Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF AUGUST 31, 2022 SAM #7579
SOURCES SOUGHT

99 -- User Activity Monitoring Solution for DoD Insider Threat Management and Analysis Center

Notice Date
8/29/2022 11:23:48 AM
 
Notice Type
Sources Sought
 
Contracting Office
DEFENSE CI AND SECURITY AGENCY QUANTICO VA 22134 USA
 
ZIP Code
22134
 
Solicitation Number
HS002122-DITMAC-UAM
 
Response Due
9/23/2022 8:00:00 AM
 
Point of Contact
Joseph Holt
 
E-Mail Address
joseph.d.holt14.civ@mail.mil
(joseph.d.holt14.civ@mail.mil)
 
Description
Defense Counterintelligence and Security Agency (DCSA) DoD Insider Threat Management and Analysis Center (DITMAC) User Activity Monitoring (UAM) Solution Request for Information Description: I. Disclaimer: This Request for Information (RFI) is issued for planning purposes only and is not a Request for Proposal (RFP), Invitation for Bid, or an obligation on the part of the Government to acquire any products or services. In accordance with FAR 15.201(e), responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract. All costs associated with responding to the RFI will be solely at the responding party's expense. The Government will not reimburse respondents for any costs associated with the preparation or submission of the information requested. No funds have been authorized, appropriated, or received for this contemplated effort. The information provided may be used in developing an acquisition strategy, statement of work (SOW), statement of objectives (SOO), or performance work statement (PWS). Some information resulting from this RFI may eventually be included in one or more RFPs, which would be released to industry. The Defense Counterintelligence and Security Agency (DCSA) prefers capability statements that do not include proprietary information. However, if submitted, any proprietary information should be marked as such. Companies are also advised that the Government may contact those who respond to this announcement to clarify the information submitted. Any subsequent actions resulting from the evaluation of the information provided in response to the RFI may be synopsized at a future date. If synopsized, information detailing the specific requirements of this procurement will be included. Not responding to this RFI does not preclude participation in any future RFP, if issued.� If a solicitation is released, it will be synopsized on SAM.gov. It is the responsibility of the potential respondents to monitor this site for additional information pertaining to this requirement. II. Overview: In December 2014, DCSA was appointed by the Secretary of Defense to incubate the DoD Insider Threat Management and Analysis Center (DITMAC) program, affirmed in January 2017 via DoD Directive 5205.16, Change 1. The mission of the DITMAC is to enable information sharing, collaboration, analysis, and risk mitigation across the DoD Components to address current and emerging threats to DoD personnel, assets, and information by insiders. It fills a critical gap within the DoD by empowering and entrusting a single senior Defense official with the task of working with all DoD Component Counter-Insider Threat (C-InT) programs to promote best practices, drive innovation, promulgate a fundamental set of standards, and provide resource and policy advocacy to senior decision makers, and through an enterprise-level analytic function close seams between Components that are potentially exploitable by insiders. DITMAC provides the DoD enterprise a capability to identify, assess and mitigate risk from insiders, to oversee and manage unauthorized disclosures, and to integrate, manage, mature and professionalize insider threat management and analysis capabilities. In FY21 the User Activity Monitoring Program Management Office (UAM PMO) was stood up within the DITMAC. III. Background: DCSA is made up of multiple mission centers. One of those is DITMAC. The DITMAC is responsible for establishing and implementing a DoD enterprise Non-classified Internet Protocol Router (NIPR) User Activity Monitoring (UAM) Program. As part of this Program, the newly created UAM PMO will implement NIPR UAM Program minimum standards to support the enterprise C-InT capabilities. The UAM PMO will offer a centralized solution that DoD Components can utilize to meet the established minimum standards and perform UAM on their unclassified systems. Components will have the option to participate in this centralized offering or maintain their own program. The DoD enterprise will need to comply with the established minimum standards for conducting NIPR UAM. As part of the centralized program, DITMAC plans to acquire a solution and analytical capability that will be offered to the DoD enterprise. Components will utilize the solution if they participate in the UAM PMO centralized program. The solution can also be utilized by those Components that want to maintain their own program, but want access to the solution through the UAM PMO. In order to accommodate differing Component needs, the solution, while offered at an enterprise level, will need to be customizable for Components and subgroups within a Component. Information from the solution will be provided to multiple different stakeholders. The number of endpoints will differ between each Component, and is yet to be determined but the solution will likely need to support Components requiring small, medium, and large deployments. For the purpose of this RFI, small UAM deployment is up to 10,000 endpoints; medium UAM deployment is 10,000 to 50,000 endpoints; and large UAM deployment is 50,000 to 200,000 endpoints. Implementing a UAM program on unclassified networks across the DoD enterprise will require an agile, scalable