Attachment - Mirror by pengxiuhui


									Internal Revenue Service

Threat Information Response Center (TIRC) – Incident Reporting and
Analysis Tool: Request for Information
August 10, 2010

FINAL 08.04.2010                                             Page 1 of 19
Table of Contents
1    Introduction ............................................................................................................... 3
2    Topics ....................................................................................................................... 4
3    Instructions and Response Guidlines ....................................................................... 5
4    Draft Statement of Work ........................................................................................... 6
5    Attachments.............................................................................................................. 5

FINAL 08.04.2010                                                                                                        Page 2 of 19
1 Introduction

The Threat Incident Response Center (TIRC) Response Team is comprised of
staff from Physical Security & Emergency Preparedness (PSEP), Treasury
Inspector General Tax Administration (TIGTA), Criminal Investigation (CI)
Division, Cyber Security (CSIRC), Office of Fraud Detection and Prevention
(OFDP) and the Office of Employee Protection (OEP) to institute an inter-agency
response team to develop emergency response procedures during an IRS
emergency situation. The tax administration system is of vital importance to the
economy of the United States. As such, its protection must be assured at all
times. In order to provide adequate response and mitigation measures, it is
necessary to develop sufficient incident response procedures that will ensure
immediate and effective response measures during critical incidents.
This Request for Information (RFI) is issued to inform prospective vendors of the
IRS‟ contract support needs and to solicit industry input/feedback on a new
acquisition. Based in part on the feedback received from this RFI, the IRS plans
to issue a Request for Proposal (RFP) for the desired services during the 1st
Quarter FY 2011. The IRS is not issuing this RFI to obtain general capabilities or
sales presentations.
The Government is seeking input from industry to assist with formulation of a
strategy to support the following goals associated with a new medium for all
incident and threat analysis:

Goal 1: Survey the marketplace to determine if there is current Commercial off
        the Shelf (COTS) products that will meet the Government‟s
Goal 2: Solicit feedback from the vendor community on changes that would be
        beneficial to the existing SOW or acquisition strategy.
Goal 3: Determine the viability of pursuing this requirement given technical and
        budgetary constraints.

This is not an RFP and no solicitation document exists. Responses to this RFI
will not serve as proposals, bids, or offers that could be accepted by the
Government to form a binding contract. Any information provided to the
Government is strictly voluntary and will be provided at no cost to the

FINAL 08.04.2010                                                                   Page 3 of 19
2 Topics
This section contains seven discussion topics that respondents should address.
Respondents should adhere to instructions and guidelines specified in Section 3
of this RFI and ensure that responses are bound by the following constraints:

Constraint: Any proposed solution must comply with all the stated restrictions in
            Section 4 of this RFI.
Constraint: Proposed

Topics for Industry Response
    1. Based on the requirements described in Section 4 can your company‟s
       COTS product meet the Government‟s needs? Will there need to be
       enhancements or customization of the product and if so how extensive.
    2. Based on the requirements in Section 4 is there additional information that
       would be needed for the final SOW/PWS to allow vendors to provide a
       comprehensive response?
    3. Provide a description of COTS product/service that would meet the
       Government‟s requirement.
    4. Provide a rough estimate of the timeline associated with installation and
       deployment of the proposed solution.
    5. The Government may conduct further market research in the form of no
       sot demonstrations. Would your company be will willing to participate in a
       no cost demonstration?
    6. Provide a Live Demonstration of the proposed product/service. Include an
       example of product in natural working environment.
    7. The Government is seeking a Rough Order of Magnitude (ROM) for the
       costs associated with this requirement for market research purposes only.
       (This response is optional)

FINAL 08.04.2010                                                                Page 4 of 19
3 Instructions and Response Guidelines
Responses to this RFI shall not exceed 35 pages. Responses must be
completed in Microsoft (MS) Word 2003, using 8.5” x 11" page size, 12-point
font, and margins of at least 1/2". If needed, up to four (4) double sized pages
(11” x 17”) may be submitted to allow for readability of systems diagrams;
however, each side of the double-sized pages will count as two pages for the full
35 page count limit. Both sides of the paper may be used, with each side
counted as a single page. Submissions shall be divided into the following
       Section 1: A brief description of the respondent‟s company, which should
        include relevant experience, services, business size, and point(s) of
        contact, including name, address, telephone/fax number(s) and e-mail
        address. This section shall not exceed five pages; any marketing
        brochures will be counted as pages. Descriptions of the company‟s
        capabilities or qualifications should not be included in the response for
        Section 2, below.
       Section 2: Responses to the topics 1 – 5 and constraints set out in RFI
        Section 2 shall not exceed 20 pages, and the response to topic 7 shall not
        exceed 10 pages for a maximum total of 30 pages for Section 2.
       Section 3: Live Demonstration - Maximum of an hour in length.

