Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF MARCH 29, 2023 SAM #7792
SOURCES SOUGHT

R -- SAF/CDM, DoD Commercial Sensor Capability (Update 24 MAR 2023)

Notice Date
3/27/2023 8:48:44 AM
 
Notice Type
Sources Sought
 
NAICS
518210 — Data Processing, Hosting, and Related Services
 
Contracting Office
FA7146 CONCEPTS DEVL MGT SAF CDM FAIRFAX VA 22030-6032 USA
 
ZIP Code
22030-6032
 
Solicitation Number
FA7146-23-N-0001
 
Response Due
3/30/2023 1:00:00 PM
 
Archive Date
07/30/2023
 
Point of Contact
Derrick Brooks, Phone: 3012037368, Kevin T. Adams, Phone: 3012034766
 
E-Mail Address
derrick.brooks.5@us.af.mil, kevin.adams.20@us.af.mil
(derrick.brooks.5@us.af.mil, kevin.adams.20@us.af.mil)
 
Description
Request for Information (RFI) �Department of Defense Cyber Crime Center (DC3) Agency: Operations Enablement Division / DC3 Market Research Agency: DC3 Notice Type:� Request for Information (RFI) NAICS: � 541512 Computer Systems Design Services GENERAL INFORMATION This Request for Information (RFI) is being issued on behalf of DC3 in support of a new and emerging requirement. �2.� �RFI OBJECTIVE The purpose of this RFI is to assist DC3 in conducting market research focused on identifying potential offerings/offerors to aid in the development of an Enhanced Cyber Defense Sensor Program.� DC3 is requesting feedback from industry partners that are able to offer a variety of Network Detection and Response (NDR) type solutions that use a combination of machine learning, advanced analytics and rule-based detection to detect malicious cyber activities on enterprise networks. This feedback will assist DC3 in further developing our requirements for this service. It will also provide key insights into understanding the NDR market and industry capabilities, refining use cases and developing our functional requirements.� DC3 is particularly interested in industry�s ability to examine encrypted common IP-based application layer traffic such as DNS, web, etc. for threats, the use of both supervised and unsupervised Machine Learning (ML) and Deep Learning (DL) techniques for anomaly detection and the integration of cyber threat intelligence feeds into a User Interface (UI)/Management Console.� The sensors should send alerts to a centralized dashboard to provide a federated view of incidents across the sensor enterprise for cyber threat analysts at DC3 to investigate and conduct further analysis to recommend mitigation actions.� The solution should support the STIX data exchange format, as well as the TAXI data transfer mechanism. �Additionally, the solution should have a REST API that would allow the Defense Industrial Base (DIB) companies access to their alerts and limited workflows in the solution. �The solution must provide for the ingestion, tagging and correlation of multiple threat related data sets. �Deployment of the solution should be relatively frictionless and not impact a DIB company�s network resources or result in downtime.� The information provided to DC3 in response to this RFI will be used for market research only. � 3. BACKGROUND DC3 is aligned under the Secretary of the Air Force as the designated Executive Agent and provides digital and multimedia (D/MM) forensics, specialized cyber training, technical solutions development, and cyber analytics for the following DoD mission areas: cybersecurity (CS) and critical infrastructure protection (CIP); law enforcement and counterintelligence (LE/CI); document and media exploitation (DOMEX), counterterrorism (CT) and safety inquiries. DC3 is designated as a federal cyber center and serves as the operational focal point for DoD�s DIB Cybersecurity Program. In response to persistent and increasingly sophisticated malicious cyberspace campaigns that aim to compromise critical defense information residing on DIB networks, DC3 is developing an Enhanced Cyber Defense Sensor Platform. �Supply chain disruptions caused by our adversaries and the exfiltration of sensitive information from the DIB threatens to erode U.S. military advantage in areas critical to national security.� To counter these threats, the DC3 Enhanced Cyber Defense Sensor Program will strengthen the DoD�s ability to defend critical infrastructure from malicious cyber activity, secure DoD information in non-DOD owned networks and expand cooperation with industry partners.�� DC3 is still in the early stages of defining the framework for this platform and the full scope of what would be required to offer a scalable solution to the DIB.� DC3�s goal for this effort is to offer a solution and services that immediately benefit the DIB by strengthening DIB partners� cyber security posture and provide the DoD the ability to mitigate the overall threat from malicious cyber actors. 4. Overview of the enhanched cyber defense sensor platform DC3 intends to offer a service that can be scaled and tailored to meet the needs of each DIB company that voluntarily agrees to participate. Standard capabilities and solutions will be available to all participants with options for virtual and physical on-premise installations based on customer requirements. This solution must be flexible and accommodate the needs of small to mid-size DIB companies with either limited IT resources or mature frameworks for cyber defense. Based on responses provided by industry, additional information may be requested.� As a result, DC3 may schedule one-on-one meetings with industry to discuss responses to this RFI.� If a follow-up meeting is required, DC3 will reach out directly to the industry partner point of contact (POC). 5. RFI RESPONSE Interested parties should respond to this RFI outlining their capabilities (as identified below and in accordance with the guidance above) as well as recommendations to providing any additional services associated with this concept.� Responses may include references to examples that align with capabilities, existing offerings or services currently provided.� Responses are required to include the following information: VI.I CONTRACTOR INFORMATION Section 1 of the response is for administrative information and shall include the following as a minimum: Contractor name, facility address, CAGE Code (list all relevant or significant office locations) DUNS number and NAICS code Socio-economic status (HUBZone, Service-Disabled-Veteran-Owned, Woman- Owned, 8(a), Small Business, Large Business) Facility clearance level POC name, phone, and email Website URL The number of pages in Section 1 of the whitepaper shall be no longer than 1/2 page in length. VI.II INFORMATION REQUESTED Section 2 of the response shall answer/address the below questions and functional areas.