DOJ posts sources sought notice for cybersecurity support services
On September 1, the U.S. Department of Justice posted a sources sought notice for cybersecurity support services (Solicitation Number: DJJU-16-RFI-1006). Responses are due no later than September 12 at 10:00am.
The Department of Justice (DOJ), is issuing this Sources Sought to identify qualified and responsible vendors who possess the experience and resources to provide program management support services and technical cyber security operations support to the Department of Justice.
The DOJ provides Cybersecurity Program Component support for the Executive Office for United States Attorney’s Information Systems Security Staff (ISS) program initiatives: Insider Threat Prevention & Detection Program (ITPDP) hereinafter referred to as “USAthreat”; Governance, Policy & Compliance Enterprise Audit Program hereinafter referred to as “USAaudit”; Governance, Policy & Compliance Vulnerability Assessment & Penetration Test Team hereinafter referred to as “USAvapt”; and Risk Management Security Assessment & Authorization Program referred to as “USAsaa.”
The contractor shall provide personnel to provide program management expertise and support services in support of this requirement, ISS requires Cybersecurity Professional Services support aligned within the following areas:
Risk Management Program Support “USAsaa”. The Risk Management Group is responsible for implementing the Risk Management Program (RMP) embodying the National Institutes for Standards (NIST) Risk Management Framework (RMF), the Departments Security Assessment & Authorization (SA&A) Plan and EOUSA’s Risk Management Framework Practice. ISS Risk Management Group is also responsible for liaising with Information System Security Officers (ISSOs) and managing project integration into the Department’s Cyber Security Assessment & Management (CSAM) automated workflow tool. ISS coordinates with System Owners and supporting ISSOs insuring completion of all phases of the Risk Management Framework workflow are transitioned into EOUSA’s Information Security & Continuous Monitoring (ISCM) Program.
Insider Threat Prevention and Detection Program Support “USAthreat”: The Insider Threat Group is responsible for implementing and sustaining a formal Insider Threat Program in accordance with Executive Order 13587 and DOJ Order 0901. This program initiative implements key components to the Insider Threat Program including implementation of technical “triggers”, governance, policy support, insider threat monitoring, analytics and detection (USAthreat hybrid system), and insider threat reporting/case management. In executing the USAthreat program, ISS will leverage the enterprise tools and expertise from DOJ ITPDP and the JMD while integrating unique knowledge of the USAO to ensure that USA insiders do not pose a threat to national security. Four (4) fundamental Insider Threat Program principles will be implemented to support the development and deployment of USAthreat: a. Insider Threat Prevention. b. Insider Threat Detection c. Insider Threat d. Insider Threat Oversight and Governance. 3. Enterprise Audit Program Support “USAaudit”: The Governance, Policy & Compliance Group is responsible for implementing and sustaining an Enterprise Auditing capability in accordance with the Federal Information Security Modernization Act (FISMA) of 2014 and DOJ Order 2640.2f and replacement order DOJ Order 0904. This program initiative supports mandatory requirements for audit log review and analysis and insures baseline auditing events are being recorded, monitored, and acted on in response to any anomalous activity. In executing the USAaudit program, ISS will establish a security audit function providing centralized audit log review, analytics and compliance dashboard views incorporating all EOUSA/USAO systems regardless of system type or location, with the goal of collaboratively facilitating security alerting, investigations and response across the various ISS functions. 4. Vulnerability Assessment & Penetration Testing Team “USAvapt”: The Governance, Policy & Compliance Group is responsible for implementing and sustaining a security compliance capability insuring both mandatory and effective security control and risk mitigation measures. In executing the USAvapt program, ISS will conduct security control assessment and penetration testing to effectively counter the current cyber threat environment and support EOUSA FISMA/SA&A compliance responsibilities. The USAvapt program will employ ethical hacking Tools, Techniques, and Procedures (TTPs). USAvapt will conduct network reconnaissance and map the EOUSA and USAO networked environments to establish a current baseline. USAvapt may employ both Blue Team and Red Team assessments, testing may include White, Grey, and Black Box testing.
Full information is available here.