MODIFICATION
D -- Enterprise Cyber Forensics System (ECFS)
- Notice Date
- 6/11/2010
- Notice Type
- Modification/Amendment
- NAICS
- 541519
— Other Computer Related Services
- Contracting Office
- Department of Homeland Security, Transportation Security Administration, Headquarters TSA, 601 S. 12th Street, TSA-25, 10th Floor, Arlington, Virginia, 20598, United States
- ZIP Code
- 20598
- Solicitation Number
- ECFS
- Point of Contact
- Mary Hallam, , Tonya R Pruitt, Phone: 571-227-3892
- E-Mail Address
-
Mary.Hallam@dhs.gov, tonya.pruitt@dhs.gov
(Mary.Hallam@dhs.gov, tonya.pruitt@dhs.gov)
- Small Business Set-Aside
- N/A
- Description
- Title: The Transportation Security Administration (TSA) is seeking sources for an Enterprise Cyber Forensics System (ECFS). Description: The Transportation Security Administration (TSA) is seeking sources for Enterprise Cyber Forensics System (ECFS) technologies that are currently available in the marketplace. This is a Sources Sought Notice only and vendors will not be compensated for the information provided. No solicitation will be issued at this time. The Transportation Security Administration (TSA) mission is to protect the Nation's transportation systems and to ensure freedom of movement for people and commerce. To support this mission, TSA is evaluating Enterprise Cyber Forensics System (ECFS) products/solutions that can provide the ability to scan, capture, identify, report, and resolve information technology forensics issues across the entire TSA environment. The product/solution should allow TSA forensics users to address insider threats, data leakage, IT asset misuse, anomaly detection, malicious code and activity identification, compliance verification, and e-discovery procedures. The ECFS system should also allow for the integration with ArcSight Security Information and Event Management tools and have reporting capabilities that will allow TSA leadership to access information as needed. Please provide a detailed description on how the product works and what differentiates it in the Enterprise Cyber Forensics System market space. Please include at a minimum the following information: •Describe how your product supports legal e-discovery processes and what mechanisms are available for integrating with legal tools such as Concordance or Summation. •Describe how your product manages and performs Enterprise Forensics activities across multiple types of information technology systems. Please provide specific information on which types of systems your Enterprise Forensic system supports, what forensic and system information is available on each platform, and any real-time forensic capabilities (i.e. capturing host state information with current services, processes, and RAM) available for each platform including information including if this information can be gathered over a network connection without any end user knowledge or awareness of the forensic information capture. •Describe mechanisms that can be used to schedule periodically recurring scans. Are there any structures in your product to allow for known forensics exceptions on a system or user basis depending on Active Directory user or group membership, or other AD structure? Does any mechanism exist to establish an expected baseline for end user and system configuration (e.g. settings that do not report for specific users/machines to leverage external media, where as an exception would be identified for other users that are not external media users)? •Describe any desktop product integrations that your product supports. Please describe end point protection integration with disk and file level encryption, personal firewall/IDS systems, and integration with system and software management tools. •Please describe any functions used to manage and control information in the Enterprise Cyber Forensics System, and any other options for users to manage/track forensic information. Describe any Role Based Access Control (RBAC) structure your product supports and the activities allowed by the RBAC structure. •Describe any knowledge base or mechanism that is available for identifying suspicious system activities including any known exploits that could assist TSA personnel to quickly identify unauthorized and malicious system activity. •Describe any remediation activities your product supports to remove identified threats while sweeping across the enterprise for known malicious code. •Describe the reporting functionality that the product provides, and the extent to which it can be customized to provide unique and customizable reports. Describe reporting dashboards that are available for Sr. Management reporting and monitoring. •Describe authentication and authorization (A&A) integrations and mechanisms including Single Sign On and multifactor authentication mechanisms your product supports for Active Directory environments. Describe any remote access mechanisms that your product provides. •Describe methods of data analysis the product supports including reporting, alerting, interactive browsing, base line comparisons, and ad hoc querying. •Describe how your product interfaces with other systems such as Security Information Event Management (SIEM) systems and interfaces with other business systems (i.e. Microsoft Office products, Microsoft Outlook/Exchange) as needed. Please indicate integrations with other versions of forensics software such as EnCase, AccessData, and HBGary. •Describe howforensics event information be used to create tickets in Incident and Service tracking systems by sending email messages or some other application programming interfaces to automate ticket creation for event tracking purposes? •Describe the product architecture and provide a representative diagram(s) if available. Include at a minimum the following product information: oUser Interfaces oDirectory Integration oRole-based Administration oPolicy Creation and Management oSystem Administration, Reporting, and Other features •Provide additional features/capabilities that differentiate your product from other product/solutions in the market. oProduct roadmap oThird party products that have been successfully integrated including monitoring, SIEM, and legal discovery tools oCompliance with Security Content Automation Protocol (SCAP) •Provide company information and product history oMain Products/Services oNumber of Years in the marketplace oNumber of deployments, Number of federal government deployments oProfessional Services capabilities and partnerships ADMINISTRATIVE All interested parties should submit a capability statement to the TSA Office of Acquisition (OA). The capability statement should clearly explain the contractor's abilities and experience directly related to the tasks listed in this notice. Submissions shall not exceed five (5) pages in length. A company must identify its business size status, type of small business, and applicable NAICS code(s) in the capability statement. Capability statements are required to be received electronically via email to Tonya.Pruitt@dhs.gov. Subject: TSA Enterprise Cyber Forensics System, no later than June 15, 2010 at 5:00 p.m. Eastern Time. Responses received after this deadline will not be reviewed. TSA's primary point of contact is the Contracting Officer Mary Hallam, who can be reached via e-mail at mary.hallam@dhs.gov. Any questions regarding this notice shall be directed to Tonya Pruitt in writing, via email at tonya.pruitt@dhs.gov by June 8, 2010 at 5:00 p.m. Eastern Time. Companies responding to this Sources Sought Notification are responsible for all expenses associated with responding to this Notification. (Note: TSA will not pay any costs associated with this effort). The TSA is not seeking or accepting unsolicited proposals. Since this Sources Sought Notification is for information and planning purposes, no evaluation letters or results will be issued to respondents.
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/DHS/TSA/HQTSA/ECFS/listing.html)
- Place of Performance
- Address: 601 S. 12th Street, TSA-25, 10th Floor, Arlington, Virginia, 20598, United States
- Zip Code: 20598
- Zip Code: 20598
- Record
- SN02175299-W 20100613/100611234702-98112c348c24d4b8a8815a169cd74326 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |