Active

Contract Opportunity

Procurement Technical Assistance Centers (PTACs) are an official government contracting resource for small businesses. Find your local PTAC (opens in new window) for free government expertise related to contract opportunities.

Request for Information (RFI) –Department of Defense Cyber Crime Center (DC3)

Agency: Operations Enablement Division / DC3

Market Research Agency: DC3

Notice Type: Request for Information (RFI)

NAICS: 541512 Computer Systems Design Services

1. GENERAL INFORMATION

This Request for Information (RFI) is being issued on behalf of DC3 in support of a new and emerging requirement.

1. RFI OBJECTIVE

The purpose of this RFI is to assist DC3 in conducting market research focused on identifying potential offerings/offerors to aid in the development of an Enhanced Cyber Defense Sensor Program. DC3 is requesting feedback from industry partners that are able to offer a variety of Network Detection and Response (NDR) type solutions that use a combination of machine learning, advanced analytics and rule-based detection to detect malicious cyber activities on enterprise networks. This feedback will assist DC3 in further developing our requirements for this service. It will also provide key insights into understanding the NDR market and industry capabilities, refining use cases and developing our functional requirements.

DC3 is particularly interested in industry’s ability to examine encrypted common IP-based application layer traffic such as DNS, web, etc. for threats, the use of both supervised and unsupervised Machine Learning (ML) and Deep Learning (DL) techniques for anomaly detection and the integration of cyber threat intelligence feeds into a User Interface (UI)/Management Console. The sensors should send alerts to a centralized dashboard to provide a federated view of incidents across the sensor enterprise for cyber threat analysts at DC3 to investigate and conduct further analysis to recommend mitigation actions.

The solution should support the STIX data exchange format, as well as the TAXI data transfer mechanism. Additionally, the solution should have a REST API that would allow the Defense Industrial Base (DIB) companies access to their alerts and limited workflows in the solution. The solution must provide for the ingestion, tagging and correlation of multiple threat related data sets. Deployment of the solution should be relatively frictionless and not impact a DIB company’s network resources or result in downtime.

The information provided to DC3 in response to this RFI will be used for market research only.

1. BACKGROUND

DC3 is aligned under the Secretary of the Air Force as the designated Executive Agent and provides digital and multimedia (D/MM) forensics, specialized cyber training, technical solutions development, and cyber analytics for the following DoD mission areas: cybersecurity (CS) and critical infrastructure protection (CIP); law enforcement and counterintelligence (LE/CI); document and media exploitation (DOMEX), counterterrorism (CT) and safety inquiries. DC3 is designated as a federal cyber center and serves as the operational focal point for DoD’s DIB Cybersecurity Program.

In response to persistent and increasingly sophisticated malicious cyberspace campaigns that aim to compromise critical defense information residing on DIB networks, DC3 is developing an Enhanced Cyber Defense Sensor Platform. Supply chain disruptions caused by our adversaries and the exfiltration of sensitive information from the DIB threatens to erode U.S. military advantage in areas critical to national security. To counter these threats, the DC3 Enhanced Cyber Defense Sensor Program will strengthen the DoD’s ability to defend critical infrastructure from malicious cyber activity, secure DoD information in non-DOD owned networks and expand cooperation with industry partners.

DC3 is still in the early stages of defining the framework for this platform and the full scope of what would be required to offer a scalable solution to the DIB. DC3’s goal for this effort is to offer a solution and services that immediately benefit the DIB by strengthening DIB partners’ cyber security posture and provide the DoD the ability to mitigate the overall threat from malicious cyber actors.

1. Overview of the enhanched cyber defense sensor platform

DC3 intends to offer a service that can be scaled and tailored to meet the needs of each DIB company that voluntarily agrees to participate. Standard capabilities and solutions will be available to all participants with options for virtual and physical on-premise installations based on customer requirements. This solution must be flexible and accommodate the needs of small to mid-size DIB companies with either limited IT resources or mature frameworks for cyber defense.

Based on responses provided by industry, additional information may be requested. As a result, DC3 may schedule one-on-one meetings with industry to discuss responses to this RFI. If a follow-up meeting is required, DC3 will reach out directly to the industry partner point of contact (POC).

1. RFI RESPONSE

Interested parties should respond to this RFI outlining their capabilities (as identified below and in accordance with the guidance above) as well as recommendations to providing any additional services associated with this concept. Responses may include references to examples that align with capabilities, existing offerings or services currently provided.

Responses are required to include the following information:

VI.I CONTRACTOR INFORMATION

Section 1 of the response is for administrative information and shall include the following as a minimum:

1. Contractor name, facility address, CAGE Code (list all relevant or significant office locations)


2. DUNS number and NAICS code


3. Socio-economic status (HUBZone, Service-Disabled-Veteran-Owned, Woman- Owned, 8(a), Small Business, Large Business)


4. Facility clearance level


5. POC name, phone, and email


6. Website URL

The number of pages in Section 1 of the whitepaper shall be no longer than 1/2 page in length.

VI.II INFORMATION REQUESTED

Section 2 of the response shall answer/address the below questions and functional areas. Responders should highlight specific examples of current support or solutions that are deployed to federal or commercial organizations:

EXPERIENCE OVERVIEW

1. Briefly describe your past and/or current Network Detection & Response (NDR) or similar enterprise security offerings.


