B -- SPECIAL STUDIES AND ANALYSIS -- NOT R AND D

Notice Date

August 10, 2001

Contracting Office

Department of Commerce, National Institute of Standards and Technology (NIST), Acquisition and Logistics Division, 100 Bureau Drive, Building 301, Room B129, Mail Stop 3571, Gaithersburg, MD, 20899-3571

ZIP Code

20899-3571

Solicitation Number

SB1341-01-Q-1005

Response Due

August 27, 2001

Point of Contact

Fred Ettehadieh, Contract Specialist, Phone (301) 975-8329, Fax (301) 975-8884, Email fred.ettehadieh@nist.gov -- Alba Sanchez, Contracting Officer, Phone (301) 975-6344, Fax (301) 975-8884, Email alba.sanchez@nist.gov

Description

The US Department of Commerce, National Institute of Standards and Technology, (NIST), Intelligent Systems Division (ISD) of the Manufacturing Engineering Laboratory is working with the Information Technology Laboratory and the Electrical and Electronic Engineering Laboratory to address the information security issues of computer control systems (CCS) used in the process control industries. This effort is being carried out through the Process Control Security Requirements Forum (PCSRF), an industry group organized under the National Information Assurance Partnership (NIAP), a joint program between the National Institute of Standards and Technology and the National Security Agency. As part of the Critical Infrastructure Protection Program, NIST and NSA are working to provide technical support and assistance to industry to help improve the Nation's security posture. Creation of the PCSRF is one such effort. The PCSRF Focuses on security of the computer control systems used in process industries, including electric utilities, petroleum, pulp & paper, metals & mining, waste, water, chemicals, and pharmaceuticals, with an emphasis on industries considered to be part of the Nation?s Critical Infrastructure. To address process control system information security issues, the PCSRF will seek to, identify and assess threats and risks to process control information and functions; make security requirements recommendations for common operating environments of process control systems; utilize the Common Criteria for Information Technology Security Evaluation (also known as the Common Criteria, CC, or ISO 15408) for capturing the security requirements in Protection Profiles (PPs); promote process control community adoption of the recommended security requirements; promote security awareness and integration of security considerations in the life cycle of industrial process control systems. To carry out this project, ISD requires support in helping to define the information security requirements of the process control industry and to capture the requirements as PPs utilizing the Common Criteria. The overall program objective is to reduce the vulnerability of process control systems used in key industries of the Nation?s Critical Infrastructure. This procurement is to acquire services to assist NIST in defining the information security requirements of the process control industry, and to capture the requirements as PPs utilizing the Common Criteria. An overview of the tasks to required is as follows: analysis of currently available CCS architectures, including analyses of threats and vulnerabilities; Initiate Development of Information Security Requirements; Completing Development of Information Security Requirements; translation of information security requirements into protection profiles. This is only an overview of the tasks required. The associated North American Industrial Classification System (NAICS) code for this procurement is 541690 and the related size standard is $5 million. However, this acquisition is unrestricted and all responsible offerors may submit a quote. The Request for Quotation is being issued utilizing FAR Part 13, Simplified Acquisition Procedures. The period of performance for this acquisitin is for 12 months from the date of award. The Solicitation Number is SB1341-01-Q-1005 and is available via the Internet address www.fedbizops.gov. Potential offerors shall be responsible for accessing the web-site. All offers should be sent to the National Institute of Standard and Technology, Acquisition and Logistics Division, Attn.: Fred Ettehadieh, 100 Bureau Drive, Stop 3571 Building 301, Room B129, Gaithersburg, MD 20899-3571. Potential offerors are requested to direct all questions via e-mail to: fred.ettehadieh@nist.gov. Submission must be received by 3:00 p.m. local time on 8/27/2001. Faxed offers will NOT be accepted. See Numbered Note 26.=20

Web Link

Visit this URL for the latest information about this (http://www.eps.gov/spg/DOC/NIST/AcAsD/SB1341-01-Q-1005/listing.html)

Record

Loren Data Corp. 20010814/BSOL003.HTM (D-222 SN50U6G2)