Accessibility Information

Users of assistive technologies such as screen readers should use the following link to activate Accessibility Mode before continuing: Learn more and Activate accessibility mode.

Industry Day-Mobility MDM/MAS

Solicitation Number: MOBILITY-MDM-MAS
Agency: Defense Information Systems Agency
Office: Procurement Directorate
Location: DITCO-Scott
  • Print

Note:

There have been modifications to this notice. To view the most recent modification/amendment, click here
:
MOBILITY-MDM-MAS
:
Sources Sought
:
Added: Jun 03, 2012 10:05 pm Modified: Jun 05, 2012 9:36 pmTrack Changes
Contracting Office Address
Defense Information Systems Agency, Procurement and Logistics,
DITCO-Scott, 2300 East Drive Bldg 3600, Scott AFB, IL, 62225-5406

Description

The Department of Defense (DoD), Defense Information Systems Agency (DISA), Program Executive Office for Communications (PEO-COMMS), Program Management Office Mobility, Fort Meade, Maryland, in coordination with DISA's Defense Information Technology Contracting Organization (DITCO), will host Industry Days Tuesday thru Thursday, 12-14 June 2012. The purpose of this unclassified conference is to enable the Department of Defense (DOD) representatives to obtain information from industry experts on the need to provide an enterprise solution that will handle Mobile Device Management (MDM) and provide a Mobile Application Store (MAS) best commercial practices and how industry might best meet DOD needs. This information will be used by DOD to better understand industry's ability to support a core set of MDM/MAS user needs and user-selectable enhancements. This information will be fundamental to shaping DOD's future Mobility efforts.


Background


The Mobile Device Management (MDM) capability should provide the application and user level "traffic cop," to enforce policy for network and end devices. The MDM institutes the policy, security and permissions that define the functions the user is enabled to conduct on the mobile device. This capability ensures the security of the entire user community is not compromised by an incorrectly configured device. A unified MDM architecture secures, monitors, manages, and supports accredited mobile devices across a range of DoD environments. This allows for malware detection and policy control of the devices. MDM also supports over-the-air electronic software distribution (ESD) of applications, remote data-wipe capabilities, remote device configuration management, and asset/property management capabilities protect against key and data compromise.


The Mobile Application Store (MAS) capability is an online digital electronic software distribution (ESD) system usually part of the MDM. Obtaining user application permission rights from the MDM, the MAS can deliver, update and delete applications on the mobile device without the mobile device user having to return the device for service. The MAS operates in conjunction with the MDM system. The objective of an Enterprise MAS is to optimize the functionality and distribution of mobile applications to Mobile Devices while minimizing replication, cost, and downtime. The MAS depends upon the MDM for identification of new, removed, or changed mobile devices to support the PMO Mobility function. Certification and Accreditation of mobile applications will use a distributed process to facilitate entry into the storefront.


DISA is requesting information to determine sources with core competencies and demonstrated experience in developing and sustaining both a MDM and MAS that has, but is not limited to the following capabilities.


• Software Distribution - The ability to manage and support mobile application use including deploy, install, update, delete or block.
• Policy Management - Development, control and operations of DoD enterprise mobile access, connectivity, and security policy.
• Inventory Management - Beyond hardware inventory management, this includes provisioning and support.
• Security Management - The implementation and enforcement of DoD-level device security, authentication and encryption.


To focus the scope of this conference, all interested parties are requested to provide written responses to the associated key questions listed below. DISA requests written responses to the questions be submitted in advance via e-mail to Wanda.jones-heath@disa.mil and julie.j.bryant.civ@mail.mil no later than 5:00 PM Eastern Standard Time (EST) Thursday, June 7, 2012. All submissions must be in PDF and MS Excel format as outlined in Vendor Response Sheet_v7. Early receipt of the responses will allow DOD representatives time to review information prior to Industry Days and use the one-on-one session more efficiently. Updates to responses, as needed, can be made and brought to the conference for one-on-one discussions. However, the submissions on June 7, 2012 will be reviewed prior to Industry Days, so all changes should be clearly marked. Industry Day participants are also required to bring six (6) hard copies of responses to RFI questions for distribution during the one-on-one session for the use of government teams.


