Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF AUGUST 04, 2007 FBO #2077
SOLICITATION NOTICE

70 -- Network Event Logging and Audit

Notice Date
8/2/2007
 
Notice Type
Solicitation Notice
 
NAICS
423430 — Computer and Computer Peripheral Equipment and Software Merchant Wholesalers
 
Contracting Office
Other Defense Agencies, Office of the Secretary of Defense, Defense Microelectronics Activity, Contracting Division 4234 54th Street, Building 620, McCellan, CA, 95652-1521, UNITED STATES
 
ZIP Code
00000
 
Solicitation Number
H94003-07-T-0002
 
Response Due
8/13/2007
 
Archive Date
8/28/2007
 
Small Business Set-Aside
Total Small Business
 
Description
This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the solicitation; proposals are being requested. Solicitation number is H94003-07-T-0002, and the solicitation is issued as a Request for Quotation (RFQ). The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-18. Set-aside: Total small business; associated North American Industry Classification System (NAICS) code is 423430; small business size standard: 100 employees. Small Business Competitiveness Demonstration Program: not applicable. The Defense Priorities and Allocations System (DPAS) rating is DO-A7. FOB point is Destination. Contract Line item 0001: Network Logging and Audit System, Installation/Support, Quantity: 1 each. Contract Line Item 0002: Maintenance One Year Period of Performance (PoP) 15 Sep 2007 to 14 Sep 2008, Quantity: 1 Lot. Contract Line Item 0003 (Option One): Maintenance One Year PoP 15 Sep 2008 to 14 Sep 2009, Quantity: 1 Lot. Contract Line Item 0004 (Option Two): Maintenance One Year PoP 15 Sep 2009 to 14 Sep 2010, Quantity: 1 Lot. Contract Line Item 0005 (Option Three): Maintenance One Year PoP 15 Sep 2010 to 14 Sep 2011, Quantity: 1 Lot. STATEMENT OF WORK (SOW) FOR Network Event Logging and Audit SOW 07-7G7, 5 July 2007, 1.0 SCOPE 1.1 Title: Network Event Logging and Audit. 1.2 Application: Network Security. 1.3 Background: Access to the internet for DMEA employees and DMEA customers is a vital part of the engineering process. Maintaining network security requires the use of multiple levels of event logging to track network events. System logs, firewall logs, router logs, etc. produce approximately 250 MB of data per day. Manual auditing of these logs is not possible and a single point of collection, collation and reporting is required. This SOW provides for the purchase of products and services to collect, store, and report on network events that affect DMEA?s cyber security operations. 1.4 Purpose: The objective of this Statement of Work (SOW) is to define a process by which a logging and audit system along with maintenance and technical support can be obtained and installed in the building at 4234 54th Street, McClellan, CA 95652. 2.0 Applicable Documents: There are no additional documents applicable to this SOW. 3.0 Requirements: The contractor shall comply with all requirements of this section. 3.1 Location: The logging and audit system shall be installed at DMEA, 4234 54th Street, McClellan, CA 95652. 3.2 System: The contractor shall supply the logging and audit system. If hardware is provided, the hardware shall be rack mountable in a standard 19? rack. The logging and audit system shall support the requirements of section 3.7. 3.3 Work to be performed: The contractor shall install logging and audit system as required make the system operational. The contractor shall provide initial training in all aspects of the systems use for at least four (4) people either onsite or in the greater Sacramento area. The training shall commence within two (2) weeks of installation. The contractor shall assist DMEA in the initial set up of filters, reports, backups, and monitoring of the system. The type and duration of training shall be identified in the contractor?s proposal. 3.4 Maintenance: The contractor shall provide maintenance and technical support for a period of one year from the date of installation. The contractor shall also provide for three additional one year options for maintenance and upgrades. Software updates to the product shall be provided via the web or via CD as they become available. 3.5 Applicable standards: There are no additional standards that are applicable to this contract. 3.6 Acceptance criteria: The contractor shall develop and conduct an acceptance test that demonstrates that all requirements of this contract have been met. The initial acceptance test shall be conducted and successfully completed immediately after installation. 