STANDARD FEATURES
System Administration (SA): IBM Linux on System z technical support including, but not limited to, the following. DISA will:
- Tune the OS.
- Monitor system logs: DISA provides auditing services of operating system level log files via the Log Aggregation-Single Service Environment (LA-SSE) program. LA-SSE provides automated auditing and notification of events identified as warranting investigation per established cyber assurance threat signature patterns. Signature patterns and criticality of events are determined by DISA cyber assurance and DISA subject matter experts. LA-SSE provides capability for immediate notification as well as historical recaps of auditable events. Actionable events are escalated to the Global Service Desk monitoring views and routed to appropriate command and control (C2) groups for action. C2 assignees determine if an audit event warrants notification to the mission partner cyber assurance group for informational purposes and action. Historical notifications are routed to the DISA site security element for informational purposes and pattern/trending analysis.
- Install software and associated patches.
- Provide after-hours support for incidents and authorized service interruptions (ASIs).
- Configure and manage replication and/or cluster environment software.
- Provide performance management.
- Assist vendor as required during troubleshooting/hardware repair.
- Schedule backups for file systems.
- Coordinate with application/database/storage/web administration.
- Review backup reports daily.
- Manage file systems.
- Update technical leads and management on incidents or incident status.
- Work with service desk personnel.
- Manage and update assigned tickets (Information Technology Service Management [ITSM]/Global Trouble Management System [GTMS]).
- Provide system and component information for data calls.
- Document and obtain approval for all changes.
- Develop/maintain system recovery plans.
- Coordinate with other support entities as required.
- Ensure Enterprise System Management (ESM) tools are installed and configured.
- Monitor production systems.
- Secure the OS.
- Implement CyberCom Communications Tasking Order (CTO)/Fragmentary Order (FRAGO)/Information Operations Conditions (INFOCON) requirements.
- Resolve vulnerability scan results.
- Perform annual Security Readiness Reviews (SRRs).
- Participate in audits for partner/site accreditation.
- Create and update plan of action and milestones (POA&Ms).
- Manage user accounts at the OS level.
- Ensure admin/root passwords are changed/maintained.
- Manage certificates.
- Perform root cause analysis for problem management.
Security:
- DISA's DECCs benefit from the high level of physical security afforded by their location on military installations. DISA also provides a superior information assurance (IA) environment. In the transition to the DoD IA Certification and Accreditation Process (DIACAP), DISA has accepted Inherited Controls for a wide range of IA responsibilities and functions.
Data Communications:
- This covers the communications infrastructure – the hardware, software, firmware, and labor – that allows our partners' users around the nation and the world to connect to the partners' data and DISA's computers. Once the request for information leaves the user's locale (base, office building, home, etc.), DISA will handle the traffic and expedite the response back to the user.
ESM Software:
- These are the tools DISA uses to monitor the health and well-being of our partners' information systems and data and to manage problems when, or before, they occur. ESM software alerts DISA when conditions are favorable for problems to occur, so DISA can ensure the appropriate technicians are available to resolve any potential problems before they occur.
Level 2 Service Desk Support
Storage:
- Storage in the IBM Linux on System z computing environment consists of SAN LUNs with backup to tape and the associated communication infrastructure.
Assured Computing/IT Service Continuity:
- Our partners who purchase Linux on System z with unclassified processing will receive, at no additional charge if using rate-based billing, the use of a shared Continuity of Operations (COOP) processor at a remote site for disaster recovery. In addition, the storage infrastructure required for data replication and utilizing the Assured Computing Environment (ACE) will automatically be assigned to the partner for use at the recovery site. The normal charges for this storage service will apply. The end result is that our partners will be protected by the COOP/Service Continuity program through documented recovery procedures and pre-positioned infrastructure and will automatically gain access to the DISA COOP exercise program.
Mainframe Internet Access Portal (MIAP):
- The partner's access into mainframe computing
Capacity Management:
- Capacity reporting is used to monitor and validate system resource trends. DISA collects and retains this usage data to use in the analysis of current and projected resource consumption. With this information, decisions about system capacity changes can be made proactively and economically.
