Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF OCTOBER 27, 2016 FBO #5452
SOURCES SOUGHT

U -- CGCYBER has a requirement to procure cyber security training for CGCYBER personnel located in Washington, DC and Alexandria, VA.

Notice Date
10/25/2016
 
Notice Type
Sources Sought
 
NAICS
611420 — Computer Training
 
Contracting Office
Department of Homeland Security, United States Coast Guard (USCG), C4IT (C3CEN), Coast Guard Blvd, Portsmouth, Virginia, 23703, United States
 
ZIP Code
23703
 
Solicitation Number
HSCG79-17-RFI0001
 
Point of Contact
Katherine Marie Kearney, Phone: 7572952280
 
E-Mail Address
katherine.m.kearney@uscg.mil
(katherine.m.kearney@uscg.mil)
 
Small Business Set-Aside
N/A
 
Description
Request for Information for U.S. Coast Guard Cyber Command RFI # HSCG79-17-R-RFI0001 Disclaimer and Important Notes: This posting is a Request for Information (RFI) from interested vendors and is issued solely for informational and planning purposes. This posting is not a Request for Proposals or a Request for Quotations, and it is not considered to be a commitment by the Government to award a contract nor is the Government responsible for any costs incurred in furnishing information provided under this RFI. No basis for claim against the Government shall arise as a result from a response to this RFI or Government use of any information provided. Further, the Coast Guard is not at this time seeking proposals and will not accept unsolicited proposals. No proprietary, classified, confidential, or sensitive information should be included in your response to this RFI. The Government reserves the right to use any information provided by respondents for any purpose deemed necessary and legally appropriate, including using technical information provided by respondents in any resultant solicitation. Responses will assist the Government in determining the availability of potential solutions and commercial products in the market. At this time no solicitation exists; therefore, do Not Request a Copy of the Solicitation. It is the responsibility of the potential offerors to monitor this site for additional information pertaining to this requirement. Requirement: The Department of Homeland Security (DHS), U.S. Coast Guard Cyber Command's (CGCYBER) primary mission is the active defense of all Coast Guard data, computer networks and systems, against all threats. CGCYBER is responsible for Computer Network Defense (CND) tasking as assigned by cognizant Coast Guard and Department of Defense authorities and in accordance with applicable Directives, Instructions and Business Policy. CGCYBER has a requirement to procure cyber security training for CGCYBER personnel located in Washington, DC and Alexandria, VA. The required training will vary between the following categories: Commercial Courses Resulting in Certification (1.A), Commercial Training for Software Tools (1.B), and Custom Training Based on Curriculum and Material Owned by Coast Guard Cyber Command (1.C). CGCYBER has a continuing need for access to qualified personnel with the required knowledge and experience to facilitate or procure training (to include seats, materials and exam vouchers for courses intended to result in certification). Due to the rapidly evolving nature of cyber security, CGCYBER has a need to send members to training on irregular intervals which would require a vendor to procure training on potentially short notice. The number of seats required per instance will vary from one to many. Responses to the RFI will need to include details of how such training may be provided. In addition, the vendor will be prepared to provide variable technical and project management assistance in establishing, configuring, and maintaining a Simulation, Training, and exercise Platform (STEP) environment which replicates the USCG's unclassified network, CGOne, with identical routers and firewall hardware components (1.D.) 1.A. Commercial Courses Resulting in Certification These services do not require that the vendor provide the training but that the vendor is able to procure the appropriate training course seats, materials, and exam vouchers for courses intended to result in certification. For the courses listed below, the vendor will need to procure the specific course along with the corresponding certification (to include the seats, materials, and exam vouchers): SANS Courses Corresponding Certifications SEC301: Intro to Information Security GIAC Information Security Fundamentals (GISF) SEC401: Security Essentials Bootcamp Style GIAC Security Essentials (GSEC) SEC501: Advanced Security Essentials - Enterprise Defender GIAC Certified Enterprise Defender (GCED) SEC503: Intrusion Detection In-Depth GIAC Certified Intrusion Analyst (GCIA) SEC504: Hacker Tools, Techniques, Exploits and Incident Handling GIAC Certified Incident Handler (GCIH) SEC505: Securing Windows and PowerShell Automation GIAC Certified Windows Security Administrator (GCWN) SEC511: Continuous Monitoring and Security Operations