Cybersecurity Support Services
REQUEST FOR INFORMATION
Title: Cybersecurity Support Services
THIS IS A REQUEST FOR INFORMATION (RFI) ONLY. This RFI is issued solely for information and market research planning purposes. This is NOT a Request for Quotations or Proposals. This RFI is for planning purposes only and shall not be construed as an obligation on the part of the Government. No solicitation document exists, and the Government may or may not issue a formal solicitation as a result of the responses received to this RFI.
The Government will not pay for any response or demonstration expenses. All costs incurred responding to this RFI will be solely at the interested party's expense. Failure to respond to this RFI will not preclude participation in any future solicitation. Any information received will become the property of the Government and will not be returned to the submitter. Interested parties are responsible for adequately marking proprietary or sensitive information.
The Government's explicit intent, in this RFI, is to not receive from respondents any proprietary data, trade secrets, business sensitive information, or information considered CONFIDENTIAL under 18 U.S.C. §1905. The Government's constraint does not in any way relieve contractors from their responsibility to properly mark proprietary data when it is provided, nor does it alleviate any requirement for the Government to protect marked data. The Government is not obligated to protect unmarked data.
The information provided in this RFI is subject to change and is not binding on the Government. All submissions become the property of the Federal Government and will not be returned.
1.0 DESCRIPTION
Under the auspices of the EAGLE Next Generation (Next Gen) Program that focuses on effectively and efficiently addressing the Department of Homeland Security's (DHS) diverse information technology (IT) service needs, DHS is seeking information and comments from industry concerning the attached draft statement of work related to approaches for providing cybersecurity staff services for the operation of DHS Security Operations Centers (SOCs). DHS defines SOCs as being facilities where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended. SOCs are responsible for ensuring that potential cyber security incidents are correctly identified, analyzed, defended, investigated, and reported. Detection response time is critical to this effort.
The Department of Homeland Security (DHS) has a complex and demanding mission. To assist in meeting that mission, DHS needs robust and effective information systems. It also needs to protect those systems from cyber threats posed by nation states and criminal enterprises. This RFI will provide useful information on industry opinion regarding approaches for obtaining staff support for SOC operations in Government facilities.
DHS currently operates SOCs located in the National Capital Region and in other locations within the continental United States. Past practice has been for each SOC to contract independently for staff support services for its operations. A variety of contracting vehicles has been used to acquire these services.
The cybersecurity services that DHS will require to support the operation of its SOCs include but are not limited to the following:
• Monitoring and Analysis (7x24x365)
• Email Monitoring
• Network Traffic Monitoring
• Attack Sensing & Warning
• Asset Discovery and Management
• Web and Communications Log Capture & Analysis
• Trend Analysis & Correlation
• Digital Media Analysis
• Malware Analysis & Reverse Engineering
• Penetration Testing
• Cyber Threat Intelligence
• Communications and Coordination
• Pattern Analysis
• Vulnerability Assessment
• Incident Response, Mitigation, Remediation, and Recovery
• Cybersecurity Infrastructure Architecture & Engineering
• Cybersecurity Infrastructure Operations, Maintenance, and Administration
• Cybersecurity Application Development, Deployment, & Integration
• Insider Threat Hunting
• Cybersecurity Program Management
Individual SOCs will only acquire those services deemed necessary to support their specific missions.
In May of 2018, DHS issued an RFI (70RTAC-18-RFI-SOC-MSP) in order to identify vendors with the capability to act as Managed Service Providers (MSPs) to DHS SOCs. This RFI is a result of a change in approach to obtaining future cybersecurity support services for DHS SOC operations.
2.0 PURPOSE OF THIS RFI
The purpose of this RFI is twofold:
1) To obtain comments on the attached draft statement of work.
2) To invite industry comment on the items included in Section 3.0 of the RFI.
3.0 INFORMATION REQUEST
Interested parties should submit responses addressing one or more of the following items.
1. DHS is contemplating a single contract vehicle for providing cybersecurity support services in support of DHS SOC operations in the National Capital Region and elsewhere in the continental United States.
a. Please describe your capacity to deliver the cybersecurity services listed in Section 1.0 as on-site SOC support services, including full time (7x24x365) and part time support, as well as the geographical areas where you can provide those services. Current SOC locations include Arizona, Mississippi, Georgia, numerous locations within the National Capital Region (NCR), and Northern Virginia outside of the NCR. DHS may choose to establish additional SOCs or relocate any existing SOC. Any location within the United States could be a potential operating location.
2. DHS SOCs have continuing needs for support for normal, steady state SOC operations. However, from time to time each SOC will have a need to increase support for a limited period of time due to a temporary increase in workload, in response to a cyber threat or attack, or for a cybersecurity project of limited duration.
a. What would you recommend as the best approach for engaging temporary services in the shortest possible amount of elapsed time as may be required in response to a cyber threat or attack?
4.0 SUBMISSION INSTRUCTIONS
Interested parties are invited to address one or more questions pertaining to cybersecurity operations services as identified in 3.0 above and to provide comments on the attached draft statement of work. The total submission page count shall not exceed 5 pages, Times New Roman, Font Size 11, excluding the cover page. Only one submission will be reviewed per company for this RFI. That submission can respond to one or more questions above and/or the draft statement of work. Only electronic submissions will be accepted. Emails with attachments larger than 5 MB shall be broken down into multiple emails with no one attachment exceeding 5 MB. Each electronic submission shall include:
- RFI number and "Cybersecurity Support Services" in the Subject Line.
- If the submission includes more than one electronic email, please include the file number and total files being submitted (e.g., File 1 of 4, File 2 of 4, etc.) in the Subject Line.
- In the body of the email, include a Point of Contact (POC), phone number and email address of the person to be contacted regarding any correspondence between the Government and the company. This person should be a primary contact and capable of addressing questions or issues associated with the submission and content of the RFI response.
- Include a brief summary of email content, Vendor name and firm's mailing address
- The Response Statement as an attachment to the email Marketing materials may also be submitted but are not the focus of this RFI.
Responses to this RFI may be reviewed by Government technical experts drawn from staff within DHS and other Federal agencies. The Government may use selected support contractor personnel to assist in the review of the responses. These support contractors will be bound by appropriate non-disclosure agreements to protect proprietary and source selection information.
All Responses shall be submitted to the Office of Procurement Operations (OPO) Industry Liaison mailbox at email address: opoindustryliaison@hq.dhs.gov no later than NOON Eastern Time, on Thursday August 29, 2019.
The Government reserves the right to hold one-on-one meetings as a result of responses received from this RFI as part of its market research. Meetings may be held in particular with companies who provide comprehensive responses to the questions posed.
Industry Liaison, Email opoindustryliaison@hq.dhs.gov