Specific contracting opportunities are not available and will not be discussed at this conference. This conference's purpose is for the Government to better understand the ability for the MDM/MAS industry to support DOD users' capability needs. Therefore, the conference agenda is primarily allocated to government questioning.


The MDM/MAS Industry Days will be held on Tuesday 12 June 2012, Wednesday 13 June 2012, and Thursday 14 June 2012 at the MITRE Corporation-Annapolis Junction (Meade). The address is, 300 Sentinel Drive, 6FD127, Annapolis Junction, Maryland 20701 (http://mitre.org/about/locations/md_annapolis_junction.html). Parking (deck) is available adjacent to the facility. This meeting is UNCLASSIFIED; no visit request is required. Attendees should arrive by 7:30 a.m. EST for check-in and registration at the MITRE facility on their scheduled one-on-one conference day. No registration for one-on-one conferences will be made during the conference. The conference will begin promptly at 8:00 a.m. EST. Food will not be provided, so plan accordingly.


The conference will consist of a morning overview session each day, beginning at 8:00 a.m. EST and will conclude at approximately 9:15 a.m. EST. Government representatives will provide introductory remarks and address various topics, including recent DOD Mobility activities, the conference agenda and ground rules. On their given day, up to two company representatives will have the opportunity to attend a morning session and a private one-on-one session.


Attendees are expected to be MDM/MAS operations, sales, and technical staff that can answer the specific RFI questions. In order to accommodate the large number of responses, the morning Introduction and Plenary Session will be duplicated on all three days, 12-14 June 2012. Following the morning sessions, beginning at 9:15 am, we will conduct 45-minute one-on-one government-industry sessions. Representatives are required to only attend the morning Introductory and Plenary Session that coincides with their scheduled one-on-one session. Schedules will be enforced, and the first 30 minutes will involve questioning by the government to better understand company RFI responses. The final 15 minutes will be set aside to allow each company to either elaborate on previously discussed points or to offer other industry insights regarding MDM/MAS. Sales pitches or marketing material will not be accepted. No cameras, tape recorders, or other reproduction devices are permitted during Industry Days and the government will not accept any materials that were not part of the contractor's original briefing.


Attendance will be limited solely to pre-registered attendees, and conference attendance will be limited to not more than two attendees per company. A total of 100 seats will be available for industry on a first come, first serve reservation basis for the plenary session each morning.


To reserve a time for a one-on-one session, registration will be made through Defense Information Technology Contracting Office (DITCO) by contacting either Arthur Kruse, at 618-229-9773 or Katie Koerkenmeier at 618-229-9513. Registrants must provide the names of up to two individuals attending, including their position/title and background, name of the company/organization, type of organization (integrator, reseller, satellite provider, etc) telephone number, type of business (small, large, small disadvantaged, etc), date of session and request either a morning or afternoon slot. Registration will be confirmed by phone and will not be scheduled through any other media (neither e-mail nor letter). Requests will be granted on a first come-first serve basis until all the slots are filled. After the slots are filled, a waiting list will be developed and cancellations will be filled from the waiting list. DITCO will release a tentative schedule for one-on-one sessions between industry and government representatives and notify the registrants in advance of Industry Days. THE DEADLINE FOR REGISTRATION IS 2:00 pm EST, FRIDAY, 8 JUNE 2012.


The government may request additional information from those responding to this RFI. This RFI does not constitute a Request for Proposal (RFP) or a promise to issue an RFP in the future. Responders are advised that the U.S. Government will not pay for any information or administrative cost incurred in response to this announcement. Proprietary information or trade secrets should be clearly identified. All information received that is marked Proprietary will be handled accordingly. Responses to the RFI will not be returned.


