Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
DHS issues $6B RFQ for continuous monitoring tools, services
Wednesday - 12/19/2012, 7:43pm EST
DHS, working with the General Services Administration, issued a final request for quote for a blanket purchase agreement (BPA) for 15 tools and for 11 task areas to improve agency cybersecurity. Federal News Radio obtained a copy of the RFQ.
DHS expects the BPA to be worth $6 billion over the life of the contract, which has a one-year base and four one-year options.
"This acquisition will provide DHS, federal government departments/agencies, and state, local, tribal and territorial governments with specialized information technology services and tools to implement DHS' continuous diagnostic and mitigation program," the RFQ stated. "The CDM program seeks to defend federal and other government IT networks from cybersecurity threats by providing continuous monitoring sensors (tools), diagnosis, mitigation tools and continuous monitoring-as-a-service to strengthen the security posture of government networks."
DHS released a draft RFQ in October and the final solicitation follows it closely.
GSA is charging a 2 percent fee to agencies using the BPA.
Among the CDM tools DHS wants vendors to provide are:
- Hardware-asset management, which includes discovering unauthorized or unmanaged hardware on the agency's network.
- Software-asset management, which is looking unauthorized or unmanaged applications on the network.
- Vulnerability management, which will discover and fix holes in the network.
- Managing trust in people granted access to the network, which focuses on the insider threat by looking for potential network abuses, such as deleting information or removing data that doesn't belong to them.
- Managing operation security, which would prevent hackers from exploiting weaknesses by using functional and operational control limits, especially around systems that are most vulnerable to attacks.
Along with the functional areas, DHS is asking for 11 task areas under continuous monitoring-as-a-service.
Among the services DHS wants are:
- The support of CDM dashboards to show the status of network security.
- To provide specified tools and services, such as hardware or software inventory management or account access management.
- To operate CDM tools and sensors
- To provide training and consulting in CDM governance, which includes designing a scoring system to compare performance of agencies, assessing risks and priorities among systems and other services.
- To support independent verification and validation, and system certification of the security tools and sensors.
DHS and GSA also included a sample task order so vendors can have an idea what to expect from agencies issuing requests against the BPA.
Responses are due Jan. 28.