URL: http://www.disa.mil/ciss/itsc/docs/brochure.html INFOSEC Technical Services Contract The Solution to Your Security Needs Now! What is INFOSEC Information Systems Security (INFOSEC) is defined as the protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized user’s, including those measures necessary to detect, document, and counter such threats. For operations and for economic efficiencies INFOSEC is an enabling feature. It is the discipline that protects the integrity, availability, and confidentiality of our information assets and systems. All information is important and valuable to its users and requires some level of protection from unauthorized disclosure (confidentiality), assured access by users (availability), and protection from unauthorized change (integrity). We believe that good security is a mission enhancer, not a mission detractor! Our overall approach to information systems is security is to PROTECT information using a layered defense based on risk management and cost benefit analysis. We must be able to monitor all our systems and networks in real time to DETECT intrusions or hostile actions at all levels, and then REACT to isolate the systems, correct the security breach, restore service to the users, and act to prevent future attempts. Center for Information Systems Security Background In July 1990, the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence ASD(C3I), started an investigation effort for coordinated DOD-level management of defense INFOSEC initiatives. DCA, now DISA, was designated as the lead agency with assistance from the National Security Agency (NSA). A DISA/Center for Information Systems Security (CISS) and NSA plan was developed and approved for establishment of the Defense Information Systems Security Program (DISSP). CISS has its origin in the Defense Information Systems Security Program (DISSP), a joint DISA/NSA program. Continuing as a joint program office CISS’s mission is to manage, coordinate and provide direct INFOSEC application support to DOD programs, develop standards and protocols for INFOSEC and expedite the implementation of MLS command, control and communications systems for DOD. The CISS provides a means to fully review, coordinate, and make recommendations concerning the implementation of policy, architecture, and products to support DOD objectives. Mission The Center for Information Systems Security (CISS) is a joint DISA/NSA organization charged with executing the centrally managed Defensive Information Warfare (IW-D) and INFOSEC functions within DOD. CISS is the focal point for assuring availability, integrity, and confidentiality of all DII systems and information. We provide direct support to DOD services and agencies, and define requirements for DII INFOSEC standards. Additionally, CISS provides central coordination and reporting response to all DOD INFOSEC incidents, and operational protection, detection, reaction, and vulnerability analysis to the DII. What is the INFOSEC Technical Services Contract? DISA awarded the INFOSEC Technical Services Contract (INFOSEC TSC) on 12 July 1995 to two large businesses (CSC and SAIC) and one small business (MERDAN Group, Inc.). CISS, a joint DISA/National Security Agency (NSA) program, has been chartered to provide INFOSEC services throughout DoD. INFOSEC support will be provided by CISS infrastructure resources with contractual assistance from the INFOSEC TSC. The primary responsibility of the joint program office is to assure the effective and coherent application of INFOSEC to the overall Defense Information Infrastructure (DII). The contract offers technical support in the areas of: * INFOSEC Security Policy * INFOSEC Requirements Support * INFOSEC Architecture and Engineering * INFOSEC Independent Validation and Applications Verifications * INFOSEC Products and Applications DoD Goal Security Architecture (DGSA) * INFOSEC Certification and Accreditation Master Transition Plan * INFOSEC Technology and Training Documentation, and Countermeasures Information Dissemination * INFOSEC Multilevel Security Technology * INFOSEC Technical Managemet and Capabilities Planning (TMP) * INFOSEC ProfessionalizationProgram and Project Management * INFOSEC Standards and Protocols The contract is not a Federal Information Processing (FIP) hardware or software procurement contract. All DOD departments and agencies requiring INFOSEC services can utilize the INFOSEC TSC. The contracts are Indefinite Delivery, Indefinite Quantity (IDIQ) with individual firm fixed price, cost plus fixed fee, and time and material Delivery Orders (DOs) awarded for each requirement. Ceiling on the INFOSEC TSC is $1.095B which includes authority for other Federal (non-DOD) Agency use of 10% of current contract value. An additional 10% authority for non-DOD federal agencies is anticipated from GSA. There will be a 2 percent fee applied to all Delivery Orders. Details for submitting requirements are spelled out in the “Guide for the INFOSEC TSC. Advantages of Using the INFOSEC Technical Services Contract * Provides contractual assistance in support of INFOSEC and INFOWAR requirements * Provides a means to obtain assistance in addressing complex systems security issues * Provides a high level of expertise to support systems certification and accreditation * Provides necessary DII/NII security support for DII/NII open systems architecture * Provides hardware and software support for INFOSEC prototyping and incidental hardware/software required to perform the task _________________________________________________________________ The INFOSEC TSC guide can be obtained from the: INFOSEC Technical Support Office (ITSO) Center for Information Systems Security 5111 Leesburg Pike, Suite 100 Falls Church, VA 22041-3201 Attention: Ms. Nanette Chopin (703) 681-1331 ---or--- Attention: Mr. James Lindou (703) 681-1333 FAX (703)681-1393 ---or--- through the World Wide Web at http://www.disa.mil/ciss/itso.html. _________________________________________________________________ SAIC Team Members * Bell Atlantic * Bellcore * CTA, Inc. * George Mason University * Information Security Systems, Inc. * JANUS Associates * Lockheed Martin * MICON Services Company * Pailen-Johnson Associates, Inc. * Secure Solutions, Inc. * Sprint * Technautics, Inc. * TeleCommunication Systems (TCS) * TELOS CSC Team Members * A.B. Floyd * Automation Research Systems (ARS), Ltd. * Bowie State * Computer Associates * DEC * DMR Group * Group Technologies * Intermetrics * IRE * Metters Industry * MIS Training Institute * Northrop Grumman * ORA * Oracle * RSSI * Space Applications Corporation * Systems Engineering Solutions, Inc. * Sparta * Spyrus * SRA * TASC * USATREX * Xerox Merdan Group, Inc. Team Members * Advanced Data Concepts, Inc. * Management Technology Strategic Association, Ltd. _________________________________________________________________ For More Information Contact the INFOSEC Technical Support Office Ms. Nanette Chopin, COR/DPM Voice: (703) 681-1331 Fax: (703) 681-1393 E-Mail to Ms. Nanette Chopin Mr. Jim Lindou, ACOR/PM Voice: (703) 681-1333 Fax: (703) 681-1393 E-Mail to Mr. Jim Lindou Defense Information Systems Agency 5111 Leesburg Pike, Suite 100 Falls Church, Virginia 22041 _________________________________________________________________ Return to: CISS TSC Home Page DISA CISS Home Page DISA Home Page _________________________________________________________________ You can mail any questions about these documents to: Ms. Nanette Chopin You can mail any questions about the DISA server to: yorkw@ncr.disa.mil - Last revision: 16 August 1995 okonw@ncr.disa.mil _________________________________________________________________