GIAC Continuous Monitoring Certification (GMON) SEC542: Web App Penetration Testing and Ethical Hacking GIAC Web Application Penetration Tester (GWAPT) SEC560: Network Penetration Testing and Ethical Hacking GIAC Penetration Tester (GPEN) SEC566: Implementing and Auditing the Critical Security Controls - In-Depth GIAC Critical Controls Certification (GCCC) SEC573: Python for Penetration Testers GIAC Python Coder (GPYC) SEC575: Mobile Device Security and Ethical Hacking New GIAC Mobile Device Security Analyst (GMOB) SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) FOR408: Windows Forensic Analysis GIAC Certified Forensic Examiner (GCFE) FOR508: Advanced Digital Forensics and Incident Response GIAC Certified Forensic Analyst (GCFA) FOR572: Advanced Network Forensics and Analysis GIAC Network Forensic Analyst (GNFA) For the certifications listed below that are not mapped to a specific course, the vendor will need to procure an appropriate commercial course that will result in the required certification (to include the seats, materials, and exam vouchers): CompTIA (Certifications) https://www.comptia.org Credential Abbreviation Full Name CASP Advanced Security Practitioner Sec+ Security+ Analyst+ Cybersecurity Analyst+ Net+ Network+ EC-Council (Certifications) http://www.eccouncil.org/ Credential Abbreviation Full Name CEH Certified Ethical Hacker ECSA EC-Council's Certified Security Analyst LPT Licensed Penetration Tester CHFI Certified Hacking Forensic Investigator ECIH EC-Council Certified Incident Handler ENSA EC-Council Network Security Administrator (ISC)2 (Certifications) https://www.isc2.org/ Credential Abbreviation Full Name CISSP Certified Information Systems Security Professional CISSP-ISSMP Information Systems Security Management Professional SSCP Systems Security Certified Practitioner CCFP Certified Cyber Forensics Professional CCSP Certified Cloud Security Professional Offensive Security (Certifications) https://www.offensive-security.com/ Credential Abbreviation Full Name OSCP Offensive Security Certified Professional OSCE Offensive Security Certified Expert OSWE Offensive Security Web Expert ISACA (Certifications) http://www.isaca.org/ Credential Abbreviation Full Name CISA Certified Information Systems Auditor CISM Certified Information Security Manager CRISC Certified In Risk and Information Systems Control CISCO (Certifications) http://www.cisco.com/ Credential Abbreviation Full Name CCNA Security Cisco Certified Network Associate - Security CCNP Security Cisco Certified Network Professional - Security CCIE Security Cisco Certified Internetwork Expert - Security CCNA CyberOps Cisco Certified Network Professional - CyberOps CCNA R&S CCNA Routing and Switching CCNP R&S CCNP Routing and Switching SCYBER Cisco Cybersecurity Specialist SSFIPS Securing Networks with Cisco Firepower Next-Generation IPS SSFAMP Protecting Against Malware Threats with Cisco AMP for Endpoints SSFRULES Securing Cisco Networks with Snort Rule Writing Best Practices SSFSNORT Securing Cisco Networks with Open Source Snort PMI (Certifications) https://www.pmi.org/certifications Credential Abbreviation Full Name PMP Project Management Professional PgMP Program Management Professional CAPM Certified Associate in Project Management PMI RMP Risk Management Professional PMI (Certifications) https://www.pmi.org/certifications Credential Abbreviation Full Name GRCP GRC Professional Certificate GRCA GRC Audit Certificate Project Management (Courses) Information Technology Infrastructure Library (ITIL) v3 1.B. Commercial Training for Software Tools Some members of CGCYBER may require specialized training for a specific tool. The type of training may range from introductory to expert level. The vendor will need to be able to research and procure appropriate commercial training for the below example set of tools on a variable basis. This list is not all inclusive. This should be accomplished by use of commercially available training similar to section 1.A. The government understands commercial training may not be available for all requests. HP Web Inspect Enterprise BURP Suite App Detective Pro ProofPoint Sourcefire IPS HBSS ePO - push agents, RSD/AV/DLP Splunk McAfee Nitro SIEM Solera/BlueCoat Nixum 1.C. Custom Training Based on Curriculum and Material Owned by CGCYBER The vendor shall provide introductory computer network defense concepts and application tools training. Once these concepts are mastered, follow on trainings will be conducted by the vendor which discusses more advanced security operation tools and investigative analytic techniques. The structured layout for basic introductory training will be broken down into the following one week sessions: Week 1: Linux Operating System and Virtualization Training during this one week session will focus on gaining fundamental knowledge of the Linux Operating System environment and virtualization technologies that a USCG watch analyst will come into contact with on a daily basis. Students will be introduced