State Dept issues cloud managed services RFI

On September 10, the U.S. Department of State issued a request for information (RFI) for Cloud Mission Support. Responses are due by 3:00 p.m. Eastern on October 2.

The Department of State has made substantial investments in migrating software, services, and IT operations to Cloud Service Providers (CSPs). These investments include Software As A Service (SAAS), Platform As A Service (PAAS), and Infrastructure As A Service (IAAS) products from government centric and commercial focused cloud offerings.  The Bureau of Diplomatic Security (DS), Directorate of Cyber and Technology Security (CTS), Office of Cyber Monitoring and Operations (CMO) is seeking industry perspectives on leveraging managed security services with each of these cloud architectures. The Department is seeking to identify managed security services technical capabilities and conduct market research in the following areas for a multi-cloud environment:

  1. Providing managed security services to cloud platforms, to include:
    1. centralized information technology (IT) security event monitoring and incident detection/response capabilities;
    2. incident detection to facilitate timely responses to cyber threats preventing widespread propagation of malicious activity;
    3. threat information collection and analysis with the cloud environment, potentially augmented with USG provided threat intelligence.
    4. threat and vulnerability analysis to ensure systems protection from internal and external threats that would compromise the confidentiality, integrity, or availability of Department information, infrastructure, and systems; and
    5. analysis of cybersecurity events to identify intrusions, malware, maintain metrics, and produce reports for management, IT security officials, federal defenders and cyber incident responders.
    6. penetration test services for new and expanding on and off prem environments.
  2. Comparative decision points as they relate to Bring Your Own Tech (BYOT) and Provider provided tools.
  3. Industry insight as to managed security service provider tools and/or data architecture/s for SAAS, PAAS, and IAAS respectively with customer requirements for maximum services value to the Department.
  4. Ensuring seamless coordination and partnership with the mature Department Cyber Incident Response Team (CIRT); and
  5. Providing additional consulting services to continuously improve the multi cloud cybersecurity program.

The objective of this Request for Information (RFI) is to seek technical market research of Managed Security Service Providers (MSSP) to provide security services, where applicable by cloud service architecture, such as incident response, endpoint detection and response, data collection and analysis, monitoring, vulnerability identification, and configuration compliance.  CMO has multiple use cases to provide security services for Government and commercial SAAS, PAAS, IAAS environments. As an example, with IAAS CMO may require Endpoint Detection Response (EDR), vulnerability scanning, inventory, discovery, configuration scanning and incident response with artifact collection. For SAAS, CMO is interested in vendor perspectives on MSSP IR and monitoring capabilities and requirements of those environments to receive those services. Ultimately, CMO is exploring whether a partner or partners that have a catalogue of security capabilities for cloud environments to satisfy required security controls is in the best interests of the government.

The Department has experienced dramatic increases in bureaus leveraging cloud services for mission accomplishment. Several hundred instances of cloud services are used at the Department with varying degrees of security service maturity. CMO has identified a need to provide a method for to procure security services to meet ATO requirements and to inherit security controls from CMO. At this time CMO believes an MSSP model in which service providers are vetted and have established operations procedures with CMO from which system owners and/or CMO can procure services potentially serves the Department’s interests by rapidly scaling security services for cloud implementations.

The Department intends to continue to utilize and improve their internal Cyber Incident Response Team (CIRT) for performing/managing incident response workflow.  Potential managed security service providers would be required to interface seamlessly with the CIRT; however, there is also an interest in continuous improvements across both MSSP and Department capabilities such as AI/ML integration with data sets.

Full information is available here.

Source: SAM