computer network intrusions or attacks, the NIPC desires to have access to that intrusion/attack information contained in the database(s). 2. "Question: are you looking for access to a threat and vulnerability database with this requirement?" A: Yes. "Within Task #4 1. "Question: how many individuals make up the Group Account for the Analysis Information Sharing Unit who are not part of the '(10) Individual Users Accounts'?" A: As many as forty (40) individuals could make up the Group Account for the Analysis and Information Sharing Unit, but it is highly unlikely that more than a few would require access to the account simultaneously; in fact, the NIPC would accept reasonable restrictions on simultaneous access to the Group Accounts. 2. "Question: how many individuals make up the Group Account for the Watch who are not part of the '(10) Individual Users Accounts' and/or the 'Group Account for the Analysis Information Sharing Unit'?" A: As many as twenty-five (25) individuals could make up the Group Account for the Watch and Warning Unit, but many of these individuals work in different shifts and it is highly unlikely that more than a few would require access to the account simultaneously; in fact, the NIPC would accept reasonable restrictions on simultaneous access to the Group Accounts. 3. "Question: is the NIPC looking for universal distribution rights with the federal government for all the content provided with this service? "If SO this effectively eliminates all federal agencies from our potential customer base and would end many existing clients contracts. This would therefore greatly affect the price to the NIPC. "If NOT are you willing to identify the number of departments, agencies and organizations along with the number of people with those departments, agencies and organizations that will have access to the content." A: The NIPC does not seek exclusive rights to the content of the information provided under the contract. The vendor may provide the same information simultaneously to the NIPC and to other clients as the vendor sees fit. (However, the vendor should not provide the NIPC with any information later than the vendor would provide the same or similar information to any other client.) These factors should protect the vendor's client base by providing clients with a greater quantity of the vendor's information, and to do so more quickly, than a possible turn-around of some of the vendor's information in a later-distributed NIPC product. The issue of the NIPC's re-distributing vendor information would arise only infrequently and in conjunction with the NIPC's need to issue urgent warning products to owners and operators of critical U.S. infrastructures. Item #4 Task 1: Security Threats and Trends - The contractor shall provide services to the NIPC that will allow the user to predict infrastructure related security threats or trends. Deliverable 1: The contractor shall provide the NIPC access to data that should include, but not be limited to, an apparent source of attack - country, Internet Protocol address, service provider, time, date methodology, motivation (if apparent). Furthermore, future changes in requirements or information will be determined on an "as needed" basis by NIPC. Access to this data may be in the form of telephone, e-mail or pager alerts, as well as database access. Questions: 1. What is the source of the attack data? (NIDS, HIDS, firewalls, honeypots, or other?) Are these products commercially available or proprietary to the NIPC/Government? (COTS or GOTS) 2. How many devices of the above types? 3. How will the data be provided to the contractor? Direct read access to the device, access to a centralized data aggregation resource (like management stations or an event database), FTP, email, fax, phone call, etc. 4. Will the attack data be available in near real-time, or available for batch upload/download? 5. Will all raw data be provided, or incident based data sets? A (1-5): For this RFQ, the NIPC expects the vendor to be able to provide its own sources for lawfully gathering intrusion detection and related information, independent of the NIPC, and all analysis would be performed at the vendor's facilities. Task 2: Analytical Support - The contractor shall perform qualified analysis and assessment of information security incidents to the level of detail as dictated by the NIPC. Deliverable 1: Results of the analysis and assessments will be provided in a timely manner in the form of white papers, presentations or other mediums so stipulated. See Task 4 for Redistribution. Deliverable 2: Shall provide monthly electronic briefings on recent trends, patterns, vulnerabilities, and attack tools, as well as quarterly in-person summary updates. In addition, daily notifications will be supplied as the result of any vulnerability or attack the contractor encounters and deems significant. Questions: 1. Will analytical support be required 24/7? We have a standard offering for such requirement if the FBI believes this to be prudent use of people. A: The NIPC does not stipulate or require that a particular staffing level be used, so long as the results prove accurate and credible for cyber warning purposes. The NIPC expects the vendor to provide unclassified analyzed intelligence on newly discovered cyber threats to and vulnerabilities of hardware and software in common usage by critical elements of information and telecommunications infrastructures in the United States. The purpose of such intelligence is to warn owners and operators of those infrastructures what cyber threats and vulnerabilities they should be most concerned with (i.e., what cyber threats and vulnerabilities would pose the most significant risks) and what measures, if taken, would reduce or eliminate the risks associated with those threats and vulnerabilities. 2. Does the NIPC expect or desire a single POC or program manager for all contact and on-site meetings? Can we include this billet in our response to the RFQ? A: Yes (to both questions). 3. Will there be any requirement for on-site staffing other than the quarterly meetings? A: No. 4. Will the monthly electronic briefings be conducted via a particular technology or system, or is it at the vendor's discretion? (for example; WebEx, NetMeeting, PowerPoint and a conference call, other.) A: Monthly briefings may be conducted either by email to designated individuals (preferable) or by conference telephone call. Item #5 1. Do you intend to hold a bidders meeting? A: At this time we are not planning to hold a bidders' meeting. 