Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF SEPTEMBER 15, 2016 FBO #5410
SOURCES SOUGHT

70 -- Email Sandboxing - Email Sandboxing RFI

Notice Date
9/13/2016
 
Notice Type
Sources Sought
 
NAICS
511210 — Software Publishers
 
Contracting Office
Social Security Administration, Office of Budget, Finance, Quality and Management, Office of Acquisition and Grants, 1540 Robert M. Ball Building, 6401 Security Boulevard, Baltimore, Maryland, 21235, United States
 
ZIP Code
21235
 
Solicitation Number
SSA-RFI-17-0928
 
Archive Date
9/29/2016
 
Point of Contact
Rick Bolt, Phone: 410-966-8765
 
E-Mail Address
rick.bolt@ssa.gov
(rick.bolt@ssa.gov)
 
Small Business Set-Aside
N/A
 
Description
Email Sandboxing RFI 'Word' format Overview and Purpose The Social Security Administration (SSA) is conducting a market survey/sources sought to help determine the availability and technical capabilities of qualified businesses, capable of providing the requirement below. This market survey /sources sought announcement is not a request for proposals, and the Government is not committed to issue a solicitation or award a contract pursuant to this announcement or based on responses to this announcement. The information from this market research is only for planning purposes, and will assist the Government in its acquisition strategy. As such, the Government will not entertain questions concerning this synopsis, and will not pay any costs incurred in the preparation of information for responding to this market survey, or the Government's use of the information. Proprietary information must be clearly identified as proprietary information. Background The agency is investigating tools to complement existing email protection capabilities, and integrate with the existing centralized management environment for automated multi-state, multi-vector response. The SSA is interested in deploying signature-less dynamic execution environment to evaluate inbound untrusted email content passively and actively. Current Environment The SSA's existing email protections include the use of signature-based quarantining, known bad blocking and other traditional analysis services. The solution would need to be implemented at the network level after emails have gone through existing security services. The SSA currently uses dynamic execution services to analyze traditional network services outside of the email system. Goals/Objectives This is a Request for Information (RFI) for an enterprise dynamic email execution solution for the SSA. The goal is to implement an enterprise-wide dynamic email execution solution that is cost-effective, and scalable. SSA is requesting information from interested and qualified vendors regarding their dynamic email execution solutions, which can detect or prevent spear-phishing campaigns. SSA plans to deploy an inline dynamic email execution solution that will evaluate all SSA email after it has passed through the existing email protection solutions. The solution should be able to leverage event information to take additional actions on SSA's network to block or otherwise contain related events that may have occurred through an adjacent threat vector. The platform will provide alerts to SOC analysts who can immediately take action to ensure that any additional activity that any related malicious activity is remediated. The agency acknowledges that responders may bundle their dynamic email execution capability into products that support other technologies. Although the agency is interested in these technologies, responders should focus their responses on dynamic email execution as a primary concern. Responders should also assume that the agency is familiar with promotional material concerning their offerings. This RFI seeks information that is not readily available through those channels. RFI Requirements This section contains the requirements, which the product must/should provide. Qualified vendors should provide responses on if and how each requirement can be met. Additional features and functionality are also welcome. 1. The solution will be a commercial off the shelf (COTS) product that supports the ability to be deployed inline and passively. 2. The solution must be commercially available as of September 1st, 2016 and capable of an enterprise deployment. 3. The solution must be able to import custom pattern matching rules. 4. Vendor shall have the ability to provide industry acceptable technical support for the system. 5. The solution must provide API access to control all features of the system. 6. The solution must be able to trigger events, which permit other solutions to block discovered indicators of compromise. 7. The solution must be able to analyze email traffic actively and passively in near real-time. 8. The solution will use signature-less technology to analyze all of the SSA's inbound email attachments and URLs, including the ability to introduce custom pattern matching rules. 9. The solution must have built-in high availability capabilities. 10. The solution will quarantine spear-phishing email and notify the internal recipient of the action. 11. The solution will leverage real-time threat intelligence from industry providers through from common industry providers and be capable of integrating government only feeds. 12. The solution provides reporting capabilities, and the solution must be able integrate with the SSA's Splunk SIEM. 13. The solution must leverage internal virtual execution of email contents. 14. The solution must be able to identify the type of vulnerability exploited. 15. The solution must be able to allow a security analyst to review and conduct further analysis of the quarantined content. 16. The solution must be able to integrate with Active Directory. 17. The vendor must provide Section 508 compliance information. 18. The vendor must provide IPv6 compatibility information. 19. The solution shall support industry standard network protocols. 20. The solution shall comply with NIST 800-53r4, NIST 800-37, OMB Circular A-130, FIPS 140-2, FISMA, FIPS 199, and FIPS 200. Additional Information 1. Have you implemented your solution with a Government agency of a similar size? If so, please provide reference information. 2. Describe any third party alliances, relationships, or dependencies for the tool. 3. Please provide information on your implementation methodology. 4. What types and levels of training do you provide or recommend? If applicable, describe training materials offered. 5. What is your anticipated learning curve for technical administrators and tool users? 6. Provide minimum, recommended, and future scaling requirements. Vendor Responses: Interested firms with the capability of providing the requirement shall submit capability statements that demonstrate their expertise in the above-described areas in sufficient detail, including any other specific and relevant information, so the Government can determine the firm's experience and capability to provide the requirements. Failure to demonstrate the capability of providing the requirement in response to this market survey may affect the Government's review of the industry's ability to perform or provide these requirements. In addition to capability statements, firms must include this information in their responses: 1) organization name, address, email address, website address, and telephone number; 2) size and type of ownership and socioeconomic designation for the organization [i.e. small business, small disadvantaged business, 8(a), women-owned small businesses, veteran-owned small businesses, service disabled veteran-owned small businesses, Historically Underutilized Business Zone small businesses, etc.]; 3) availability of products and services are available on the GSA schedule; and 4) business experiences. You may submit product cost and/or pricing data, inclusive of annual maintenance, with your response, however it is not required. Respondents should refer to SSA-RFI-17-0928. Electronic responses only must be submitted by 12:00 PM, ET, September 28, 2016 to the email address below. Faxed information will not be permitted. The size limitation for email attachments is 5 megabytes. NO FORMAL SOLICITATION IS BEING ISSUED AT THIS TIME, and the Government does not intend to pay for the information submitted. This information will be used in SSA's assessment of capable sources. Respondents will not be notified of any evaluated results from the data received. Any questions should be submitted via EMAIL ONLY (no phone calls please) to the Contract Specialist at Rick.Bolt@ssa.gov
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/SSA/DCFIAM/OAG/SSA-RFI-17-0928/listing.html)
 
Place of Performance
Address: Social Security Administration, Baltimore, Maryland, 21235, United States
Zip Code: 21235
 
Record
SN04269465-W 20160915/160913235630-f67923983fcdc2a1e91fa7d30d31e3e3 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.