DISA/D211, 5113 Leesburg Pike, Room 428, Falls Church, VA 22041

D -- NETWORK SECURITY FRAMEWORK DUE 040398 POC Mr. John Nagengast, NSA Network Security Group at (410) 684-7308 or Mr. Peter Smingler, DISN Contracting Officer, at (703) 681-0526 WEB: Click here to access the NSFF web site., http://nsff.xservices.com. E-MAIL: Click here to contract the contracting officer via e-mail, sminglep@ncr.disa.mil. The Defense Information Systems Agency (DISA)/Defense Information Technology Contracting Organization (DITCO) and the National Security Agecy herewith issue issue a Request for Information (RFI) for industry review and comment concerning the Technical Frameworks upon which future Information Technology acquisition guidelines will be based. THE GOVERNMENT DOES NOT INTEND TO AWARD A CONTRACT ON THE BASIS OF THE RFI OR TO OTHERWISE PAY FOR INFORMATION RECEIVED IN RESPONSE TO THE RFI. In order to assure successful implementation of its Information Assurance Strategy, the Department of Defense (DOD) seeks Industry comment and participation in developing the Technical Frameworks upon which the Department will base its future Information Technology acquisition guidelines. This initiative is being jointly undertaken by the Defense Information Systems Agency (DISA) and the National Security Agency (NSA). The DOD Information Assurance Strategy is predicated upon a "Defense-in-Depth" approach which couples "Protect" -- coherent application of layers of security across the Defense Information Infrastructure (DII) with "Detect and React" -- global cyber-situation awareness. The Department's Information Assurance Strategy requires development of Technical Frameworks for each of the "Defense-in-Depth" component layers. The component layers included in a "protect" approach are the Protection of Wide-Area Networks, Enclave (Local System) Boundaries, Host Computer Operating Systems (Clients and Servers) in addition to Key Management Services, User/Applications-Layer Security Services (Fixed and Mobile), and Reusable, Risk-Managed Interoperability across Multiple Security Levels. The "Defense-in-Depth" components of a "detect and react" approach provide information assurance situation awareness. These components include DII Security Readiness Assessments as well as Detection, Reporting, Analysis and Response to Security-Relevant Events across the DII. The first Technical Framework to be developed will be for the User/Applications-Layer Security Services (Fixed and Mobil). It is intended to serve as a prototype for generating the Technical Frameworks for the other Defense in Depth components. An initial draft of this Framework is posted at http://nsff.xservices.com for Industry review and comment. Upon completion, the Technical Framework for User/Application-Layer Security Services (Fixed and Mobile) will subsequently be incorporated by reference into DOD Information Technology Guidelines. Current schedules project completion and formal publication in June 1998. A Government/Industry Workshop, sponsored by DISA and NSA under the auspices of the NSA Network Security Framework Forum (NSFF), will be conducted on 16 April 1998 at the Maritime Institute in Linthicum, Maryland. The Workshop will address industry comments and facilitate Government/Industry dialog. Attendance at the workshop will be limited to 300 participants. Priority for attendance will be given to those participants who have submitted comments. Comments should be provided in accordance with the guidance provided at the NSFF web site no later than 03 April 1998. Registration instructions for the Workshop are also available at the NSFF web site. The point of contact for technical issues concerning this announcement is Mr. John Nagengast, NSA at (410) 684-7308. The point of contact for contractual issues is Mr. Peter G. Smingler, Contracting Officer, DISA/D211 at (703) 681-0526.***** LLLL (0079)

Loren Data Corp. http://www.ld.com (SYN# 0028 19980324\D-0011.SOL)