On December 31, the US Senate, Office of the Sergeant at Arms posted a sources sought request for cyber security services (solicitation number SSN_2015-S-022) . Interested vendors should submit the requested information by January 16. Full information is available here.
The purpose of this sources sought notice is to gain knowledge of potential qualified industry sources for providing cyber security infrastructure support services to the United States Senate, Office of the Sergeant at Arms (Senate or SAA). The Office of the CIO within the SAA has a broad range of responsibilities that includes providing a secure cyber environment in which to carry out Senate business. The current approach for the delivery of these cyber security infrastructure support services incorporates the use of the Senate’s Security Operations Centers (SOCs) staffed by Contractor and Senate personnel using Senate furnished equipment (SFE) and systems (Current Approach).
The Senate is considering two options for the procurement of cybersecurity support services:
Procure all of the cyber security support services using the Current Approach which employs a Contractor providing the support services listed under the Mandatory Service Capabilities section and the Optional Tasks section below and the personnel located in Senate premises to manage and operate the Senate’s Security Operations Centers (SOCs) using Senate furnished equipment (SFE) and cyber security systems together with Senate personnel;
Procure some of the cyber security support services using the Current Approach as described in Option A with the Contractor providing the support services listed under Mandatory Service Capabilities section and the Optional Tasks section below; and the remaining services delivered as a structured Managed Security Service (MSS) offering with the appropriate Service Level Agreements from the Contractor’s premises. The Senate’s primary candidates for services to be provided as an MSS are noted with a double asterisks (**) below. For the services provided as an MSS, the Senate must maintain sole custody of its data. The Senate will require access to alert metadata to respond to incidents generated by internal sources.
The key functional areas under consideration include, but are not limited to, the following:
(1) Program Management, Quality Assurance Management, and SOC Contractor Supervision
(2) Network Security Monitoring / Analysis and Security Incident Reporting
(3) Cyber Threat Analysis
(4) Security Research and Engineering
(5) SOC Automation & Monitoring Systems
(6) Vulnerability Analysis
(7) SOC IT Engineering, Operations & Maintenance
(8) Endpoint Security Infrastructure Support
All qualified sources should respond to this Market Survey – Sources Sought by submitting an information package in accordance with the instructions provided. Vendors responding to this notice and deemed qualified by the SAA may be requested to submit a proposal in response to a solicitation. Only firms deemed qualified by the Senate will be considered. If suitable responses to this notice are received from one or more qualified sources, the SAA anticipates release of a solicitation during the first quarter of fiscal year 2015-16.
Responses to this Market Survey-Sources Sought request are due to the POC no later than January 16, 2015, at Noon EST and shall be submitted electronically via email only, to the attention of Cora Carag at Acquisitions2012@saa.senate.gov. The subject line of the email message shall be: SSN 2015-S-022 Cyber Security Services. No other method of transmittal will be accepted. The response shall not exceed twenty-five pages. Unnecessarily elaborate submissions are discouraged. Pages over the page limitation may be discarded. Access by the SAA to information in any files attached to the response is the responsibility of the submitting party. Neither the SAA nor the Senate is responsible for any failure to access vendor’s information.