OPTIONAL FEATURES
Because all our partners require different levels of support, DISA provides choices from the following supplemental features. Each feature has its own set of rates, priced per OE on the Linux on System z platform. However, if a partner has a uniquely large workload, DISA will work with the partner to develop an agreeable labor support cost method outside of these rates. Optional features include:
Database Administration (DBA):
- These rates consist of (1) the labor costs of the database administrator support for any database management systems that run on Linux platforms and (2) the costs of database management tools that improve their productivity. An example of the latter is the Oracle Management Packs, which automate or simplify many labor-intensive tasks. The following list identifies some of the functions that DISA database administrators perform on our partners' behalf:
- Tune the database
- Monitor database logs
- Install software and associated patches
- Install database and patches
- After hours support for incidents and ASIs
- Configure and manage replication and/or cluster environment software
- Performance management
- Assist vendors as required during troubleshooting
- Manage database backups
- Coordinate with application/storage/systems/web administration
- Review database backup reports daily
- Analyze usage and project data capacity
- Update technical leads and management of incident or incident status
- Allocate table spaces for database requirements
- Create/modify/delete database instances
- Work with service desk personnel
- Manage and update assigned tickets
- Provide information for data calls
- Document and obtain approval for all changes
- Develop/maintain system recovery plans
- Coordinate with other support entities as required
- Monitor production systems
- Secure database environment
- Implement CyberCom CTO/FRAGO/INFOCON requirements
- Resolve vulnerability scan results
- Perform annual Security Readiness Reviews
- Participate in audits for customer/site accreditation
- Create and update POA&Ms
- Manage user accounts for workload/database support
- Ensure privileged database passwords are changed/maintained
- Perform root cause analysis for problem management
If our partners serve as their own database administrators, DISA must still ensure that their databases comply with the DoD's security guidelines. The charge for this service is 10 percent of the full DBA rate per database OE. The security fee includes the following services:
- Consultative services on the STIG
- Consulting is defined as providing STIG interpretation and clarification to our partners. Consulting does not include performing VMS data entry.
- Assist partners in entry and validating VMS
- Our partners have the responsibility to perform VMS functions
- System/Enclave creation
- VMS Reports
- Plan of Action and Milestones (POA&M) entry
- Designated Approving Authority (DAA) Risk Acceptance (DRA) entry
- Update findings to proper status (Fixed, Open, Not a Finding, etc.)
- Etc.
- DISA will provide instruction in the use of VMS
- System/Enclave creation
- How to run VMS reports
- How to input POA&Ms and DRAs
- How to update findings
- Etc.
- Answer questions about how to handle STIG findings with respect to database requirements
- This is defined as interpreting database STIG requirements
- If DISA is unable to interpret STIG requirements, DISA will provide our partners with FSO Support information.
- Provide United States Cyber Command (USCC) Communications Tasking Order (CTO) mandated vulnerability scan results to partners for resolution
Note : If DISA is serving as the partner's database administrators, there is no security surcharge as it is included in the DBA rate.
Web Administration:
- This feature refers to the labor to administer a web server and its associated software. Web administration does not include creating or designing web sites, nor does it apply to managing content on the web servers. The following list identifies some of the functions that DISA web administrators perform on our partners' behalf:
- Tune web software
- Monitor web logs
- Install web software and associated patches
- After hours support for incidents and ASIs
- Performance management
- Assist vendors as required during troubleshooting
- Configure, manage, and provide input on web server configuration
- Manage URLs
- Coordinate with systems/storage/database/application administration
- Update technical leads and management of incident or incident status
- Configure and provide input on web server structure and requirements
- Work with service desk personnel
- Manage and update assigned tickets
- Provide information for data calls
- Document and obtain approval for all changes
- Develop/maintain system recovery plans
- Coordinate with other support entities as required
- Secure web environment
- Implement CyberCom CTO/FRAGO/INFOCON requirements
- Resolve vulnerability scan results
- Perform annual Security Readiness Reviews
- Participate in audits for customer/site accreditation
- Create and update POA&Ms
- Manage user accounts for workload/web support
- Ensure privileged web related passwords are changed/maintained
- Certificate management
- Perform root cause analysis for problem management
Note: This service only applies to the OEs that are functioning as web servers, not to application servers, database servers, domain name servers, etc.
24 x 7 SA:
- The standard Linux on System z CPU rate provides for on-site SA for five 8-hour shifts weekly (e.g., Monday through Friday from 0800 to 1600). It also includes a 2-hour response to emergencies on nights and weekends and on-site support for the monthly scheduled maintenance window. For those workloads requiring 24x7 on-site SA, however, we offer a separate rate to cover the 16 non-prime shifts. This provides for immediate response to an emergency 24 hours a day, 7 days a week.
24 X 7 DBA:
- The standard DBA rate provides for on-site DBA for five 8-hour shifts weekly (e.g., Monday through Friday from 0800 to 1600). It also includes a 2-hour response to emergencies on nights and weekends and on-site support for the monthly scheduled maintenance window. For those workloads requiring 24x7 on-site DBA, we offer a separate rate to cover the 16 non-prime shifts. This provides for immediate response to an emergency 24 hours a day, 7 days a week.
24 x 7 Application Support:
- The standard Application Support rate provides for on-site application support for five 8-hour shifts weekly (e.g., Monday through Friday from 0800 to 1600). It also includes a 2-hour response to emergencies on nights and weekends and on-site support for the monthly scheduled maintenance window. For those workloads requiring 24x7 on-site application support, we offer a separate rate to cover the 16 non-prime shifts. This provides for immediate response to an emergency 24 hours a day, 7 days a week.
Local Operational Recovery:
- In the event of a server failure at the primary processing site, the relevant maintenance program in effect will be the default vehicle for returning the server to production status. If our partners require a greater degree of protection, they may place additional equipment at the production site and have that equipment pre-configured and available to serve as a local fail-over environment.