ࡱ>  \pScott A. Stovall Ba==xxL;"8X@"1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1 Arial1$Arial1Tahoma"$"#,##0_);\("$"#,##0\)!"$"#,##0_);[Red]\("$"#,##0\)""$"#,##0.00_);\("$"#,##0.00\)'""$"#,##0.00_);[Red]\("$"#,##0.00\)7*2_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_).))_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_)"Yes";"Yes";"No""True";"True";"False""On";"On";"Off"],[$ -2]\ #,##0.00_);[Red]\([$ -2]\ #,##0.00\)$[$-409]dddd\,\ mmmm\ dd\,\ yyyy[$-409]h:mm:ss\ AM/PM                + ) , *    x@ @ x@ @   | @   `ʎFDsys EAP Requirements!  ;"ZR3 A@@   The system must have the capability to support the following industry integrity standards. " RSA Digital Signature in accordance with IETF RFC 3447. " Public Key Infrastructure (PKI). " International Telephone Union (ITU) X.509. " Public Key Infrastructure Exchange (PKIX). " Message Authentication Code (MAC). " Cyclical Redundancy Checking (CRC). " FIPS 180-2 Secure Hash Algorithm (SHA)&The system must have the capability to support the following access control standards. " Lightweight Directory Access Protocol (LDAP) Internet Engineering Task Force (IETF) Request for Comments (RFC) 2251 " International Telephone Union (ITU) X.500 " Security and Access Markup Language (SAML)1 = Meets; 0 = Does Not Meet Product Name Meeting RequirementQuestions or NotesrThe system shall provide the capability to limit security administrator s authority to assigned logical elements. 5.3.2.7 Security - Availability 5.3.2.7.1 |The system shall provide appropriate backup and redundant components to ensure availability to meet customer and GPO needs. 5.3.2.7.1.1 ~The system shall be operational in the event of disaster situations with minimal business interruption to business functions. 5.3.2.7.1.1.1 <The system shall return to normal operations post-disaster. 5.3.2.7.1.2 GThe system shall adhere to GPO s Continuity of Operations (COOP) plans.5.3.2.7.1.2.1 uThe system shall adhere to system development guidelines set forth in Office of Management and Budget Circular A-130.5.3.2.7.1.2.2 TThe system shall adhere to guidelines set forth in Federal Preparedness Circular 65. 5.3.2.7.1.3 7The system shall have appropriate failover components. 5.3.2.7.1.4 IThe system shall be operational at appropriate GPO alternate facilities. 5.3.2.7.1.5 `The system shall back up system and data at a frequency as determined by business requirements. 5.3.2.7.1.5.1 RThe system applications and data shall be backed up at off-site storage location. 5.3.2.7.1.6 OThe system shall interface with designated GPO Service Providers (e.g. Oracle). 5.3.2.7.1.7 CThe system shall maintain data integrity during backup processing. 5.3.2.7.1.8 The system shall have no restrictions that would prevent the system from being operated at a hosting vendor site, at GPO's sole discretion, at any point in the future. 5.3.2.7.1.9 The system shall have the following security capabilities to permit the system to be operated at a hosting vendor site, at GPO's sole discretion. 5.3.2.7.1.9.1 eMutually authenticated, high speed connection between GPO offices and hosting site shall be utilized.5.3.2.7.1.9.2 Encrypted connection using industry standard IPSEC Virtual Private Network (VPN) and strong (128 bit key minimum) encryption shall be utilized. 5.3.2.8 Security - Integrity 5.3.2.8.1 $Requirements for Storage Management 5.2.2.1 Storage Core Capabilities 5.2.2.1.1 qThe system shall support error-free retrieval of data to network storage at rated network speeds (e.g., 2 Gbps). 5.2.2.1.2 ZThe system shall be capable of providing a secure repository environment for all storage. 5.2.2.1.3 \The system shall provide the ability to move content into and between stores transparently. 5.2.2.2 #Networked High Performance Storage 5.2.2.2.1 Networked High Performance Storage shall have the ability to store data dynamically in high performance-high availability stores and external Content Delivery Networks (CDN) based on hit rate/criticality of content. 