Updated: Situational Awareness Incident Response (SAIR) Tier III Project and Industry Day Notice

From: FedBizOpps.gov

Solicitation Number: RFI-OPO-12-0001Agency: Department of Homeland Security
Office: Office of the Chief Procurement Officer
Location: Office of Procurement Operations

:
Added: Nov 23, 2011 4:36 pm
Modified:  Jan 18, 2012 10:03 am Track Changes

REQUEST FOR INFORMATION (RFI)
For the Department of Homeland Security (DHS)
National Protectorate and Programs Division (NPPD) National Cyber Security Program
Situational Awareness Incident Response (SAIR) Tier III Project.

This is a Request for Information (RFI) as identified in FAR 15.201 (c)(7). This is not a Request for Proposal (RFP). A solicitation is not being issued at this time, and this notice shall be not be construed as a commitment by the Government to issue a solicitation, nor does it restrict the Government to a particular acquisition approach.

The Department of Homeland Security (DHS) National Cyber Security Division is requesting industry feedback on existing Government product performance requirements involving the Situational Awareness Incident Response (SAIR) Tier III project. The objective of SAIR Tier III is to provide U.S. Government (USG) agencies the ability to assess, assure, monitor, and measure the security posture of their information technology (IT) assets in a timely manner (i.e., near-real time.) This RFI provides an opportunity for respondents to submit their ideas and initiatives related to this request. Additionally, respondents will have the opportunity to comment on the draft product performance requirements for SAIR III listed on Attachment 2.
The Government will evaluate industry feedback on Government SAIR III technical requirements then the Government may hold an industry day to answer any specific questions related to this RFI. The Government may use feedback that results from this RFI and industry day to further refine technical requirements to potentially establish qualified product list (QPL) for COTS products that can be utilized by federal, state, and local Governments for Information Security Continuous Monitoring.

If the development of a QPL results from this RFI, DHS NCSD will be responsible for managing the QPL in terms of testing and evaluating COTS products to ensure proposed products meet any developed SAIR III minimum technical requirements. This QPL will be developed for multiple federal agency use. Product acquisitions will be at the discretion of each individual agency. The potential QPL may be established as guidance to assist federal agencies in managing information system security capabilities across the federal civilian enterprise.

1. BACKGROUND:

The Information Systems Security Line of Business (ISSLOB) was created in 2005 to improve the level of information systems security across government by eliminating duplication of effort, increasing aggregate expertise and enhancing the overall security posture of the Federal Government. This value proposition is supported through the use of Shared Service Centers (SSC’s), consolidated acquisitions, agency standard practices and lessons learned across agencies.

In 2007, the ISSLOB launched a series of procurements under the Situational Awareness Incident Response (SAIR) Initiative. Based on guidance from the Federal Systems Security Governance Board (FSSGB), the oversight body of the ISSLOB, the SAIR procurements follow a tiered execution approach. The SAIR initiatives are aimed at providing an efficient, cost effective mechanism to deliver enhanced information system security capabilities across the federal civilian enterprise.

The cyber landscape in which federal agencies operate is a constantly changing and dynamic environment. Threats to the nation’s information security continue to evolve and government leaders have recognized the need for a modified approach in protecting our cyber infrastructure. The new approach moves away from historical compliance reporting toward combating threats to our nation’s networks on a real time basis. The tools and services delivered through the SAIR Tier III project will provide federal agencies with the ability to enhance/automate their existing continuous network monitoring capabilities, correlate and analyze critical security-related information, and enhance risk-based decision making at the agency and federal enterprise level. Information obtained from the automated monitoring tools will eventually feed CyberScope and allow for the correlation and analysis of security-related information across the federal enterprise.

2. SAIR III TECHNICAL REQUIREMENTS:

The capabilities sought for SAIR Tier III are:

1. Asset Management Tools. Products that provide the ability to document, track, and discover both authorized and unauthorized IT assets. Such as NIST-SCAP validated asset management tools.

2. Configuration Management Tools. Products that provide the ability to assess, monitor, and report compliance of agency-specified security configuration settings and patches, as well as real-time altering of changes to approved baseline configurations for hardware, software, user access and security controls. Such as NIST SCAP-validated FDCC scanners and authenticated configuration scanners.