The following Rules of Engagement (ROE) for the MDM/MAS Capabilities Focused Industry Days is provided to industry participants for their information:

• The Government intends to use this forum to better refine its requirements, not to elicit trade secrets.
• All information will be treated confidentially and discreetly. The contractor is encouraged to be honest and forthcoming.
• Contractor personnel shall be limited to a total of two attendees per participating company.
• No sales pitches allowed from industry; no give-aways.
• No cameras, tape recorders, or other reproduction devices are allowed.
• The Government will not accept any materials that were not actually part of the contractor's briefing (Don't bring glossy marketing brochures).
• Total time allotted for the contractor's one-on-one session is forty-five minutes.
• Under no circumstances will the contractors allotted time be extended.
• Restrict comments/questions to the topics listed in this forum.
• Questions about the prospective RFPs will not be answered.
• Contractor personnel must be identified in advance, and only advance substitutions (24-hour in advance notice) will be permitted.
• Contractor identified key personnel shall make the actual presentation.
• The Government reserves the right to inspect all material, briefcases, etc., entering or leaving the site.

Original Point of Contact

Arthur Kruse, Contracting Officer, Phone 618-229-9773, e-mail arthur.l.kruse.civ@mail.mil or Katie Koerkenmeier, Contract Specialist, Phone 618-229-9513, e-mail, kathryn.v.koerkenmeier.civ@mail.mil


Definitions:


MDM: Mobile Device Management software. Software that secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises. MDM functionality typically includes over-the-air distribution of applications, data and configuration settings for all types of mobile devices, including mobile phones, smartphones, tablet computers, ruggedized mobile computers, mobile printers, mobile POS devices, etc. This applies to both company-owned and employee-owned (BYOD) devices across the enterprise or mobile devices owned by consumers. [Wikipedia: MDM]
MAS: Mobile Application Store software. A platform for the discovery and download of applications for use with mobile devices.
Operational availability: Defined by the formula Uptime/(Uptime + Downtime) as specified in DoD Reliability, Availability, Maintainability, and Cost Rationale Report Manual, 1 June, 2009. Downtime includes all failures and maintenance outages for the MDM, MAS as well as within the host computing, network and physical environment.
Workflow: A software representation of an ordered set of steps that comprise an activity, along with a POC for each step, and a mechanism for notifying each POC when it is their turn to perform their step (i.e., send an email)
NetOps: Network Operations: The operational framework that enables operation and defense of the Global Information Grid (GIG). It comprising three tasks: GIG Enterprise Management (GEM), GIG Network Defense (GND), and GIG Content Management (GCM).
GEM: GIG Enterprise Management: The elements and processes needed to communicate across the GIG, including Enterprise Services Management, Systems Management, and Network Management.
GND: GIG Network Defense: The areas of Information Assurance, Computer Network Defense, etc.
GCM: GIG Content Management: That which provides all levels of DOD with awareness of relevant, accurate information via the core services of Content Discovery, Content Delivery, and Content Storage


Common MDM & MAS Questions

         Please reference the attachment entitled, "Vendor Response Sheet_v7 Amend 1" for submission of responses to the following questions.
 
 1)      Describe and provide specific details on how your MDM and separately your MAS solution can be configured to meet an operational availability of  a) 99.9 b) 99.99.  The answer should identify required components such as high availability proxies, load balancers, cloud environments, or software required to meet the designated operational availability levels.  The answer should identify what is assumed the Government will provide within its hosting environments.

2)     
Describe and provide specific details on how your MDM and separately your MAS solution can be initially scaled to support a) 25k devices (year 1), b) 100k devices (year 2), c) 250k devices (year 3), d) 500k devices (year 4), and e) 1M devices (year 5), f) 4M devices (year 10), 10% of which are concurrently operating. The answer should include estimates containing specific numbers and types of servers and storage and any other required devices.  The answer should identify what is assumed the Government will provide within its hosting environments.

3)     
Describe the DoD environments (specific sites and networks) and operational missions in which your MDM and separately your MAS solutions have been a) evaluated in a relevant environment (adjudicated to a TRL 7), b) tested in an operational environment (adjudicated to TRL 8) or c) are in operations (adjudicated TRL 9).