5.2.2.2.1.1 Networked High Performance Storage shall have the capability to manage the threshold hit rate for content to automatically move to the Network High Performance Storage. 5.2.2.2.1.2 Networked High Performance Storage shall have the capability to manage the criticality of specific content for Network High Performance Storage. 5.2.2.2.2 TThe system shall have the capability to utilize external storage Service Providers. 5.2.2.2.3 5.2.2 5.3.2 NNetworked High Performance Storage shall have record management capabilities. 5.2.2.2.7 Networked High Performance Storage shall have redundant components that will take over in the event of a hardware failure in the primary part. 5.2.2.2.7.1 mThe system shall allow the switchover to redundant components via either user action or automatic processes. 5.2.2.2.8 Networked High Performance Storage shall be able to support hot-spare standby drives (e.g. extra drives installed in the disk array that automatically come online in the event of a disk failure). 5.2.2.2.8.1 Networked High Performance Storage shall allow the switchover to redundant components via either user action or automatic in case of failure. 5.2.2.2.9 Networked High Performance Storage shall have a full-system battery backup to allow the disk array to remain operational in the event of a power outage. 5.2.2.3 'Networked Moderate Performance Storage 5.2.2.3.1 \Networked Moderate Performance Storage shall support static and dynamic storage assignment. 5.2.2.3.2 rNetworked Moderate Performance Storage shall have limited scalability (e.g., multi- tens of terabyte capacities). 5.2.2.3.3 Networked Moderate Performance Storage shall have open support (control of its resources) for a consolidated storage management back plane. gThe system shall allow for the definition and management of different levels of notification by users. 5.2.2.11.4 pThe system shall have the capability to monitor real-time performance of the system in terms of service levels. 5.2.2.11.5 The system shall have the ability to monitor data access history and evaluate appropriate storage in terms of cost and performance, in accordance with the FDsys Data Mining requirements. 5.2.2.11.6 VThe system shall have the ability to monitor health of externally hosted data stores. 5.2.2.11.7 The system shall support user configurable RAID levels. (e.g., the ability to configure storage RAID levels in the field without vendor intervention). 5.2.2.12 Storage - Preventive Action 5.2.2.12.1 The system shall have the ability to have automated preventative actions configured to allow critical failures from causing data loss. 5.2.2.12.2 nThe system shall have the ability to allow hot swapping of components should a failure condition be detected. 5.2.2.12.3 ZThe system shall have the ability to dynamically move data to improve system performance. 5.2.2.12.4 The system shall be able to execute non-disruptive microcode updates or replacements or the ability to update or replace the RAID controller microcode without having to shut down the disk array. 5.2.2.13 Storage - Data Integrity 5.2.2.13.1 3The system shall allow for securing of partitions. 5.2.2.13.2 6The system shall allow encryption of logical content. 5.2.2.13.3 VThe system shall have the capability to limit access to data via role-based security. 5.2.2.14 Storage - Allocation 5.2.2.14.1 The system shall support the management of heterogeneous storage architectures (e.g. direct attached storage (DAS), network attached storage (NAS), storage area network (SAN)). 5.2.2.14.2 The system shall have capability to have conditional thre< sholds customized to allow automated reallocation of storage to meet application needs. 5.2.2.14.3 `The system shall be able to allocate any compliant serial drive, and near-line storage devices. 5.2.2.14.4 The system shall allow both manual and automated compression of data at various compression levels for infrequently accessed data. 5.2.2.14.5 MThe system shall be able to immediately allocate newly added storage assets. Requirements for Security 5.3.2.1 &Security - System User Authentication 5.3.2.1.1 \The system shall have the capability to authenticate users based on a unique user identity. 