Responses may be submitted either by e-mail or in hard copy form. If e-mailed,
all documentation must be provided in an MS WinZip file, and each section must
be properly identified. If responses are mailed, submit three (3) bound hard
copies, each including a CD containing the responses.

While the IRS appreciates all responses, it will not respond to any questions
regarding the information contained in this RFI. The information obtained in
these responses will be used by the IRS to inform and shape subsequent
documents related to this acquisition. For that reason, respondents should not
divulge proprietary information or specific solution proposals in response to this

Please be advised that all personnel reviewing these responses are bound by all
nondisclosure regulations that govern Federal acquisitions.

3.1 Contact Information

Responses must be submitted in electronic format via email, no later than 3:00
PM EST, Tuesday, August 31, 2010. Responses shall be sent to Treva Jones at

FINAL 08.04.2010                                                                     Page 5 of 19
FINAL 08.04.2010   Page 6 of 19
4 DRAFT SOW/Requirements

Project Title:      Threat Information Response Center (TIRC) – Incident
                    Reporting and Analysis Tool


The Threat Incident Response Center (TIRC) Response Team is comprised of
staff from Physical Security & Emergency Preparedness (PSEP), Treasury
Inspector General Tax Administration (TIGTA), Criminal Investigation (CI)
Division, Cyber Security (CSIRC), Office of Fraud Detection and Prevention
(OFDP) and the Office of Employee Protection (OEP) to institute an inter-agency
response team to develop emergency response procedures during an IRS
emergency situation. The tax administration system is of vital importance to the
economy of the United States. As such, its protection must be assured at all
times. In order to provide adequate response and mitigation measures, it is
necessary to develop sufficient incident response procedures that will ensure
immediate and effective response measures during critical incidents.


The IRS (TIRC) will be a collaborative effort involving PSEP, TIGTA, CI, CSIRC
ensuring one medium for all incident and threat analysis. Additionally, the TIRC
would support the Incident Command Structure during a major incident by
providing a centralized repository for all IRS law enforcement and security
information during an incident.

Proper and timely critical incident reporting and response provides leadership
with the capability to make operational decisions on how to best initiate threat
mitigation strategies and/or properly address emergency situations to protect IRS
personnel, facilities, and infrastructure.

A key aspect of incident management is the reporting, response, and mitigation
procedures to alleviate further threats as a result of the incident. Prompt
reporting and response of critical incidents is essential in order to advise all
levels of management and the community of conditions that affect the operation
of the Service. Therefore, it is vital for the IRS to develop a system capable of
producing an analysis of current incident information, trends, and/or patterns
detected as a result of the incident, to assist in the development of effective
countermeasures to minimize the effects of future disruptions to service
operations to ensure the adequacy of information disseminated during
emergency situations.

Users of the TIRC will be the only personnel authorized to disseminate security
and law enforcement communications during any emergency situation to IRS

FINAL 08.04.2010                                                                    Page 7 of 19


The IRS intends to award a firm-fixed-price delivery order in accordance with
Federal Acquisition Regulation Part 8.4.


The period of performance will be 1 year from date of award with 4 option years.

Base Year: Date of Award to 12 months
Option Year 1: Months 13 to Months 24
Option Year 2: Months 25 to Months 36
Option Year 3: Months 37 to Months 48
Option Year 4: Months 49 to Months 60


The Government is of the opinion that all services will be performed at the
location specified in Section VI, therefore travel funds are not included in this
requirement, nor will the Government be responsible for travel or expenses
incurred by the contractor to fulfill the services provided under this requirement.


The system will be a web base application that can be housed at a Government
or Contractor's location and used at Headquarters in the Washington D.C.
Metropolitan area.


Performance shall not take place beyond the standard workday (8am-5PM
eastern standard time Monday -Friday). No overtime will be paid/authorized.