solution. Needs will change as the program moves from an initial capability to a final capability. IV. Requirements:� The following items listed below provide a summary of the desired requirements and capabilities the Government is seeking in a UAM solution: Ability to support any unclassified Government network and Information Technology (IT) environment including operational and pre-production enclaves. Ability to meet Government compliance standards (e.g., NIST 800-53, NIST 800-171, FIPS 140, ITAR). Ability to design a solution for Government to store UAM data. Ability to be installed on endpoints remotely. Ability to scale endpoint coverage. Ability to provide system patching remotely. Ability to deploy, manage, and update the agent silently without alerting end user. Ability to run in an unobtrusive manner with no perceptible lag time that would degrade end user experience. Ability to alert or trigger concerning end user behavior or changes in end user behavior. Ability to provide role-based access for program analysts. Ability to aggregate all activity to a centralized monitoring infrastructure. Ability to customize alerts or triggers for different organizations and groups. Ability to provide recommended indicators, alerts, or triggers for different insider threat concerns (e.g., domestic extremism, harm to self, harm to others, unauthorized disclosure). Ability to provide data analytics to help manage alerts or triggers. Ability to create, generate, and export UAM reports. V. Responses:� The Government is seeking market information on potential unclassified UAM solutions. Interested parties are invited to share their information and solutions as the Government refines its requirements. Responses shall be provided in 2 sections. Section 1 of the response shall provide administrative information, and shall include the following as a minimum: Organization name, mailing address, overnight delivery address (if different from mailing address), phone number, fax number, and name and e-mail of designated point of contact. Business type (large business, small business, small-disadvantaged business, 8(a)-certified small-disadvantaged business, HUB Zone small business, woman-owned small business, very small business, veteran-owned small business, service-disabled veteran-owned small business). Country of origin. Government-Wide Acquisition Contracts (GWACs) available to procure proposed UAM solution. Section 2 of the response shall provide technical and contractual information, and shall include the following as a minimum: Please provide a high-level description of how the solution does or does not address the following: Architecture: Supported environments (e.g., operating systems, workstations/personal computers, mobile devices, legacy devices). Options for system architecture (e.g., endpoint agents, collector servers, activity forwarders, centralized logging servers). Technical requirements and dependencies for endpoints (e.g., RAM, storage for cached logs, network bandwidth). Technical requirement and dependencies for servers (e.g., operating systems, RAM, storage). Scalability (e.g., increasing capacity of data store, on-prem or cloud, ability to monitor within small, medium, and large deployments as defined in Background section, ability to quickly expand beyond each of those deployment sizes). Robustness (e.g., collection/forwarding of data can survive network failure, low bandwidth, loss of primary communications channel, tampering/disabling agent). Data storage (e.g., associated costs with on-prem/cloud data storage, warm, hot, cold tiers, and associated data lifecycle policies). Interoperability (e.g., integration with existing enterprise directory services, cloud applications and services, HR data, physical badging/asset systems, SIEMs, network infrastructure, other security and insider threat products). Supported export tools, formats, and workflows (e.g., JSON, CSV, PDF, other SIEMs, ticketing systems). Additional sensors, visibility, and data ingest mechanisms (e.g., cloud services, network devices, Microsoft O365, firewalls/routers, Dropbox, other SIEMs). System Management: Installation process (e.g., server and management console installation). Endpoint agent administration and configuration (e.g., deploying, testing, updating, reconfiguring endpoint agents, reallocating endpoint agents). Data security and confidentiality (e.g., encryption, data-at-rest, data-in-transit, analyst authentication). Indicator or policy management (e.g., creating, deploying, testing, updating, and tuning indicators or policies). Centralized management console. Audit tampering and anti-disable features (e.g., deploy and operate agent without alerting end user, resistance to system failures and tampering). Audit of analyst activity (e.g., logging of analyst activity when configuring the solution, running inquiries and investigations). Known conflicts (e.g., interference with operation of antivirus, threat detection and prevention solutions, or any other standard software routinely installed on systems). Maintenance (e.g., update process for system software, agents, application monitoring packs, policy updates). Health and status monitoring (e.g., alert if loss of communications with agent, system overload, and other agent/system failures). Monitoring: Collection, detection, and prevention capabilities in capturing and detecting end user activities (e.g., general system information, network activity, logon/logoff information, web browser activity, email, collaboration tools, removable media, printing, copy/paste, file upload/download, encrypting data, registry modification, clearing system or application logs, command-line activity). Support for any existing Government UAM