Under the auspices of the EAGLE Next Generation (Next Gen) Program that focuses on effectively and efficiently addressing the Department of Homeland Security’s (DHS) diverse information technology (IT) service needs, DHS is seeking information and comments from industry concerning the attached draft statement of work related to approaches for providing cybersecurity staff services for the operation of DHS Security Operations Centers (SOCs). DHS defines SOCs as being facilities where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended. SOCs are responsible for ensuring that potential cyber security incidents are correctly identified, analyzed, defended, investigated, and reported. Detection response time is critical to this effort.
The Department of Homeland Security (DHS) has a complex and demanding mission. To assist in meeting that mission, DHS needs robust and effective information systems. It also needs to protect those systems from cyber threats posed by nation states and criminal enterprises. This RFI will provide useful information on industry opinion regarding approaches for obtaining staff support for SOC operations in Government facilities.
DHS currently operates SOCs located in the National Capital Region and in other locations within the continental United States. Past practice has been for each SOC to contract independently for staff support services for its operations. A variety of contracting vehicles has been used to acquire these services.
The cybersecurity services that DHS will require to support the operation of its SOCs include but are not limited to the following:
• Monitoring and Analysis (7x24x365)
• Email Monitoring
• Network Traffic Monitoring
• Attack Sensing & Warning
• Asset Discovery and Management
• Web and Communications Log Capture & Analysis
• Trend Analysis & Correlation
• Digital Media Analysis
• Malware Analysis & Reverse Engineering
• Penetration Testing
• Cyber Threat Intelligence
• Communications and Coordination
• Pattern Analysis
• Vulnerability Assessment
• Incident Response, Mitigation, Remediation, and Recovery
• Cybersecurity Infrastructure Architecture & Engineering
• Cybersecurity Infrastructure Operations, Maintenance, and Administration
• Cybersecurity Application Development, Deployment, & Integration
• Insider Threat Hunting
• Cybersecurity Program Management
Individual SOCs will only acquire those services deemed necessary to support their specific missions.
In May of 2018, DHS issued an RFI (70RTAC-18-RFI-SOC-MSP) in order to identify vendors with the capability to act as Managed Service Providers (MSPs) to DHS SOCs. This RFI is a result of a change in approach to obtaining future cybersecurity support services for DHS SOC operations.