          The population is 120K users

FINAL 08.04.2010                                                                      Page 8 of 19
       Serve as a repository to house IRS incident and trend analysis information
        for a specified time period.

       Ability to provide various reporting products based on predetermined
        criteria and query feeds

       Extrapolation of information from pre-existing IRS systems from TIGTA,
        CI, PDT, PSEP, and REFM

       Ability to quickly send notifications to select IRS executives, stakeholders,
        and employees and provide incident and geographical trend analysis with
        mapping capabilities viewable on desktop and Blackberry

       Identify specific users roles and access requirements (full access vs. alert
        only users)

       Ability to store data for a predetermined time period with the ability to
        create reports with that historical information. This data will also be
        retained for trend and intelligence analysis

       Ability to extrapolate information from internal and external sources,
        including federal law agencies

       Database must have the ability to be customized to disseminate alerts to
        specific users based on pre-specified criteria

       Provide analysis and alerts on trends in information and incidents based
        on predetermined specifications

       Ability to provide various reports based on multiple criteria including a
        predetermined recipient list (query fashion)

       Mapping capabilities with Blackberry compatibility. (Incident proximity
        maps viewable on both PC and/or on handheld devices)

       Ease in creating reports and reporting templates

       Provide hands-on-training and on-line training for specified TRIC members
        and Business Unit points of contact

        Windows based software shall be housed in an IRS or vendor facility. The
        vendor will provide technical and maintenance support to the MITS system
        administrator and designated Physical Security and Emergency
        Preparedness staff in accordance with Internal Revenue manuals (IRMs)
        and National Institute of Standards and Technology (NIST) guidance

FINAL 08.04.2010                                                                    Page 9 of 19

          A.       The contractor shall participate in a kick-off meeting and provide a
                   demo of the software application including the web application to
                   gain a clear understanding of the national enhancement program
                   and the requirements of the Physical Security & Emergency
                   Preparedness staff. The Government will detail the goals and
                   objectives regarding the program. The contractor shall introduce its
                   key personnel and will meet the Government project team. Roles
                   and responsibilities will be outlined and a Plan of Action and
                   Milestones (POAM) to accomplish the identified tasks will be
                   drafted. The contractor shall provide detailed minutes of the kick-
                   off meeting minutes.

          B.        The contractor shall develop and customize user friendly Incident
                   Reporting and Analysis software capable of estimating the potential
                   loss impact of a threat event at the organization under review.

          C.       The software developed and customized for the IRS shall have the
                   ability to operate in a stand alone environment or connected to the
                   agency wide area network.

          D.       The software developed and customized for the IRS shall have the
                   ability to produce reports in a Microsoft WORD format with ease of
                   incorporating photographs. The reports must present findings in
                   clear and concise ways.

          E.       The software developed and customized for the IRS shall contain
                   automatic spell check capabilities.

          F.       The software developed and customized for the IRS shall meet all
                   NIST Information, Critical Infrastructure Physical Security Program
                   (CIPS), and Physical Security guidelines

          G.       The software developed and customized for the IRS shall include a
                   cost catalogue capable of automatically applying industry standard
                   cost to recommended corrective actions

          H.       The software developed and customized for the IRS shall have the
                   ability to be installed and operable on multiple personal computers

          I.       The contractor shall provide a concise help manual and user guide
                   that will provide detailed explanations on how to use the software
                   and resolve problems. These user manuals and help guides must
                   also be available on-line.

FINAL 08.04.2010                                                                     Page 10 of 19
        J.         The software developed or customized for the IRS shall have the
                   ability to transfer common data from module to module to alleviate

        K.         The software developed or customized for the IRS shall have the
                   ability to use collected assessment data to perform trend analysis.

        L.         The software developed or customized shall have the ability to be
                   password protected and files encrypted.

        M.         The software developed or customized shall have the ability to
                   address all hazards.

        N.          The contractor shall develop a concise training package and
                   provide hands-on-training and on-line training for IRS employees
                   (TIRC employees and select POCs)

Compatibility with Operating Systems
Security System Software must be compatible on the current version of the
Microsoft variant operating system and remain compatible as Microsoft upgrades
to the operating system. Software must be compatible with Microsoft Active
Directory and Microsoft Group Policy infrastructure.