4)     
Describe the performance; in terms of average response time, for your MDM and separately your MAS solution under a concurrent load of initially a) 250 devices (year 1), b) 1K devices (year 2), c) 2.5K devices (year 3), d) 5k devices (year 4), e) 10K devices (year 5), and f) 40K devices (year 10).

5)     
Describe and provide specific details on how your MDM and separately your MAS solution can be integrated with DoD enterprise services including a) Identity and Access Management (IdAM) (includes DoD CAC PKI authentication and Attribute Based Access Control (ABAC)), Active Directory, and c) Enterprise Email.

6)     
Describe and provide specific details on how your MDM and separately your MAS solution can be configured to support DoD users at the a) Unclassified (FOUO), and b) Secret.

7)     
Provide the dates that the MDM and separately your MAS solution has or will achieve NIST certification and Authority to Operate (ATO) within a DoD facility on a) NIPRNET and b) SIPRNET.


8)      Describe a) how your MDM and separately your MAS solution incorporates third party products and b) how you will provide timely updates in the case where third party products are being used.

9)     
Describe how your technical support (help desk) to users and Government technical team will scale to support a) 25k users (year 1), b) 100k users (year 2), c) 250k users (year 3), d) 500k users (year 4), e) 1M users (year 5), and f) 4M users (year 10), as well as g) 2 sites (year 1), h) 5 sites (year 2), i) 10 sites (year 3), j) 15 sites (year 4), and k) 20 sites (year 5).

10)   
Describe your MDM solution: a) ability for an app vetting workflow and b) ability for managing app licenses.

11)   
Describe your MAS solution: a) ability to view app details (i.e., screen shots, descriptions, ratings, recommendations), b) ability to browse for and search for apps, and c) ability for users to submit app defect reports and enhancement recommendations.

12)   
Describe the features and limitations of your MDM solution in supporting supports different device operating system and version.

13)   
Describe how your MDM and separately your MAS solution integrates with other vendor products, a) MDM to MAS, b) MDM to MDM, and c) MAS to MAS.  Please provide a list of your MDM and separately MAS public APIs and a description of their function (s).

14)   
Describe how your MDM and separately your MAS solution provide capabilities required to support NetOps (Enterprise Management, Information Assurance, and Content Management) of both themselves and of the end user mobile devices.  At a minimum, explain also how your MDM and MAS a) enable users, administrators, and external systems to appropriately perform EM, IA, and CM and b) provide appropriate situational awareness of relevant health and status to users, administrators, and external systems.  Describe the salient interfaces and data types utilized by your MDM and MAS to support NetOps functions.  State which capabilities are current, and for those which are planned, when they will be in publicly available releases. 

15)   
Describe how your MDM and separately your MAS solution are Public Key Enabled (PKE), i.e., can integrate with the DoD Public Key Infrastructure (PKI) to a) authenticate users and administrators of the MDM and MAS, b) authenticate users and administrators of end user mobile devices, c) authenticate and verify integrity of applications downloaded from the MAS, d) Support signing and encrypting/decrypting emails sent/received via mobile devices, and e) Support authentication of mobile users accessing DOD websites.  Describe what tokens (e.g., smart cards, CAC), token readers (e.g., smartcard reader), and middleware (software on mobile device that brokers communications between tokens and the device's OS and ultimately the PKI), are utilized.

16)   
Describe how your MDM and separately your MAS solution facilitates and/or enforces data at rest (on mobile devices and on MDM/MAS) and data in transit (between mobile devices and/or MDM/MAS components).  This should address both devices that natively support FIPS 140.2 and those that do not.  Describe what protocols and algorithms are used to implement security.  List any relevant approvals and certifications of algorithms and implementations, to include FIPS-140.2. List the specific encryption algorithms and provide the specific certification number for any validated module (s).  If you don't provide a FIPS 140-2 container to put on the device, describe how your MDM and separately your MAS integrates with exisiting FIPS 140-2 containers.

