U.S Department Of State, A/IM/RM.MFA, SA-15, Washington D.C.20522- 1502

70 -- 70--ELECTRONIC MAIL SOFTWARE DUE 092596 POC Ronne Rogin 703-875-4801. The Department of State (DoS) seeks information on COTS electronic mail software, on a Department-wide (i.e., worldwide) basis, that can meet the functional requirements summarized below. Vendors that provide such software are requested to submit descriptive literature, in sufficient detail to allow DoS to perform an adequate market survey, to the address set forth above. The Department will review all information received. This is not a formal solicitation; any subsequent solicitation will be synopsized prior to its release. Responses must be received no later than 30 calendar days after the date of this publication. A full set of our specifications can be downloaded from our BBS: 703/812-2510; settings 8-1 no parity; works best at 14.4kbps; look in RFC section of menu. Messaging system (MS) software must transmit both classified and unclassified e-mail; its use is pervasive throughout the Department, in scheduling meetings, conducting surveys, collaborating on projects, relaying messages, etc. The capability for effective and efficient responses to communications from Congress, overseas posts (including other co-located agencies), other Government agencies (Government-wide e-mail), organizational or industrial groups, the public, and international representatives is essential. DoS must implement a business-quality, client/server system will replace our many, disparate system with a single over-arching one. MS must be compatible with Defense Message System (DMS) architecture. Software provided must be year 2000-compliant. MS must work on both stand-alone and networked computers. Existing hardware base: Wang VS, RISC-based workstations and servers, Intel x86-based workstations and servers, and IBM PS/2-compatible workstations and servers. Operating systems include Windows NT, Windows95. Windows fo Workgroup 3.11, IBM/Microsoft DOS, UNIX, AIX, VMS, and Banyan Vines. We now use Banyan Mail, cc:MAil, Wang Office, MS Exchange, and MS Mail; interoperate with common public data networks and protocols, incluing X,25, TCP/IP, NetBEUI, and Vines IP; efficient operation over installed infrastructures(802.3, 802.5, FDDI, ATM, ISDN, etc.) required. MS must be DMS group 1 certified, when available. Both non-DMS and DMS (when available) versions shall be available to facilitate a smooth, cost- effective transition to the certified version (it is expected that the first system to be installed will be non-DMS version). Specific DMS requirements are as follows: 1. DMS upgrade shall implement a Directory USer Agent (DUA) capable of accessing both internal and External DMS-compliant x.500 directories; 2. Must be able to function as command and control system of DoS; 3. Must support lightweight directory access protocol (LDAP) directory services with x.500 standards, including direcctory access protocol (LDAP) directory services protocol (DSP),and directory information shadowing protocol (DISP); 4. Ability to perform directory administration using DAP; 5. Suite of tools is required to manage the x.500 directory (Government security certificate registration via x.509 shall be supported, as shall digital signatures with authentication mechanism; should be able to intergrate Government -wide services such as Government Informaation Locator Service (GILS); ablity to import other x.500 directories; prevent unauthorized access to directory data); 6. Efficient directory lookup and addressing mechanisms for accessing several million US Government and private address in external x.500 diretories shall be available, via x.500 directory using protocols like LDAP (must be able to access and search white, yellow, and blue pages, as defined in DMS); directory should support aliases; 7. Security requirements (Reference: DoD Trusted Computer System Evaluation Criteria, DoD 5200.28-STD): (a) MS shall be rated at the class C2, Controlled Access Protection, level if (1)user(s) has/have no security clearance and the system being accessed is unclassified and not connected to a classified system, (2) users have up to a Secret clearance, and the system being access has up to secret information and is not connected to another system processing Top Secret information and (3) users have Top Secret clearances and the system being accessed processes up to Top Secret information (no SCI), and is not connected to another system processing Top Secret/SCI information;(b) MS shall be rated at the class B1, Labled Security Protetion, level if (1) user(s) has/have no security clearance and the system being accessed is unclassified but connected to a classified system, and (2) users have up to a Secret clearance, and the system being accessed has up to Sercret information and is connected to another system processing Top Secret information. Provide and support encryption and other forms of message protection during transit from writer to reader. User authentication and cryptographic key management system should be integrated and easily manageable with regard to the client and server operating systems. Additional DMS security information is available in the National Security Agency/DoD Multilevel Information System Security Initiative Certificate Management Infrastructure report on Information System Security Policy and Certification Pratice Statement for Certification Authorities. 