Encryption Software for Email Containing Controlled Unclassified Information
REQUEST FOR INFORMATION (RFI)
Development and Implementation of an Encryption Program for Inbound and Outbound Email Containing Controlled Unclassified Information (CUI)
This Request for Information is for planning purposes only and is being used solely as a market research tool in accordance with FAR Subpart 10.002(b). This is not a Request for Proposal (RFP), nor a Request for Quotation (RFQ), nor an announcement of a solicitation. Response is strictly voluntary and the Government will not provide any reimbursement for any response for the effort expended in the preparation of a response by any vendor. Submission of a response to this RFI notice will not affect any potential offeror's ability to submit a quotation/proposal in the future should funding becomes available and a solicitation is issued. There is no solicitation document associated with this post. There is no obligation on the part of the Government to acquire any product or service as a result of this RFI.
Introduction and Background
The USITC's mission is to: (1) administer U.S. trade remedy laws within its mandate in a fair and objective manner; (2) provide the President, the United States Trade Representative (USTR), and Congress with independent, quality analysis, information, and support on matters relating to tariffs and international trade and competitiveness; and (3) maintain the Harmonized Tariff Schedule of the United States. As part of the USITC's mission, the Commission conducts antidumping and countervailing duty (AD/CVD) investigations under title VII of the Tariff Act of 1930, as well as fact-finding studies conducted under the Tariff Act of 1930.
Purpose
The purpose of the RFI is to gather information from industry to improve the U. S. International Trade Commission's (USITC) understanding of market capabilities and to identify vendors capable of providing support and consulting services.
The USITC has an obligation to protect Controlled Unclassified Information (CUI) from unauthorized disclosure or modification. As such, the USITC is interested in commercial software package(s) that will allow it to transparently encrypt inbound and outbound email containing CUI and, if possible, to accept inbound transmission/delivery of large electronic files/documents containing CUI.
The email encryption package will provide seamless, secure, and transparent encryption of emails between the USITC and U.S. and foreign parties in industry, academia, and government. It is required that CUI included in either the body of the email thread or the attachment is secured during two-way acceptance and generation of encrypted emails between USITC staff and third parties. Additional functionality would include the ability to accept inbound large electronic documents (multiple terabytes in size) through a document portal, either through the email encryption package or through a separate package that might be integrated with the encryption package.
The information provided in response to this RFI will broaden the USITC's knowledge base, allowing it to assess the availability of commercial encryption software and document transfer portals and assess the tradeoffs and alternatives available for determining how best to proceed.
Objectives
The overall objective of this effort is to implement email encryption software accessible to all USITC staff and, if possible, a portal for inbound transmission of large documents to individual USITC Offices. The anticipated project's ultimate goal is to increase the efficiency and effectiveness of its work processes.
The specific objectives of this effort are:
Enhancing current USITC procedures for safeguarding inbound and outbound CUI transmitted via email, including encryption of outbound emails and up to ten attachments per email (up to 50 MB), as well as any responses and additional attachments.
•· Efficient inbound collection of large electronic documents containing CUI (multiple terabytes in size) through a document portal.
•· Reduction in the time and resources needed to balance safeguarding CUI with data collection, entry, validation, updating, analysis, and presentation.
•· Improvement in the ease of creation, modification, and updating of data tables, data download, and data reconciliation.
•· A team-oriented exchange of data while maintaining real-time data access and overall data integrity with date/time stamps and access logs, as well as the ability to archive such email exchanges and the ability to retrieve from the archives.
This process is taking place in an Information Technology environment that is transitioning from one that has been driven by individual Office needs into a more unified and simplified IT environment that greatly reflects broader agency needs. Best practices and recommendations must allow for the USITC's focused, but gradual, transition in technology, process, and culture.
Microsoft Office products are part of all user software profiles. Staff currently uses multiple individually developed database and analysis tools, with a variety of approaches to organizing, storing, and reconciling data. The current process by which data moves from the beginning stage to final staff reports involves several steps. It is characterized by overlapping areas of responsibility and use within the Commission during which time the data are continuously updated and augmented, and requires substantial direct involvement from USITC investigative, statistical, and support staff.