Encryption Standards and Capabilities
Software must provide the capability for on-the –fly encryption data folders/files in
accordance with FIPS 140-2 Standards. The encryption solution must support
the ability of authorized users to logon under individual password protected
accounts and provide them the ability to save and retrieve the shared encrypted
data folders/files.
For Windows platforms, the preferred solution is compatibility with the IRS
approved encryption solutions that are the Microsoft Encrypting File System
(EFS). However an alternative solution that meets the FIPS 140-2 requirements
and delivers on-the-fly encryption of folders/files that can be shared is

Software Anti-virus compatibility
Software must be compatible with the current version of the Symantec Anti-virus
software and remain compatible with future Symantec upgrades.

System Backup/Restoration Requirements
The design must include a seamless redundant server failover capability.
Software must support nightly encrypted backups of data to the following: local
server/workstation hard drive, network storage drive, tape drive, and removable
DVD storage media. The encryption solution must allow full restoration of the
data files.

FINAL 08.04.2010                                                                      Page 11 of 19
Integration Testing
Software must pass software integration testing with IRS Common Operating
Environment (COE) suite of software. This includes compatibility with the COE
security configuration settings as specified in the appropriate IRS Windows
Operating System IRM. Software should also be compatible with current MIT‟s
server/workstation hardware configurations. All COTS software must pass a
compliance test using the current version of the IRS Windows Policy Checker
(WPC) and the SCAP (Security Content Automation Protocol).

Data Base Migration
Software must provide capability to import the risk assessment data files that are
currently hosted on standalone workstations.

Host Based Intrusion Detection (HIDS)
All IRS Servers are required to host HIDS Software. The FSR-Manager
application software must be compatible with the current version of the HIDS
software and remain compatible with future HIDS upgrades.

Patch Management
The contractor shall work with the MITS organization to establish a process that
ensures that the automated distribution of IRS operating system patches, hot
fixes and updates will not have an adverse impact on system performance. All
system patches, hot fixes and updates are subject to the same IT security,
compatibility and testing requirements of the original software. All vendor
originated change updates will likewise be communicated to MITS personnel for
appropriate testing and installation. The vendor must respond within four (4)
hours or less to a request for certification of any critical security patch.

Application Auditing
Software must provide system administrators with application level audit/audit
report generation tools.

The software developed or customized shall have the capability of data input,
tracking, and updating by input source and those in the chain of
command/decision makers.


Services to be performed by the contractor under this contract shall conform to
all applicable requirements and criteria indicated in the following handbooks and
publications and the latest issues and changes thereto.

A. Services to be performed by the contractor shall conform to all applicable
requirements and criteria indicated in the following handbooks and publications
and the latest issues and changes thereto:

FINAL 08.04.2010                                                                 Page 12 of 19
        1) General Services Administration Facilities Standards for the Public
        Buildings Service PBS/PQ-100.1.
        2) Internal Revenue Service Facilities Design Criteria (May 2002)
        3) Consolidated Physical Security Standards for IRS Facilities
        4) Internal Revenue Service Universal Wiring Handbook.
        5) National Fire Protection Association Codes and handbooks
        6) Occupational Safety and Health Standards
        7) Environmental Protection Agency Regulations
        8) ASHRAE Handbooks and ASHRAE Standards
        9) National Plumbing Code
        10) Federal Information Processing Standards Publication FIPS-Pub.-94
        11) American National Standards Institute (ANSI) Publications
        12) Uniform Building Code for Seismic Design (to include all applicable
        13) Uniform Federal Accessibility Standards
        14) All applicable Federal, State and local codes and regulations
        15) EIA/TIA Standards - Documents 606 & 607
                a. Document 606 -Administrative Standard for Telecommunication
                Infrastructure of Commercial Buildings
                b. Document 607 -Commercial Building Grounding and Bonding
                Requirements Required for Telecommunications.
        16) IRS Comprehensive Standards Compilation 1998 Edition – 1999
        17) Americans with Disabilities Act
        18) Lighting Handbook (The Illuminating Engineering Society)
        19) The Institute of Electrical and Electronic Engineers (IEEE)
        20) The National Electrical Manufacturers Association (NEMA)
        21) Department of Treasury Facility Security Assessment Process (FSAP)

A. The above items are a standard listing of handbooks and publications. Utilize
only those sections that are applicable to complete the design and construction
successfully. Where conflicts occur, the more stringent requirement shall take

B. All design and engineering requirements shall be provided in strict compliance
with the applicable IRS and GSA criteria. The contractor is responsible for
obtaining copies of these publications as necessary for his reference.