3.7 Special requirements: The following special requirements apply to this contract: 3.7.1 The system shall support a minimum sustained processing rate/event rate of at least 100 KB/second or 1000 transactions per second and a burst rate of at least 200 KB/second or 2000 transactions per second. The contractor shall specify both the sustained and burst rates in their proposal. The system shall notify the administrators when the burst rate has been exceeded and data is being lost. 3.7.2 The system shall be capable of storing a minimum of ninety (90) days worth of data on-line at the highest anticipated storage requirement (See paragraph 3.7.1.). On-line storage of one (1) years data as specified is preferred. Except when the system?s burst rate is exceeded, all data from all sensors shall be stored. 3.7.3 All reported events shall be stored so long as the burst rate is not exceeded. The system shall have the ability to compress, encrypt, and store files in a flat file. Encryption shall be a minimum of 3DES, but AES is preferable. 3.7.4 The system shall provide the following minimum capabilities: 3.7.4.1 Collect data Receive/pull data from any syslog enabled device. Receive and/or pull data from computer/network security sensors, such as the following: Firewalls, including Checkpoint Firewall, routers, switches, Network Intrusion Detection Systems (NIDS), McAfee ePolicy Orchestrator, Host Intrusion Detection Systems (HIDS), Intrusion Protection Systems (IPS) including TippingPoint Technologies IPS, Anti-Virus (AV) systems, databases, syslog servers, vulnerability scanners, including e-Eye Retina, etc. Allow administrator access to all original data generated by sensors. Permit rapid system reconfiguration required to receive and process data from new devices, systems and applications and accommodate changes in new software versions. 3.7.4.2 Aggregate data Aggregate collected data. Normalize collected data to facilitate correlation of like event data. Store the aggregated data for rapid mining and retrieval. 3.7.4.3 Process data Correlate data. Real-time data with historical data to expose events which indicate long-term low-level incidents. Categorize data. Prioritize data. 3.7.4.4 Visualize/Report Data Generate reports based on pre-defined and user defied criteria. Create custom detection rules. Notify operators of activity falling into operator-specified categories in real-time using graphic user interface based tools. 3.7.4.5 Protect data Protects data at rest (ensures confidentiality, integrity, availability) using 3DES or AES encryption. Protects data in transport (ensures confidentiality, integrity, availability) using 3DES or AES encryption. 3.7.4.6 Ease of Use Installation, configuration, use, and maintenance shall require minimal training. Graphic user interface is configurable to satisfy user preferences. Has built-in help for operators. Training and training documentation is provided. 3.7.5 The contractor is required to provide advance notification prior to conducting any on-site installation or maintenance. A two (2) day minimum notice during normal business hours shall be given. All installation and maintenance work shall be performed by US citizens. Contractor personnel shall provide proof of citizenship in accordance with the DMEA visitor approval process in effect at the time the visit is requested and prior to being allowed entry into the facility. During periods of exceptionally heightened security, additional advance notice and background investigations of contractor personnel may be required prior to gaining entry into DMEA. Anticipated Award Date: 27 Aug 2007. FAR 52.212-3, Offeror Representations and Certifications ? Commercial Items, Nov 2006 must be submitted with offers. The following Federal Acquisition Regulation provisions apply: FAR 52.211-15, Defense Priority and Allocation Requirements, Sep 1990; FAR 52.252-2, Clauses Incorporated by Reference, Feb 1998; FAR 52.212-2, Evaluation ? Commercial Items, Jan 1999, The following factors shall be used to evaluate offers: Technical, Past Performance and Price. The award will be made on the basis of the lowest evaluated price meeting or exceeding the acceptability standards for non-cost factors. Evaluation Criteria - Provide Logging and Audit System All criteria are weighted pass/fail. Criteria for evaluation are listed in order of importance: The following criteria are critical. Failure to provide any one element in this section shall be cause for elimination from consideration: Contractor shall demonstrate the ability to meet all requirements of Section 3 of the SOW with special emphasis given to the following requirements: Performance capabilities; a) The system shall support a minimum sustained processing rate/event rate of at least 100 KB/second or 1000 transactions per second and a burst rate of at least 200 KB/second or 2000 transactions per second. b) The system shall notify the administrators when the burst rate has been exceeded and data is being lost. c) The system shall be capable of storing a minimum of ninety (90) days worth of data on-line at the highest anticipated storage requirement. On-line storage of one (1) years data as specified is preferred. d) Except when the system?s burst rate is exceeded, all data from all sensors shall be stored. e) The system shall have the ability to compress, encrypt, and store files in a flat file. Encryption shall be a minimum of 3DES, but AES is preferable. f) All data from all sensors shall be stored in raw format. Collect data a) Receive/pull data from any syslog enabled device. b) Receive and/or pull data from computer/network security sensors, such as the following: Firewalls, including Checkpoint Firewall, routers, switches, Network Intrusion Detection Systems (NIDS), McAfee ePolicy Orchestrator, Host Intrusion Detection Systems (HIDS), Intrusion Protection Systems (IPS) including TippingPoint Technologies IPS, Anti-Virus (AV) systems, databases, syslog servers, vulnerability scanners, including e-Eye Retina, etc. c) Allow administrator access to raw data generated by sensors. e) Permit rapid system reconfiguration required to receive and process data from new devices, systems and applications and accommodate changes in new software versions. Aggregate data a) Aggregate collected data. b) Normalize collected data to facilitate correlation of like event data. c) Store the aggregated data for rapid mining and retrieval. Process data a) Correlate data real-time data with historical data to expose events which indicate long-term low-level incidents. b) Categorize data. c) Prioritize data. Visualize/Report Data a) Generate reports based on pre-defined and user defied criteria. b) Create custom detection rules. c) Notify operators of activity falling into operator-specified categories in real-time using graphic user interface based tools. Protect data a) Protects data at rest (ensures confidentiality, integrity, availability) using 3DES or AES encryption. b) Protects data in transport (ensures confidentiality, integrity, availability) using 3DES or AES encryption. Ease of Use a) Installation, configuration, use, and shall maintenance require minimal training. b) Graphic user interface is configurable to satisfy user preferences. c) Has built-in help for operators. d) Training and training documentation is provided. Contractor shall clearly identify all costs associated with the purchase of the logging and audit system including software, hardware, installation, initial training, and maintenance for one year with three additional one year options for maintenance. The Quotation shall include tentative plan, including timeline, for the installation. Additional evaluation criteria: Contractor shall give references to at least 3 other customers using their logging product. Contractor shall identify the total number of years they have been in business and the number of years they have been providing the logging product. FAR 52.212-4, Contract Terms and Conditions ? Commercial Items, Feb 2007; FAR 52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders ? Commercial Items, Jun 2007 (additional provisions to be determined by the Contracting Officer after receipt of offers); FAR 52.219-8, Utilization of Small Business Concerns, May 2004; FAR 52.222-19, Child Labor-Cooperation with Authorities and Remedies, Jan 2006; FAR 52.222-21, Prohibition of Segregated Facilities, Feb 1999, FAR 52.222-26, Equal Opportunity, Mar 2007; FAR 52.222-35, Affirmative Action for Special Disabled Vietnam Era Veterans, Sep 2006; FAR 52.222-36, Affirmative Action for Handicapped Workers, Sep 2006; FAR 52.222-37, Employment Reports on Special Disabled Veterans and Veterans of Vietnam Era, Sep 2006; FAR 52.225-13, Restrictions on Certain Foreign Purchases, Feb 2006; FAR 52-232.33, Payment by Electronic Funds Transfer ? Central Contractor Registration, Oct 2003; FAR 52.217-5 Evaluation of Options Jul 1990; FAR 52.217-8 Option to Extend Services NOV 1999; FAR 52.217-9 Option to Extend the Term of the Contract MAR 2000; FAR 52.232-18 Availability of Funds APR 1984; DFARS 252.212-7001, Contract Terms and Conditions Required to Implement Statues or Executive Orders Applicable to Defense Acquisitions of Commercial Items, Apr 2007 (additional provisions to be determined by the Contracting Officer after receipt of offers); DFARS 252.225-7001, Buy American Act and Balance of Payments Program, Jun 2005. Contractors must be registered in the Central Contractor Registration (CCR) database prior to an award. All responsible sources may submit a quotation, which shall be considered by the agency. For a purchase description organized in an outline form, send an email request to verner@dmea.osd.mil or submit a fax request to (916) 231-2835. Your company?s full name and address must be included in your request.
 
Place of Performance
Address: 4234 54th Street, McClellan, CA
Zip Code: 95652
Country: UNITED STATES
 
Record
SN01360923-W 20070804/070802223020 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.