5.3.2.1.1.1 BThe system shall authenticate system and security administrators. 5.3.2.1.1.1.1 >The system shall support user ID and password authentication. 5.3.2.1.1.1.2 The system shall support a configurable minimum password length parameter, settable by authorized system administrators. The minimum value allowable for this parameter is eight (8). 5.3.2.1.1.1.3 The system shall permit stronger authentication techniques to be used for system and security administrators (such as longer and/or more complex passwords, public key certificate, and token based authentication). 5.3.2.1.2 YThe system shall permit users to create a unique user identity for access to the system. 5.3.2.1.2.1 yThe system shall enforce uniqueness of user identity. No two users shall be allowed to use the exact same user identity. 5.3.2.1.2.2 The system shall be capable of Identity Management system functionality to facilitate provisioning of user identities for users and system administrators. 5.3.2.1.2.2.1 The system shall be capable of Identity Management system functionality to provide users and system administrators with one single interface and control point for provisioning and managing user identities. 5.3.2.1.2.3 [A user shall only be allowed to manage attributes associated with their own user identity. 5.3.2.1.3 JThe system shall display a message to users if they fail to authenticate. 5.3.2.1.4 rThe system shall permit access to a default workbench for public End Users, which does not require them to login. 5.3.2.1.5 NThe system shall verify the identity and authority of the Content Originator. 5.3.2.2 Security - User Access Control 5.3.2.2.1 mThe system shall have the capability to arbitrate access based on a role-based access model driven by policy. 5.3.2.2.1.1 `The system shall permit authorized system administrators to create and assign customized roles. 5.3.2.2.1.1.1 MThe system shall provide access control limitations to support data mining . 5.3.2.2.1.2 The system shall allow authorized system administrators to assign and customize roles for access to system data objects and transactions. 5.3.2.2.1.3 cThe system shall allow the use of standards based LDAP technology for the role based access model. 5.3.2.2.2 'The system shall manage user accounts. 5.3.2.2.3 AThe system shall provide the capability to create user accounts. 5.3.2.2.3.2 The system shall provide the capability to create group accounts. This will allow individual users to log into the system but provide access to an entire group of users. 5.3.2.2.4 AThe system shall provide the capability to access user accounts. 5.3.2.2.5 AThe system shall provide the capability to delete user accounts. 5.3.2.2.6 BThe system shall provide the capability to suspend user accounts. 5.3.2.2.7 OThe system shall provide the capability to reactivate suspended user accounts. 5.3.2.2.8 OThe system shall provide the capability for the renewal of user registrations. 5.3.2.2.9 >The system shall have the capability to expire user accounts. 5.3.2.2.10 LThe system shall provide the capability for users to cancel their accounts. 5.3.2.2.11 WThe system shall provide the capability for users to update their account information. 5.3.2.2.12 zThe system shall provide a means to ensure that users cannot view or modify information of other users unless authorized. 5.3.2.2.13 VThe system shall securely store personal information (e.g. user names and passwords). 5.3.2.2.14 jThe system shall provide the capability for authorized users to manage (add, modify, delete) information. 5.3.2.2.15 XThe system shall have the capability to provide secure interfaces for FDsys operations. 5.3.2.3 .Security - Capture and Analysis of Audit Logs 5.3.2.3.1 FThe system shall keep an audit log of all transactions in the system. 5.3.2.3.1.1 5.3.2.3.1.2 5.3.2.3.1.3 fAudit logs shall contain additional data fields where binary data can be displayed in bytes or words. 5.3.2.3.1.4 ZThe system shall maintain a system log containing events logged by the system components. 