Department of the Treasury, Bureau of the Public Debt, Division of Procurement, 200 Third Street, Room 207, Parkersburg, WV 26101-5312

70 -- MAINFRAME SOFTWARE MAINTENANCE SOL BPD-98-CI-0010 DUE 031898 POC Point of Contact, Jeff Stephenson, 304/480-6452, Contracting Officer, Tammie S Johnson, 304/480-6465 WEB: Department of the Treasury, Bureau of the Public Debt, Division of Procurement, http://www.publicdebt.treas.gov/oa/oaprocr.htm. E-MAIL: Department of the Treasury, Bureau of the Public Debt, Division of Procurement, procurement@bpd.treas.gov. Public Debt intends to negotiate a sole source procurement with Computer Associates International, Inc., 12120 Sunset Hills Road, Reston, Virginia, 22090, for software maintenance for the following products which meet the functional requirements listed: a) Shall provide access through panels under Interactive Systems Productivity Family (ISPF); b) Shall allow restriction of abilities via CA-ACF2, or compatible security subsystem; c) Shall be menu-driven and provide online tutorial and help functions; d) Provide for an unlimited number of users. The CA-VMAN Utility shall: a) Utilize ACF2 or other industry recognized security package to control logons to all sessions; b) Have a time-out feature for Multi-Session Manager (MSM) sessions without an active application session; c) Use ISPF-like panels for logons and switching from session to session via "PF Keys" or "Hot Keys", the logon panel shall contain the status and availability of all sessions; d) Have message broadcast capabilities which will cause visual/audible alarms when a message is issued by the MSM administrator, master console, or other terminal authorized to send messages; e) Have the capability to restrict access to the system via MSM, user shall not be allowed to circumvent the established security features by using the MSM; f) Shall not interfere with application session portability; g) Shall not preempt or circumvent an application's control over a user once that user has logged on or attached to it; h) Utilize the expanded capabilities of MVS/ESA including "above the 6Mb" line storage; i) Provide recording facilities for MSM activities in accordance with C2 requirements, i.e., logons, logon failures, and security violations; j) Provide cross-domain security for user logons coming from a remote site, every logon to the Public Debt mainframe computer shall come through the MSM; k) Provide the capability for users to log on to applications without the need to re-enter logon identifications or passwords; l) Provide for definition of users, terminals, and other resource definitions without the need to shut down the software and perform a restart; m) Provide for an unlimited number of session administrators; n) Provide an operator facility within the software to allow authorized users the capability to control all sessions and perform inquiries of the status of all applications for all users; o) Provide for application selection menus depicting only the applications authorized for each user; p) Provide the capability to reconnect to the session manager in the event of a communication line disconnect, a time-out feature shall be included to allow users a reasonable time period to re-establish the session, when this time-out threshold is met, the product shall terminate all active applications as well as terminate the session manager session. The ENDEVOR/MVS Utility shall: a) Provide for a central library for programs, job control streams, and data files; b) Provide for protection of production programs and change or deletion by: Restricting modification of stored members, Copying production members to create test versions, Replacing original production version after testing, Eliminating accidental or unauthorized alteration of production programs, job control streams, or data files, and Reserving the delete option for management use only; c) Restrict retrieval of, and access to, confidential data files and source programs; d) Provide complete backup of all programs, job control streams, and data files; e) Provide a history of all prior versions of programs, job control streams, and data files with the capability to: Copy deleted members to a protection file before physically removing them from the library, Match-merges or merge deleted members with a previously created protection file, Reinstate a prior version of a source program or object code to the library; f) Provide for the transfer of programs, job control streams, and data files between libraries and provide ability to replace any prior version of the same member which has been stored with the incoming member; g) Provide a method for storing, modifying, and retrieving programs, job control streams, and stored data files and permit the following functions: Adding of a source program to the library and the ability to modify, retrieve, compile, link edit, and execute it in a single job, Jobstream second generation programs in the library onto tape or disk with appropriate JCL, Retrieve any segment of any program and combine it with other program segments or programs to form a new program, Store