2. Describe your understanding of the current federal landscape for this capability.

NETWORK & SYSTEM MONITORING EXPERIENCE

1. Describe your experience or provide insights into implementing a solution to monitor firewalls, intrusion detection system (IDS) and other passive network security systems.


2. Indicate data sources supported for log collection, reporting and retention.
   
   
   
   1. Can logs be collected from any source? Describe the collection methods.
   
   
   
   


3. Indicate & describe the network analysis capabilities or third-party services you would utilize.

NETWORK DETECTION & RESPONSE (NDR) EXPERIENCE

1. Describe your experience or provide insights into implementing this solution in both on-premise and cloud-based environments.


2. What initial filters can be applied to limit the amount of data collected?
   
   
   
   1. How should the system handle Distributed Denial of Service (DDoS) attacks?
   
   
   
   


3. What key features should be considered that would have the most immediate security impact for the DIB?


4. Describe your experience and provide recommendations on cloud/on-site incident response, threat hunting, and forensics.

THREAT INTELLIGENCE & ADVANCED DATA ANALYTICS

1. Indicate any organic threat intelligence information gathering and sharing capabilities.
   
   
   
   1. How would this information be fused with an NDR?
   
   
   2. How could newly registered domains be identified as malicious or benign and incorporated with alerts?
   
   
   3. If not inherent to your company, identify experience or partnerships with third-party Cyber Threat Intelligence Services and associated sharing mechanisms.
   
   
   
   


2. Highlight any similar platforms/solutions you've developed or implemented
   
   
   
   1. Does your company or any partners offer API access to external threat intelligence feeds?
   
   
   
   


3. Recommend technologies used or that could be used to enable ML and DL techniques within an NDR.

USER INTERFACE (UI)

1. What standards and considerations should be incorporated into the UI platform to ensure user accessibility, usability, and inclusion needs are addressed.


2. What are the best ways to provide or enable end-users to create static, dynamic, and interactive visualizations?


3. Describe the information provided by and features available through API, web-based portal or console associated with your services to include threat visualization capabilities.


4. What standards and formats (e.g., STIX, MISP) should be supported to ensure expressiveness of content with context and interoperability with other DC3 systems?


5. What are the different ways that collaboration (both among analysts within DC3, DIB companies, and external organizations) could be implemented?


6. How would you forward and/or allow the export of data to DC3 for ingestion by DC3 internal analytic systems for presentation, analysis, and reporting?

SOLUTION SECURITY

1. Describe the Network and User Access Control capabilities that you provide, or could incorporate, with an NDR or similar solution.


2. How should Configuration Management, Maintenance, Patching, Backup, and Continuity of Operations be incorporated?

DEPLOYMENT & SERVICE METHODOLOGY

1. Relevant to this RFI, describe a scalable architecture solution (cloud, on-prem, hybrid) to include applicable program elements and any other pertinent information that will enable your solution to grow and scale.


2. List the primary tools used to deliver these services, highlighting the function or utility they provide:
   
   
   
   1. Indicate whether they are third-party or organic to the company.
   
   
   2. If applicable, highlight the enterprise approaches and/or products that are used as part of your integrations.
   
   
   
   

CONTRACT & LICENSING STRUCTURE

1. Identify any existing Government contract vehicle--Governmentwide Acquisition Contract (GWAC), Multiple Award Schedule (MAS) program, Blanket Purchase Agreement (BPA), etc., your company currently holds that could support the Enhanced Cyber Defense Sensor Platform.


2. Please describe your current licensing model for similar services to include examples of itemized bundles of licenses or product subscriptions and commercially available pricing.


3. What should the DC3 consider in its approach as it pertains to any pricing differentials (i.e., sophistication, complexity or scale)?

1. CONTRACTOR NOTIFICATION and submittal instructions

This RFI is for information and planning purposes only and does not constitute a Request for Quote (RFQ). This RFI is not to be construed as a commitment by the DC3. No award will be made as a result of this RFI. All information is at no cost or obligation to the DC3. Any information that the Contractor considers proprietary should be clearly marked as such. All submissions become property and will not be returned, including any proprietary information. DC3 may consider additional communications with submitting companies utilizing the contact information provided in the overview to further the DC3’s market research.

• All responses are to use Times New Roman font, with a 12-point font, and one-inch margins, single spaced in all sections in Microsoft Word or PDF.


• Contractor Information section shall be no longer than 1/2 page in length.


• Responses to the Information Requested Section should be no longer than 5 pages (reference architectures, flow graphics and diagrams that can be attributed to question responses can be added as addendums and will not be counted as a page).


• All information submitted shall be UNCLASSIFIED.


• Any information that the contractor considers proprietary should be clearly marked as such.


• All submissions become DC3 property and will not be returned, including any proprietary information.

Questions pertaining to this RFI should be submitted no later than 28 March 2023 by 10:00 am EST to raymond.walker.10@us.af.mil. All questions and answers will be added to this RFI announcement no later than COB 29 March 2023.

RFI responses shall be submitted no later than 30 March 2023 by 16:00 PM EST via email to raymond.walker.10@us.af.mil.

Attachments/Links

Download All Attachments/Links