CLARIFICATIONS / QUESTIONS - ANSWERS - 13.CAP.OP.591

Transcription

1 CLARIFICATIONS / QUESTIONS - ANSWERS - 13.CAP.OP.591 Question 1 Reference: 2.3. Proposals for Work Packages WP 4: Interim accreditation / approval to operate (IATO/ATO): "The demonstrator needs to be installed between the ATALANTA Classified Mission Network and the QHQ extension of the EOW." AP 5: Validation of the demonstrator: "The demonstrator will be installed between ACMN and the protected unclassified domain in the OHQ Northwood/UK". From our point of view, one of the two requirements might be wrong because: If the demonstrator will be installed between ACMN and the unclassified network, the IATO/ATO for an ACMN EOW - Extension cannot be used. Answer 1 In the tender specifications under 2.3 WP 4 column Details. This field must read: The demonstrator needs to be installed between the ATALANTA Classified Mission Network and the OHQ Protected Network within the EUNAVFOR OHQ. The demonstrator shall also be capable to receive a full approval to operate (ATO). Question 2 can you please clarify how you define and calculate the "Financial Score" in the Tender Specification at 4.6? Answer 2 Financial score of evaluated tenderer= price of the cheapest tender/ price of the evaluated tenderer Question 3 Could the EDA please confirm what plans, if any, it has for the IEGD system on completion of the Validation Phase? ie is it the intention that the equipment remain (in service?) at Northwood? If so, will any further support and maintenance, training, provision of documentation etc be the subject of a further contract? Answer 3: The IEGD shall remain in the OHQ after a successful validation.

2 Question 4: Is it the intention that the IEGD will remain live (in an operational context) from initial installation at Northwood until conclusion of the Validation period? If so, what level of support will be required throughout this period? Answer 4: Level of support has to be identified together with OHQ Northwood and will the probably be subject to a separate contract. Question 5: 2.9 Place of delivery/execution EDA premises and EUNAVFOR OHQ in Northwood/UK Has the EDA any preference at to which of the above locations Workshops and presentations should be held? ie can presentations/reports to the PT CIS be made at either location as chosen by the contractor and detailed in our proposal? Answer 5: Reports will be delivered to the PT CIS in Brussels. Workshops may be held in Northwood. Question 6: 2.4 Basic time lines and deliverables The demonstrator has to be validated in connecting ACMN and OHQ Protected Network within the EUNAVFOR OHQ (connectivity to Maritime Security Centre Horn of Africa (MSCHOA) Could the EDA confirm which Agency will be responsible for conducting the IATO/ATO accreditations in conjunction with the contractor? Answer 6: IATO/ATO in accordance with EU council regulations unless OHQ Northwood has separate regulations especially developed for ACMN. Question 7: 2.2 Description of the subject and scope of the contract The IEG solution shall provide the capability for an automated release of information by filtering against XML Security Labels as well as against document-specific sets of rules for structured data. If applicable, these document-specific sets of rules have to be defined by the contractor in close co-ordination with EDA and the OHQ in Northwood.

3 Can the EDA say anything else at the moment regarding the document specific set of releasibility rules that it might wish to implement? Answer 7: No further additions. Question 8: Does the target infrastructure environment provide a minimal subset of Core Services? If yes, which core services does it provide? Answer 8: yes it does (HTTPS and SMTP sure others not known) Question 9: In addition to the Information Exchange Requirement (IER) to exchange White Ship and RMP information, is there any other IER to make interoperable also Core Services or other domain specific services? Answer 9: COP is not planned to be distributed to the unclas domain. Question 10: What kind of protocols do you expect to use as Information Exchange Requirement and, in particular, for White Ship and RMP? Answer 10: not known. Has to be discussed with OHQ in Northwood Question 11: Which C2 (Command and Control) or C4-ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance) systems produces and/or consumes the information to be exchanged across the requested IEG-D? Would it be possible to have technical documentation to further investigate if optimization of IEG-D are feasible based on that information? Answer 11: : ACMN is using proprietary COTS products tailored to their needs. It is not connected to MCCIS or the EUCCIS

4 Question 12: Could you please confirm that the only needed Functional Service (or domain-specific protocols/information) are the RMP and White Ship? Answer 12: Via the IEG updates from the Internet to ACMN for MS Windows and the other COTS products need to be uploaded. Also data to be inserted into the RMP (one way) or with attachments (two way) has to be distributed. Question 13 : Since one requirement is to assure scalability and the ability to grow in the future by implementing additional services, can we assume that in the future EDA will request NATO CIA to provide the NATO NIRIS (Networked Interoperable Real-Time Information Services)? Answer 13: Not planned for the moment and depending on releasability of NATO products to all EU Member States. Question14: In order to demonstrate the capability of the product, would it be possible to count on the real networks and/or real environment and/or consistent operational recordings during the final deliverable demonstration? Answer 14: : It is planned to validate the IEG in the real environment provided IATO. Question 15: -During the intermediate meeting would it be possible to interact also with C2 systems operator in order to have the chance to make cross checks to assure coherence, data integrity and operational capabilities? Answer 15: The intermediate meeting is intended as update of pms on the ongoing work and will be conducted during the Project team CIS meeting in Brussels. Representatives of the OHQ are invited