3. Vulnerability Management Tools. Products that provide the ability to discover, identify, and locate known security vulnerabilities and software security weaknesses; and report the associated potential exposure risks using the Common Vulnerability Scoring System (CVSS) and the Common Weakness Scoring System (CWSSTM). , For example: NIST SCAP-validated authenticated vulnerability & patch scanners, unauthenticated vulnerability scanners, source code security analyzers, web and database vulnerability scanners.

4. Malware Detection Tools. Products that provide the ability to discover, isolate, characterize, and report known malware for supporting agency’s security incident response process. Such as Malware Attribute Enumeration and Characterization (MAECTM) -compatible malware tools.

5. Situational Awareness Analysis and Reporting Tools. Products that provide the ability to collect, associate, compile, and report security posture metrics in terms of IT security governance and operational effectiveness. For example: The governance, risk, and compliance (GRC) reporting tools and FISMA security authorization management tools.

Where the capabilities are defined:

1. Asset Management Function: System functions that support the management of hardware and software inventory baseline by documenting, tracking, and discovery of agency-responsible IT assets (i.e., hardware, software, and virtualized configuration items); and to identify unauthorized IT assets.

2. Configuration Management Function: System functions that support the management of security configuration baseline by documenting and tracking compliance with agency-specified security configuration settings and software patches (i.e., compliance with Federal Desktop Core Configuration [FDCC], USG Configuration Baseline [USGCB], and Security Technical Implementation Guides [STIGs], etc.) This includes system functions that provide continuous real-time detection and alerting of unauthorized changes to baseline configurations for hardware, software, user access, and security controls for perimeter defense and the core IT operating environment.

3. Vulnerability Management Function: System functions that discover, identify, and locate known security vulnerabilities and software weaknesses (i.e., the Common Vulnerabilities and Exposures [CVE®] and the Common Weakness Enumeration [CWETM]); , and support the understanding of their associated potential exposure risks (i.e., metrics generated from the Common Vulnerability Scoring System [CVSS] and the Common Weakness Scoring System [CWSSTM].)

4. Malware Detection Function: System functions that discover, identify, characterize, and locate known malware in a standard language (i.e., the Malware Attribute Enumeration and Characterization [MAECTM]) for supporting agency’s incident response process.

5. Situational Awareness Analysis and Report Function: System functions that collect, associate, compile, and report metrics that support analysis in the understanding of security posture in terms of IT security governance and operational effectiveness.”

This Request for Information (RFI) addresses the ISSLOB’s information systems security need for tools to support a continuous monitoring capability.

The draft performance requirements these tools must possess can be found in the attached document, SAIR III Product Performance Requirements for Information Security Continuous Monitoring.

3. RFI PURPOSE AND LIMITATIONS:

Responses to this RFI are not offers and shall not be accepted by the Government to form a binding contract. The responses to this RFI may be used to assist the Government in further refining SAIR III technical requirements and potentially establishing a QPL.
Per Federal Acquisition Regulation (FAR) Part 10 – Market Research, this RFI is posted for data gathering and Planning Purpose only. It does not constitute a solicitation, and shall not be construed as a commitment by the Government to issue a solicitation or award a contract. The Government will not reimburse any respondent for any costs associated with information submitted in response to this RFI. Industry feedback is vitally important and the Government will be receptive to any and all ideas received from industry. This RFI is an expression of the Government’s interest only and does not obligate the Government to pay for the requested information nor respond to any submissions. Proprietary information is not being solicited; however, if it is submitted, highlight and clearly mark those sections with “proprietary information”. Submissions received from respondents to this RFI will not be returned.

