Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
DHS details services, tools needed to better defend federal networks
Monday - 10/22/2012, 5:38pm EDT
DHS issued a draft solicitation, obtained by last week to companies on the General Services Administration's Schedule 70. Federal News Radio obtained a copy of the draft.
"This acquisition will provide DHS with specialized information technology services and tools to implement DHS' CDM program," DHS stated in the draft. "This program seeks to defend federal IT networks from cybersecurity threats by providing continuous monitoring sensors, diagnosis, mitigation tools, and CMaaS to strengthen the security posture of government networks."
The program focuses on the .gov domain, but DHS says it anticipates the Defense Department will also use the blanket purchase agreement. In June, DHS issued the requirements for continuous monitoring. At that time, the agency outlined CMaaS as one of three implementation approaches.
"The tools and services delivered through the Continuous Diagnostics and Mitigation program will provide federal agencies, with the ability to enhance and/or automate their existing continuous network monitoring capabilities, correlate and analyze critical security-related information and enhance risk-based decision making at the agency and federal enterprise level," the draft request-for-proposals stated. "Information obtained from the automated monitoring tools will allow for the correlation and analysis of security-related information across the federal enterprise."
Under the CDM program, DHS wants vendors to comment on whether providing these tools is possible and makes sense. For instance, the draft RFP calls for hardware-asset management, software-asset management, configuration management and vulnerability management.
DHS also wants services, such as managed credentials and authentication, to ensure users are who they say they are and to prevent bad actors from hijacking user's accounts.
Under the CMaaS section, DHS wants vendors to provide project-management support, support of a dashboard showing the output from the CDM tools, the ability to customize and configure tools and sensors, and the ability to operate the CDM tools.
DHS recently received $183 million in fiscal 2013 from Congress for cyber initiatives, including CDM tools and CMaaS. OMB also reemphasized the importance of active risk management in its annual Federal Information Security Management Act (FISMA) guidance to agencies issued earlier this month.