Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Monday - Friday, 6-9 a.m.
Hosts Tom Temin and Emily Kopp bring you the latest news affecting the federal community each weekday morning, featuring interviews with top government executives and contractors. Listen live from 6 to 9 a.m. or download archived interviews on our daily show blogs.
DHS issues $6B RFQ for continuous monitoring tools, services
Wednesday - 12/19/2012, 7:43pm EST
DHS, working with the General Services Administration, issued a final request for quote for a blanket purchase agreement (BPA) for 15 tools and for 11 task areas to improve agency cybersecurity. Federal News Radio obtained a copy of the RFQ.
DHS expects the BPA to be worth $6 billion over the life of the contract, which has a one-year base and four one-year options.
"This acquisition will provide DHS, federal government departments/agencies, and state, local, tribal and territorial governments with specialized information technology services and tools to implement DHS' continuous diagnostic and mitigation program," the RFQ stated. "The CDM program seeks to defend federal and other government IT networks from cybersecurity threats by providing continuous monitoring sensors (tools), diagnosis, mitigation tools and continuous monitoring-as-a-service to strengthen the security posture of government networks."
DHS released a draft RFQ in October and the final solicitation follows it closely.
GSA is charging a 2 percent fee to agencies using the BPA.
Among the CDM tools DHS wants vendors to provide are:
- Hardware-asset management, which includes discovering unauthorized or unmanaged hardware on the agency's network.
- Software-asset management, which is looking unauthorized or unmanaged applications on the network.
- Vulnerability management, which will discover and fix holes in the network.
- Managing trust in people granted access to the network, which focuses on the insider threat by looking for potential network abuses, such as deleting information or removing data that doesn't belong to them.
- Managing operation security, which would prevent hackers from exploiting weaknesses by using functional and operational control limits, especially around systems that are most vulnerable to attacks.
Along with the functional areas, DHS is asking for 11 task areas under continuous monitoring-as-a-service.
Among the services DHS wants are:
- The support of CDM dashboards to show the status of network security.
- To provide specified tools and services, such as hardware or software inventory management or account access management.
- To operate CDM tools and sensors
- To provide training and consulting in CDM governance, which includes designing a scoring system to compare performance of agencies, assessing risks and priorities among systems and other services.
- To support independent verification and validation, and system certification of the security tools and sensors.
DHS and GSA also included a sample task order so vendors can have an idea what to expect from agencies issuing requests against the BPA.
Responses are due Jan. 28.