to the following topics: • Introduction to Linux/Unix Operating System • Package management & installing of applications • User management & access controls • Remote access & file sharing techniques • File operations: Creating, Modifying, Moving, Copying, and Deleting • Basic scripting & command line shortcuts • Virtualization installation, configuration, snapshots & networking Week 2: Network Analyst Fundamentals Training during this one week session will focus on gaining an understanding of the common network protocols and communication models. Students will be introduced to the following topics: • Network Messaging & Topology Fundamentals • OSI, TCP/IP communication stack/model • IP, ICMP, TCP, SMTP, HTTP, SSH and UDP protocols • ASCII Hex & binary based communication protocols • Network Sniffer Basics • Server Protocols • Performing network analysis with Wireshark • Using network analysis technologies including ngrep, tcpdump, bpf filters, tshark, and other common network analysis toolsets • Network forensics & evidence collection • Linux, Unix, & Windows Operating System/Platform fundamentals • Encryption & hashing fundamentals 90% of the above curriculum (weeks 1 and 2) is already developed. Week 3: Security Design/IT Auditor/Risk Management Training during this one week session will focus on gaining an understanding of security design architectures, IT auditing and risk management practices. Students will be introduced to the following topics: • Security & Risk management/engineering • Access Controls & identity management • Security architecture & design fundamentals • Defensible networks • Legislation, standards, and policies that drive IT Auditing • IT Auditor's role & responsibilities for protecting systems • Risk Management • NIST SP 800-30 Rev. 1 Guide for Conducting Risk Assessments • NIST SP 800-53 Rev. 4 Security Controls and their Structured Components • Accurate assessment reporting • Documentation of assessment results when performing audits • Use of various approved tools for auditing including Nessus, Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG), and CIS Benchmarks • Industry best practice methodologies & tools Above training will have to be customized to USCG standards due to both DoD and DHS policies. The structured layout for advanced training will be broken down into the following one week sessions: Week 1: Security Operations Tools & Investigation Techniques Part 1 Training during this one week session will focus on gaining an understanding of how to perform security operation investigations by analyzing events and data provided by security monitoring technologies. Students will be introduced to the following topics: • IDS/IPS rule structure & syntax (e.g. Installation/Configuration, Normalization, Tuning, Rules Writing, Evasion) • Extracting artifacts & evidence from network captures • Investigating network activities & suspicious sessions • Quickly processing IDS/IPS events to determine context & situation • Performing passive reconnaissance & intelligence gathering • Utilizing standardized tools & techniques in a dirty network environment effectively Week 2: Security Operations Tools & Investigation Techniques Part 2 Training during this one week session will focus on gaining an understanding of how to perform security operations investigations by analyzing events and data provided by security monitoring technologies. Students will be introduced to the following topics: • Researching Domains & IP's, and DNS investigations to include Fast Flux network investigations • Online & command line tools • Malware Classification & Vendor Naming • Using online tools such as VirusTotal & ThreatExpert to interpret results • Online sandboxes & investigations (e.g. VirusTotal, ThreatExpert, Anubus, Malwr and others) • Analyzing Documents, Shellcode, URL's, and remote exploitation techniques • Automated & manual processing & identification • Investigation, tracking & decoding techniques • Security Operation Processes • Log books & notes • Case File management • Evidence collection & management Week 3: Dynamic Analysis Techniques & Technologies Training during this one week session will focus on gaining a fundamental & comprehensive understanding of dynamic analysis techniques and technologies used within a security operations center on a daily basis. Students will be introduced to the following topics. This also adds in some items from previous that we would build upon/revisit topics from previous courses. • Installing, maintaining, securing, & optimizing a dynamic analysis sandbox environment • Effectively using a dynamic analysis sandbox environment • Interpreting results & investigating logs within a sandbox environment • Classifying malware & other suspicious activities • Using online sandboxes & other reputational services • Analyzing real world malware & malicious attacks using dynamic analysis • Identifying & analyzing data exfiltration techniques • Analyzing malicious documents such as PDF file & Windows documents • Tracing complex attacks through multiple networks and technologies • Decompiling & reconstructing complex network attacks • De-Obfuscating JavaScript & other common evasion techniques • Detecting & analyzing advanced evasion techniques & covert communication channels 75% of above curriculum (weeks 1-3) is already developed. 