5.3.2.3.1.4.1 IThe system shall allow system logs to be viewed by all authorized users. 5.3.2.3.1.5 The system shall maintain a security log containing valid and invalid logon attempts as well as events related to resource use, such as creating, opening, or deleting files or other objects. 5.3.2.3.1.5.1 KThe system shall allow security logs to be viewed by all authorized users. 5.3.2.3.1.6 WThe system shall maintain an application log containing events logged by applications. 5.3.2.3.1.6.1 OThe system shall allow applications logs to be viewed by all authorized users. 5.3.2.3.1.7 OThe system shall have an Audit Log manager for system administrator functions. 5.3.2.3.1.7.1 )The Audit Log manager must be searchable. 5.3.2.3.1.8 KThe system shall have the capability to reconstruct complete transactions. 5.3.2.3.1.9 LThe system shall keep an audit log of user ordering (request) transactions. 5.3.2.3.1.10 JThe system shall keep an audit log of system administration transactions. 5.3.2.3.1.11 KThe system shall keep an audit log of security administrator transactions. 5.3.2.3.1.12 <The system shall keep an audit log of system access rights. 5.3.2.3.1.13 >The system shall keep an audit log of preservation processes. 5.3.2.3.1.14 ]The system shall keep an audit log of deposited, harvested and converted content activities. 5.3.2.3.1.15 NThe system shall keep an audit log of Content Originator ordering activities. 5.3.2.3.1.16 IThe system shall keep an audit log of content authentication activities. 5.3.2.3.1.17 BThe system shall keep an audit log of version control activities. 5.3.2.3.1.18 =The system shall keep an audit log of cataloging activities. 5.3.2.3.1.19 QThe system shall keep an audit log of support activities (e.g., support status). 5.3.2.3.1.20 4The system shall keep an audit log for data mining. 5.3.2.3.2 JThe system shall have the capability to maintain integrity of audit logs. 5.3.2.3.2.1 IIt shall not be possible for users to adjust the data in the audit logs. 5.3.2.3.2.2 :The system shall detect user attempts to edit audit logs. 5.3.2.3.3 EThe system shall keep an audit log of attempts to access the system. 5.3.2.3.3.1 PThe system shall keep an audit log of any detected breaches of security policy. 5.3.2.3.4 yThe system shall keep and store audit logs (e.g. audit trails) and utilize records management processes on these stores. 5.3.2.3.4.1 IThe system shall save audit logs as specified in GPO Publication 825.33. 5.3.2.4 Security - User Privacy 5.3.2.4.1 The system shall support the capability of maintaining user privacy in accordance with GPO s privacy policy and Federal privacy laws and regulations. 5.3.2.4.1.1 LThe system shall conform to guidelines set forth in GPO Publication 825.33. 5.3.2.4.1.2 kThe system shall support compliance outlined in Title 5 USC Sec. 552a (Records maintained on individuals). 5.3.2.4.1.3 _The system shall support the capability of maintaining access privacy (e.g., Search, Request). 5.3.2.4.1.4 ^The system shall support the capability of maintaining support < privacy (e.g., user identity). 5.3.2.4.1.5 \The system shall support the capability of maintaining Content Originator ordering privacy. 5.3.2.4.1.6sThe system shall provide measures that preclude a single authorized administrator from listing a end user s orders.5.3.2.5 Security - Confidentiality 5.3.2.5.1 fThe system shall support the capability of maintaining confidentiality of user data (e.g., passwords). 5.3.2.5.1.1 The system shall have the capability to provide confidentiality of user data, including user authentication data exchanged through external interfaces.5.3.2.5.1.1.1 tFIPS certified encryption algorithms shall be used to provide confidentiality. Triple DES or AES shall be supported.5.3.2.5.1.1.2 MFor symmetric encryption, 128 bit keys are the minimum key length to be used. 5.3.2.5.1.2 The system shall have the capability to provide confidentiality of user data, including user authentication data stored within the system (e.g., passwords). 5.3.2.5.2 The system shall support the capability of maintaining confidentiality of sensitive content in accordance with NIST and FIPS requirements for Sensitive But Unclassified (SBU) content. 