Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF MARCH 23, 2005 FBO #1213
SOURCES SOUGHT

70 -- Host Based Intrusion Detection Software

Notice Date
3/21/2005
 
Notice Type
Sources Sought
 
NAICS
511210 — Software Publishers
 
Contracting Office
Social Security Administration, Deputy Commissioner for Finance, Assessment and Management, Office of Acquisition and Grants, G-C-7 East High Rise Building 6401 Security Blvd., Baltimore, MD, 21235
 
ZIP Code
21235
 
Solicitation Number
Reference-Number-RFI-05-KF001
 
Response Due
4/5/2005
 
Archive Date
4/20/2005
 
Description
This is a REQUEST FOR INFORMATION. Reference RFI-05-KF001 when responding to this announcement. SSA is seeking responsible vendors that are capable of providing Host Based Intrusion Detection Software (IDS). The IDS will be used to implement a recurring scanning policy for the Agency across 100,000 or more Windows desktop computers. A combination network based system (NIDS) and host based system (HIDS) for monitoring/preventing threats will also be strongly considered. The place of performance is Baltimore, MD. This needs to be an enterprise solution with the following characteristics 1) Able to identify and prevent malicious network behavior resulting in the elimination of known and unknown network threats; 2) Able to provide system integrity assurance and audit log consolidation; 3)Have a low system overhead; 4) Require little or no routine maintenance except for program upgrades; 5) Able to provide extensive logging capabilities to record malicious network activity detected and prevented; 6) Able to deliver new signature files in a timely manner to address new threats; 7) Have the ability to send threat data and alerts locally and to a central source over an IP network. The following minimal technical requirements are mandatory: 1) Shall operate on the Window Operating System (Windows 2000, Windows 2003 Server, Windows XP) and have a commitment to operate on future Windows OS versions; 2) The product shall use the HTTP and Secure Sockets Layer (SSL) protocols (128-bit SSL); 3)The product shall have a rules database that defines appropriate or acceptable behavior for a specific application; 4) The product shall be able to make a real-time decision to deny or allow application operation attempts based on a security policy; 5) The product shall provide all management functions for agents in a centralized manner; 6) The product shall be able to detect and not quarantine or delete, as well as be able to quarantine or delete per user selection; 7) The product shall be able to intercepts system calls to a) File sources, b)Registry sources, c)Network sources, d)Memory pages, e)Shared library modules, f)Component Object Model (COM) objects; 8)Report data at a minimum shall consist of a cumulative, delimited master file that includes a fields for: a)Date, b)Time, c)Event, d)Event category, e)Event identification number, f)Event location, g)Computer name, h)Event severity, i)Event action taken; 9) Detailed report information shall be provided in an Executive Summary format; 10) Shall provide detailed and customizable reporting capability; 11) IDS Signature file updates shall be available on a timely basis. A signature that can detect a new threat shall be available no later than five business days after the new threat is discovered; 12) Shall be scalable and interoperable within the SSA environment (scale to over 100,000 computers); 13) The product shall detect the following type of activity: a)Port scans, b)Penetration attempts, c)Spyware, d)Adware, e)Trojans, f)Buffer Overflows, g)Infection of file shares, h)Hacker Tools, i)DDOS Attack Agents, j)Browser Helper Objects, k) Commercial Administration Tools, l)Downloaders, m)Cracking Tools, n)Droppers, o)Dialers, p)Tracking Cookies, q)Backdoors, r)Password Captures, s)Deleting of files. Additional consideration will be given to these characteristics: a) Have a simple installation process; b)Little or no system overhead; c)Intuitive technical documentation; d)Extensive logging capabilities; e)A permanent record of security events shall be retained for policy purposes; f)Timely Technical Support during installation and as required; g)Consistent, timely and automatic delivery of the latest signature files; h) Automatic download of signature files; i)Automatic download of software updates and fixes; j)Automatic delivery of signature files to security agents; k)Provide an easy upgrade path; l)Ability to send incident data alerts locally and to a central source over an IP network; m)Ability to send high priority incident data to an administrator via email or pager; n)Ability to provide secure access to database information and provide multiple report views of the database according to SSA security requirements; o)Ability to provide multiple views of data (e.g., locally, regionally, nationally, etc.); p) Ability to provide data access capabilities that include native database interfaces to all major databases, such as ODBC, MS Access, flat files, MS Excel, dBase. Section 508 Compliancy: Interested vendors must provide verifiable proof in sufficient detail to demonstrate their ability to meet the Agency's requirement, see URL site http://www.ssa.gov/oag/acqoagacq_508.htm. Any software must be compatible with Federal Government Section 508 standards. Vendors having the capability to meet the above requirements are invited to submit complete details. The responses shall clearly state the ability to meet the above requirements. Interested parties shall respond to this notice within 15 calendar days from date of this publication. Vendors shall provide the names and contact information of customers. References may be checked. Vendors responding shall indicate whether their services are available on the GSA Federal Supply Schedules. Pricing data may be submitted. This is not a request for proposal and the Government does not intend to pay for information submitted. Respondents will not be notified of the results of the evaluation of the data received. No contract award will be made on the basis of responses received; however, this information will be used in SSA?s assessment of capable sources. No Faxed responses. Requests for copies of a solicitation will not be honored or acknowledged. No formal solicitation is being issued at this time. Please submit electronic responses only to the contract specialist identified herein. NOTE: There is a size limit for e-mail: No submission shall be greater than 5 MB.
 
Record
SN00772782-W 20050323/050321212410 (fbodaily.com)
 
Source
FedBizOpps.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.