Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF MARCH 27, 2013 FBO #4141
SOURCES SOUGHT

D -- ENDPOINT PROTECTION - Table 1

Notice Date
3/25/2013
 
Notice Type
Sources Sought
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
United States Senate, Office of the Sergeant at Arms, Finance Division, United States Senate, Washington, District of Columbia, 20510-7207, United States
 
ZIP Code
20510-7207
 
Solicitation Number
2013-D-043
 
Archive Date
4/10/2013
 
Point of Contact
Kathleen M. Haddow, Phone: NA
 
E-Mail Address
Acquisitions2012@saa.senate.gov
(Acquisitions2012@saa.senate.gov)
 
Small Business Set-Aside
N/A
 
Description
Attachment A Table 1 Matrix The purpose of this sources sought synopsis is to gain knowledge of potential qualified industry sources for service providers for Endpoint Protection. The SAA IT Security Branch is actively seeking solutions providing a full range of endpoint protection features as either an integrated suite or complementary packages, to protect at least laptops, desktop workstations and servers, and optionally mobile computing devices (e.g. smartphones and tablets). Background The United States Senate is a unique institution, with an Information Technology (IT) environment that reflects the nature of the institution. There are 100 Member offices, along with standing committees and officers of the Senate. Member offices and committees are essentially autonomous, subject to constitutional provisions and rules of the Senate. The Office of the Sergeant at Arms (SAA) provides IT facilities for the entire Senate community, including network connectivity, centralized computing resources and technology support services, but has no authority to mandate or impose technology or policy. The SAA IT Security activities support information assurance and IT operational security for Senate offices and the institution as a whole. Endpoints have become a source of security breaches despite improvements in network security in recent years. This is largely due to the fact that endpoints have become more exposed as users are working increasingly from laptops outside of the office, and the prevalence of web-based applications has brought a greater level of interaction with external sites than ever before. As a consequence, the endpoint has become the weakest link in the enterprise's overall security strategy, and a successful attack at the endpoint may not only reveal the data stored there but also provide the entry point to gain unauthorized access to the rest of the network. In this technology driven age, every organization is now susceptible to the damages caused by malware (ranging from productivity loss to confidential and financial data theft), and endpoints have become the most vulnerable and targeted point of attack. Improving endpoint protection has become an essential security measure for the SAA. Modern endpoint protection security software provides many features to protect against different attacks, including anti-virus, spyware protection, and a host-based firewall, often with additional optional components such as host-based intrusion detection. Individual products provide specific capabilities, and endpoint protection suites provide an integrated solution including most or all of these endpoint protection features. Workstations are the most common endpoint devices that need to be protected; however, endpoint protection packages may also be used to protect servers, printers, mobile devices, etc. The SAA is actively seeking solutions providing a full range of endpoint protection features as either an integrated suite or complementary packages, to protect at least laptops, desktop workstations and servers, and optionally mobile computing devices (e.g. smartphones and tablets). The Senate IT infrastructure presently includes a centralized enterprise antivirus solution as one of the services provided to the community. This solution has been in place for years, and the Senate network, the threat environment, and endpoint protection technology have all evolved significantly since it was initially designed and implemented. The SAA is evaluating the potential for re-architecting the endpoint security services provided to the Senate, from the ground up. REQUIREMENTS Requirements are stated in terms of minimum capabilities and characteristics required by the Senate. TABLE 1 Endpoint Protection Requirements No. Requirement Title Details/Description Meets Yes or No 1 Behavior-based anomaly detection Traditional signature based anti-virus solutions only provide marginal protection with the evolution of targeted malware and malware polymorphism so behavior-based anomaly detection / heuristic detection is required. 2 AV & Spyware Protection Block viruses, Trojans, worms, adware, spyware, and other potentially unwanted programs that steal confidential data and sabotage user productivity on user workstations (Microsoft Windows and Apple Macintosh systems) and servers (Microsoft, Linux and other Unix (e.g. Solaris) systems). 