Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF MAY 09, 2015 FBO #4914
SOURCES SOUGHT

70 -- Threat Intelligence Platform Proof of Concept Software

Notice Date
5/7/2015
 
Notice Type
Sources Sought
 
NAICS
541511 — Custom Computer Programming Services
 
Contracting Office
Department of Justice, Federal Bureau of Investigation, Procurement Section, 935 Pennsylvania Avenue, N.W., Washington, District of Columbia, 20535, United States
 
ZIP Code
20535
 
Solicitation Number
CYD2015
 
Archive Date
6/6/2015
 
Point of Contact
Luwanna K. Clark, Phone: 7038725031, Audrey Hitchcock, Phone: 7038725363
 
E-Mail Address
luwanna.clark@ic.fbi.gov, audrey.hitchcock@ic.fbi.gov
(luwanna.clark@ic.fbi.gov, audrey.hitchcock@ic.fbi.gov)
 
Small Business Set-Aside
N/A
 
Description
The National Cyber Investigative Joint Task Force (NCIJTF) is requesting information regarding software with the ability to perform as a Threat Intelligence Platform (TIP). The main function of the TIP is to provide indicator/knowledge management of cyber threats. In order to accomplish the main function, the TIP should have the ability to aggregate data from multiple sources (public and private), automatically extract observables from those sources and then enrich the extracted data with third party data sets (ie geoip, whois, etc). The TIP should then provide the functionality to establish signatures based on the observables and retain the original context of the signature (ie what was the original report, intrusion set, etc). The TIP should provide the functionality for analysts to exploit the data which was ingested by providing a robust search/filter capability. In order to promote sharing the TIP should provide the ability to export data to be shared with trusted partners. As part of the sharing effort the TIP should provide the ability to ingest and export Structured Threat Information eXpression (STIX). Future enhancements to the TIP should include a flexible reporting ability which allows the user to establish queries and filters based upon the data available. The TIP should have the flexibility to enrich the data with localized data stores (ie local versions of geoip, whois, etc). The TIP should provide a robust Application Program Interface (API). The TIP should promote a robust sharing capability which would include providing the user the ability to search/filter on what is to be shared and provide multiple mediums. One specific medium would be STIX formatted conforming to ESSA standards. The TIP should also provide the user the ability to visualize the data in an effort to identify connections which cannot be readily identified through traditional tabular views. The TIP should provide a collaborative environment for the users where they can enter comments/workflow observables, signatures, etc. The TIP should allow users to identify what type of intrusion set(s) they are interested in and the TIP should automatically notify the user when new information is identified regarding the intrusion set(s) they selected. The TIP should also provide administrative functionality to allow a supervisor to assign users to intrusion set(s) and identify what data has and has not been reviewed and work-flowed. The TIP should also provide the ability to support large scale incident response (IR). Supporting IR may include allowing users to establish the ability to identify information/intelligence related to a particular incident (either through tagging or establishing an incident). The TIP should automatically query the dataset to identify relationships quickly for the analyst. The IR functionality should also allow all users involved in the IR to collaborate in an effort to promote coordination and also produce daily reporting. Interested vendors should submit their capability statement which specifically addresses the requirements in this notice. Based upon a review of the capability statement, those vendors whose products meet the requirements will be requested to demo the product. Additionally, vendors should provide what size is your company and if any existing contracts are available for purchasing.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOJ/FBI/PPMS1/CYD2015/listing.html)
 
Place of Performance
Address: 935 Pennsylvania Avenue, NW, Room CC300, Washington, District of Columbia, 20535, United States
Zip Code: 20535
 
Record
SN03723133-W 20150509/150507234448-2b110f45f88f19891f437017643039f0 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.