5.3.2.5.2.1 The system shall provide a method of encrypting FDsys content and system data, when required by authorized system administrators.5.3.2.6 Security Administration 5.3.2.6.1 The system shall provide an administrative graphical user interface to perform user administration and security administration. 5.3.2.6.2 xThe system shall have the capability for authorized security administrators to set and maintain system security policy. 5.3.2.6.2.1 System security policy parameters shall include, but not be limited to the following: " authorized user and administrator authentication methods " minimum password lengths " authorized encryption algorithms 5.3.2.6.3 The system shall provide the capability for authorized security administrators to monitor system security policy settings and policy enforcement. 5.3.2.6.4 The system shall provide the capability to define tasks that require more than one authorized administrator to perform (e.g., setting or changing critical system security policies, two person integrity (TPI)). 5.3.2.6.4.1 The system shall provide the capability to support separation of functions between system administrators, policy makers, security administrators and auditors. 5.3.2.6.4.2 The system shall provide the capability to partition security administration into logical elements such that security administrators can be assigned accordingly. 5.3.2.6.4.3 Identifier or Section NumberFDsys Requirements Text Requirements for System, General1.2.1 OThe system shall provide for the use of internal and external open interfaces. 1.2.1.1 The system may provide for the use of proprietary interfaces only when open interfaces are not available or do not meet system requirements.1.2.2 The system shall provide an architecture that allows preservation of content independent of any specific hardware and software that was used to produce them. 1.2.3 The system shall use plug-in components that can be replaced with minimal impact to remaining components as workload and technology change. 1.2.4 The system shall accommodate changes in hardware, software, communication technology, processes, policy, personnel, locations, etc. without requiring major re-engineering or design changes. 1.2.5 The system shall be capable of accommodating growth and managing differing sizes of repositories and ever increasing volumes of content. 1.2.10 <The system shall be available for use at all GPO locations. 1.2.11 IThe system shall have the capability to support 20,000 concurrent users. 1.2.12 {The system shall have the capability to support an overall sustained weekly average uptime greater than or equal to 99.0%. 1.2.12.1 The system shall have the capability to support a sustained weekly average uptime for peak periods greater than or equal to 99.7%. Peak time periods include all times with the exception of midnight to 6 am Eastern Time on Saturday and midnight to 6 am on Sunday. 1.2.12.2 The system shall have the capability to support uptime for off-peak time periods greater than or equal to 90%. Off-peak times may be changed as needed to provide Congress the appropriate level of service. 1.2.13 The system shall have the capability to have a response time to deliver digital services on a sustained weekly average of less than 2 Seconds.Networked High Performance Storage shall have the capability to support direct application access with latency in application performance less than 1 second. 5.2.2.2.4 vNetworked High Performance Storage shall be able to support automated fail-over without buffer application data loss. 5.2.2.2.5 \Networked High Performance Storage shall operate reliably to allow less than 0.1% downtime. 5.2.2.2.6 5.2.2.3.4 `Networked Moderate Performance Storage shall operate reliably to allow less than 0.2% downtime. 5.2.2.3.5 Networked Moderate Performance Storage shall have the capability to support direct application access with latency in application performance less than 3 seconds.5.2.2.4 "Low Criticality- Low Cost Storage 5.2.2.4.1 eLow Criticality - Low Cost Storage shall support low cost devices (e.g., Serial ATA storage drives). 