and retrieve test data, Retrieve, modify, and combine any number of programs and JCL to form a job stream on either tape or disk for compiling and link editing; h) Provide a means to report the success or failure of all functions performed on an output print file and produce the following reports: A library directory listing, A directory listing of members by selected characteristics, status, or activity, A protection file directory listing; i) Provide the following features and functions: Add members to the library, format member records, assign member attributes and sequence check members, Copy members on the library and retrieve members from the library, Insert data from the SYSIN file into output files, Retrieve portions of members, modify members and tag members for subsequent deletion, Include members within other members during retrievals, Assign user comments to members on the library, Allocate supersets on the library file and add subsets to supersets, Assign user sequence numbers to a member, Initiate a transient mode extended feature, Advance the output print file to the next page and print user identification on a separate page, Specify auxiliary input from or output to a PDS, Insert records from an existing member into an input stream; j) Provide a means for management to: Secure confidential members on the library, override any suppressed functions, and authorize access to confidential members, Create a directory list of the entire or selected contents of the library or protection file, Produce a completeand current compressed copy of the entire library file which can be produced on tape or disk and gives complete backup protection to the resident library, Replace all or selected members in a library from tape or disk backup files, Restore all or selected members to the library from any of the backup files, Remove tagged members to a protection file, with or without matching-merging an input protection file, Create a protection file for members which are to be transferred to another library file, with or without matching-merging an input protection file, Initiate transient mode extended features, Modify the library security code, Transfer a member directly to another library, Bypass copying a named member or a range of members from an input protection file; k) Provide a library initialization program to format and label direct access devices for subsequent use as a library; l) Provide an analysis program which will produce a summarized presentation of the library's composition by size, status, type, and usercode; m) Provide a scan function which will produce a listing of statements within the library which contain a supplied character string. The scan shall be of the entire library or limited to a given language type, library member, a selected range of commands, or a selected group of columns. The ability to make changes to the members selected by the scan shall be provided; n) Provide a comparison function for reporting the changes made to source code and of the differences between files. The ENDEVOR QUICK EDIT Utility shall: a) operate in conjunction with ENDEVOR/MVS version 3.7; b) Be a program management and security system designed to establish, maintain, and protect a central library of source programs and JCL. The central library shall be immediately accessible for maintenance and processing and effective control and protection against theft, disaster, or other loss; c) Function as a subsystem of ISPF and be incorporated as a new option on the ISPF menu to allow the user to select EDIT, BROWSE, or UTILITY mode; d) Be retrievable directly into memory for editing. The actual editing shall be identical to ISPF and permit the user to create, display, and modify programs stored in the central library of source code; e) BROWSE operations should allow the user read only access to the member; f) Provide a menu of utility functions which allows the user to modify the program status, user code, or the level number. The utility shall support copy and rename commands, and provide the ability to print a member to the ISPF list data set. The PARALLEL DEVELOPMENT MANAGER UTILITY shall: a) operate in conjunction with ENDEVOR/MVS version 3.7 as well as any partition data set or PANVALET library structures; b) allow restrictions of abilities via CA-ACF2; c) provide compares against multiple versions of source codes that are controlled by ENDEVOR/MVS; d) provide for the automatic integration of multiple versions of source code that are controlled by ENDEVOR/MVS; e) provide for the ability to resolve conflicts resulting from concurrent development or from applying vendor updates to applications that have been customized in-house; f) provide automatic creation of final source from edited, integrated changes; g) provide for the ability to generate standard and customized reports on parallel development activities; h) provide impact analysis reporting at any phase in the development cycle. The CA-1 TMS Utility shall: a) Provide operations interface and the ability to code retentions which will be used as final authority for data retention, and/or expiration