2. Can you estimate the number of users within each of the Analysis Information Sharing Unit, and the Watch Unit? A: As many as forty (40) individuals could make up the Group Account for the Analysis and Information Sharing Unit, and as many as twenty-five (25) individuals could make up the Group Account for the Watch and Warning Unit, but it is highly unlikely that more than a few would require access to the account simultaneously; in fact, the NIPC would accept reasonable restrictions on simultaneous access to the Group Accounts. 3. Do the members of the Analysis Information Sharing Unit, and the Watch Unit include contractor personnel? A: Yes. 4. Task 2 requires services as directed (from time to time) by the NIPC. Do you want this cost identified separately, or blended into the subscription costs of CLINs x001 through x003? A: We want them blended into the subscription costs. 5. Will you accept multiple priced options? A: Yes. 6. With regard to the NIPC/FBI solicitation RFQ-075050. Can you clarify what we are required to represent and certify? Are we supposed to pull something down from the FBI/NIPC web site? R: All offerors responding to this solicitation are being requested to complete FAR Provision 52.212-3 Offeror Representations and Certifications--Commercial Items. (APR 2001). This Provision can be retrieved from the General Services Administration's, Federal Acquisition Regulation website at Internet address http://www.arnet.gov/far/. This Provision is pertaining to information concerning your company such as: Business Size, TIN, etc. Item #6 Should the contractor implement and/or monitor an Intrusion Detection System (IDS) within the NIPC environment to gather threat data? A: No, for this RFQ, the NIPC expects the vendor to be able to provide its own sources for lawfully gathering intrusion detection and related information, independent of the NIPC, and all analysis would be performed at the vendor's facilities. Item #7 1. The RFQ asks for responses by 27 August. Would you consider extending that date? R: The date has been extended until 4:00 p.m., EDT, September 3, 2002. Item #8 1. Is there an incumbent for this requirement? If so, who is it? R: Yes, Security Focus. 2. Is the due date still Tuesday, August 27, 2002? R: The due date is now September 3, 2002 by 4:00 p.m., EDT. 3. Is this a set-aside? Estimated size? R: No. Any contractor who can meet our needs is invited to submit a proposal. 4. Is there a program manager we can speak with regarding this opportunity? R: It is preferred that you do not speak to the program manager, but the questions that were received off the Internet via e-mail concerning this solicitation are being responded to by the Contracting Officer and the Contracting Officer Technical Representative. Item #9 1. I am interested in finding out if there is an incumbent contract on the Internet Information Security Subscription Services requirement. If so, would you mind providing me with the following incumbent information? Contractor - R: Security Focus Contract # - R: J-FBI-02-067 Award Date - R: 5/24/02 Expiration Date - R: 9/30/02, but it can be extended up to 3 months Award Amount - R: $218,000 Item #10 1. Is there an existing vendor providing these services or services similar in scope to NIPC? R: Yes, see Items 8 and 9. 2. In general, there is very little information on the scope of services related to each of these tasks. Question: Will NIPC release more specific scope information including detailed services required, description of existing environment, etc., to enable vendors to provide more relevant responses? If not, why? A: The NIPC cannot accurately predict what the most significant Internet-based network vulnerabilities and threats would be in the future, and yet, those very same vulnerabilities and threats would drive the frequency and number of NIPC warning products. The NIPC expects the vendor to provide unclassified analyzed intelligence on newly discovered cyber threats to and vulnerabilities of hardware and software in common usage by critical elements of information and telecommunications infrastructures in the United States. The purpose of such intelligence is to warn owners and operators of those infrastructures what cyber threats and vulnerabilities they should be most concerned with (i.e., what cyber threats and vulnerabilities would pose the most significant risks) and what measures, if taken, would reduce or eliminate the risks associated with those threats and vulnerabilities. The NIPC does not stipulate or require that a particular methodology be used to arrive at such intelligence, so long as the results prove accurate and credible for cyber warning purposes. 3. Deliverable 1 states "The contractor shall provide the NIPC access to data that should include, but not be limited to, an apparent source of attack - country, Internet Protocol address, service provider, time, date, methodology, motivation (if apparent). Furthermore, future changes in requirements or information will be determined on an as needed basis by NIPC. Access to this data may be in the form of telephone, e-mail or pager alerts, as well as database access." Question: Does NIPC have the data sources referenced above or is NIPC looking for external data sources provided by the vendor? Can NIPC provide examples of the internal or external data sources sought? A: For this RFQ, the NIPC expects the vendor to be able to provide its own sources for lawfully gathering intrusion detection and related information, independent of the NIPC, and all analysis would be performed at the vendor's facilities. 4. Does NIPC have existing products/data sources and vendors in mind for the specific threat information it seeks? If so, what/who? R: There is an incumbent, Security Focus (see Items 8, 9 and 10), but as for this solicitation, any contractor who can meet our needs will be given every consideration for award.
 
Place of Performance
Address: FBI, 935 Pennsylvania Avenue NW, Washington, DC
Zip Code: 20535
Country: United States
 
Record
SN00150913-W 20020829/020827213316 (fbodaily.com)
 
Source
FedBizOpps.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.