4. RESPONSES TO THIS RFI:

FAR Provision 52.215-3 is hereby incorporated in full text:
52.215-3 Request for Information or Solicitation for Planning Purposes (OCT 1997)

a. The Government does not intend to award a contract on the basis of this solicitation or to otherwise pay for the information solicited except as an allowable cost under other contracts as provided in subsection 31.205-18, Bid and proposal costs, of the Federal Acquisition Regulation.

b. Although “proposal” and “offeror” are used in this Request for Information, your response will be treated as information only. It shall not be used as a proposal.

c. This solicitation is issued for the purpose of: [Not Applicable, this is an RFI]
(End of provision)

Please provide comments to the proposed requirements listed in the attached spreadsheets. The response spreadsheets are organized by SAIR Tier III specified functions: Asset Management, Configuration Management, Vulnerability Management, Malware Detection, GRC, and FISMA. Please provide response accordingly. If your product provides multiple functions, then respond with multiple response forms. When suggesting an edit to existing requirement text, please provide supporting rationale. If suggesting a change to the requirement’s criticality, please indicate the proposed degree (Must, Shall, Should, May) with supporting rationale.
Please limit your formal white paper submission to no more than two (2) pages, not including the cover letter or the comments provided in the requirements worksheet. Responders’ submission should address the following questions:

a. Are you willing to submit your products, software, appliance, etc for testing if the Government chooses to conduct a series of validation tests?

b. What suggestions, beyond what you have commented on the requirements sheets, would you make to the government regarding the capabilities sought? Feel free to share insights.

Technical questions and industry responses shall be submitted electronically via email to Contract Specialist, Tanisha Walcott. The contact information is provided below:
Tanisha Walcott
202-447-0612
Tanisha.Walcott@hq.dhs.gov

Include in the Email Subject line: RFI-OPO-12-0001, SAIR Tier III.

Any requests for additional information or explanations concerning this RFI must be received no later than Wednesday December 28, 2011 at 12:00 noon Eastern Standard Time. These requests should be submitted electronically to Tanisha.Walcott@dhs.gov.
Responses must be received no later than Wednesday, January 25, 2012 at 12:00 noon Eastern Standard Time. All material submitted in response to this RFI must be unclassified and properly marked.

I. LIST OF ATTACHMENTS:
1. Requirements Worksheets.
2. Draft SAIR Tier III Product Performance Requirements for Information Security Continuous Monitoring, Version 1.0.
3. Continuous Monitoring and Risk Scoring (CM/RS) Concept of Operations (CONOPS) for Supporting Agency Cyber Security Operations, Version 1.0.
Note that Attachment 3 is provided as background information and does not require vendor comments.
 

Industry Day Notice :
The Department of Homeland Security (DHS) Federal Network Security (FNS) Branch will conduct one (1) Situational Awareness and Incident Response (SAIR) Tier III Industry Day session at The MITRE Corporation on January 13, 2012 at 10:30 AM. Entrance will be permitted from 9:00 AM.
The purpose of the SAIR Tier III Industry Day is to provide an opportunity for interested parties to become more familiar with the requirements presented in the SAIR Tier III Request for Information (RFI), ask questions, and provide feedback. Attendance at SAIR Tier III Industry Day is NOT a requirement and does not affect any company submitting a response to the RFI.

Pre-registration is MANDATORY for the SAIR Tier III Industry Day. Registration will close on January 6, 2012 at https://register.mitre.org/sair.
 Walk-ins will not be admitted. Due to space limitations, no more than two (2) representatives from each vendor team will be permitted to attend. Foreign nationals are not permitted.
The SAIR Tier III Industry Day will be held on
January 13, 2012 at:
The MITRE Corporation
MITRE 1 Building Auditorium
7525 Colshire Drive
McLean, VA 22102-7539

Directions to the facility can be found at:
http://www.mitre.org/about/locations/va_mclean_mitre1.html.

Entrance and check-in are through the MITRE 1 Building South Lobby. Attendees MUST present picture identification (drivers license or state ID) matching the name on their registration to be issued a temporary visitor badge for the duration of SAIR Tier III Industry Day. Attendees are advised to allow time for check-in, which will begin at 9:00 AM.
The schedule for the SAIR Tier III Industry Day follows:
9:00 – 10:30 Arrival
10:30 – 10:45 Welcome
10:45 – 12:00 Requirements presentation
12:00 – 12:30 Qualified Products List (QPL) presentation
12:30 – 1:30 Break for lunch (not provided, cafeteria on-site)
1:30 – 3:30 Panel question/answer session
3:30 – 3:45 Recap

 

 

Added:
Dec 01, 2011 9:51 am

The purpose of this amendment is to replace the pdf files with excel  spreadsheets to facilitate editing and other changes under Attachment 1 and consolidating multiple PDF files under Attachment 2.

