Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
DHS details services, tools needed to better defend federal networks
Monday - 10/22/2012, 5:38pm EDT
DHS issued a draft solicitation, obtained by last week to companies on the General Services Administration's Schedule 70. Federal News Radio obtained a copy of the draft.
"This acquisition will provide DHS with specialized information technology services and tools to implement DHS' CDM program," DHS stated in the draft. "This program seeks to defend federal IT networks from cybersecurity threats by providing continuous monitoring sensors, diagnosis, mitigation tools, and CMaaS to strengthen the security posture of government networks."
The program focuses on the .gov domain, but DHS says it anticipates the Defense Department will also use the blanket purchase agreement. In June, DHS issued the requirements for continuous monitoring. At that time, the agency outlined CMaaS as one of three implementation approaches.
"The tools and services delivered through the Continuous Diagnostics and Mitigation program will provide federal agencies, with the ability to enhance and/or automate their existing continuous network monitoring capabilities, correlate and analyze critical security-related information and enhance risk-based decision making at the agency and federal enterprise level," the draft request-for-proposals stated. "Information obtained from the automated monitoring tools will allow for the correlation and analysis of security-related information across the federal enterprise."
Under the CDM program, DHS wants vendors to comment on whether providing these tools is possible and makes sense. For instance, the draft RFP calls for hardware-asset management, software-asset management, configuration management and vulnerability management.
DHS also wants services, such as managed credentials and authentication, to ensure users are who they say they are and to prevent bad actors from hijacking user's accounts.
Under the CMaaS section, DHS wants vendors to provide project-management support, support of a dashboard showing the output from the CDM tools, the ability to customize and configure tools and sensors, and the ability to operate the CDM tools.
DHS recently received $183 million in fiscal 2013 from Congress for cyber initiatives, including CDM tools and CMaaS. OMB also reemphasized the importance of active risk management in its annual Federal Information Security Management Act (FISMA) guidance to agencies issued earlier this month.