D -- NASA INCIDENT RESPONSE CENTER (NASIRC)

Notice Date

December 19, 2000

Contracting Office

NASA/Goddard Space Flight Center, Code 216, Greenbelt, MD 20771

ZIP Code

20771

Solicitation Number

630-0001

Response Due

January 9, 2001

Point of Contact

Michele D Rasel, Contract Specialist, Phone (301) 286-9403, Fax (301) 286-1773, Email michele.rasel@gsfc.nasa.gov

E-Mail Address

Michele D Rasel (michele.rasel@gsfc.nasa.gov)

Description

The purpose of this notice is to advise potential offerors that the release of the draft RFP for the NASA Incident Response Center (NASIRC) support will be delayed until we determine the appropriate level of competition and/or small business goals for this requirement. At this time, it is requested that small disadvantaged businesses, historically underutilized businesses (HUB)-zoned, and small businesses identify their capabilities. The Contractor shall provide support in two main areas: 1. Supporting NASA's Information Technology Security (ITS) Expert Center role and responsibilities (providing ITS technical support to NASA Field Centers, maintaining collaborative partnerships with other NASA ITS Expert Centers like MSFC/NISN to sustain Agency-wide 24x7 vulnerability notification and incident response capabilities, work with Headquarters and GSFC management to develop and test Agency pathfinder initiatives in ITS area, work with external entities like FedCIRC to comply with Federal incident reporting and handling requirements) and 2. Supporting NASIRC daily operations (incident response and coordination, vulnerability research and notification, training and awareness, systems administration, and software development). In order to be considered for this evaluation, it will be necessary for the Contractor to demonstrate experience, capabilities, and skill competencies for providing support in the following related areas (as they apply specifically to areas 1. and 2. above): a) NASIRC Operational Functions i) Incident Response and Coordination ' Receive, analyze, and log incidents, follow-up on incidents, and coordinate incident information ' Establish and Maintain Technical Help Desk and Toll-Free Hot-line ' Receive, analyze, and log incidents from a variety of sources ' Follow-up on incidents ' Coordinate incident information ' Develop and maintain NASIRC Standard Operating Procedures ii) Vulnerability Notification ' generate NASA-wide vulnerability notifications (NASIRC Alerts and/or Bulletins) ' Track progress and vulnerability resolution and issue follow-up alerts/bulletins, as necessary ' Encrypt and dynamically post alerts to NASIRC secure Web site ' Dynamically post bulletins to Agency-accessible Web site iii) Support for Training Related to Incident Detection, Analysis, and Handling (Proactive Agency-wide Support) ' Develop and maintain user guide on NASA incident reporting and handling, ' Stay current with latest technology advancements, ' Link other ITS Web sites to NASIRC's Web site, ' Participate in development of ITS and incident handling training methods, ' Participate in GSFC-wide awareness and technical training initiatives, and ' Analyze and distribute ITS news flashes, iv) Automate existing manual processes used to receive, log, analyze, and report incident data b) Vulnerability Research i) Monitor a variety of vulnerability information resources ii) Receive, analyze, and log vulnerabilities iii) Validate vulnerabilities and determine priority ratings iv) Have open communications with external organizations such as law enforcement, other CERTs, and security research groups. c) Maintain and develop NASIRC bulletin processor, i) Dynamically posts alerts and bulletins to NASIRC's secure and agency restricted Web sites ii) Dynamically distributes NASIRC communiquis and cell phone pager notifications via sendmail iii) Develop Web-based front-end and interface to NASIRC Bulletin Processor for generation of NASIRC alerts/bulletins iv) Required Knowledge, Skills, and Software Programming Abilities ' Modern programming languages such as C, C++, JAVA, HTML, PERL, XML, Scripting Languages, UNIX Scripting Tools, SED, and AWK ' PGP version 5 and 6, and ENTRUST PKI version 5 and beyond, Encryption, Digital Signature, and PKI capabilities ' Specialized distribution list (restricted, general, and platform-specific distribution lists via NASIRC database management system) d) Maintain and continually enhance a NASIRC Web site capability i) Continually manage Web site content ii) Design and develop standard incident reporting forms for Agency-wide use iii) Continually maintain and enhance NASIRC Web site content ' Post special IT Security awareness and technical articles ' Add new navigational links ' Add new security references ' Integrate an agency-wide cell phone paging capability into the NASIRC alert/bulletin processor so cell phone pager notifications are issued when NASIRC high priority alerts/bulletins are issued ' Implement a "return receipt" capability where it is critical for NASIRC to know when IT Security Managers and other critical points-of-contact have actually received and read certain NASIRC critical communications like NASIRC High Priority Alerts ' Coordinate with MSFC/NISN, SSC, and JSC to determine how to get on-line batched incident reporting techniques actually working with the right quantity and quality of data flowing into GSFC/NASIRC from MSFC/NISN's new wide-area network monitoring capability that was installed agency-wide by December 2000 ' Design and implement more advanced Oracle incident database techniques to include more advanced incident tracking, data correlation, data visualization, data consolidation/reporting, and CVE compliant techniques ' Coordinate with MSFC/NISN, GSFC, and NASA IG Office to determine how NASA Brazil Project and Beowulf supercomputing concepts can be more effectively integrated with NASIRC's more advanced Oracle database concepts ' Redesign NASIRC Web site (new look and feel with enhanced