Attachment 1 – Requirements Worksheets is amended to delete the following pdf files: Asset Management Tool, Configuration Management Tool, FISMA Security Authorization management Tool, Governance Risk and Compliance management Tool, Malware Detection Tool, and Vulnerability Management Tool. The deleted files in Attachment 1 are replaced with the following excel spreadsheets: Vendor_Response_Form_Asset_Management Tool_v1 1, Vendor_Response_Form_Configuration_Management_Tool_v1 1, Vendor_ Response_Form_FISMA_SA_Tool_v1 1, Vendor_Response_Form_GRC_Tool_v1 1, Vendor_Response_Form_Malware_Tool_v1 1, and Vendor_Response_Form_Vulnerability_Management_Tool_v1 1

Attachment 2-Draft SAIR Tier III Product Performance Requirements for Information Security Continuous Monitoring is amended to delete the following files: SAIR Tier III Product Performance Requirements for Information Security Continuous Monitoring part 1, SAIR Tier III Product Performance Requirements for Information Security Continuous Monitoring part 2, and SAIR Tier III Product Performance Requirements for Information Security Continuous Monitoring part 3. The deleted pdf files under Attachment 2 are consolidated under one pdf file (SAIR III_Requirements _v1 1-1).

Attachment 3 CMRS_CONOPS_CyberOps v10 Final remains unchanged.

Please consult the list of document viewers if you cannot open a file.
Attachment 3–Continuous Monitoring and Risk Concept of Operations (CONOPS) for Supporting Agency Cyber Security Operations
Type: Other (Draft RFPs/RFIs, Responses to Questions, etc..)

Label: Attachment 3–Continuous Monitoring and Risk Concept of Operations (CONOPS) for Supporting Agency Cyber Security Operations

Posted Date: November 23, 2011

Download/View Continuous Monitoring and Risk Scoring Concept of Operation (CONOPS) for Supporting Agency Cyber Security Operations.pdf
Description: Continuous Monitoring and Risk Concept of Operations (CONOPS) for Supporting Agency Cyber Security Operations. This document is provided as background and does not require Vendor Comment

Attachment 1–Requirements Worksheets
Type: Other (Draft RFPs/RFIs, Responses to Questions, etc..)

Label: Attachment 1–Requirements Worksheets

Posted Date: November 23, 2011

Description: Asset Management Tool
Description: Configuration Management Tool
Description: FISMA Security Authorization Management Tool
Description: Governance Risk and Compliance Manangement Tool
Description: Malware Detection Tool
Description: Vulnerability Management Tool

Attachment 2– Draft SAIR Tier III Product Performance Requirements for Information Security Continuous Monitoring
Type: Other (Draft RFPs/RFIs, Responses to Questions, etc..)

Label: Attachment 2– Draft SAIR Tier III Product Performance Requirements for Information Security Continuous Monitoring

Posted Date: November 23, 2011

Download/View SAIR Tier III Product Performance Requirements for Information Security Continuous Monitoring Part 1 of 3.pdf
Description: Draft SAIR Tier III Product Performance Requirements for Information Security Continuous Monitoring Part 1 of 3
Download/View SAIR Tier III Product Performance Requirements for Information Security Continuous Monitoring Part 2 of 3.pdf
Description: Draft SAIR Tier III Product Performance Requirements for Information Security Continuous Monitoring Part 2 of 3
Download/View SAIR Tier III Product Performance Requirements for Information Security Continuous Monitoring Part 3 of 3.pdf
Description: Draft SAIR Tier III Product Performance Requirements for Information Security Continuous Monitoring Part 3 of 3