5.2.2.4.2 dLow Criticality - Low Cost Storage shall allow central control and allocation of storage resources. 5.2.2.4.3 MLow Criticality - Low Cost Storage shall allow RAID 0 thru 5 configurations. 5.2.2.4.4 ILow Criticality - Low Cost Storage shall allow scaling and partitioning. 5.2.2.4.5 XLow Criticality - Low Cost Storage shall operate reliably with less than 0.3% downtime. 5.2.2.5 Failover Storage 5.2.2.5.1 eFailover Storage shall have a fault tolerance-system able to survive local environmental casualties. 5.2.2.5.2 Failover Storage shall be able to reconstitute and switch-over to alternate systems at a remote site in the event of local catastrophic damage. 5.2.2.5.2.1 |Failover Storage shall allow the switchover to redundant components via either user action or automatic in case of failure. 5.2.2.5.3 ;Failover Storage shall allow RAID 0 thru 5 configurations. 5.2.2.5.4 Failover Storage shall support alternate pathing (e.g., ability to automatically switch between input/output (I/O) paths in the event of a failure in one of the paths). 5.2.2.6 Backup Retrieval Media Storage 5.2.2.6.1 mBack-up Retrieval Media Storage shall be able to accomplish periodic backup on mass removable storage media. 5.2.2.6.1.1 WBack-up Retrieval Media Storage shall allow users to manage periodic backup schedules. 5.2.2.6.1.2 gBack-up Retrieval Media Storage shall allow backups on multiple types of mass removable storage media. 5.2.2.6.2 Back-up Retrieval Media Storage shall be able to accomplish a full back-up of all critical data in less than six hours or scheduled periodically over 24 hours. 5.2.2.6.2.1 ^Back-up Retrieval Media Storage shall allow users to manage which data is listed as critical. 5.2.2.6.2.2 QBack-up Retrieval Media Storage shall allow users to manage the backup schedule. 5.2.2.6.2.3 SBack-up Retrieval Media Storage shall not interfere with current system processes. 5.2.2.6.3 Back-up Retrieval Media Storage shall have battery backed-up cache (e.g., battery power that protects any data that happens to be in cache at the time of a power interruption). 5.2.2.6.4 Back-up Retrieval Media Storage shall support mirrored cache (e.g., the process of mirroring the write data in cache as a further method of data protection). 5.2.2.6.4.1 yBack-up Retrieval Media Storage sha< ll allow users to manage which data should be mirrored and where it should be stored. 5.2.2.6.5 Back-up Retrieval Media Storage shall have cache or disk scrubbing (e.g., a method of proactively testing data for errors even when the cache or disk is inactive, so that problems can be detected before they can disrupt data flow). 5.2.2.6.5.1 pBack-up Retrieval Media Storage shall allow users the ability to both schedule and manually scrub disks/caches. 5.2.2.6.6 Back-up Retrieval Media Storage must be able to support remote mirroring, or the process of copying data to a second disk array, often housed in a separate location from the originating disk array. 5.2.2.7 Mid-term Archival Storage 5.2.2.7.1 nMid-term Archival Storage shall have off-line storage and indexing capability for 100's of Terabytes of data. 5.2.2.7.2 |Mid-term Archival Storage shall preserve data integrity and quality for no less than 10 Years in a data center environment. 5.2.2.8 %Long-term Permanent Archival Storage 5.2.2.8.1 yLong-term Permanent Archival Storage shall have off-line storage and indexing capability for multiple Petabytes of data. 5.2.2.8.2 qLong-term Permanent Archival Storage shall have a remote storage site over 600 miles from the main GPO facility. 5.2.2.8.3 Long-term Permanent Archival Storage site must preserve physical data integrity and quality for no less than 100 Years under controlled storage conditions (e.g., 70 F, 60% Humidity). 5.2.2.9 Functional Data Storage 5.2.2.9.1 Work In Progress (WIP) Storage 5.2.2.9.1.1 >WIP Storage shall contain Networked High Performance Storage. 5.2.2.9.1.2 5WIP Storage shall contain Mid-term Archival Storage. 