Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- Improving Healthcare Outcomes through IT Policy
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
Shows & Panels
DHS issues $6B RFQ for continuous monitoring tools, services
Wednesday - 12/19/2012, 7:43pm EST
DHS, working with the General Services Administration, issued a final request for quote for a blanket purchase agreement (BPA) for 15 tools and for 11 task areas to improve agency cybersecurity. Federal News Radio obtained a copy of the RFQ.
DHS expects the BPA to be worth $6 billion over the life of the contract, which has a one-year base and four one-year options.
"This acquisition will provide DHS, federal government departments/agencies, and state, local, tribal and territorial governments with specialized information technology services and tools to implement DHS' continuous diagnostic and mitigation program," the RFQ stated. "The CDM program seeks to defend federal and other government IT networks from cybersecurity threats by providing continuous monitoring sensors (tools), diagnosis, mitigation tools and continuous monitoring-as-a-service to strengthen the security posture of government networks."
DHS released a draft RFQ in October and the final solicitation follows it closely.
GSA is charging a 2 percent fee to agencies using the BPA.
Among the CDM tools DHS wants vendors to provide are:
- Hardware-asset management, which includes discovering unauthorized or unmanaged hardware on the agency's network.
- Software-asset management, which is looking unauthorized or unmanaged applications on the network.
- Vulnerability management, which will discover and fix holes in the network.
- Managing trust in people granted access to the network, which focuses on the insider threat by looking for potential network abuses, such as deleting information or removing data that doesn't belong to them.
- Managing operation security, which would prevent hackers from exploiting weaknesses by using functional and operational control limits, especially around systems that are most vulnerable to attacks.
Along with the functional areas, DHS is asking for 11 task areas under continuous monitoring-as-a-service.
Among the services DHS wants are:
- The support of CDM dashboards to show the status of network security.
- To provide specified tools and services, such as hardware or software inventory management or account access management.
- To operate CDM tools and sensors
- To provide training and consulting in CDM governance, which includes designing a scoring system to compare performance of agencies, assessing risks and priorities among systems and other services.
- To support independent verification and validation, and system certification of the security tools and sensors.
DHS and GSA also included a sample task order so vendors can have an idea what to expect from agencies issuing requests against the BPA.
Responses are due Jan. 28.