Amendment 1
Type: Mod/Amendment

Posted Date: December 1, 2011

Description: Attachment 3 CMRS_CONOPS_CyberOps v1 0 Final

Amendment 2
Type: Mod/Amendment

Posted Date: December 1, 2011

Download/View Vendor_Response_Form_Asset_Management_Tool_v1 1.xlsx
Description: Attachment 1 Vendor_Response_Form_Asset_Management Tool_v1 1
Download/View Vendor_Response_Form_Configuration_Management_Tool_v1 1.xlsx
Description: Attachment 1 Vendor_Response_Form_Configuration_Management_Tool_v1 1
Description: Attachment 1 Vendor_Response_Form_FISMA_SA_Tool_ v1 1
Description: Attachment 1 Vendor_Response_Form_GRC_Tool_v1 1
Download/View Vendor_Response_Form_Malware_Detection_Tool_v1 1.xlsx
Description: Attachment 1 Vendor_Response_Form_Malware_Detection_Tool_v1 1
Download/View Vendor_Response_Form_Vulnerability_Management_Tool_v1 1.xlsx
Description: Attachment 1 Response_Form_Vulnerability_Management_Tool_v1 1

Amendment 3
Type: Mod/Amendment

Posted Date: December 1, 2011

Description: Attachment 2 SAIR III_Requirements_v1 1-1

Questions and Responses Concerning the SAIR Teir III RFI
Type: Other (Draft RFPs/RFIs, Responses to Questions, etc..)

Label: Questions and Responses Concerning the SAIR Teir III RFI

Posted Date: January 5, 2012

Download/View Questions and Responses Concerning the SAIR Tier III RFI.pdf
Description: This document contains the Question and the Responses concerning the SAIR Tier III RFI

Aquisition Process
Type: Other (Draft RFPs/RFIs, Responses to Questions, etc..)

Label: Aquisition Process

Posted Date: January 18, 2012

Download/View Situational Awareness Incident Response (SAIR) Acquisition Process.pdf
Description: Situational Awareness Incident Response (SAIR) Acquisition Process

Industry Day Agenda
Type: Other (Draft RFPs/RFIs, Responses to Questions, etc..)

Label: Industry Day Agenda

Posted Date: January 18, 2012

Description: Agenda- Industry Day January 13, 2012

SAIR Teir III RFI Industry Day Product Performance Functions
Type: Other (Draft RFPs/RFIs, Responses to Questions, etc..)

Label: SAIR Teir III RFI Industry Day Product Performance Functions

Posted Date: January 18, 2012

Download/View SAIR Tier III RFI Industry Day Product Performance Functions.pdf
Description: SAIR Tier III RFI Industry Day Product Performance Functions

SAIR Tier III Industry Day DHS FNS Overview
Type:
Other (Draft RFPs/RFIs, Responses to Questions, etc..)

Label:  SAIR Tier III Industry Day DHS FNS Overview

Posted Date: January 18, 2012

Description: SAIR Tier III Industry Day DHS FNS Overview

:
Office of the Chief Procurement Officer
Washington, District of Columbia 20528
United States

: Washington DC

United States

: Tanisha L. Walcott,
Contract Specialist
Phone: 2024470612

:
Robert Degnan,
Contracting Officer
Phone: 202-447-5576
Fax: 202-447-5725

Facebooktwittergoogle_plusredditpinterestlinkedinmail

One response to “Updated: Situational Awareness Incident Response (SAIR) Tier III Project and Industry Day Notice”

  1. frederickgragg says:

    Unlock the potential of your manufacturing career with the https://www.examstrust.com/product-detail/manufacturing-cloud-professional-cert-exam.html Exam! This certification validates your expertise in implementing Salesforce solutions tailored to the manufacturing industry. Showcase your skills in streamlining operations, enhancing customer relationships, and driving innovation. The exam covers key areas like sales agreements, forecasting, and manufacturing-specific data management, ensuring you can deliver impactful solutions. Gain a competitive edge with a certification that demonstrates your ability to leverage Salesforce’s robust features to transform manufacturing processes. Elevate your professional profile and become a trusted expert in the Salesforce Manufacturing Cloud today!

Leave a Reply

Your email address will not be published.

Please Answer: *