Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF JANUARY 26, 2020 SAM #6632
SOURCES SOUGHT

99 -- Application Containment

Notice Date
1/24/2020 10:48:30 AM
 
Notice Type
Sources Sought
 
NAICS
511210 — Software Publishers
 
Contracting Office
IT CONTRACTING DIVISION - PL84 SCOTT AFB IL 62225 USA
 
ZIP Code
62225
 
Solicitation Number
PL84110008
 
Response Due
2/17/2020 1:00:00 PM
 
Archive Date
03/03/2020
 
Point of Contact
Taylor Rakers, Phone: 6184186642, Cody Seelhoefer, Phone: 6184186348
 
E-Mail Address
taylor.j.rakers.civ@mail.mil, cody.r.seelhoefer.civ@mail.mil
(taylor.j.rakers.civ@mail.mil, cody.r.seelhoefer.civ@mail.mil)
 
Description
SOURCES SOUGHT ANNOUNCEMENT PL84110008 The Defense Information Systems Agency (DISA) is seeking sources for Application Containment CONTRACTING OFFICE ADDRESS: IT CONTRACTING DIVISION BUILDING 3600 2300 EAST DRIVE Scott AFB IL 62225-5406 US � INTRODUCTION: This is a SOURCES SOUGHT ANNOUNCEMENT to determine the availability and technical capability of small businesses (including the following subsets, Small Disadvantaged Businesses, �Certified 8(a), Service-Disabled Veteran-Owned Small Businesses, HUBZone Small Businesses and Woman Owned Small Businesses) to provide the required products and/or services. The Endpoint Security Portfolio is seeking information for potential sources for Application Containment capability to restrict execution of high-risk applications and computer processing activities to an isolated environment.� High-risk applications and activities (e.g., web browsing, manipulating documents, and viewing portable document formats from untrusted sources) continue to be an avenue for adversaries to install malware and perform malicious actions within the Department of Defense (DoD).� Containment capabilities use virtual computing environments running on the endpoint to execute untrusted content.� When untrusted content is processed within the virtual environment, any changes made to that virtual environment, malicious or benign, are completely discarded at the conclusion of that activity.� Optionally, suspicious changes may be forwarded to a common management server where detailed intelligence can be gathered of the changes made to the virtual computing environment.� This data can then inform analysis and facilitate threat sharing with other systems such as Security Information and Event Management (SIEMs) and perimeter based defenses. DISCLAIMER: THIS SOURCES SOUGHT ANNOUNCEMENT IS FOR INFORMATIONAL PURPOSES ONLY. THIS IS NOT A REQUEST FOR PROPOSAL.� IT DOES NOT CONSTITUTE A SOLICITATION AND SHALL NOT BE CONSTRUED AS A COMMITMENT BY THE GOVERNMENT.� RESPONSES IN ANY FORM ARE NOT OFFERS AND THE GOVERNMENT IS UNDER NO OBLIGATION TO AWARD A CONTRACT AS A RESULT OF THIS ANNOUNCEMENT.� NO FUNDS ARE AVAILABLE TO PAY FOR PREPARATION OF RESPONSES TO THIS ANNOUNCEMENT.� ANY INFORMATION SUBMITTED BY RESPONDENTS TO THIS SOURCES SOUGHT ANNOUNCEMENT IS STRICTLY VOLUNTARY. REQUIRED CAPABILITIES:�� �For the purposes of this Sources Sought, endpoints are described as follows: Thick Client � Network clients running on fully-capable systems - Local storage and processing capability; can operate independently if not connected to a network. Thin Client � Network client running on minimally-capable system - Minimal local storage and processing capability. Zero Client � Client with no capability outside of network context. Server � Respond to client requests; provide enterprise services (typically in data centers). �Users are System Administrators. Virtual Client � Client running virtually on a host platform; no physical resources. The target is an endpoint (excluding devices like phones and tablets) security and management solution that mitigates prevalent adversary attack vectors, tactics, and techniques used to compromise a system.� The proposed solution must automatically isolate the execution of high risk applications interacting with untrusted content from more trusted portions of the endpoint (e.g. host operating system); and/or the solution must facilitate incident detection, investigation, response and threat hunting.� Any proposed solution must continue to be effective in disconnected, virtual, intermittent, and low bandwidth network conditions without a dependence upon regularly recurring (e.g. daily, weekly, monthly) content updates.� The proposed solution must be capable of scaling to millions of endpoints and provide information in near real-time.� Any proposed solution must be ready for testing and subsequent deployment. In order for the Government to evaluate the technical merits of the vendors� solution(s), the solution(s) shall be capable of meeting the following technical requirements: Application Containment The solution shall automatically isolate applications interacting with untrusted content (e.g., internet web pages, email, removable media, and office documents) from more trusted portions of the device outside the container. The solution shall automatically detect potentially malicious code behavior executing within the isolation container. The solution shall automatically capture necessary details (e.g., ports and protocols in use, running executables and services, browser plugins in use, etc.) of events (e.g., malicious activity) occurring within the isolation container to support retrospective post-event analysis, threat analysis, and situational awareness. The solution shall automatically constrain potentially malicious activity to within the isolation container. The solution shall be configurable to control the ability of applications running within the isolation container to access only specified system resources (e.g., storage devices, network resources, human interface devices, etc.). The solution shall automatically eliminate and report all isolation container artifacts of compromise and intrusion remnants to the common management server in support of rapid remediation and investigation. The solution shall automatically restore access to a potentially compromised application within 60 seconds post-compromise, unless configured to allow malware to run for the purpose of analysis. All components shall be protected against unauthorized/malicious access and modification.� This applies to executable code, data, and component settings. The solution shall provide continual verification of the integrity of the isolation container to ensure there is no unauthorized/malicious access or persistent modification.