Federal Deposit Insurance Corporation, Division of Administration-Acquisition Services Branch, 550 17th Street, N.W., Room 1700PA-4139, Washington, DC 20429

D -- ENCRYPTION PRODUCTS DUE 062199 POC Eupha M. Washington, (202) 942-3853 This document represents a Request for Information (RFI) from the Federal Deposit Insurance Corporation (FDIC) for a commerial-off-the-shelf (COTS) software product to enhance our existing cryptography capabilities. Specifically, we are interested in identifying software that, when used with our existing cryptography software, will allow us to place restrictions on which encryption algorithms can be selected and used by a given user or set of users within our public key infrastructure user population. The high level requirements that must be satisfied by this COTS software product are listed below. Each vendor's response to this RFI must address each of these requirements and explicitly state whether their product satisfies or does not satisfy them. For those vendors with a COTS software product that is not currently available but expected to become available in the near future, their response must include the expected date of availability. The vendor response must be concise and not exceed three pages. Vendor marketing brochures will not be accepted instead of a response but may be submitted for informational purposes. Vendors should state whether product is available on GSA Schedule. Requirements The COTS software product must: 1. Provide the means of restricting ENTRUST software product encryption algorithm selection by the general user population in a manner that forces the general user to make use of a default algorithm chosen by an independent security administrator; 2. Provide the means of permitting certain users explicitly appointed by an independent security administrator to select ENTRUST software product encryption algorithms; 3. Provide the means to prevent the use of Non-National Institute of Standards and Technology (NIST) approved encrption algorithms available within the ENTRUST software product. In other words, provide a means to restrict available ENTRUST software product encryption algorithms to only the subset of NIST-approved encryption algorithms; 4. Provide the means for both central and distributed security administration of ENTRUST software product encryption algorithm selection restrictions and permissions; 5. Be fully compatible with ENTRUST Manager Version 4.0 for Microsoft Windows NT; 6. Be fully compatible with ENTRUST Client Version 3.0c for Microsoft Windows 95 and Microsoft Windows NT; 7. Be fully compatible with all versions of Microsoft Windows NT as wellas the Microsoft Windows 95, 98 and 2000 operating systems; 8. Conform to NIST standards for information technology and cryptography; 9. Conform to other widely recognized and relevant standards for information technology and cryptography such as the American National Standards Institute, Internet Engineering Task Force, International Standards Organization, General Accounting Office and Institute of Electrical and Electronics Engineers, and 10. Conform to the Open Systems Interconnection reference model, Posted 05/20/99 (W-SN333807). (0140)

Loren Data Corp. http://www.ld.com (SYN# 0021 19990524\D-0005.SOL)