8. must comply with DoD DMS Required Operational Messaging Characteristics statements. Must be capable of end-to-end delivery confirmation of messages sent/received between any of the mail systems. Must be able to utlize fault-tolerant hardware features when present. Must be able to add sites, including mailboxes and users. Networks may be administered from a single desktop. Remote maintenance tools shall include the ablity to view, update,obtain operational statistics, reconfigure, set flags, and initiate process on remote Message Transfer Agents (MTAs) and Message stores. Must be able to backup message and directories on-line, to ensure easily managable recovery of message without loss or directory corruption. Protocols and Standards Required: SMTP with encoded attached objects; binary attachment supports for MIME and UUENCODE shall be intergrated; X.400; message application program interface (MAPI), WWW URLs for HTTP(EMBEDDED); with intergrated hyperlink support with browsers;must support industry-standard compression techniques for large attachments; industry standards documents on -line shall be automatically convert (MS Word, WordPerfect, and Wang WP), in both directions; directory service agent (DSA) must support US Government Electronic (DDE) and OLE; and must be fully compatible with Windows Open Data services architecture (WOSA) and the Open Data Base Conectivity (ODBC) standards. Compliance with FIPS PUB 127-2 required. Application software support/intergration required for: Word processing, spreadsheet, presentation support, calendaring/scheduling, data bases, web browsing, file management and form- generating (e.g., InfoForms). Applications can be intergrated into message. MS shall support a functional migration of DoS' telegram-based messaging structure into a flexible electronic MS. MS shall allow flexibility to add application capabilities, such as a comon in box for vioce mail, web pages, and fax. Intergration with products like Microsoft Office is required. Required features: Utilities to verify consistency and intergrity, to ensure accurate and secure message transport between message transfer agents (MTAs) and message stores; ablity to add, modify, or migrate user mailboxes without taking the system off-line; MTA and Microsoft Windows NT operating system seurity features shall not conflict ; automated distribution of new versions of both client and server software across the network; SMTP access; transmission of compressed messages; route tables maintained by the MTAs should be capable of functioning in a network of over 50,000 users and mailboxes(server support level shall be 1500 users); and security and administration of the system shall not conflict with installed firewalls or other network protection mechanisms. Message processing: message distrbution shall be as if the Department constitutes a single enterprise; message and attachments can be archived; system shall allow creation, maintenance, and diretion of message to on-line storage locations, which can be accessed by users locally or remotely; copies of all message shall be transmitted into the Department's archival data base system ( reference 36 CFR 1234.24(b)(1)) (indices shall include EO 129958 requirements,message classification, handling restriction, Traffic Analysis by Geography and Subject (TAGS), organization, etc.); users can create and use personal and group folders that can be organized, renamed, and easily manipulated; folders shall be searchable and accessible from remote locations, though access is controllable by users and network administrators; folders shall support move copy, delete, update, and other message management activities; personal folders can be intergrated within the user's mailbox; messages shall be identified by date to assist in file management; public folders can receive messages directly from any source, including agents and external screenings programs; message handling services shall have rules-based- message-handling capaility, allowing users to create and maintain message profiles to assit in screening, organizing and viewing message; distrubution/routing lists shall be easily created, maintatined, and used; dicrectory serves shall be used to resolve addressing problems; message forwarding features should include group, office, and location distrubutions; message be verfiably reliable to the end user; and, sender can request acknowledgement that a message has been read by the recipient. Directory Services and directory user agents shall be supported for the user agents, network administrators, and organiztion applications; additions/changes/deletions to the directory shall be propagated automatically; must allow automated updating to and form the directores of legacy mail systems; an audit mechanism (e.g., event logging) shall support directory synchronization; synchronization service shall provide transparent creation, retrieval, update, and distrubution of directory updates to all internal/legacy messaging system; and messaging problems shall be identified by tools provided in the software (detection, analysis, reporting). Administration and Management: Administration of directory services message stores, user mailboxes, MTA's, security access, etc., shall be via GUIs. MS shall alert administrator of problems as they occur. A single administration point is needed for all message store, mailbox, security, directory administration, maintenance, etc.; remote management via encrypted dail-up link is also required. Diagnostic informaiton and monitoring functions must be provided. Tools for managing X.400 message routing are required. Must permit management of users and groups. MS should provide for complete redundancy, with automatic switch-over. DoS also requires techinical support (help desk), training(year-round, worldwide), and on -screen documentation. Software licensing proposed must be the most cost -effective for the DoS, must give credit for installed base of the offeror's product, if any, and shall be managed by the contractor. (0243)

Loren Data Corp. http://www.ld.com (SYN# 0333 19960903\70-0001.SOL)