DISA posts CMRS development RFI

On April 26, the Defense Information Systems Agency (DISA) posted a request for information (RFI) for DoD CMRS Development and Sustainment. Responses are due by 2:00 p.m. Central on May 10.

The DISA Cyber Development Directorate is seeking information for potential sources for the continued development, enhancement, and sustainment of the Department of Defense Continuous Monitoring and Risk Scoring (CMRS) solution to yield rapid implementation of new features, updates and improvements, including the redesign of certain features of current and future CMRS capabilities identified by the Government to meet operational requirements and to maintain those updates in the Department of Defense (DoD) network.

CMRS is a suite of Government off-the-shelf (GOTS) based software solution creating enterprise and organizational risk views by applying threat intelligence and vulnerability-based scoring algorithms.  The vision for CMRS is to integrate data from Department of Defense (DoD) Enterprise Cyber Security applications and tools using data standards to provide near-real time risk visualization, automated configuration management (CM) analysis, and continuous monitoring capabilities that enable Defensive Cyber Operations and provide risk awareness information.

The objective of CMRS is to assess and measure the risk state of DoD Information Technology (IT) systems in accordance with Enterprise security controls such as software/hardware inventory, Security Technical Implementation Guide (STIG) and patch compliance, anti-virus configurations, and directive compliance.  CMRS is built to host DoD security information of mobile devices, workstations and servers, networked user support devices, network infrastructure, Internet of Things (IoT), and Platform Information Technologies in a central repository.

The CMRS application currently has over 2,500 users, and is in use by 285 organizations. There are over 2.5 million devices reporting software inventory, antivirus configuration, STIG, IAVM vulnerability, and patch compliance. The awarded vendor shall provide a service desk capable of supporting this workload, to include interfacing with all Combatant Commanders, Services, Agencies, Field Agencies (CC/S/A/FA) using CMRS throughout the DoD; and especially our DoD CIO, JFHQ-DoDIN, USCC, and DISA sponsors. Support also includes lab infrastructure administration for a local enclave located in DISA headquarters on Fort Meade, MD.

Full information is available here.

Source: SAM