navigation and functionality) ' New portal e) Develop New Web Applications such as the On-line Incident Response Pages and the IP Blocking Page Capabilities i) Develop a Web-based batch interface form for submitting incidents according to NPG 2810 ii) Access to the Web-based interface must be through a secure user/password capability similar to SSL iii) Write software to parse the incident data submitted via the Web-based interface, to dynamically send e-mail copy of incident reports to Incident Coordinators, and to ingest incident data into the appropriate database archive elements and files iv) Manage and maintain agency-wide Web-base IP blocking reference page v) Automate follow-up procedures for purging expired entries vi) Develop and implement new features, as required f) Existing and New Database Development Work i) Manage and maintain the existing MS Access database up to and through the transition to the new database ii) Develop a new database in Oracle that includes the fields in the On-line Incident Response Capability iii) Develop disaster recovery and backup procedures for the database iv) Manage and maintain the new database v) Develop a Web-based interface that enables restricted users i.e., (via user name/password) to interactively generate a broad range of reports (tabular and graphical) from the data in the database vi) Develop a Web-based interface for the Incident Response Coordinators to enter data vii) Develop software that automatically generates Alerts based on specific criteria g) System Administration of NASIRC Systems (NASIRC Infrastructure Support) i) Maintain a variety of UNIX OS platforms ii) Maintain user workstations iii) Upgrade/install hardware as needed iv) Perform scheduled backups v) Manage/maintain internal/staff e-mail capabilities and distribution lists vi) Manage/maintain internal e-mail server and user accounts vii) Install test patches viii) Manage user/staff accounts ix) Install/maintain COTS custom application software (bulletin processor, NASIRC incident database, PKI, secure shell wrappers, secure capabilities (SSL), FTP software, and specialized script programming) x) Database configuration and management xi) Web and FTP security analysis and statistics xii) Secure systems, report incidents, monitor system logs, and implement other proactive security measures xiii) Respond to security incidents h) Network Administration of NASIRC Systems (NASIRC Infrastructure Support) i) Manage/maintain firewall software ii) Configure/maintain network software iii) Maintain remote dial-in access capabilities (NASIRC toll-free lines) iv) Configure/maintain network routers v) Secure network components, monitor logs, and implement other proactive network security measures i) Development of a graphical user interface to the NASA incident data i) Develop a Web-based interface that enables restricted users i.e., (via user name/password) to interactively generate a broad range of reports (tabular and graphical) from the data in the database ii) Protect data such that only authorized individuals may have access to specific data, for example, one NASA Center may only see detailed incident data for their own Center NASA is seeking capabilities from small disadvantaged businesses, historically underutilized businesses (HUB)-zoned, and small businesses for the purposes of determining the appropriate level of competition and/or small business goals for this requirement. The North American Industry Classification System (NAISC) Code is 541519 with a size standard of $18 million. This notice requests small disadvantaged businesses, historically underutilized businesses (HUB)-zoned, and small businesses to identify their capabilities. It is requested that capability statements specifically address your existing experience, capabilities, and skill competencies to develop, implement, and sustain the appropriate support to satisfy the NASIRC requirements in those areas listed above. Your response must specifically address existing capabilities to support the NASIRC program consisting of support in a broad range of information science and technology disciplines, including computer security, networking, systems analysis, systems administration, software development, web technologies and systems engineering. Additionally, respondents shall provide to the Government the name, address, point of contact, and telephone number of at least three current (last 2 years) customers in which similar IT services, ITS threat/vulnerability research, and ITS incident handling/coordination operational support services are being or have been provided. Two (2) copies of capability statements and current customer contact information shall be submitted to the GSFC, Code 216, Greenbelt, MD 20771, Attn: Michele D. Rasel (301-286-9403, E-mail: michele.d.rasel.1@gsfc.nasa.gov) on or before January 09, 2001. To facilitate a prompt review by the NASA team, a one (1) page summary shall be affixed to the front of the capability statement submitted which identifies for the evaluator, by page and paragraph, your company's relevant capabilities. It is insufficient to provide only general brochures or generic information. Additionally, respondents shall provide to the Government the name, address, point of contact, and telephone number of at least three current customers in which similar IT services, ITS threat/vulnerability research, and ITS incident handling/coordination operational support services are being provided or have been recently provided. Questions regarding this notice, or this procurement, should be directed to the Contract Specialist, Michele Rasel at the phone number or E-mail address listed above, or the Contracting Officer, Dawn Fountain, 301-286-3815, E-mail: dawn.fountain.1@gsfc.nasa.gov.

Web Link

Click here for the latest information about this notice (http://nais.msfc.nasa.gov/cgi-bin/EPS/bizops.cgi?gr=D&pin=51#630-0001)

Record

Loren Data Corp. 20001221/DSOL012.HTM (D-354 SN5092G0)