C. Pursuant to the Federal Information Security Management Act (FISMA), Title
III of the E-Government Act of 2002, P.L. 107-347, the contractor shall provide
minimum security controls required to protect Federal information and
information systems. The term „information security‟ means protecting
information and information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction in order to provide confidentiality, integrity
and availability. The contractor shall provide information security protections

FINAL 08.04.2010                                                                     Page 13 of 19
commensurate with the risk and magnitude of the harm resulting from the
unauthorized access, use, disclosure, disruption, modification, or destruction of
information collected or maintained by or on behalf of the agency; or information
systems used or operated by an agency or by a contractor of an agency. This
applies to individuals and organizations having contractual arrangements with the
IRS, including employees, contractors, vendors, and outsourcing providers,
which use or operate information technology systems containing IRS data. IRS
information or information systems are defined as a General Support System
(GSS), Major or Minor Application with a FIPS 199 security categorization impact
level of low, moderate or high, and those systems identified by the As Built
Architecture (ABA) and agency FISMA Master Inventory.

D. The contractor shall comply with Department of Treasury Directive TD P 85-
01, Treasury Security Manual TDP 71-10, and Internal Revenue Manual 10.8.1
Information Technology Security Policy and Guidance. The contractor shall
comply with IRS Internal Revenue Manuals (IRM) and Law Enforcement Manuals
(LEM) when developing or administering IRS information and information
systems. The contractor shall comply with the Taxpayer Browsing Protection Act
of 1997 - Unauthorized Access (UNAX), the Act amends the Internal Revenue
Code 6103 of 1986 to prevent the unauthorized inspection of taxpayer returns or
tax return information.

E. Contractors systems that collect, maintain, operate or use agency information
or an information system on behalf of the agency (a General Support System
(GSS), Major or Minor Application with a FIPS 199 security categorization) must
ensure annual reviews, risk assessments, security plans, control testing, a
Privacy Impact Assessment (PIA), contingency planning, and certification and
accreditation, at a minimum meet NIST guidance, if required by the IRS.

F. The contractor shall be subject to at the option / discretion of the agency, to
periodically test, (but no less than annually) and evaluate the effectiveness of
information security controls and techniques. The assessment of information
security controls may be performed by an agency independent auditor, security
team or Inspector General, and shall include testing of management, operational,
and technical controls of every information system that maintain, collect, operate
or use federal information on behalf of the agency. The agency and contractor
shall document and maintain a remedial action plan, also known as a Plan of
Action and Milestones (POA&M) to address any deficiencies identified during the
test and evaluation. The contractor must cost-effectively reduce information
security risks to an acceptable level within the scope, terms and conditions of the

G. The contractor shall comply with IRS mandatory annual Computer Security
Awareness briefings, UNAX briefings and receive an initial orientation before
access to IRS Information Systems. Perform HSPD-12 Personal Identify
Verification, physical and personnel security screening / background investigation

FINAL 08.04.2010                                                                Page 14 of 19
for approval of a contractor badge for staff like access; then obtain 5081 approval
to IRS information systems.
All contractors and contractor employees who are involved with the
management, use, programming or maintenance of IRS information systems
must complete the IRS mandatory Computer Security briefing. All contractors
and contractor employees who could have access to return information must
complete the mandatory UNAX briefing. Contractors shall certify the completion
of training by their employees annually. The certification shall be submitted to the
contracting officer, with a copy to the COTR and contractor Security Lifecycle
Program (CSLP). FISMA requires continuous security awareness training to
inform personnel, including contractors, other users, and individuals with
significant IT Security responsibilities that support the operations and assets of
the agency to receive specific training on agency guidance, policies and
procedures to reduce information security risks.

    XI.      ADDENDUM

A. The contractor shall comply with OMB Circular No. A-130 Security of Federal
Automated Information Resources Appendix III. The contractor shall comply with
the guidance in OMB Circular policy M-06-16 Protection of Sensitive Agency
Information to implement protections for personally identifiable information being
transported and/or stored offsite. In those instances where personally identifiable
information is transported to a remote site of the contractor, the contractor shall
implement NIST Special Publication 800-53 security controls and IRS specific
security procedures to ensure that information is transported in encrypted form.
The contractor shall comply with OMB Circular Policy M-06-15, Safeguarding
Personally Identifiable Information (PII), and Policy M-06-19 Reporting Incidents
Involving Personally Identifiable Information.