directives (e.g., CNSSD 504) Analysis, Reporting and Visualization: Analysis, querying, correlation, and metrics (e.g., risk scoring, UI, performing analysis, querying, etc.). Change detection (e.g., individual baseline, organization baseline) Built-in indicators, alerts, or triggers. Customization of alerts or triggers for different organizations and end user groups within the same solution environment. Additional indicators, alerts, or triggers available at cost. Reporting and visualization (e.g., generating a report for specific end user/incident). Vendor Support and Costs: Technical support and training (e.g., onsite vs. remote support, analyst/administrator training, 24/7 vendor support). Product maturity (e.g., quantity of bug fixes, long-term support options, source code review). Pricing model/licensing (e.g., long-term license options, perpetual licenses, license transfers, cost per end user/device/system/analyst, existing Government contract vehicles, costs for additional indicator or policy packs). Contractual Information: Recommended contract types to procure UAM solution (FFP, Cost Plus Fixed Fee, FPAF, CPIF, Firm Fixed Price Award Term, etc.). Recommended contract structure for UAM solution (Single IDIQ, Multiple Award IDIQ, Stand Alone Contract, etc.). Recommended Contract Line-Item Number (CLIN) structure. Composition of the firm and partners necessary to provide the UAM solution. Recommended source selection criteria if a solicitation were created. Information regarding the commerciality of the solution and offerings to the public.� Assumptions or major process changes required for successful execution. Recommended other best practices to procuring a UAM solution. HOW TO RESPOND Interested parties are requested to respond to this RFI with a MS Word Document Format.� Responses shall be limited to 20 pages single sided, 8.5 inch X 11 inch pages using Times New Roman 12 pt. font, with 1 inch margins on top, bottom and sides (11 inch X 14 inch or 11 inch X 17 inch foldouts shall be counted as two pages). The Executive Summary is included in the 20-page count limitation. Responses shall be submitted via e-mail only to brandi.l.hutchings.civ@mail.mil. Proprietary information, if any, should be minimized and must be clearly marked. Responses are due no later than 23 September 2022. VI. Industry Day:� The Government has decide to host an Industry Day in the future to encourage Government/Industry exchanges of information to improve understanding of Government requirements and increase efficiency in future proposal preparations. The industry day hosted by DCSA DITMAC would be conducted to identify potential sources that may possess the expertise, capabilities, and experience to meet the UAM solution requirements. The Government will not reimburse participants for any expenses associated with their participation in this industry day. The Government will have presentation slots, including any setup and preparation needed, available for one-on-one discussions with Government technical personnel. These slots will be filled based on the evaluation of the RFI responses, due no later than 23 September 2022. UAM Solution Industry Day will occur in the National Capital Region, �on October 6, 2022 for all participants. Participation is limited to U.S. Citizens only.. The purpose of the individual-company one-on one session is to allow each company to provide a presentation of their technology to the Government.� To participate in this industry day, please submit a request via email to Mrs. Brandi Hutchings Hutchings at brandi.l.hutchings.civ@mail.mil. Please label the email subject line: RFI Response-UAM Solution- Organization's Name and include the following information:� Organization Details: Company name, address, company point of contact telephone number, email address, and a request to participate/not participate in individual sessions. The company details shall also include a list of the individuals (to include their citizenship, company represented, business address, telephone number and email address) who will participate in the Industry Day (Note: no more than 5 people may attend the Industry Day events for any one RFI response submission). All participants will be required to show proof of their COVID vaccine card (or eligible photo of the card). NO CLASSIFIED information shall be transmitted. In addition, no classified information shall be included in the presentations provided in individual sessions. No telephonic requests will be honored. Proprietary data should be marked accordingly. Please note that no individual one-on one sessions will be established on the day of the event. The request for an individual session shall be requested with submission of the above information no later than 23 September 2022. Dates and times for each company's one-on one session(s) will be selected randomly by the Government. Please note: DCSA reserves the right to provide feedback to the registrant based on the submitted RFI Response to help focus one-on-one sessions on specific topics of interest. Directions and information on hotels and travel accommodations will be provided directly to registrants. The Government will not reimburse interested sources or responders to this notice for any costs incurred in responding, or for subsequent exchanges of information. Information submitted does not constitute a proposal but rather an exchange of capabilities and ideas. The Government does not intend to publish any questions or comments received as a result of this announcement.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/5881632a53d948f791b259688c91e2c2/view)
 
Record
SN06445439-F 20220831/220829230135 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.