1.D. Development of Training Environment The vendor will be prepared to provide variable technical and project management assistance in establishing, configuring, and maintaining a Simulation, Training, and exercise Platform (STEP) environment which replicates USCG's unclassified network, CGOne, with identical CISCO routers and firewall hardware components. The mock network must use the following software applications; Sourcefire Enterprise Network Intrusion Detection System (NIDS), McAfee Host Base System Security Suite (HBSS) enterprise Policy Orchestrator (ePO), and McAfee Security Event and Incident Management (SEIM) application or applications in use on the Coast Guard's production environment. The version of the software will be determined based on the Coast Guard's current implementation. The STEP environment will need to support USCG employees being able to establish a connection from an external host via VPN connection for the purposes of training and exercises. It is expected development of this STEP environment will be variable based on the changing production environment. Support of this nature may or may not be required from the vendor from year to year. The NAICS Code for this solicitation is 611420. Contractors doing business with the Government are required to register in the System for Award Management (SAM) database before they can be awarded a contract. A template containing the information for registration can be found at: https://www.sam.gov/portal/public/SAM/. Submission of Information: Interested parties are encouraged to submit a response which supports the company's claim that it presently has the capability, qualifications, and experience to satisfy the requirements. If there are areas in the Draft Scope of Work that your company and perspective team can not meet, please identify those areas in your response along with amplifying information as to why your team cannot meet the government's request. The Coast Guard's requirement may be refined based on knowledge gained from RFI submissions. Specifically, any interested parties are requested to provide the following information: 1. Name of Company and DUNS number 2. Point of contact and phone number 3. Size of Business according to North American Industry Classification System (NAICS) Code 611420. 4. Positive statement of your interest in this procurement as a prime contractor 5. Description of your capabilities, qualifications, and experiences that might fill this requirement: a. What type of training experience does your company have? b. What is the minimum required amount of time for requesting procurement of a seat in a commercial training class? c. What is the turnaround time from request to procurement of a seat in a training class? d. How does your company provide training for software/hardware tools where the customer does not request a specific class/certification? Can your company develop custom training or contract a subject matter expert if no commercial training is available? e. What commercial services that you offer could be modified to fulfill this need? f. Do you have a commercial catalog for a related group of products or services? g. What experience does your company have as a prime contractor managing the efforts of one or more sub-contractors supporting a Federal Agency? h. Do you offer quantity or other discounts to your customers? i. Do you have the ability to host and perform services described within local commuting distance of Washington, DC and Alexandria, VA? j. The addition of intelligence systems which may require on-site training may result in training performed in a Top Secret/SCI environment. Will your company be able to provide an appropriately cleared member for such training? k. Solutions/approaches not specifically conforming to the Coast Guard's current requirement may be submitted (i.e. Does your company have a better way of meeting the Government's requirement?). All comments/questions/concerns are encouraged and should be sent in writing to the Contract Specialist, Katherine.M.Kearney@uscg.mil. Upon receiving feedback, the Coast Guard will assess all input and its impact on the development of the final scope of work. Submit your response by 2:00 PM EST on November 28, 2016 to the Contract Specialist, Katherine.M.Kearney@uscg.mil. Any questions regarding this RFI may be referred to Ms. Kearney via e-mail.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/2fc8fbb30802b34c3f6eb6a3521085b8)
 
Place of Performance
Address: Washington, DC and Alexandria, VA, United States
 
Record
SN04312519-W 20161027/161025234605-2fc8fbb30802b34c3f6eb6a3521085b8 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.