BackgroundSRA TeamProducts & ServicesContract OverviewPoints of ContactTask Order GuidelinesTeammates OnlyAbout SRALinks

 

© Copyright 2000, SRA International

Contract Overview

Overview \\ Task 1 \\ Task 2 \\ Task 3 \\ Task 4

Task 2
STANDARDS, ARCHITECTURE, ENGINEERING, AND INTEGRATION SUPPORT

This task area addresses Information Technology capabilities providing security architecture and engineering of the DII. The Joint Technical Architecture (JTA) and the DII Common Operating Environment (COE) have IA standards and protocols, such as Internet Protocol Security (IPSEC), and other policies that will promote integration, interoperability and data sharing among systems. The architecture must be generic and flexible and provide the basis for the protection of the DII, the GIG, and the DOD enterprise applications and capabilities of the Defense Message System (DMS), Defense Information Systems Network (DISN), Global Command and Control System (GCCS), and Global Combat Support System (GCSS) and other systems as they are identified.

The contractor shall perform necessary support as indicated below.

Standards Support. The contractor shall review, coordinate, and recommend IA standards and protocols for cost effective application in accordance with the general DID strategies and supporting documentation as specified in the individual task orders. The contractor shall ensure compliance with the JTA, DII COE, and other future standards as applicable.

Architecture. The contractor shall provide IA DID strategy and related architecture evolution support by reviewing and coordinating changes and improvements to the concept of the DID, by participating in the coordinating process to ensure the DID strategy is integrated into the DII as its security architecture, and by assisting in the integration of security and functional requirements into an achievable system architecture. The architecture will be consistent with the JTA and employ DII COE or future standards as applicable.

Information Technology Insertion. The contractor may be required to provide technical support in developing and integrating prototype systems incorporating emerging technologies; to provide technical support in demonstrating technology and prepare and give briefings, provide copies of the briefings, and produce technical reports describing the demonstrations. Information technology is dynamically changing. Therefore, an incremental strategy to securing our DII is required. Technology insertion is required over the contract lifetime, that will improve current processes to share a common understanding of network status, understand the impact of anomalous events on military missions and DIO among Commanders, decision-makers, and DIO technical analysts.

A collateral part of this effort will improve current manual processes used to collect, aggregate, analyze, and share intrusion detection, vulnerability, and other anomalous event data locally, regionally, and globally. The ability to timely correlate/fuse intrusion, vulnerability, and event data with other intelligence and operational data to facilitate information attack characterization and attribution assists the decision maker in determining the course of action. Further, these capabilities will help determine actual and potential effects of intrusions and vulnerabilities on mission critical systems' mission readiness, and current or planned military operations. The development a pre-positioned response capability that provides a defense against malicious activities targeting DOD elements of the DII will provide quick response towards IA damage control, recovery, and reconstitution of these elements.

Engineering. The contractor shall provide systems engineering and engineering support as identified in individual task orders. This effort may include efforts such as but not limited to designing, developing and prototyping authentication devices for computer systems; designing, developing, and prototyping hardware/software tools for use by penetration teams; designing, developing, and prototyping Information Technology with integration of IA products and concepts; supporting and engineering IA solutions for the upgrade of programs to conform to DOD, National, or International initiatives such as Defense-in-Depth (DID) and Global Information Grid (GIG); developing network models of various commercial environments to determine the security impact on interconnected DOD customer equipment and networks; participating in modifications and improvements to existing IA products; conducting site visits for product implementation, problem solving/correction, and installation of products; participating in technical reviews during selection, development, and testing of IA components; designing and developing prototype hardware/software tools for penetration teams; assessing and testing of technology; and providing technical support in assessing the function, security vulnerability, usefulness, and potential applications of current and future technology, available from commercial, government, or other sources.

The contractor shall adhere to engineering principles that include lifecycle configuration management, interoperability, scalability, produceability, maintainability, fault tolerance, and redundancy in providing capabilities to protect, detect, and respond to unauthorized access and intrusions into the DII and GIG.

The contractor shall provide general IA engineering capabilities and services per individual task orders. General support includes participating in Integrated Product Teams (IPTs), working group meetings, design reviews, specific project meetings, other meetings, providing minutes of meetings, providing recommendations, responding to action items, reviewing documents, providing comments, providing informal consultation, providing briefings at meetings or to specific audiences, and supporting other regular program activities.

Integration. The contractor shall provide architecture and engineering integration of Information Technology capabilities to DOD, other federal agencies and departments in preparation of system transition plans for IA infrastructure, legacy systems, and DOD systems security programs. The contractor shall provide technical capabilities for application/integration of products and techniques used within the DII and the DOD enterprise programs, including the DMS, DISN, GCCS, and GCSS. The contractor shall provide technical support in assembling and integrating IA, and other information systems products into the DII, complete working systems, subsystems or modules; in performing design, development, and modification of existing products; and in writing software as required technology information assurance integration, testing, evaluation, analysis and other work necessary to produce the prototype capability specified by individual task orders. All efforts will conform to and be consistent with DII COE and JTA.

Testing. The contractor shall provide technical support in testing and evaluation of IA products and systems. Functional testing shall assess form, fit, functions and features of products and systems, ease of operator use, training requirements, and other appropriate areas in support of integration and certification. Testing efforts may also be used to validate JTA and DII COE compliance. Security testing and evaluation shall assess security features, requirements, conformance to design and security policy, and risks involved with products and systems, including the risks posed by connections to other systems. Any tests that may cause a system disruption should be conducted during periods of low agency activity. The team will attempt to keep such impact at minimum but make it clear to the agency or department that occasional disruptions may occur.

The contractor may be required to conduct vulnerability or discovery testing for commercial-off-the-shelf (COTS) and government-off-the-shelf (GOTS) systems and products. The contractor shall conduct testing of information systems during the development of a new information system or during the enhancement and/or modification of an existing system. The contractor will be required to participate in the analysis, testing, and evaluation of products against DOD, National, and International standards and criteria (e.g. Common Criteria). The contractor test team members may be required to execute non-disclosure statements prior to the beginning of any tests.

Demonstrations. The contractor will provide technical support in demonstrating the various systems and components of IA programs and concepts. Demonstrations will vary from War-fighter, Operations, and Engineering/technological perspectives.