3 Network Attack Protection Provide a firewall to protect against network-based attacks and selectively allow only legitimate network traffic. Optionally recognize, scan and filter network traffic and content (including files attachments) associated with specific applications such as peer to peer (P2) sharing (e.g. LimeWire), streaming (e.g. Spotify), messaging (e.g. Microsoft Lync), etc. 4 Host Based Intrusion Protection Provide protection against intrusion and compromise by detecting or preventing execution of malicious code; unauthorized modifications to critical system resources; reporting the association between significant events (i.e. network connections, process creation) and objects causing those events; and monitoring based on entries in watch lists, e.g. MD5 hash values, or known hostile IP addresses. 5 Application Inventory Management Provide the ability to audit application inventory and changes, or to protect endpoint by restricting the installation and/or execution of software based on policy, whitelisting, or other methods. 6 Mobile Computing Devices Provide protection and management of mobile computing devices such as laptop and notebook, specifically addressing protection, management and updates while not connected to the Senate network (when disconnected, or connected directly to the public Internet). 7 Handheld Devices Provide integrated protection and management of mobile devices such as tablets and smart phones. 8 Virtualization Provide facilities to protect virtualized environments (both guest machines and the hypervisor environment). 9 Encryption Services Provide encryption services to protect stored information, either on a whole disk or file by file basis. 10 Hardware Device Restrictions Provide the ability to protect the system by enforcing policies to restrict use of hardware facilities such as USB ports. 11 Centralized Management Provide the ability to easily manage all endpoints from a central management facility, including automation of routine procedures. 12 Logging Provide logs capturing information about all security events affecting protected systems, recording logs locally and reporting them to the centralized enterprise management server. 13 Additional Capabilities Optionally, provide a brief description of specific additional capabilities that were not previously identified and may represent additional value worthy of consideration. INSTRUCTIONS In responding to this SSN: 1) Complete the requirement matrix, TABLE 1.( see SSN Attachment Requirement Matrix, Table 1) 2) State your qualifications to perform each requirement, 1 through 11, your solution meets. Your response to each requirement you meet must include paragraph numbering identifiable to requirements; 3) Provide descriptions to differentiate your solution across the following four categories (and subcategories as indicated): •1) Desktop workstations •a) Windows •b) Macs •2) Servers •a) Microsoft •b) UNIX variants (Linux, Solaris, etc.) •3) Virtualized systems •a) Guest VMs •b) Hypervisors •4) Mobile devices •a) Laptops and Notebooks •b) Tablets and Smartphones. 4) Provide past performance experience and information for a minimum of three (3) contracts, less than two (2) years old that involve use of capabilities and products relevant to those necessary for the Senate's requirements, include the contract number, customer name and address, and brief synopsis of work performed relevant to requirements; and 5) Organizational information including your Dun and Bradstreet number and point of contact with telephone, fax, and e-mail address. This Sources Sought Notice (SSN) is not a request for proposal and in no way obligates the Senate in an award of a contract. This sources sought synopsis contains the currently available information. This information is subject to change at any time. The information contained in this notice will be the only information provided by the Senate during the Sources Sought process. All qualified sources should respond to this Sources Sought by submitting an information package in accordance with the instructions provided. Vendors responding to this sources sought notice and deemed qualified by the SAA may be requested to submit a proposal in response to a solicitation. Only firms deemed qualified will be permitted to submit proposals. If suitable responses are received from qualified sources, the SAA anticipates release of a solicitation in the first quarter of Fiscal Year 2014. Neither the SAA nor the Senate will be responsible for any costs for the preparation of responses to this request. Responses to this Sources Sought request are due to the SAA Procurement point of contact no later than April 9, 2013, at Noon EDT and shall be submitted electronically via email only to the attention of Kathleen M. Haddow to acquisitions2012@saa.senate.gov. The subject line of the email message shall be SSN 2013-D-043 ENDPOINT PROTECTION. No other method of transmittal will be accepted. The response shall not exceed twenty-five (25) pages (excluding the cover page and the indes). Unnecessarily elaborate submissions are discouraged. Pages over the page limitation may be discarded. Access by the SAA to information in any files attached to the response is the responsibility of the submitting party. Neither the SAA nor the Senate is responsible for any failure to access vendor's information. THIS IS NOT A REQUEST FOR PROPOSAL. THIS NOTICE CONSTITUTES THE ENTIRE SOURCES SOUGHT NOTICE AND IS THE ONLY INFORMATION PROVIDED BY THE SAA OR SENATE. ANY REQUESTS FOR ADDITIONAL INFORMATION WILL NOT BE HONORED.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/Senate/SAA/SAAFD/2013-D-043/listing.html)
 
Record
SN03020342-W 20130327/130325234542-d4916ffbe9938cfa5c6a4d222e1566b6 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.