5.2.2.9.1.3 ,WIP Storage shall contain Failover Storage. 5.2.2.9.1.4 ;WIP Storage shall contain Back-up Retrieval Media Storage. 5.2.2.9.1.5 5WIP Storage shall contain both content and metadata. 5.2.2.9.2 #Archival Information Storage (AIS) 5.2.2.9.2.1 :AIS shall contain Networked Moderate Performance Storage. 5.2.2.9.2.2 8AIS shall contain Long-term Permanent Archival Storage. 5.2.2.9.2.3 $AIS shall contain Failover Storage. 5.2.2.9.2.4 3AIS shall contain Back-up Retrieval Media Storage. 5.2.2.9.2.5 5AIS shall exist in isolation of other system stores. 5.2.2.9.2.6 AIS content must remain free from corruption and remain accessible as GPO undergoes changes in information technology and infrastructure. 5.2.2.9.2.7 -AIS shall contain both content and metadata. 5.2.2.9.3 Access Content Storage (ACS) 5.2.2.9.3.1 6ACS shall contain Networked High Performance Storage. 5.2.2.9.3.2 :ACS shall contain Networked Moderate Performance Storage. 5.2.2.9.3.3 6ACS shall contain Low Criticality - Low Cost Storage. 5.2.2.9.3.4 -ACS shall contain Mid-term Archival Storage. 5.2.2.9.3.5 8ACS shall contain Long-term Permanent Archival Storage. 5.2.2.9.3.6 $ACS shall contain Failover Storage. 5.2.2.9.3.7 3ACS shall contain Back-up Retrieval Media Storage. 5.2.2.9.3.8 -ACS shall contain both content and metadata. 5.2.2.9.4 Business Process Storage (BPS) 5.2.2.9.4.1 6BPS shall contain Networked High Performance Storage. 5.2.2.9.4.2 :BPS shall contain Networked Moderate Performance Storage. 5.2.2.9.4.3 6BPS shall contain Low Criticality - Low Cost Storage. 5.2.2.9.4.4 -BPS shall contain Mid-term Archival Storage. 5.2.2.9.4.5 8BPS shall contain Long-term Permanent Archival Storage. 5.2.2.9.4.6 $BPS shall contain Failover Storage. 5.2.2.9.4.7 3BPS shall contain Back-up Retrieval Media Storage. 5.2.2.10 Storage System Standards 5.2.2.10.1 The system shall integrate with Unix and Windows based Directory Services (Lightweight Directory Access Protocol, Active Directory), and role based access. 5.2.2.10.2 The system shall support multiple file systems including but not limited to: Windows XP Filesystem, Linux File System, SunOS File System, Solaris Filesystem, Apple, FAT, FAT32, VFAT, NTFS, HPFS, EXT2. 5.2.2.10.3 qThe system shall utilize common Redundant Array of Independent Disks (RAID) Disk Data Format (DDF) architecture. 5.2.2.10.4 hThe system shall conform to common protocols, including but not limited to: Apple File Protocol (AFP), Network File System (NFS), SMB and CIFS protocols, Simple Network Management Protocol (SNMP), Internet Small Computer Systems Interface (iSCSI), Internet Fibre Channel Protocol (iFCP), Fibre Channel over IP (FCIP), Serial across SCSI (SAS), and Serial ATA. 5.2.2.10.5 The system shall allow interaction with management information bases (MIB) via SNMP, and must conform to or interoperate within Object-based Storage Device (OSD) specification. 5.2.2.10.6 cThe system storage shall support ANSI INCITS 388-2004 Storage Management Initiative Specification. 5.2.2.10.7 KThe system back-up tapes shall conform to Linear Tape-Open (LTO) standard. 5.2.2.11 Storage - Monitoring 5.2.2.11.1 dThe system shall have the capability to be monitored for real-time health of the system components. 5.2.2.11.2 yMonitoring shall have the capability to have conditional thresholds customized to allow timely preventative maintenance. 5.2.2.11.3 The system shall have the ability to send alerts to users via multiple channels should a performance problem, failure condition or impending failure be detected. 5.2.2.11.3.1 vThe system shall send notifications including but not limited to notifications on appropriate user screen and e-mail. 5.2.2.11.3.2 `The system shall have the capability to assure integrity of business process information (BPI). 5.3.2.8.2 zThe system shall check content for malicious code (e.g., worms and viruses) prior to ingest to maintain system integrity. 