Notice ID 28321322RI0000003
SSA is seeking a commercial off-the-shelf (COTS) software product including software licenses, maintenance, training and engineering / implementation support, for an enterprise-level Electronic Evidence Acquisition Interoperability Platform (EEAIP). The EEAIP will accelerate the agency’s ability to onboard additional sources of medical evidence and modernize the collection and processing of electronic evidence in support of the agency’s plan for continued growth in the electronic collection of data to support SSA’s programs.
Mandatory Technical Requirements
SSA requires a COTS EEAIP solution to support the agency’s collection of electronic evidence. The vendor’s software solution shall meet or exceed the following baseline technical requirements:
Product Architecture and Infrastructure
- The EEAIP solution shall be composed of multi-tier architecture that involves separate web, application, data and authentication layers.
- The EEAIP solution shall support a multi-server (x86) / Linux Operating Systems (64-bit Red Hat Enterprise Linux (RHEL) 7.9x and above) infrastructure that provides scalability, clustering, load balancing, and operates in a virtual environment (on premises and cloud). The system shall be capable of running on virtual servers.
- The EEAIP solution will allow for High Availability (HA) and Disaster Recovery (DR) functionality either using virtualization capabilities or physical servers located at alternate datacenter(s).
- The capability for the EEAIP solution shall be configurable for HA with 99.9% uptime.
- The EEAIP solution shall enable replicated EEAIP services with failover capability.
- The EEAIP solution viewer shall run in a web browser on workstations and laptops running Microsoft Windows 10 operating system with Microsoft Edge. The system shall enable users to view data results across multiple monitors…”
“Security and Data Privacy
- The EEAIP system shall provide the ability to manage users and data security including role based access control, single sign-on (Kerberos) and Lightweight Directory Access Protocol (LDAP) integration, Security Assertion Markup Language (SAML). All system account validations shall be compatible with Smart Card, Kerberos or Dell Enterprise Single Sign on Software for user authentication.
- The EEAIP system shall support Internet Protocol version 6 (IPv6) and use encrypted communication (e.g., Secure Sockets Layer (SSL)) that meets Federal IT Security standards between all system components.
- The EEAIP system shall provide APIs to manage security and access and provide the capability to limit / grant access to certain functionality by Role Based Access Controls.
- The EEAIP system shall provide audit capabilities to allow for tracking of user activities…”