� Responders should highlight specific examples of current support or solutions that are deployed to federal or commercial organizations: EXPERIENCE OVERVIEW Briefly describe your past and/or current Network Detection & Response (NDR) or similar enterprise security offerings. Describe your understanding of the current federal landscape for this capability. NETWORK & SYSTEM MONITORING EXPERIENCE Describe your experience or provide insights into implementing a solution to monitor firewalls, intrusion detection system (IDS) and other passive network security systems. Indicate data sources supported for log collection, reporting and retention. Can logs be collected from any source? Describe the collection methods. Indicate & describe the network analysis capabilities or third-party services you would utilize. NETWORK DETECTION & RESPONSE (NDR) EXPERIENCE Describe your experience or provide insights into implementing this solution in both on-premise and cloud-based environments. What initial filters can be applied to limit the amount of data collected? How should the system handle Distributed Denial of Service (DDoS) attacks? What key features should be considered that would have the most immediate security impact for the DIB? Describe your experience and provide recommendations on cloud/on-site incident response, threat hunting, and forensics. THREAT INTELLIGENCE & ADVANCED DATA ANALYTICS Indicate any organic threat intelligence information gathering and sharing capabilities. How would this information be fused with an NDR? How could newly registered domains be identified as malicious or benign and incorporated with alerts? If not inherent to your company, identify experience or partnerships with third-party Cyber Threat Intelligence Services and associated sharing mechanisms. Highlight any similar platforms/solutions you've developed or implemented Does your company or any partners offer API access to external threat intelligence feeds? Recommend technologies used or that could be used to enable ML and DL techniques within an NDR. USER INTERFACE (UI) What standards and considerations should be incorporated into the UI platform to ensure user accessibility, usability, and inclusion needs are addressed. What are the best ways to provide or enable end-users to create static, dynamic, and interactive visualizations? Describe the information provided by and features available through API, web-based portal or console associated with your services to include threat visualization capabilities. What standards and formats (e.g., STIX, MISP) should be supported to ensure expressiveness�of�content with context and interoperability with other DC3 systems? What are the different ways that collaboration (both among analysts within DC3, DIB companies, and external organizations)�could be implemented? How would you forward and/or allow the export of data to DC3 for ingestion by DC3 internal analytic systems for presentation, analysis, and reporting? SOLUTION SECURITY Describe the Network and User Access Control capabilities that you provide, or could incorporate, with an NDR or similar solution. How should Configuration Management, Maintenance, Patching, Backup, and Continuity of Operations be incorporated? DEPLOYMENT & SERVICE METHODOLOGY Relevant to this RFI, describe a scalable architecture solution (cloud, on-prem, hybrid) to include applicable program elements and any other pertinent information that will enable your solution to grow and scale. List the primary tools used to deliver these services, highlighting the function or utility they provide: Indicate whether they are third-party or organic to the company. If applicable, highlight the enterprise approaches and/or products that are used as part of your integrations. CONTRACT & LICENSING STRUCTURE Identify any existing Government contract vehicle--Governmentwide Acquisition Contract (GWAC), Multiple Award Schedule (MAS) program, Blanket Purchase Agreement (BPA), etc., your company currently holds that could support the Enhanced Cyber Defense Sensor Platform. Please describe your current licensing model for similar services to include examples of itemized bundles of licenses or product subscriptions and commercially available pricing. What should the DC3 consider in its approach as it pertains to any pricing differentials (i.e., sophistication, complexity or scale)? 6. CONTRACTOR NOTIFICATION and submittal instructions This RFI is for information and planning purposes only and does not constitute a Request for Quote (RFQ). This RFI is not to be construed as a commitment by the DC3. No award will be made as a result of this RFI. All information is at no cost or obligation to the DC3. �Any information that the Contractor considers proprietary should be clearly marked as such. �All submissions become property and will not be returned, including any proprietary information. �DC3 may consider additional communications with submitting companies utilizing the contact information provided in the overview to further the DC3�s market research. All responses are to use Times New Roman font, with a 12-point font, and one-inch margins, single spaced in all sections in Microsoft Word or PDF. Contractor Information section shall be no longer than 1/2 page in length. Responses to the Information Requested Section should be no longer than 5 pages (reference architectures, flow graphics and diagrams that can be attributed to question responses can be added as addendums and will not be counted as a page). All information submitted shall be UNCLASSIFIED. Any information that the contractor considers proprietary should be clearly marked as such. All submissions become DC3 property and will not be returned, including any proprietary information. Questions pertaining to this RFI should be submitted no later than 28 March 2023 by 10:00 am EST to raymond.walker.10@us.af.mil. �All questions and answers will be added to this RFI announcement no later than COB 29 March 2023. RFI responses shall be submitted no later than 30�March 2023 by 16:00 PM EST via email to raymond.walker.10@us.af.mil.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/d76c56dfdd8a44ea9781e8e84a172f4b/view)
 
Place of Performance
Address: Linthicum Heights, MD 21090, USA
Zip Code: 21090
Country: USA
 
Record
SN06631560-F 20230329/230327230110 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.