5.3.2.8.2.1 gIf malicious code is detected in content, it shall be placed into a quarantine area for GPO inspection.5.3.2.9 Security Standards 5.3.2.9.1 5.3.2.9.2 5.3.2.9.3 WAudit logs shall contain logged events which each contain: " Date - The date the event occurred. " Time - The time the event occurred. " Source - The software module that logged the event, which can be either an application name or a component of the system or of a large application, such as a service name. " Category - A classification of the event by the event source. " Type - A classification of the event severity: Error, Information, or Warning in the system and application logs; Success Audit or Failure Audit in the security log. " Event - A number identifying the particular event type.Audit logs shall contain a description of the event containing the following: " User - The user name of the user on whose behalf the event occurred. " System Name - The name (IP address and DNS name) of the system on which the event occurred. " Error - Significant problems, such as a loss of data or loss of functions. " Warning - Events that are not necessarily significant, but that indicate possible future problems. " Information - Infrequent significant events that d<rescribe successful operations of major server services. " Success Audit - Audited security access attempts that were successful. " Failure Audit - Audited security access attempts that failed.The system must have the capability to support the following confidentiality standards. " FIPS 197 Advanced Encryption Standard (AES) " ANSI X9.52 Triple Data Encryption Standard (TDES) " Secure Sockets Layer (SSL) / Transport Layer Security (TLS)  gso  xxg?$ u%"+$&'):+}-0Y1 93| 4 6 7-9:<-v>?9A|BC>EGsIKN/OS ?U^ WY\^f`ac yeagXjSVlQnopq s t u v !wyF|A}pkcc.  0ĥy Q)q  dMbP?_*+%M\\wkmprn1\r5_a114h_pac@S odXXLetterPRIV0''''|\KhCc)|IUPHdLetter [none] [none]Arial4Pd?JFAURE<Automatic> Default Print Settings EXCEL.EXE"d??U} I } +} m #Identifier or Section Number4t"t         3 4   ~ ^@ 5  6 7  8 9  B C  D E  F G  H I  J K  L M  : ;  < =  > ?  @ A  ? +  , -  . /  0 1  2 3                                        DlF,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, !"#$%&'()*+,-./0123456789:;<=>?  T  !U !V ! "W "X " #Y #Z # $[ $\ $ %] %^ % &_ &` & 'a 'b ' (c (d ( )e )f ) *g *h * +i +j + ,k ,l , -m -n - .o .p . /q /r / 0s 0t 0 1u 1v 1 2w 2x 2 3y 3z 3 44 45 4 56 57 5 68 69 6 7: 7; 7 8< 8= 8 9> 9N 9 :O :P : ;Q ;R ; <S <A < =B =C = >D >E > ?F ?G ?Dl,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ @H @I @ AJ AK A BL BM B CN CO C DP DQ D ER ES E FT FU F GV GW G HX HY H IZ I[ I J\ J] J K^ K_ K L` La L Mb Mc M Nd Ne N Of Og O Ph Pi P Qj Qk Q Rl Rm R Sn So S Tp Tq T Ur Us U Vt Vu V Wv Ww W Xx Xy X Yz Y{ Y Z| Z} Z [~ [ [ \ \ \ ] ] ] ^ ^ ^ _ _ _Dl,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,`abcdefghijklmnopqrstuvwxyz{|}~ ` ` ` a a a b b b c c c d d d e e e f f f g g g h h h i i i j j j k k k l l l m m m n n n o o o p p p q q q r r r s s s t t t u u u v v v w w w x x x y y y z z z { { { | | | } } } ~ ~ ~   Dl,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                            @ {  | }  ~                                                              Dl,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                                                                                                Dl,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                                                                                               !  " #  $ % Dl,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,  & '  ( )  * +  , -  . /  0 1  2                                           !  " #  $ %  & '  ( )  *                    Dl,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, (  R  C ]F! d lZR  C ]F!  lZR  C ]F!@  d WZR   C ]F !  d WZR   C ]F !8  d W>F@ GGG 7 Oh+'0@HTp .Scott A. StovallMicrosoft Excel@9)@qa՜.+,0 PXd lt| . FDsys EAP Requirements  Worksheets  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvxyz{|}~Root Entry FWorkbookSummaryInformation(wDocumentSummaryInformation8Root Entry F%3WorkbookSummaryInformation(wDocumentSummaryInformation8L՜.+,D՜.+, PXd lt| . FDsys EAP Requirements  Worksheets4 $,   !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvxyz{|}~