Networx Unit Pricer

The Networx contracts require a basic level of security management for its contractors that ensures compliance with Federal Government generally accepted security principles and practices, or better. The contracts employ adequate and reasonable means to ensure and protect the integrity, confidentiality, and availability of Networx services, Operational Support Systems (OSS), and Government information transported or stored in the contractor's Networx services infrastructure. These requirements are detailed in Section C.3.3.2 Security Management of the Networx contracts.

In addition to this mandatory level of security, the Networx contracts provide additional security services that may be ordered on a fee-for-service basis. These are:

1. 1.Managed Tiered Security Service (MTSS)
2. 2.Managed Firewall Service (MFS)
3. 3.Intrusion Detection and Prevention Service (IDPS)
4. 4.Vulnerability Scanning Service (VSS)
5. 5.Anti-Virus Management Service (AVMS)
6. 6.Incident Response Service (INRS)
7. 7.Managed E-Authentication Service (MEAS)
8. 8.Secure Managed E-Mail Service (SMEMS)

The MTSS offering is described below.

Technical Summary

With MTSS, GSA provides Government users with four levels of security solutions (tiers) which can be customized to individual users based on their needs for sensitive information protection. A specific tier includes all services for that tier as listed in Section C.2.7.4.1.4.1 of the Networx contracts. The tiers and services within the individual tiers are similar to the FTS2001 Multiple Tiered Security Profile (MSTP) service.

Tier 1 - Standard Service. This tier supports basic internet connectivity and is appropriate for non-mission critical functions or non-sensitive communications requirements. Help desk functions are provided in tier 1 and Agency installed security mechanisms are employed as needed. Additionally, Networx contracts have basic requirements for adequate and reasonable means to ensure and protect the integrity and confidentiality of information, and availability of Networx services. There are no requirements for protection of information content beyond these measures.

Tier 2 - Protected Services. This tier is tailored to Secure but Unclassified (SBU) mission functions and information. A secure path to the Internet and the service provider's network is required. Tier 2 includes all tier 1 capabilities with the addition of a set of tier 2 services as shown in the diagram below.

MTSS Tiered Architecture

Tier 3 - High Assurance Service. This tier includes all of the security enhancements of tier 2 and is tailored to protect sensitive information up to and including information that may be classified up to the DoD Secret level. This tier operates in an environment that does not employ a direct connection to the Internet except via a tier 2 enclave and its associated security enhancements. Connectivity to tier 2 enclaves is permitted only via NSA approved trusted gateways, secure mail guard technologies, or other NSA approved multilevel security solutions. Connectivity via the service provider's secure network is permitted among tier 3 enclaves.

Tier 4 - Network High Service. This tier provides protection of information that may be classified up to DoD Top Secret, Sensitive Compartmented Information (SCI), or Single Integrated Operational Plan - Extremely Sensitive Information (SIOP-ESI). This tier operates in a closed and isolated network environment. Connectivity is permitted among other tier 4 enclaves within a community of interest.

The multi-tiered MTSS offering provides security enhancement services beyond the basic Networx infrastructure requirements as detailed in Section C.3.3.2 and the fee-for-services as detailed in Section C.2.10 (e.g., Managed Firewall Service) of the Networx contracts. The component services by tier are listed in the following table and are specified in detail in Section C.2.7.4.1.5 (Technical Capabilities) of the Networx contracts.

The MTSS Security Enhancement Services are summarized briefly below:

• Agency Dedicated Help Desk - A single point-of-contact help desk capability for all issues concerning service delivery 24X7. The help desk capability is a component of all four tiers.
• Networx fee-for-service offerings - A package of Networx security services consisting of AVMS, MFS, IDPS, SMEMS, and VSS. This package is included in tiers 2, 3, and 4.
• Packet Filtering - Contractor-provided routers that restrict packets to specific ports based on protocol specific criteria. This capability is included in tiers 2, 3, and 4.
• Premise-based VPN Service - Networx Premise-Based IP VPN Service (PBIP-VPNS) as detailed in Section C.2.7.2 of the Networx contracts. This capability is included in tiers 2, 3, and 4.
• Security Certification Support - Contractor assistance to the Agency in the development of all documents in the certification and accreditation (C&A) process for systems and services provided under the Networx contract. This capability is included in tiers 2, 3, and 4.
• Security Maintenance - Including but not limited to advising the Agency concerning control and elimination of vulnerabilities, maintenance of security systems and necessary hardware\software upgrades, updates, and replacements. This capability is included in tiers 2, 3, and 4.
• Proxy Server - Secure web servers to shield a sensitive network enclave from an enclave of lesser sensitivity. This capability is included in tiers 2 and 3.
• Agency sponsored Type I encryption - Contractor-provided and managed NSA Type 1 encryption devices through Agency sponsorship. This capability is included in tiers 3, and 4.
• NSA Approved Multilevel Security Solution - Solution that includes but is not limited to an NSA approved secure mail guard service and NSA trusted gateway service. This capability is included in tiers 3, and 4.
• Network Isolation (air gap) - Absolute physical isolation from lesser sensitive networks. This capability applies only to tier 4.

The following features are available only for tiers 2, 3, and 4 as detailed in Section C.2.7.4.2 (Features) of the Networx contracts:

• On-site management and monitoring 24X7
• On-site installation services as required by the Agency

Each Networx contractor may provide variations or alternatives to the offering and pricing for MTSS. The specific details can be found within each Contractor's Networx contract files and pricing notes for MTSS.

For more information on the general MTS specifications and requirements, please refer to Section C.2.7.4 of the Networx contract for technical specifications and Section B.2.7.4 for pricing.