B. Sensitive PII is defined by OMB as “any information about an individual
maintained by an agency, including, but not limited to, education, financial
transactions, medical history, and criminal or employment history and information
which can be used to distinguish or trace an individual's identity, such as their
name, social security number, date and place of birth, mother‟s maiden name,
biometric records, etc., including any other personal information which is linked
or linkable to an individual.” Information systems can be either electronic or
manual. IRM 10.8.1 require IRS' sensitive information is to be handled and
protected at the contractor's site, including any information stored, processed, or
transmitted using the contractor's computer systems. Contractor personnel shall
perform a background investigation and/or clearances required; receive security
awareness and training required for contractor activities or facilities; and any
facility physical security requirements. Most IRS information is categorized as
SBU. This includes:

          1.) Taxpayer information
          2.) Employee data - such as evaluations

FINAL 08.04.2010                                                                 Page 15 of 19
        3.) Personnel and payroll records
        4.) Financial and statistical information on agency operations not normally
        available for public disclosure
        5.) Proprietary information provided to the government by third parties.

Various laws and regulations have addressed the need to protect sensitive
information held by government agencies including the Federal Information
Security Management Act (FISMA), the E-Government Act of 2002, the Privacy
Act of 1974, and OMB Circular A-130, Management of Federal Information
Resources. FISMA requires agencies to have a security program and controls for
systems to protect their sensitive information. Therefore, the contractor shall
comply with OMB policies and Treasury / IRS specific policies, procedures or
guidance to protect sensitive information, such as the following guidance from
OMB Policy M-06-16:

        1.) Encrypt all data on mobile computers/devices which carry agency data
        unless the data is determined to be non-sensitive, in writing, by your
        Deputy Secretary or an individual he/she may designate in writing;
        2.) Allow remote access only with two-factor authentication where one of
        the factors is provided by a device separate from the computer gaining
        agency access;
        3.) Use a “time-out” function for remote access and mobile devices
        requiring user re-authentication after 30 minutes inactivity; and
        4.) Log all computer-readable data extracts from databases holding
        sensitive information and verify each extract including sensitive data has
        been erased within 90 days or its use is still required.

C. The contractor shall follow Information Security guidance established by the
National Institute of Standards and Technology (NIST). The contractor shall
establish the minimum security controls identified in NIST Special Publication
800-53 Recommended Security Controls for Federal Information / NIST 800-53A
and Revision 1, and FIPS 200 Minimum Security Requirements for Federal
Information and Information Systems. The contractor shall follow the best
practices and guidance established by NIST special publication 800 Series and
Federal Information Processing Standards (FIPS) for computer security. The IRS
may determine such applicable Information Technology (IT) Security standards
and policies.

D. The IRS Computer Security Incident Response Capability (CSIRC) defines a
security incident as: “any adverse event whereby some aspect of computer
security could be threatened. Adverse events may include the loss of data
confidentiality, disruption of data or system integrity, disruption or denial of
availability, loss of accountability, or damage to any part of the system.” User
Compromise, Disclosure of Taxpayer/Sensitive Data, Malicious Code (successful
or unsuccessful), Denial of Service (DoS) (successful or unsuccessful), Website
Defacement, Identity Theft, Misuse of Resources or Policy Violation, Loss or

FINAL 08.04.2010                                                                 Page 16 of 19
Theft of IT Equipment, IRM/LEM Non- Compliance, Unauthorized Access
Attempt, Probe/Scan, and any other security incident that may threaten or
damage any IRS or federal agency information or information system(s).

