Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF MARCH 19, 2009 FBO #2670
SOURCES SOUGHT

70 -- Enterprise iSeries Scanning, Monitoring, and Vulnerability Assessment Tool

Notice Date
3/17/2009
 
Notice Type
Sources Sought
 
NAICS
541513 — Computer Facilities Management Services
 
Contracting Office
Social Security Administration, Office of Budget, Finance, and Management, Office of Acquisition and Grants, 1st Floor, Rear Entrance, 7111 Security Blvd., Baltimore, Maryland, 21244
 
ZIP Code
21244
 
Solicitation Number
SSA-RFI-JS09-002
 
Archive Date
4/16/2009
 
Point of Contact
Joan M Smith,, Phone: 410-965-6269, Kathleen B Spangler,, Phone: 4109660392
 
E-Mail Address
joan.m.smith@ssa.gov, kathleen.spangler@ssa.gov
 
Small Business Set-Aside
N/A
 
Description
Sources Sought Synopsis The Social Security Administration (SSA) seeks vendors capable of providing an enterprise solution for iSeries scanning, monitoring and vulnerability assessment security compliance. SSA intends to use the iSeries vulnerability scanner to ensure that all iSeries systems are in compliance with the agency system security policy and that they are securely configured. Additionally, SSA wants to ensure that accurate and timely knowledge of configuration changes and new vulnerabilities within the iSeries are accurately reported and corrected. The following requirements are mandatory for a product offering: 1.System must have a centrally managed console and support distributed scanning capabilities (able to consolidate audit data from many iSeries systems into a single report) 2.Must be able to create custom report filters via SQL queries 3.Must be able to perform automated run assessments on demand and on a schedule 4.Must have GUI interface that allows custom reports 5.Must report and identify weak passwords and default vendor supplied passwords 6.Must support iSeries system discovery with no increased network credentials 7.Must provide security system audit features 8.Must have customizable scorecard capabilities, to be able to write specific rule-set to meet SSA security policy requirement 9.Must be able to identify Hostnames, Operating System Version, Operating System Patch Date, Serial Number 10.Must be able to check System Values, compare the values based on policy and flags those System Values that do not match policy as “Non-Compliant” 11.Must have an option to disable automated fix and remediation 12.Must have a report writing capability Crystal Reports, CSV, PDF or Excel reporting capabilities 13.Must support vendor provided vulnerability and monthly updates 14.Must support system patch level detection 15.Must support installed FISMA, NIST, ISO 17799, SOX and HIPPA policies 16.Trending for historical data references to measure and compare compliance and performance status 17.The product must be 508 compliant 18.Technical support and training for installation, configuration and implementation must be provided Support for the following technical audit assessments is mandatory: 1.Profiles in System 2.Profiles with "Limited Capability" 3.Active profiles with NOMAX 4.Active profiles with All Object Authority 5.Count of Profiles that are *SIGNOFF 6.Count of All Default Profiles 7.Count of DISABLED Default Profiles 8.Count EXPIRED Default Profiles 9.Count of Enabled Default Profiles (without using *SIGNOFF list) 10.Count of Enabled Default Profiles (using *SIGNOFF list) 11.Lists all 40 System Parameters, and includes the following for each: a.System Values b.What the values should be based on the Risk Model c.Flags those System Values that do not match the Risk Model as “Non-Compliant” 12.Lists all commands that have been flagged to be EXCLUDED from the general user community. For each of these Commands it lists what it is set to (*EXCLUDE or *USE). 13.Lists all Default Profiles with the following details: a.Status (*DISABLED or *ENABLED) b.Expired (*YES or *NO) c.Default Profile Summary: i.Number of profiles with Default passwords ii.Number of profiles with Default passwords Disabled iii.Number of profiles with Default passwords Expired iv.Number of profiles to be checked 14.Lists all Profiles that are Exempt for Time or have ALLOBJ Authority with the following details: a.Status (*DISABLED or *ENABLED) b.Expired (*YES or *NO) c.Menu (MAIN or *SIGNOFF) d.Period (NOMAX) e.Special Authority (ALL OBJ PROFILE) f.Summary: i.Number of Profiles in System ii.Number with Limited Capability iii.Active Profiles with NOMAX iv.Active Profiles with All Object 15.Number of Profiles with the Initial Menu set to *SIGNOFF 16.Lists these Profiles with Initial Menu set to *SIGNOFF Any firm that feels they have the capability of providing a product that meets the requirements listed above must respond, in writing, within 15 days of this notice. Responses must be specific as to the product proposed. Vendors may submit pricing data. This is not a request for proposal and the Government does not intend to pay for information submitted. The Government will not award a contract based on responses received; however, SSA will use this information to assess capable sources. SSA will not provide acknowledgement of responses received. Information received will be considered solely to make informed decisions regarding a potential procurement. Interested sources must provide responses in an electronic format (compatible with MS Office 2003) via e-mail to joan.m.smith@ssa.gov. Faxed information will not be considered. The file size limitation for e-mail attachments is 5 megabytes. The Government will not consider simple marketing information, incomplete responses, or references to contractor websites. Please reference SSA-RFI-JS09-002 in the email subject line. Electronic responses must be received by April 1, 2009 at 5:00 p.m. EDT. Responses must be addressed to the following office: Social Security Administration Office of Acquisition and Grants Attention: Joan M. Smith 7111 Boulevard Place- 1st Floor Woodlawn, Maryland. 21224-1811 joan.m.smith@ssa.gov
 
Web Link
FedBizOpps Complete View
(https://www.fbo.gov/?s=opportunity&mode=form&id=b61f2083c8ccdc4f24da80cb70d7ad4b&tab=core&_cview=1)
 
Place of Performance
Address: Social Security Administration, National Computer Center, 6201 Security Boulevard, Baltimore, Maryland, 21235, United States
Zip Code: 21235
 
Record
SN01771007-W 20090319/090317220221-b61f2083c8ccdc4f24da80cb70d7ad4b (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.