D -- WEB-BASED COMPUTER SECURITY CERTIFICATION AND ACCEDITATION

Notice Date

December 21, 2000

Contracting Office

Department of Veterans Affairs (381), Austin Automation Center, 1615 E. Woodward St., Austin, TX 78772

ZIP Code

78772

Solicitation Number

101-01-1

Response Due

January 15, 2001

Point of Contact

Jay D. Anderson, Computer Specialist, email: Jay.Anderson@mail.va.gov

E-Mail Address

Click here to contact the point of contact by email (Jay.Anderson@mail.va.gov)

Description

The Department of Veteran Affairs InfoSec Program has an immediate requirement for a web-based application. The application will help prepare documents to support VA's security certification and accreditation (C&A) process. The application will reduce the time, effort, and expense to prepare C&A documents necessary for the development and management of VA IT Systems. The software should ensure compliance with civilian sector Government standards as described in general NIST C&A guidance, newly revised OMB A-130, CSA, FIPS 102 (and upcoming re-write), NIACAP, Common Criteria (CC), and the Clinger-Cohen Act. The software should be extensible by allowing the incorporation of VA policies and guidance. It should assist in providing necessary guidance and include the documentation templates necessary to support a complete and meaningful security certification and accreditation program. The software should simplify certification and accreditation and reduce costs by guiding users through easy-to-follow steps to determine vulnerability levels and assess network and system configuration compliance with VA guidance. The software should generate appropriate test procedures, process results, determine vulnerabilities, produce a risk assessment, and allow one to automatically publish a complete C&A documentation package known as a System Securty Authorization Agreement (SSAA) -- see the National Information Assurance Certification and Accreditation Process (NIACAP) document NSTISSI No.1000, April 2000. The accumulation of C&A data including configuration information on specific information systems makes this application sensitive. The contractor needs to discuss security capabilities and features that would be available. Offeror's who believe they can meet this requirement are required to submit in writing an affirmative response demonstrating an ability to provide a web-based certification and accreditation program for VA. All written responses must include a written narrative statement of capability, including detailed technical information demonstrating their ability to meet the above requirements. The response must be sufficient to permit agency analysis to establish a bona fide capability to meet the requirements. A determination by the Government not to open the requirement to competition based upon responses to this notice is solely within the discretion of the Government. Affirmative written responses must be received no later than the closing date of this publication of the synopsis. All information in response to this notification must be submitted in writing to the address contained at the header or emailed to Jay.Anderson@mail.va.gov, subject: CBD Response -- Web-Base C&A Software.

Record

Loren Data Corp. 20001226/DSOL012.HTM (W-356 SN5094H1)