MTSS Price Basics

Managed Tiered Security Service (MTSS) provides Government users with four combinations of security services, which can be customized to individual needs based on information sensitivity. MTSS consists of four (4) tiers of services. All services within a tier must be ordered.

• Tier 1 - Standard Service: This tier supports basic internet connectivity and is appropriate for non-mission critical functions or non-sensitive communications requirements. Help Desk functions are provided in Tier 1.
• Tier 2 - Protected Services: This tier is tailored to Secure but Unclassified (SBU) mission functions and information. Tier 2 includes all Tier 1 capabilities with the addition of a set of Tier 2 services. A discount is applicable to the total charge for the included security services.
• Tier 3 - High Assurance Service: This tier includes all of the security enhancements of Tier 2 and is tailored to protect extremely sensitive information up to and including information that may be classified up to the DoD Secret level. A discount is applicable to the total charge for the included security services.
• Tier 4 - Network High Service: This tier provides protection of information that may be classified up to DoD Top Secret, Sensitive Compartmented Information (SCI), or Single Integrated Operational Plan - Extremely Sensitive Information (SIOP-ESI). A discount is applicable to the total charge for the included security services.

The tiered structure and services within the individual tiers of MTSS are similar to the FTS2001 Multiple Tiered Security Profile (MTSP) service, which is priced on an Individual Case Basis (ICB).

Price components required for MTSS by Service Tier:

• NRC and/or MRC for each basic service listed in a given Tier
• DAA Originating and Terminating Wireline Access (MRC) and (NRC) for Tiers 1 and 2
• Features* ordered as needed by the Agency:
  • On-site management and monitoring 24x7 (Tiers 2 - 4)
  • On-site installation (Tiers 2 - 4)
• Service Enabling Devices (SEDs) may be required to implement MTSS. [Please note that SEDs under Networx replace the FTS2001 User-to-Network Interfaces and Access Adaptation Functions (UNIs/AAFs). SEDs may differ between Networx providers. The pricing structure for SEDs provides for either a one-time payment or monthly term payments for purchase, plus a NRC for installation and a MRC for maintenance.]

  * All original contract MTSS features are priced on an Individual Case Basis (ICB). CLINs with ICB prices are not available in the unit pricer.

  
  

  MTSS Basic Service Components by Tier

  
  

  Description	Charging Unit	Tier 1	Tier 2	Tier 3	Tier 4	Discount
  Help Desk Service	NRC + MRC per user seat (ICB for Tiers 3 & 4)	X	X	X	X
  Packet Filtering Service	ICB NRC + ICB MRC per filter		X	X	X
  Proxy Server Service	ICB NRC + ICB MRC per proxy server		X	X
  Security Maintenance Service	ICB NRC + ICB MRC per network		X	X	X
  Security Certification Support Service	ICB NRC + ICB MRC per network certification		X	X	X
  NSA Approved Multilevel Security Solution	ICB NRC + ICB MRC per network			X	X
  Network Isolation (Air Gap)	ICB NRC per isolation				X
  Firewall Service	See MFS Section B.2.10.1 for pricing		X	X	X	% off
  Intrusion Detection / Prevention Service	See IDPS Section B.2.10.2 for pricing		X	X	X	% off
  Vulnerability Scanning Service	See VSS Section B.2.10.3 for pricing		X	X	X	% off
  Anti-Virus Service	See AVMS Section B.2.10.4 for pricing		X	X	X	% off
  Incident Response Service	See INRS Section B.2.10.5 for pricing		X	X	X	% off
  Secured Managed Email Service	See SMEMS Section B.2.10.8 for pricing		X	X	X	% off
  Premise-based Virtual Private Network	See PBIP-VPNS Section B.2.7.2 for pricing		X	X	X
  Agency Sponsored Type 1 Encryption	See SEDS Section B.4 for pricing			X	X

  
  

  Example 1: MTSS Routine Level for Tier 2

  
  

  

  
  

  • MTSS Tier 2 Services defined only in MTSS
    • Help Desk Service: Choose NRC CLIN 224010 and MRC CLIN 224005
    • Packet Filtering Service: Choose NRC CLIN 224011 and MRC CLIN 224006 (prices for these CLINs are ICB and are not available in the unit pricer)
    • Proxy Server Service: Choose NRC CLIN 224012 and MRC CLIN 224007 (prices for these CLINs are ICB and are not available in the unit pricer)
    • Security Maintenance Service: Choose NRC CLIN 224013 and MRC CLIN 224008 (prices for these CLINs are ICB and are not available in the unit pricer)
    • Security Certification Support Service: Choose NRC CLIN 224014 and MRC CLIN 224009 (prices for these CLINs are ICB and are not available in the unit pricer)
  • MTSS Tier 2 Services defined elsewhere in the Networx Contract
    • MFS: See MFS Section B.2.10.1 for pricing
    • IDPS: See IDPS Section B.2.10.2 for pricing
    • VSS: See VSS Section B.2.10.3 for pricing
    • AVMS: See AVMS SectionB.2.10.4 for pricing
    • INRS: See INRS SectionB.2.10.5 for pricing
    • SMEMS: See SMEMS Section B.2.10.8 for pricing
    • PBIP-VPNS: See PBIP-VPNS Section B.2.7.2 for pricing
  • Access NRC: Choose CLIN 760117 Routine DAA T3 NRC
  • Access MRC: Choose CLIN 760317 Routine DAA T3 MRC
  • SEDs must be chosen based on equipment required at each location. CLINs differ between vendors.