The purpose of this Contract is to procure the full range of cybersecurity, network operations, management, and other professional support services described herein for the DHS HQ OCIO and select DHS Components. These services will enable DHS to provide network, cloud platform, system, application, and cybersecurity monitoring and analysis, incident management and coordination, and alert and notification functions in support of the broader DHS information enterprise and to provide other related cybersecurity services.
The primary objective of this Contract is to evolve the DHS HQ NOSC to build a best-in-class service entity that meets DHS Cybersecurity Provider (CSP) Program, industrial, and other doctrinal Center of Excellence service maturity standards. The secondary objective is to redefine the DHS HQ NOSC as the central hub of IT Service Management—for network infrastructure (WAN and select LAN); platform (including cloud), system, and application; and cybersecurity—monitoring and analysis, event and incident management, and incident response and recovery for the DHS HSEN at all information processing and classification levels – open source, SBU and CUI, Classified (Secret and Top Secret), Sensitive Compartmented Information, and Special Access Program information.
Network infrastructure monitoring and analysis and event and incident management and response services are comprised of, but not limited to, pro-active and reactive monitoring of all network infrastructure comprising the HSEN WAN and all DHS HQ / Management Directorate LANs, including the up/down status of all circuits as well as edge infrastructure devices and boundary points for both HQ and DHS components.
Cloud, platform, system, and application monitoring and analysis and event and incident management and response services are similarly comprised of, but not limited to, pro-active and reactive monitoring of all tenant cloud, platform, FISMA system, and other applications.
Cybersecurity services include but are not limited to the following general class of cybersecurity capabilities and functions: monitoring and analysis (M&A) support, log management support, incident handling and incident response support, asset visibility and monitoring, email security, cyber threat intelligence (CTI) support, intrusion defense, threat hunting; cyber forensics and malware analysis (CFMA), evidence management and insider threat support, cybersecurity maturity analytic testing (blue, purple, and red teaming), and penetration testing. Additional cybersecurity services such as DHS CSP component Network Operations Center (NOC) / Security Operations Center (SOC) audits, the Information Security Vulnerability Management Program, Security Control Assessment Support, and reporting on Federal Information Security Modernization Act (FISMA) metrics are also included.
