Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF SEPTEMBER 03, 2011 FBO #3570
SPECIAL NOTICE

70 -- Sole Source Notice of Intent- Hytrust Software

Notice Date
9/1/2011
 
Notice Type
Special Notice
 
NAICS
511210 — Software Publishers
 
Contracting Office
Department of Commerce, National Institute of Standards and Technology (NIST), Acquisition Management Division, 100 Bureau Drive, Building 301, Room B129, Mail Stop 1640, Gaithersburg, Maryland, 20899-1640
 
ZIP Code
20899-1640
 
Solicitation Number
NB773020-11-05507
 
Archive Date
9/22/2011
 
Point of Contact
Keith Bubar, Phone: 3019758329
 
E-Mail Address
keith.bubar@nist.gov
(keith.bubar@nist.gov)
 
Small Business Set-Aside
N/A
 
Description
Notice of Intent - Sole Source The National Institute of Standards and Technology (NIST) Acquisition Management Division, on behalf of the NIST Engineering Laboratories, intends to negotiate with Hytrust, Inc.; Mountain View, CA, on a sole source basis under the authority of FAR Subpart 13.106-1 (b), Soliciting from a Single Source, to purchase the Hytrust Hypervisor Protection Software licenses and maintenance for the licenses. Background: The NIST Computer Security Division is performing research to secure a VMware virtualized computing environment by collaborating with various vendors to build a proof of concept implementation (POC) that is composed of specific interoperable hardware and software components delivering different security capabilities. The Intel Trusted Execution Technology (TXT) provides a hardware measurement capability that reports back results that can be consumes by the VMware vSphere software via an Intel plug-in. The measurement results are also used by the Hytrust appliance to assess and enforce a security and access policy. In addition, the RSA Archer software leverages the measurement results to report on the governance, risk and compliance state of the virtualized infrastructure based on different security framework requirements such as FISMA, HIPAA, PCI, etc. This POC demonstrates how a VMware virtualized infrastructure can be secured and comply with a specific security policy such as geographic tagging of the VMware vSphere hypervisor so the virtual machines cannot be moved across an non-authorized geographical location. The measurement artifacts and evidences are collected dynamically at the hardware and software level. NIST collaborated with the Intel team to identify the security appliance products that can integrate with VMware vCenter management console, support the Intel TXT measurement and trusted platform module (TPM) support, and provide security controls for the VMware infrastructure in the area of authentication, security baseline configuration, and understanding of the NIST POC implementation. The Tripwire, Catbird, and Hytrust products were the only products identified as potentially being capable, and were reviewed by NIST and the Intel team using the list of capabilities. Tripwire and Catbird do not support TXT measurement which is the key requirement. NIST has identified that the Hytrust security appliance is the only COTS product that meets the necessary requirements to enable us to implement our proof of concept to demonstrate hardware based security measurement, enforcement, and compliance to NIST security requirements on a VMware virtualized platform. The following bulleted list identifies the necessary requirements that make the Hytrust security appliance software solution technically acceptable: • Compatibility with VMware: Support VMware vSphere and ESXi (ESX 3.5/4.0; ESXi 3.5/4.0) and integrate with vCenter Server 2.5 and 4.0. • Compatibility with Microsoft Active Directory: Integrate with Microsoft Active Directory so that the existing Windows deployed in the testbed can leveraged to provide unified access across heterogeneous infrastructure. • Root Password Vaulting: Lock down privileged host accounts and provides passwords for temporary use to enable time-limited privileged account access. • Compatibility with Intel Trusted Execution Technology: Leverage the Intel TXT capability to perform measurement of the hypervisor. • Virtual Appliance Form-factor: Provided as a standard VMware-compatible virtual machine, which allows for easy drop-in deployment into any existing virtual infrastructure. Takes advantage of benefits afforded to any virtual machine, including backup, disaster recovery and redundancy capabilities. • Host Configuration Templates: Enables assessment of the security configuration of VMware vSphere hosts against pre-built templates for VMware Best Practices and NIST developed security configuration baseline. Enables instant, one-click remediation of problems, ensuring consistent security configurations of all virtualization hosts. The applicable NAICS Code for this requirement is 511210. NIST anticipates negotiating and awarding a firm-fixed-price purchase order to Hytrust Inc. for the software licenses and maintenance. Interested parties that believe they could satisfy the requirements listed above for NIST may clearly and unambiguously identify their capability to do so in writing on or before September 7, 2011 at 10:00 am EDT. This notice of intent is not a solicitation. Information submitted in response to this notice will be used solely to determine whether competitive procedures could be used for this acquisition. Any questions regarding this notice must be submitted in writing via email to Keith Bubar at keith.bubar@nist.gov.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOC/NIST/AcAsD/NB773020-11-05507/listing.html)
 
Record
SN02560547-W 20110903/110902104020-2247114a4809aadc9aa6fb3a9336e743 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.