BackgroundSRA TeamProducts & ServicesContract OverviewPoints of ContactTask Order GuidelinesTeammates OnlyAbout SRALinks

 

© Copyright 2000, SRA International

Contract Overview

Overview \\ Task 1 \\ Task 2 \\ Task 3 \\ Task 4

Task 4
EDUCATION, TRAINING, AND AWARENESS, CERTIFICATION AND ACCREDITATION, AND IA SUPPORT

This task area addresses customer service-oriented IA enabling technologies, products, and services.

IA Support. The contractor shall provide IA Information capabilities for Information Assurance activities to DOD Elements, the Unified Commands and their subordinate Components and other Federal Agencies. These capabilities include web-based IA Support/Help Environment, Information Assurance Training and Awareness, Information Assurance Vulnerability Alert Status, assessing Information Assurance readiness within the AOR, assessing the Unified Commands and their subordinate Component's security posture. Computer Network Defense. The contractor shall provide IA Information Technology capabilities to the JTF-CND, its subordinate components, and designated computer network defense service activities, such as Global, Regional, and Service CERTs. These capabilities include analysis of intrusion events against DII components, augmentation for IA exercises and demonstrations, assessing potential threats against DII components, recommendation for promising technologies to support the correlation and analysis, and recommendations for course of actions to stop or contain damage and restore network operations. Education, Training, Awareness, and Workforce Professionalization. Education and Training. The contractor shall provide IA Information Technology capabilities for IA awareness training, IA awareness documentation, and dissemination of IA information and products. Training will encompass any program or element within the IA arena. The contractor shall provide training sessions, conduct training, and develop and provide training materials and develop courseware as described by individual task orders. The contractor may be required to participate in or support information dissemination activities relating to disbursement of training materials through activities such as professional development seminars, trade shows, conferences, and briefings relating to IA. Workforce Professionalization. The contractor provide IA Information Technology capabilities to gather data, review and analyze agendas, prepare and recommend IA issues and topics, and developing schedules for developing IA professionals.

IA Awareness. The contractor shall develop IA distributive awareness products to support IA awareness. Products will be provided in a variety of distributive learning media, including interactive multimedia CD-ROM, video and Web-based products. The contractor shall support the development of paper-based awareness products, including but not limited to briefings, pamphlets, newsletters, posters and brochures. The contractor also shall support development and maintenance of web pages and their content to further enhance awareness of critical, new and or emerging IA and related threats, policies, procedures, issues and concepts. The contractor shall support promotion of IA awareness through coordination with sponsors of IA programs and IA personnel as specified in individual task orders. The contractor shall support the dissemination of products and the reporting of metrics on the quantity of products disseminated and product usage. The contractor shall develop or apply data collection instruments to conduct quality assurance surveys, and analyze data to ensure products meet the needs of intended audiences.

Certification and Accreditation. The contractor shall provide technical and non-technical professional expertise for DOD information technology programs to address life cycle security from inception of the program through accreditation, and obsolescence. The contractor will perform this by reviewing and providing technical documentation required for the application, system, network, and site certification and accreditation process. A multi-disciplined security approach that includes the requirements for IA, Information Security (IS), Information Systems Security (INFOSEC), Administrative Security, Personnel Security, Physical Security, Communications Security (COMSEC), Operations Security (OPSEC), and TEMPEST. The contractor shall perform IA Information Technology assessments of proposed and existing DOD systems to include assessing and verifying information systems including trusted systems; identifying and assessing security requirements and deficiencies in applications, systems, local and wide area networks (LANs and WANs) and commercial switching, transmission and signaling networks. The contractor shall provide technical support to conduct Certification and Accreditation (C&A) using the Defense Information Technology Security Certification and Accreditation Process (DITSCAP) to achieve uniform quality and a level of consistency throughout the life cycle of DOD Automated Information System (AIS). The contractor shall conduct reviews and providing recommendations for resolution of inconsistencies within existing DOD C&A policies and procedures; monitor the implementation of, and compliance with, C&A standards within DOD to ensure uniform application of the standards and consistency in security of accredited DOD information systems; and develop risk management guidelines. The contractor shall identify new COTS tools to support the automated onsite and remote inspection of automated systems.

Network Connection Approval Process. The contractor shall provide IA Information Technology capabilities to assess DOD military service and agency network connection for the DISN connection approval process. This includes the assessment of local enclave and host connections to the network. This assessment includes a review of the implemented security posture for compliance to security requirements. The network connection approval process may include onsite inspections of local enclaves presenting increased risk to the backbone. The contractor shall make recommendations for promising technologies to support the execution of remote analysis, onsite inspection, and reporting capabilities.

Compliance Inspection and Validation. The contractor shall assist in the compliance inspection process to ensure the established accreditation baseline is maintained. This task also includes a validation process to ensure that corrections to the security baseline are implemented and enhance the security posture. Any data collection efforts on the part of the contractor shall not violate individual rights or privacy and be consistent with guidance provided by the Government. The goal of the test is to identify security weaknesses of the systems, testing will not be destructive or obtrusive. Testing will not expose or examine intellectual property, private or sensitive information.

Vulnerability Assessment. The contractor shall perform vulnerability assessment and penetration testing and analysis to identify security weaknesses in the agency/department network architecture or network segment The contractor shall provide technical support for advance planning to predict and detect breaches in security. Contractor technical support shall include but not be limited to: review and document the aspects of security policy, security procedures, critical business functions, systems, networks, internal and external users, and tools recommended to be deployed which will satisfy the department/agency goal of preventing unauthorized access; develop and document the activities necessary to configure systems, networks or workstations in a manner to optimize the capabilities to predict a security breach/unauthorized access; develop and document the activities necessary to configure data, systems, networks, workstations, tools, and, user environments to capture the necessary evidence of successful or unsuccessful attempts to gain unauthorized access.

Workshop, Conference and Symposia Support. The contractor will provide technical and logistical support for the planning, scheduling, conducting, and post-event processing for workshops, conferences, and symposia.

Requirements Support. The contractor shall provide technical support to DOD, the Unified Commands and their subordinate Components, the DOD Services and Agencies, Federal agencies and departments, by identifying IA requirements and specifications; participating in staff assistance visits for data gathering, performing technical analyses, and documenting IA requirements; conducting studies and preparing evaluations regarding the feasibility of using new technology; and analysis of customer requirements. The contractor shall provide technical support in assessing the Warfighters information needs and develop the required documents. The contractor shall base the need development on operational plans and a thorough knowledge of the Warfighter and warfighting, as well as on the current technology.