Accessibility Information

Users of assistive technologies such as screen readers should use the following link to activate Accessibility Mode before continuing: Learn more and Activate accessibility mode.

DISA Implementation of Web Audit Log Collection and Analysis Tools

Solicitation Number: DISAWEBAUDIT
Agency: Defense Information Systems Agency
Office: Procurement Directorate
Location: DITCO-Scott
  • Print
:
DISAWEBAUDIT
:
Sources Sought
:
Added: Aug 25, 2009 10:22 am

Contracting Office Address


Defense Information Systems Agency (DISA), Acquisition Directorate, DITCO-Scott, 2300 East Drive Bldg 3600, Scott AFB, IL, 62225-5406


 1.0   DESCRIPTION:


THIS IS A REQUEST FOR INFORMATION (RFI) FOR SOURCES SOUGHT IN SUPPORT OF THE IMPLEMENTATION OF WEB AUDIT LOG COLLECTION AND ANALYSIS TOOLS


1.1   SUBJECT


The purpose of this Request for Information (RFI) is to seek a qualified source for this program with an authoritative knowledge of application log analysis, network security, network flow (NetFlow) data analysis, and network profiling.  The source must have experience with Department of Defense (DoD) and other US government network defense systems, provide such systems commercially, and be actively engaged with the academic community.


DISA is seeking information from industry of a source for the implementation of data collection and analysis tools in support of the Web Audit Log Pilot.  


 


1.2   HIGH-LEVEL CAPABILITIES


The vendor must meet the following high-level capabilities:


 The vendor must have an authoritative knowledge of network security, network flow (NetFlow) data analysis, network profiling and analysis of application log in support of network defense;



  • The vendor must have experience with DoD and other U.S. government flow analysis, network profiling systems, and DISA's Web Audit Log pilot;

  • The vendor must be actively engaged with the academic community;

  • The vendor must offer the use of a system with connectivity to either a real or simulated internet backbone link with greater than 10-gig capacity that can be used to test tools and procedures;

  • The vendor will be required to illustrate results and provide presentations to the community; strong background in design; and

  • The vendor must provide general systems engineering and administration support closely integrated with cutting-edge research and development capabilities.


•1.3     CAPABILITY REQUIREMENTS


Vendors are asked to address the areas below.  In an appendix, please describe two of the company's current data collection and analysis tools implementations to provide these kinds of capabilities, including management and operational approach, requirements, processes, and any relevant lessons learned.  List major government and commercial clients. 


 


•1.      Experience with analyzing application log data, specifically web site related logs, in conjunction with other network-related data to detect malicious activity in support of DISA's Web Log Audit Pilot.


 


•2.      Experience implementing data collection and analysis tools for major DoD computer network defense (CND) programs.


•3.      Experience with Commercial off the Shelf (COTS), Government off the Shelf (GOTS) or open source sensors and monitors that generate unsampled flow data for security analysis on 10-gig enterprise networks, in particular Analytic Metadata Producer (AMP) and Yet Another Flow-aggregator (YAF).


•4.      Experience researching new applications of flow data, with at least 6 peer-reviewed publications in the last four years on traffic analysis and empirical network security.


•5.      Experience installing and using computer network defense tools for security analysis, including deep packet inspection, on large scale networks.


•6.      Experience providing both products and services to the commercial sector in this field and demonstrate an understanding of best practices in industry.


•7.      Experience implementing major network profiling and inventory systems in support of DoD CND initiatives. For security reasons, the vendor must have received the network profiling and inventory systems through the NSA Technology Transfer Office. The vendor must be able to refine/fine-tune application source code to achieve optimum program results


•8.      Understanding of network exploitation through either the Red Team or Intelligence Community.


•9.      Experience supporting, evaluating, and implementing new analytical techniques, including identifying and transferring approaches from research systems to an operational environment, evaluating GOTS systems and developing new analytical systems.


•10.  Demonstrate the ability to provide architectural techniques and metrics for evaluating the efficiency and coverage of large data collection and analysis systems.  Demonstrate the ability to develop advanced training and analytical material for use within the DoD.


•11.  Vendor must be able to provide the subject matter expertise in flow analysis, network profiling and analysis, and data integration.


•12.  Vendor's staff must possess, at a minimum, SECRET level clearances; TOP SECRET level clearances are preferred, for key personnel. 


•13.  Vendor must describe their experience with use, understanding and development of the following GOTS systems: CENTAUR, TRICKLER, EINSTEIN, AMP, YAF, SiLK.


2.0    DISCLAIMER


THE GOVERNMENT DOES NOT INTEND TO AWARD A CONTRACT ON THE BASIS OF THIS RFI OR OTHERWISE PAY FOR INFORMATION RECEIVED IN RESPONSE TO THIS RFI.


This RFI is issued for information and planning purposes only and does not constitute a solicitation.  All information received in response to the RFI that is marked Proprietary will be handled accordingly.  The Government shall not be liable for or suffer any consequential damages for any proprietary information not properly identified.  Proprietary information will be safeguarded in accordance with the applicable Government regulations.  Responses to the RFI will not be returned nor will the Government confirm receipt of the RFI response.  Whatever information is provided in response to this RFI will be used to assess tradeoffs and alternatives available for determining how to proceed in the acquisition process.  In accordance with FAR 15.201(e), responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract.


 The anticipated North American Industry Classification System Code (NAICS) for this requirement is 541512 (size standard $25M).   Other consideration NAICS 541519 (size standard $25M).


The government anticipates that this acquisition will be accomplished with a small business set-aside.  Small businesses are strongly encouraged to provide responses to this RFI, in order to assist DISA in determining the potential levels of interest, competition and technical capability to provide the required services within the Small Business community.  In addition, this information will also be used to assist DISA in establishing a basis for developing any subsequent potential subcontract plan small business goal percentages.


 


3.0                   SUBMISSION INSTRUCTIONS


 Responses should include the (1) business name and address; (2) name of company representative and their business title; (3) cost estimate for the technical services described above (broken out by base year and 4 option years); and (4) contract vehicles available that would be available to the Government for the procurement of the product and service, to include General Service Administration (GSA) Federal Supply Schedules (FSS), or any other Government Agency contract vehicle.


 The responses should be in a white paper format, no longer than fifteen (15) pages in length. Address the capabilities posed in section 1.2 and 1.3, and add one (1) appendix that consists of at least two past performances to include Government points of contact describing the vendor's capabilities. 


Firms who wish to respond to this should send responses via email NLT Tuesday, 01 September 2009, at 5:00 PM Eastern Daylight Time (EDT).  The response should not exceed a 5 MB mail limit for all items associated with the RFI response.  Interested vendors should forward their capabilities and other information to be considered to PEO_IANACQUISITION@disa.mil. 


4.0 . CONTACT INFORMATION


All inquiries and questions related to this RFI should be sent to the following Point of Contact: Maj. Paul Alelino, 703-882-1354, paul.avelino@disa.mil.

:
2300 East Dr.
Building 3600
Scott AFB, Illinois 62225-5406
United States
:
Anne K Keller,
Contracting Officer
Phone: 618-229-9504
Fax: 618-229-9440