17)   
Provide a diagram showing communications between mobile devices and MDM and separately MAS components required to support the following: voice calls, data transmission to/from mobile device, VoIP calls, browsing and downloading of applications, and administration of mobile devices.  Specify what ports and protocols are used for all communications, and what encryption, if any, is used. 

18)   
Give examples of how your MDM and separately your MAS solution has been successfully used in either a large scale or secure environment.

19)   
Describe the internet services provided by your MDM and separately your MAS solution.

20)   
What is the impact to your MDM and separately your MAS solution if internet connectivity is removed or not existent?

21)   
How will your MDM solution handle BYOD?  What are the risks with BYOD and how does the MDM mitigate them?

22)   
In general, how would you authorize a) the user to the device, b) the device to the network, and c) the services on the network?

23)   
DoD currently uses CAC cards and PKI certificates for authentication.  Describe how you would tie the DoD PKI certificates to Sim Cards,microSD HSM and soft certificates in the mobile device?  Can your solution provide PKI personal and trust chain certificates updates over-the-air?? 

24)   
What devices and OS level does your MDM and separately your MAS currently support?

Added: Jul 26, 2012 4:33 pm Modified: Jul 30, 2012 3:28 pmTrack Changes

 


This request has been cancelled.  We will be re-opening the request as amended documents are  provided for Industry comments


 The Government has a need for additional questions from Industry. The Government would like to assess Industry capabilities. Please address the questions provided in the attached, entitled "Additional Industry Questions". Please send your responses to disa.meade.peo-ma.mbx.acquisition@mail.mil  no later than (NLT) 5 PM CST, 3 August 2012.
Added: Jul 27, 2012 4:13 pm Modified: Jul 30, 2012 3:28 pmTrack Changes
 This RFI is re-opened- The Government has a need for additional questions from Industry. The Government would like to assess Industry capabilities. Please address the questions provided in the attached, entitled "MDM MAS RFI II". Additional information and instruction is also available in the attached. Please send your responses to disa.meade.peo-ma.mbx.acquisition@mail.mil  no later than (NLT) 5 PM EDT, 3 August 2012.
Added: Jul 30, 2012 3:23 pm
The deadline for submitting responses to the questions pertaining to "MDM MAS RFI II" has been extended to 10 August 2012, 1700 hours, Eastern Daylight Savings Time.  All other information provided in the notice posted on 27 July 2012 remains as stated.   
Added: Jul 31, 2012 11:44 am
Refer to the FedBizOpps posting of 31 Jul 2012 titled MDM-MAS-RFI-II for the documents that are to be submitted in regards to the Mobile Device Management (MDM)/Mobile Application Store (MAS) RFI II Sources Sought Announcement
Please consult the list of document viewers if you cannot open a file.

Vendor Response Sheet_v7

Type:
Other (Draft RFPs/RFIs, Responses to Questions, etc..)
Label:
Vendor Response Sheet_v7
Posted Date:
June 3, 2012
Description: Vendor Response Sheet_v7

Amended Questions

Type:
Other (Draft RFPs/RFIs, Responses to Questions, etc..)
Label:
Amended Questions
Posted Date:
June 5, 2012
Description: Amended Questions: Changes are shown in red.

List of Industry Day Attendees

Type:
Other (Draft RFPs/RFIs, Responses to Questions, etc..)
Label:
List of Industry Day Attendees
Posted Date:
June 26, 2012
Description: Industry Event Attendees

Slides

Type:
Other (Draft RFPs/RFIs, Responses to Questions, etc..)
Label:
Slides
Posted Date:
June 26, 2012
Description: Opening Briefing Slides

Package #5

Posted Date:
July 26, 2012
Description: Additional Industry Questions

RFI 2

Type:
Other (Draft RFPs/RFIs, Responses to Questions, etc..)
Label:
RFI 2
Posted Date:
July 27, 2012
Description: Industry Questions and Information
:
2300 East Dr.
Building 3600
Scott AFB, Illinois 62225-5406
United States
:
Kathryn Koerkenmeier
Phone: 618-229-9513