Defense Information Systems Agency, DITCO-NCR, 701 South Court House Road, Arlington, VA 22204-2199

70 -- INFORMATION SECURITY TECHNOLOGIES POC Mr. Stephen Jancich, JEEDD, at JancichS@ncr.disa.mil, (703) 696-1982, fax (703) 696-1972 The Defense Information Systems Agency (DISA), Joint Integration and Engineering Office (JIEO), National Command Authority (NCA), and Nuclear Command, Control and Communications (C3) Branch (JEEDD) are developing a technology roadmap for airborne Command and Control (C2) assets. Part of this roadmap includes the ability to support the integration of the Defense Information Infrastructure (DII) into an airborne network and provide a security capability within that network. The desired security capability should be based on the Multi-level Information Security System Initiative (MISSI) concept and utilize card technology, such as Fortezza, for a secure writer-to-reader capability. The desired solution should provide a multi-level secure software/hardware solution for unclassified to top secret messaging on an airborne platform. The solution shall transparently interface to information transfer systems such as the Defense Message System (DMS), Global Command and Control System (GCCS), Global Combat Support System (GCSS), and others. It should interoperate with various computer applications and operating systems to support user interfaces with different airborne equipment. The network security capability desired should provide a suite of internal network security services compatible with card based security technology. The desired security system should be compatible with the DOS, Windows, Macintosh, and UNIX operating environments. The system should provide e-mail, file transfer and other general messaging support in a secure environment. The system should support the connection of the airborne network to military messaging systems such as DMS, DSNET, MILNET etc. (with X.400 and X.500 compatibility), NIPRNET and SIPRNET, and the commercial Internet. The primary focus remains secure military messaging systems and support across multiple networking environments. The desired technologies should provide a secure network capability and still retain the look and feel of the current e-mail and messaging systems. The technology should also provide an attachment translation capability as well as virus detection and repair capability. The technology should provide security-focused services such as access permissions, user identification and user authentication, as well as user digital signature and data file transfer integrity verification. The goal is secure writer-to-reader information transfer. The security technologies should also provide the security manager with network interfaces and accesses to facilitate network security oversight. The capability for transaction logging and a network journal function is desired. Key security elements, such as password management, generation, monitoring and updating, along with a password validation function, should be available for monitoring and tracking as may be selected by the security manager. These security elements, and other selectable network activity, shall be available for monitoring as determined by the security manager. Further, the security manager shall beable to establish alert/notification levels, by user or other category, to track and/or provide an alarm for an operational anomaly. These might include excessive password rejections, file transfer integrity failures or private key failures. Please identify, within security restraints, current user/applications of your security system, if the system has completed a security evaluation, and if the system has ever been accredited/evaluated in accordance with the NSA "Rainbow" series of design documentation. The security capability described in this notice should be considered a rough guideline of the desired characteristics. It is the intent that responders to this notice provide information on currently available security software applications, applications in development and conceptual approaches planned for the future that can or may support our C2 roadmap. The application time line is approximately 24 to 30 months. Please respond no later than 30 days after the date of this notice with selected information, application data, and / or brochures as appropriate that address your capabilities in information technology. Booz Allen & Hamilton, under contract to the DISA, is assisting in the effort. Material should be sent to the following address: Booz Allen Hamilton, Inc., Suite 562, 8283 Greensboro Dr., McLean, VA 22102, Attention: Mr. Doug Jones. Questions may be addressed to Mr. Jones at 703-917-2999 or via E-mail at jonesdoug@bah.com. Proprietary data (normally cost, and schedule) may be withheld if desired. Responses should be unclassified. Do not respond with classified information. Any classified information will be handled on a case by case, need to know basis. After a review of the provided information, those responses requiring more detail may result in a request to present a capabilities briefing to the appropriate DISA staff. All information provided will be controlled as marked (i.e., proprietary), and nondisclosure statements can be executed by DISA contractor support if requested. The DISA, Airborne Systems Engineering Branch contact is Mr. Stephen Jancich, JEEDD, at JancichS@ncr.disa.mil, (703) 696-1872. This RFI or "sources sought" shall not be construed as a request for proposal or as an obligation on the part of the Government for any follow-on acquisitions. The Government does not intend to award a contract on the basis of this RFI. http://www.disa.mil Information Security Technologies Jonesdoug@bah.com Information Security Technologies (0015)

Loren Data Corp. http://www.ld.com (SYN# 0294 19980120\70-0008.SOL)