information; b) Manage mountable media including 480 compatible, 40 compatible, and other magnetic tape media; and shall include recording, dynamically updating, and reporting information related to volume serial number, file and data contents, when created, where created, when and where last used, etc.; c) Provide allocation/open time interfaces to the operating system sufficient to ensure data integrity, avoid accidental data loss, and provide real time recording of usage information; d) Track and report volume status information so that scratch volumes can be readily identified and used by operations personnel; e) Log, update, track, and manage location information in an automated fashion; f) Provide online updating and query capabilities; g) Provide flexible reporting of contents which can be selected from various fields and sort sequences within the database; h) Support and be compatible with the Memorex Automated Tape Library; i) Support mixed 480 standard, 480 IDRC, 490 E 6 track, and 490 6 track extended length. The ASTEX DASD MANAGER Tool shall: a) Support IBM or equivalent 80 and 90 DASD devices and associated cache control units (including Amdahl 690 DASD and 600 controllers); b) Collect and record DASD seek activity and DASD controller cache activity; c) Produce analytical reports from either its own recorded DASD activity data or from GTF (Generalized Trace Facility) data; d) Include an interactive TSO/ISPF interface for creation and submission of DASD analysis jobstreams; e) Provide the capability to report DASD seek activity by volume, dataset, allocated extent, and/or jobname; f) Analyze DASD seek activity and recommend the relocation of datasets either on a volume or within a group of volumes, for improved performance; g) Provide the capability to simulate the impact of proposed DASD configuration changes on seek and cache activity; h) Create JCL and control statements which can be used to perform recommended dataset movement, using either FDR/DSF, Compaktor, DFDSS, or standard IBM utilities. The CA-ACF2 UTILITY shall: a) Meet the C level of controlled access protection; b) Provide system and resource protection by default; c) Provide for access protection at both the data set and volume levels; d) Utilize SMF to log data set and resource violations; e) Provide a means to automatically backup and recover security databases; f) Provide report utilities for extracting SMF data logged by the product; g) Provide the record layouts for security databases and SMF records for the purpose of creating customized reports; h) Provide a means for assuring individual user accountability; i) Contain time-out feature(s) to automatically terminate a mainframe session if it remains inactive beyond a time limit specified by Public Debt; j) Provide for system and resource access based on specific dates, times, and device types; k) Provide for the option to allow users to change their own passwords; l) Provide the ability to control minimum and maximum time periods for changing passwords; m) Allow for a minimum and maximum length for passwords as specified by Public Debt; n) Utilize passwords that are one-way encrypted and stored in the security data bases in such a manner as to prevent decryption; o) Provide ISPF panels for administrative functions; p) Utilize the expanded capabilities of MVS/ESA including "above the Megabyte" line storage; q) Provide security interfaces for IMS, CICS, and DB; r) Provide the capability to administer security for multiple domains/nodes from a single domain; s) Provide the ability to control system access from any source; t) Have the capability of providing resource protection utilizing the System Authorization Facility (SAF); u) Contain a mechanism that assures system access will be prevented if the security software becomes inoperative; v) Provide a mechanism to secure CA-PANVALET libraries; w) Contain a means to provide access security for data sets residing on magnetic tape; x) Be capable of providing terminal security by individual terminal ID or by groups of terminals; y) Provide for centralized and decentralized security administration; z) Provide security administrators the ability to allow selective viewing and/or changing of the information contained in the records residing in the security data bases; aa) Allow changes to security access controls to become effective without the need to IPL the system or restart the security product; ab) Provide a method to identify users and resources individually and in groups; ac) Provide the option to control access by VTAM APPLID; ad) Have the capability to limit the number of security violations per session, per user; ae) Provide for automatic suspension of logon identifications if a site-determined threshold for invalid password attempts is met; af) Provide the capability to log to SMF access to selected data and resources based on individual users and groups of users; ag) Have the capability to control access for started tasks; ah) Provide for logon id inheritance in batch jobs submitted via TSO; ai) Have the capability to limit the use of TSO commands; aj) Provide an