5 Question 16: Several references are made in the Terms of Reference to paragraph for further details on specific Work Packages, but we were not able to identify such paragraph in the Tender Specifications. Is there a broken link, or was the reference intended to some of the listed EU/NATO documents and studies? And in any case, is there any further information we should receive in order to fully understand the scope and details of the requested activities? Answer 16: The documentation mentioned under references will be made available to the winning company. Question 17: -Can you provide detailed information regarding the difference in the installation environments between WP4 and WP5? In WP4: installed between the ACMN and the QHQ extension of the EOW In WP5: installed between ACMN and the protected unclassified domain in the OHQ Northwood(UK Answer 17: WP4 has to be read as The demonstrator needs to be installed between the ATALANTA Classified Mission Network and the OHQ Protected Network within the EUNAVFOR OHQ. The demonstrator shall also be capable to receive a full approval to operate (ATO). Question 18: Is there a specific version of MS Office that the deliverables should be provided in? Answer 18: No. We are using Question 19: Could the EDA please confirm what plans, if any, it has for the IEGD system on completion of the Validation Phase? ie is it the intention that the equipment remain (in service?) at Northwood? If so, will any further support and maintenance, training, provision of documentation etc be the subject of a further contract? Answer 19: It is the plan that the equipment will remain in Northwood

6 Question 20 Is it the intention that the IEGD will remain live (in an operational context) from initial installation at Northwood until conclusion of the Validation period? If so, what level of support will be required throughout this period? Answer 20: During the validation phase level 1 support might be needed on request by the OHQ A hotline shall be available during working hours. Question 21: "Normally the IEG is protected against network attacks by implementation of Firewalls and IDS/IPS. Should these Firewalls and IDS/IPS also be part of the demonstrator?" Answer 21: Yes Question 22: Is there a specific version of MS Office that the deliverables should be provided in? Answer 22: See answer 18 Question 23: Could the EDA confirm that they do need CVs in the new Europass format or will the previous EDA format suffice? Answer 23: On a best effort basis, Europass format should be proposed by the tenderer. Question 24 The following questions have arised: In chapter 2.2 of the technical specification the following applications have been mentioned: o Transfer of White shipping picture to ACMN Recognized Maritime Picture (RMP). o Transfer of software updates. o Transfer of external documents from the OHQ protected network to ACMN for distribution within OHQ and vice versa, transfer of releasable information from ACMN to the OHQ protected domain.

7 What protocols are required for above mentioned applications? Answer 24: HTTPS, SMTP, XML Question 25: In chapter 2.5 a reference to the "10.CAP.OP.07 C4I RA IEG (Command, Control, Communications, Computers, (military) Intelligence Reference Architecture for Information Exchange Gateway study" has been mentioned. Would it be possible to provide this Reference Architecture document to consider in the proposal phase? Answer 25: This RA is EU-Restricted but can be made available on request. Question 26: In chapter it has been mentioned that "staff security clearance up to and including confidential will have to be confirmed by NSA no later than one month after the deadline for tendering". This deadline has already passed. We politely request a check on correctness of this statement. Answer 26: The deadline for tendering is not passed yet. Question 27: In chapter it has been mentioned that "the tenderer possesses the appropriate experience to handle at Confidentiel UE documents, especially for the staff that would be dedicated to the project. This evidence is needed prior contract award". We assume that NATO and national clearances are transferable and accepted for this tender. Please advice. Answer 27: This assumption is correct Question 28: In chapter 2.3 (proposal for work packages) several references have been identified to chapter which does not appear in the technical specification document. Please advice. Answer 28: Some of the references are intended to provide background information, not directly linked to the project.

8 Question 29: In chapter 2.4 (basic time lines and deliverables) several references have been identified to chapter 3.2. which seems to be not logical. Answer 29: Question is not clear. There are no explicit references in 2.4 Question 30: Is it possible all reference documents (EDA studies, EU documents) before making an offer? Answer 30: negative Question 31: What kind of protocole should be used to exchange following information: White shipping picture to ACMN Recognized Maratime Picture RMP, Software updates External documents from the OHQ protected network to ACMN for distribution within OHQ and vice versa, transfer of releasable information from ACMN to the OHQ protected domain Answer 31: See answer 24 Question 32: According to accreditation process of IEGD, who will be testing IEG to certified it? What kind of laboratory? Who will pay for this? Answer 32: This will be most probably, as usual in the EU process a second party evaluation. Two national NSA will then do that. Cost are included in the overall contract price.

9 Question 33: There are a number of previous EDA studies whose deliverables shall be input to the IEGD Project. For instance, an architecture repository that was created in previous EDA studies (e.g. C4I reference Architecture EUBG). Will this repository be provided by EDA to the IEGD contractor in IBM technologic System Architect backup format(.back file) or in other format? Answer 33: The repository is still under development and will not be available at the time the contract will start Question 34: In the specification attached to the invitation to tender 13.CAP.OP.591 IEGD, there is a mismatching reference to section In particular,section is mentioned in page 12 (into the column Details of the table with WP5 proposal).however, section is missing in the specifications documents. Could this issue be clarified or corrected? Answer 34: Must read 2.2 instead of Question 35: Are following References applicable:. Reference Information Assurance Security Policy on Cryptography (IASP 2): ST 10745/11 (R-UE/EU-R) Reference Information Assurance Security Guidelines on the Application of the Policy on Cryptography (IASG 2-01): ST 12022/13 (R-UE/EU-R? Answer 35: Yes it is strongly recommended to take the above references into account. In line with ST 10745/11 (R-UE/EU- R) The use of approved cryptographic products for the information separation mechanisms is highly preferred.