Considerations
The following should be considered when assessing and recommending applications and solutions. The recommended application(s)/solution(s) must be Commercial Off-the-Shelf technology and ideally should:
Address staff analytical/transmission needs (including a user interface for correcting data) and legal, record-keeping needs.
•· Allow multiple USITC staff to simultaneously update/access data from different locations.
•· Be user-friendly and intuitive, covering a wide range of skill levels; not be overly complex or technical; and allow staff to respond with speed, flexibility, and transparency.
•· Be portable and remotely accessible (e.g., allows use of mobile devices for encrypted email access/transmission and secure viewing/editing of encrypted attachments).
•· Include training and support, including by phone.
•· Include the ability for any electronic transmissions (whether individual emails or threads) to be printed and/or reproduced in a PDF format.
•· Integrate with existing USITC infrastructure, presently Windows 7 and Redhat Linux 6.x.
•· Meet USITC security requirements (e.g., must conform to FIPS 140-2; must be FedRAMP compliant if cloud-based; must comply with all applicable Federal laws and standards regarding information security; and must demonstrate encryption capability if audited).
•· Have the following encryption features:
•o Occurs transparently among USITC staff and with external recipients (e.g., doesn't require transfer of keys/certificates or recipient's installation of local client software).
•o Occurs at rest and in transit.
•o Allows different types of attachments to be encrypted (e.g., Word, PDF, Excel).
•o Allows external recipients to initiate encrypted emails/attachments to USITC staff.
•· Allow for two-way internal/external multi-party communications.
Allow for time-efficient large email distributions (200-10,000 external recipients).
•· Limit recipients' ability to forward emails/attachments to non-intended recipients (i.e., to those other than within the USITC or the recipient's domain).
•· Operate without imposing additional costs on recipients.
•· Work with multiple, standard browsers (e.g., MS Internet Explorer, Mozilla Firefox, or Google Chrome) and MS Outlook 2010 and above.
•· Allow USITC staff to maintain version control of transmitted information/documents (e.g., USITC staff should be alerted if newer versions of documents are uploaded/emailed and should be able to identify successive versions of documents that are uploaded/emailed).
How to Respond
Interested organizations responding to this RFI may provide a Capabilities Statement or other relevant information regarding the organization's capabilities as they relate to the information contained herein. All responses should include the following information:
•· Company name and address and website
•· Company business size, socio-economic status
•· Any contracts the organization currently holds (GSA Schedule, NASA SEWP, etc.),
•· DUNS Number and Commercial and Government Entity (CAGE) Code
•· Point-of-Contact name, position, telephone number and e-mail address
•· Organizational experience and technical capabilities of the organization which meets the stated objectives.
•· An overview of the leading two to four solution options your firm would recommend that take into account current USITC practices, environment, and ultimate objectives.
•o Provide associated costs/benefits and advantages/disadvantages of each identified option.
•o Describe the migration strategy that incorporates USITC transition issues identified above for each identified option.
•· Concerns that should be considered by the USITC as part of any potential solicitation.
Interested organizations may submit a response to this RFI, with the information requested above, and any other applicable information, on or before 2:00 p.m., E.T. Monday, July 10, 2017. Please submit all documentation to the USITC, Office of Procurement, 500 E Street, S.W., Washington, D.C. 20436, or send via email, in PDF or WORD format, to ian.quillman@usitc.gov, and debra.bridge@usitc.gov. Please include in the subject line of the email RFI - EMAIL ENCRYPTION SOFTWARE.
Organizations are discouraged from submitting any information deemed proprietary. However, if elected to submit proprietary information, sources bear sole responsibility for marking said information as such to ensure appropriate safeguarding by the Government. The Government shall not be held liable for any damages incurred if proprietary information is not properly identified. All submissions become the property of the Government and will not be returned.
< End >
Ian H. Quillman, Contracting Officer, Phone 2022053431, Email ian.quillman@usitc.gov - Debra M. Bridge, Contracting Officer, Phone 2022052004, Email debra.bridge@usitc.gov
