INSCOM posts cloud platform RFI

On August 2, the U.S. Army Intelligence and Security Command (INSCOM) released a request for information (RFI) for an Amazon Web Service Cloud-Based Platform. Responses are due by 12:00 p.m. Eastern on August 9.

The United States Army Contracting Command‐Intelligence and Security Command (ACC‐INSCOM), is in the process of determining the acquisition strategy for cloud web software that will allow a dedicated host on the internet provide the capability of simulating adversaries during operations by utilizing commercial internet addresses as a real-world attacker hitting the Department of Defense Information Network.

The dedicated host shall have a pool of 20 noncontiguous Internet Protocol (IP) addresses to conduct operations from a dedicated virtual commercial web server. The dedicated server cannot host any other organization’s virtual machines or data, and provides isolation of any data residing on the server. This server will be utilized as an IP proxy server and must be able to meet Impact Level 4 and 5 security requirements as defined and based on the information processed.

In addition, the server must be at least moderate level under National Institute of Standards and Technology 800-53, Committee on National Security System 1253 and Federal Risk and Authorization Management Program controls.  During Vulnerability Assessment missions, the possibility exists that Personal Identifiable Information, medical data, mission data, etc. could be assessed and must be protected per Impact Level 4 security requirements.  Virtual server access from unauthorized entities could possibly allow for access to the 20 noncontiguous IPs and thus provide the possibility of being spoofed for access against the mission’s assessment target. However, no data will reside on the virtual server; all data will reside on the Government’s machines.

The Government anticipates a single award, Firm Fixed Price, One Year Contract with Four Option Years.

Review the full Army INSCOM RFI.

Source: SAM