� Solution components shall not impair authorized system operations (e.g., patching, scanning, business software usage, information assurance tools/initiatives (Secure Host Baseline, Assured Compliance Assessment Solution, etc.) nor shall they degrade managed system performance in any way, which may adversely impact a system�s primary business/mission functions. The solution shall provide automatic time stamping of all collected data and events based on a single time standard (e.g., Coordinated Universal Time). The solution shall support the Department's currently mandated means of authentication (e.g., Public Key Infrastructure (PKI)). The solution shall securely store and transmit data in a manner that ensures the confidentiality, integrity, availability, and source authenticity of the data. The solution shall automatically report operating status and configuration to its common management system, based on a pre-defined schedule, to ensure the capability is operating and configured as expected. The solution shall interoperate with event monitoring and correlation systems (e.g. SIEMs) to facilitate aggregated situational awareness. The solution shall allow for patching and update of containerized applications through a means of automated verification (e.g., integration with automated patch management infrastructure/processes). The solution shall encrypt all data in transit or data at rest with Federal Information Processing Standards (FIPS) 140-2 compliant cryptographic modules. The solution shall support open standards for automated threat information sharing. The solution shall protect managed endpoints operating in Connected, Disconnected, Intermittent, and Limited (DIL) bandwidth networked and standalone environments. The solution shall report to the Common Management Server all potentially malicious events encountered while the managed endpoint was without network connectivity. The solution shall provide configurable alerting based upon administrator defined criteria. The solution shall send alerts at administrator-definable intervals. The solution shall, at a minimum, operate on the most common vendor supported operating systems approved for use in the DoD environment (e.g., Microsoft Windows 8.1, Windows 10 (including Secure Host Baseline), and Exchange Server 2016, Linux). The solution shall provide the ability for designated administrators, authenticated according to DoD standards, to configure the solution in accordance with applicable DoD policies. The solution shall automatically report potentially malicious events detected within the isolation container to a common management server and provide actionable information in a non-proprietary, standard format (e.g. Structured Threat Information expression (STIX)). The isolation container shall ensure that destructive malware within the container is unable to negatively impact user data or the integrity of the host system. The solution shall, where possible, inspect and/or sanitize active or potentially malicious untrusted content passing out of the container to the underlying more-trusted host.� Examples include copy-paste, printing, file saving, and synchronization of configuration, and user data such as cookies and bookmarks.� Sanitization should re-encode content in such a way as to minimize the likelihood of malicious exploitation when content is processed. The solution should be capable of containing operating system kernel-level vulnerability exploitation. The solution shall have the capability to be tuned/configured to reduce alerts resulting from false positives. The solution's uninstall capability shall ensure no artifacts are left behind following execution of the uninstall processes. All solution components shall have the ability to be automatically deployed and configured based on predefined configurations. SPECIAL REQUIREMENTS Must have Secret Facility Clearance.� Please provide your current Facility Clearance level. SOURCES SOUGHT: The North American Industry Classification System Code (NAICS) for this requirement is 511210, with the corresponding size standard of $41.5 million.� To assist DISA in making a determination regarding the level of participation by small business in any subsequent procurement that may result from this Sources Sought, you are also encouraged to provide information regarding your plans to use joint venturing (JV) or partnering.� Please outline how you would envision your company's areas of expertise and those of any proposed JV/partner would be combined to meet the specific requirements contained in this announcement. In order to make a determination for a small business set-aside, two or more qualified and capable small businesses must submit responses that demonstrate their qualifications.� Responses must demonstrate the company�s ability to perform in accordance with the Limitations on Subcontracting clause (FAR 52.219-14).�� SUBMISSION DETAILS: Responses should include: Business name and address; Name of company representative and their business title; Type of Small Business; CAGE Code; Your contract vehicles that would be available to the Government for the procurement of the product and/or service, to include ENCORE III, SETI, NIH, NASA SEWP, General Service Administration (GSA): OASIS, ALLIANT II, VETS, STARS II, Federal Supply Schedules (FSS) (including applicable SIN(s)), or any other Government Agency contract vehicle that allows for decentralized ordering.� (This information is for market research only and does not preclude your company from responding to this notice.) � Vendors who wish to respond to this should send responses via email NLT 4:00 PM Eastern Daylight Time (EDT) on February 17, 2020 to Taylor Rakers, taylor.j.rakers.civ@mail.mil and Cody Seelhoefer, cody.r.seelhoefer.civ@mail.mil.� If you feel your company has a solution that meets the requirements above, submit a brief capabilities package (no more than ten pages) demonstrating that ability.��� �� � Proprietary information and trade secrets, if any, must be clearly marked on all materials.� All information received that is marked Proprietary will be handled accordingly.� Please be advised that all submissions become Government property and will not be returned.� All government and contractor personnel reviewing submitted responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized disclosure of proprietary information as described 41 USC 423.� The Government shall not be held liable for any damages incurred if proprietary information is not properly identified. �
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/1deadc12495241f7a72e55462e53d5c4/view)
 
Place of Performance
Address: USA
Country: USA
 
Record
SN05543555-F 20200126/200124230150 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.