E. The contractor shall maintain procedures for detecting, reporting, and
responding to security incidents, and mitigating risks associated with such
incidents before substantial damage is done to federal information or information
systems. The contractor shall immediately report all computer security incidents
that involve IRS information systems to the IRS Computer Security Incident
Response Center (CSIRC). Any theft or loss of IT equipment with federal
information / data must be reported within one hour of the incident to CSIRC.
Those incidents involving the loss or theft of sensitive but unclassified (SBU) data
(i.e. taxpayer, PII) shall be reported to CSIRC, first-line manager, and Treasury
Inspector General for Tax Administration (TIGTA). Based on the computer
security incident type, CSIRC may further notify the Treasury Computer Security
Incident Response Capability (TCSIRC) in accordance with TCSIRC procedures.
The specific requirements for a mass notification system must include but are not
limited to, the following essential features:
     Ability to support up to 120,000 employees and contractor‟s with scalability
        for twice the amount
     Set up and 24 / 7 / 365 99.9% availability, minimum of 2 US based
        geographically diverse and active-active capability with
        multiple internet service providers and communication carriers
     Capability of meeting and / or exceeding acceptable phone contact metric
        Service Level Agreement (SLA) of achieving a minimum of 5,000 contacts
        within 10 minutes and / or 30,000 contacts within the hour, from the start
        of the notification
     Capability of multiple modes of contact and communication, including
        Voice (Telephone / Cell Phone / Blackberry), email, text (SMS, SMTP,
        SMPP) etc. using polling messages, one way messaging, conference
        bridge, etc.
     Provide for unlimited emails, unlimited text (SMTP) messages
     Provide for phone contacts with inclusion of at a basic requirement of
        500,000 minutes and / or message units, with the provision to
        purchase additional such competitively priced blocks of minutes
        and / or message units when required
     Capability to import IRS data on a regular (twice weekly) basis from
        existing IRS systems on an automated basis
     Ability to create hierarchical organization structure with
        groups / sub-groups with necessary access and permissions
     Provide pre-canned customized templates for common incident
        types including cyber alerts, building evacuations etc.
     Availability of an user Interface and capability for message initiation
        via any internal or external web browser, and / or mobile devices
     Ability to utilize a live assistor 24 / 7 / 365 to activate notification messages
     Ability to have real-time reporting on status of message delivery and

FINAL 08.04.2010                                                                    Page 17 of 19
        responses received back from recipients
       Ability to not specify or identify the location of the recipient in the event
        that the GPS feature was used for notification purposes
       Ability to provide real-time reporting to only those authorized to access
        and view such information as deemed necessary and as defined in the
        access setup
       Ability to create customizable canned and ad-hoc reports utilizing any
        of the attributes in the database and the ability to export, view and
        print these reports in a variety of common formats such as WORD,
       Ability to integrate with TOOLKIT from eBRP Solutions Inc., 230-7895
        Tranmere Drive, Mississauga, ON, L5S 1V9, Canada
       Capability of 24 / 7 / 365 technical support – with number of how many
        personnel along with backup personnel, described in proposal
       Training package to include classes, Train-the-Trainer, web based
        training, manuals, Video / Audio training, etc
       Vendor responsibility for preventative obsolescence of the notification
        system with proactive upgrades, system maintenance and system
       Compliance with all Federal regulations
       Provide an executive level dashboard to intelligently manage the
        notification through:
                     Assessment              –      Identify all those impacted
                                                     based on situation
                     Coordination            –      Identify at a glance status of a
                                                     notification and recipient
                     Communication           –      Escalation or backup of
                     Methodology             –      Built-in industry best practices
                                                     for notifications
                     Customizable             –     Ability to customize the
                                                     notification to suit specific
                                                     organizational needs
                     Scalability             –      Can be accessed from
                                                     anywhere in the enterprise
                     Security                –      Ability to set security levels
                                                     based on organizational roles
                                                     and responsibilities

       Availability of the following professional services, to include:
                     Professional and customization services , with specific dates
                        to be identified later by the Government and specific
                        services to include but not limited to (within the scope
                        of this contract)
                     Data feeds / loads (including format changes)

FINAL 08.04.2010                                                                        Page 18 of 19
                      Establishment of collaborative environment to keep
                       everybody associated “in the loop” about everything
                       all the time
                      Interface with TOOLKIT from eBRP Solutions Inc.,
                       Mississauga, Ontario, Canada
                      Development of the hierarchical organization structure
                      Development of Government specified custom report
                      Customization of interfaces for NIMS / ICS compliance

       Enhanced communication via Pop-Up Screen messages on Computer
       Blackberry notification initiation and Pin to Pin notifications
       Ability to provide weather alerts
       Ability to use to Geospatial technology and / or GIS tracking to target
        notification/s, to specific recipients in the database
       Rollover of unused message units and / or minutes
       Data scrubbing for data quality and data integrity
       Training Certification
       Ability to rapidly / ”one-step”, deliver message to recipients who did not
        respond to an earlier notification

FINAL 08.04.2010                                                                     Page 19 of 19

To top