Help FinCEN develop SIEM modernization project
On December 29, the Treasury Department issued a request for information (RFI) and “sources sought” notice for the Financial Crimes Enforcement Network (FinCEN) SIEM modernization project.
FinCEN, a bureau within the Department of Treasury, is the largest overt collector of financial intelligence in the United States. The mission of FinCEN is to safeguard the financial system from the abuses of financial crime including terrorist financing and money laundering. FinCEN achieves this mission be administering the Bank Secrecy Act (BSA), supporting law enforcement, intelligence and regulatory agencies through information sharing and the analysis of financial data submitted by financial institutions as required by the BSA.
FinCEN is conducting market research related to a potential Security Information and Event Monitoring (SIEM) modernization project. The objectives of this modernization are to vastly improve the analysis and detection of real or potential policy violations and improve event forensics.
Currently FinCEN hosts a relatively simple two-host SIEM solution involving basic SIEM capabilities such as basic event correlation, audit log reduction and parsing of events based on cyber security interest. Log events per second of the current solution can peak to 12,000 but averages are approximately 8,000. Moderate to low growth of logging systems is expected. Network devices such as firewalls, routers, switches as well as databases, operating systems, and intrusion detection devices are currently integrated with this system.
FinCEN is interested in the following design objectives related to a modernized SIEM architecture:
• Support of network flow traffic to supplement log data in presenting information to the SIEM user;
• Intelligent correlation of a large number of data types such as flow data, vulnerability data, Network Intrusion Detection Sensor (NIDS) and endpoint audit log data presented in a normalized manner;
• Out-of-the-box capabilities: extensive rule tuning and customization should not be needed to obtain value from default rule sets;
• Ease of customization: FinCEN has a small workforce and SIEM rule-tuning and customization must be able to support a high-degree of prioritization and filtering based on risk or threat severity;
• A management console that can comply with Federal security controls such as role-based access control, password complexity and password age, and Federal encryption standards;
• Performance: the solution should be able to respond to queries from any given point in time within a 6 month timeframe within 30 seconds;
• Audit reduction: reduction of raw logs to a consolidated view and parsing out of information unrelated to cyber security.
All socioeconomic categories of businesses including those qualified for set asides are encouraged to respond.
Interested vendors shall provide no more than a 10 page capability statement, the specifics of which are available here.
Responses are due by 2:00 PM on January 30, 2015 to email@example.com referencing “Response to RFI-FIN-15-0019 Attn: JS/BJ” in the subject line.