How to respond to a request for information on a system’s architecture without compromising security?

Home Forums Technology How to respond to a request for information on a system’s architecture without compromising security?

This topic contains 2 replies, has 2 voices, and was last updated by  Jaime Gracia 4 years, 12 months ago.

  • Author
    Posts
  • #180125

    Chris Cairns
    Participant

    Let’s say that I am a Federal CIO and need to respond to a request for information on the architecture of a human resource management system. I want to demonstrate that the system is capable of supporting multiple customers (multi-tenancy), can scale to thousands of users, includes modules A, B, C, D, etc., is interfaced to systems X, Y, Z. How can I structure the response so that I don’t compromise the security of the architecture? For example, what type of diagram can I provide? What type information can it include? And shouldn’t include?

  • #180129

    Jaime Gracia
    Participant

    Chris – Let’s look at this from another angle. Firstly, are you talking in hypotheticals or an actual response to an RFI, in which you are looking for advice on how to answer.

    If the latter, please link to the RFI, presumably on FedBizOpps.com. If this is the case, this problem needs to be addressed, because it is an improper use of RFI, and market research contrary to FAR Parts 10 & 11.

    If the former, then what does the RFI ask for? Does it ask for architectural documents based on a CONOPS? Perhaps aligned to DODAF? Seems premature and cumbersome, not to mention why they would be asking for this in an RFI. Again, improper market research.

  • #180127

    Chris Cairns
    Participant

    That any better?

You must be logged in to reply to this topic.