option for automatic erasure of reusable data space on any storage media when a file is deleted; ak) Contain the ability to globally limit the use of specific programs such as AMASPZAP and IMASPZAP no matter where they reside; al) Provide an automated means of notifying users of impending password expiration dates/times for a number of days prior to expiration; am) Provide an option for the security administrator to establish the number of days of password "life". The MULTI-IMAGE MANAGER UTILITY shall: a) Operate on AMDAHL 5990 series mainframes using the MVS/ESA operating system and logically partitioned under MDF; b) Allow restriction of abilities via CA-ACF2; c) Menu-driven and provide online help functions; d) Allow enterprise control and consolidation from a central workstation(s); e) Automatically prevent most common forms of data set damage; i.e., simultaneous updates, inappropriate updates, attribute modification, and overwriting partitioned data set directories; f) Prevent unauthorized programs from reading data sets and monitor unauthorized read operations; g) Simultaneously transmit ENQ requests from an application on one system to all other systems; h) Automatically notify end-users of resource conflicts as they occur; i) Automatically free data sets that have been allocated but are not being used by TSO sessions. If a TSO user is not currently using a data set that another task requests, the data set shall be automatically de-allocated to allow processing for the other task to continue; j) Automatically queue batch jobs contending for data sets and free the job for execution when the data sets become available; k) Allow tape drives to be shared automatically between systems; l) Allow devices to be reserved for specific jobs; m) Allow DASD to be shared by multiple domains at the dataset level; n) Provide cross-system message selection and merging; o) Provide a method for cross-system commands; p) Compatible with IBM's Sysplex strategy; q) Guarantee data integrity. The CA-EXAMINE utility shall: a) Not allow changes to be made to system components (i.e., shall have read only functionality); b) Run as a stand-alone product requiring no changes to existing system software/hardware; c) Provide real-time status of critical mainframe computer system software and hardware components utilizing ISPF menus; d) Provide a method to determine if changes have been made to source code, object code, and load modules residing on Public Debt mainframes at intervals determined by Public Debt; e) Provide a method to inform security administrators (upon demand) when program modules are changed via programs AMASPZAP and IMASPZAP; f) Provide online reports which highlight changes to sensitive operating system components which could potentially downgrade system integrity; g) Inform the product users of changes to the system Program Properties Table (PPT) upon request; h) Have the capability of providing lists of programs that are capable of running in supervisory state; i) Have the capability of creating job usage history reports from SMF data sets; j) Have the capability to provide a list of current system catalogs; k) Have the capability to provide device addresses, associated device types, and classes for all peripherals connected to the mainframe. Additionally, for DASD devices, the volume serial numbers and mount status shall be provided; l) Not interfere with access permissions allowed/disallowed by existing security access control software; m) Provide a method to create reports in batch mode containing the same information provided for online reports; n) Provide online and batch reports identifying libraries and their components defined as APF (Authorized Program Facility) authorized; o) Have the capability to identify and provide reports on all system linklist and LPA (link pack area) libraries; p) Maintain a record of the logon id of the administrator performing functions associated with requests for tracking changes to programs, libraries, and files; q) Have the capability of identifying SMP/E CSI files and provide reports of FMIDs (Function Modification Identifier), vendors, program and component numbers, and zone information contained therein; r) Able to identify and provide reports of critical system parameters contained in the system parmlib; s) Able to identify MVS subsystems; t) Able to identify system exits which should be reviewed due to potential security implications; u) Have the capability to identify load modules with no apparent corresponding source code; v) Havethe capability of comparing individual programs or entire load libraries to determine differences; w) Provide a method to track changes to specific programs identified as critical by Public Debt; x) Able to compare files and report the differences; y) Able to perform volume table of contents (VTOC) analysis to verify its integrity; z) Able to provide program statistics including size, language, link edit dates, zaps, and system status index (SSI) indicators; also provide size, compile dates, language used, zaps, an (0061)

Loren Data Corp. http://www.ld.com (SYN# 0267 19980304\70-0007.SOL)