Accessibility Information

Users of assistive technologies such as screen readers should use the following link to activate Accessibility Mode before continuing: Learn more and Activate accessibility mode.

Incident Response

Solicitation Number: IncidentResponseRFI
Agency: Department of Commerce
Office: Office of the Secretary
Location: Commerce Acquisition Solutions, Office of the Secretary
  • Print

Note:

There have been modifications to this notice. You are currently viewing the original synopsis. To view the most recent modification/amendment, click here
:
IncidentResponseRFI
:
Special Notice
:
Added: Jan 15, 2013 11:39 am
Please see the attached document.\
THIS IS A REQUEST FOR INFORMATION (RFI) BEING RELEASED PURSUANT TO FEDERAL ACQUISITION REGULATION (FAR) PART 10: MARKET RESEARCH.

This RFI is issued solely for informational, market research, and planning purposes only. It does not constitute a Request for Proposal (RFP) or a promise to issue an RFP in the future. This RFI does not commit the Government to contract for any supply or service whatsoever. Further, the United States Department of Commerce (DOC) is not at this time seeking proposals, and will not accept unsolicited proposals. Respondents are advised that the United States (U.S) Government will not pay for any information or administrative cost incurred in response to this RFI. All costs associated with responding to this RFI will be solely at the responding party's expense. Responses to the RFI will not be returned. Please be advised that all submissions become Government property and will not be returned. Not responding to this RFI does not preclude participation in any future RFP, if any is issued. Responses to this notice are not offers and cannot be accepted by the U.S Government to form a binding contract. It is the responsibility of the interested parties to monitor the Federal Business Opportunities (www.fbo.gov) site for additional information pertaining to this RFI.


1.0 INTRODUCTION


The United States Department of Commerce consists of the following fourteen distinct and independently managed operating units (OU): the Bureau of Economic Analysis (BEA), the Bureau of Industry and Security (BIS), the Census Bureau, the Economic Development Administration (EDA), the International Trade Administration (ITA), the Minority Business Development Agency (MBDA), the National Institute of Standards and Technology (NIST), the National Oceanic and Atmospheric Administration (NOAA), the National Telecommunications and Information Administration (NTIA), the National Technical Information Service (NTIS), the Office of Inspector General (OIG), the Office of the Secretary (OS) and the Patent and Trademark Office (USPTO).


Commerce offices are located throughout the continental United States of America with major campuses at the following locations: Washington, DC; Denver, CO; Bowie, MD; Gaithersburg, MD; Fairmount, WV; Alexandria, VA and Boulder, CO.


Commerce has approximately 90,000 computer workstations and servers (endpoints) distributed over these fourteen operating units and offices.


Although Commerce currently has investments that support decentralized cybersecurity technologies and operations, with the exception of some tracking, reporting, oversight and policy functions, the Department lacks centralized enterprise-wide cybersecurity capabilities necessary to provide Department-level situational awareness, a single, common operating picture of security for the Department's systems, remediation and response, and other centralized functions necessary to monitor and manage the Department's cybersecurity posture.



2.0 RFI OBJECTIVE


In accordance with OMB memoranda M-10-15 , which requires agencies to "continuously monitor security-related information from across the enterprise in a manageable and actionable way", Commerce seeks information from interested managed security service providers that can provide 24 hours a day, 7 days a week, near real-time network security status information to enable timely risk-based decision-making at the Commerce Chief Information Security Officer (CISO), Commerce OU CISO and Commerce OU computer security incident response team levels.

Commerce aims to develop a budgetary estimate for this managed security service and seeks interested service providers with the following capabilities:


• Experience with collecting and consolidating network security status information from multiple, disjointed, highly-federated environments
• Experience with analyzing network security status information feeds and extracting actionable information that can be immediately used by a CISO or incident handler
• Experience in the preparation of the monthly CyberScope reports
• Experience in extracting data from network security status information feeds to support ad hoc data calls from the Office of Management and Budget (OMB), the Department of Homeland Security (DHS)
• Experience in detecting network intrusion activity and providing directly actionable recommendations
• Experience in detecting network malware and providing directly actionable recommendations
• Experience in detecting network transit of unencrypted personally identifiable information and providing directly actionable recommendations
• Experience in detecting network access to malicious websites, including but not limited to, phishing websites, and providing directly actionable recommendations
• Experience in detecting advanced persistent threats and providing directly actionable recommendations
• Experience in collecting and consolidating network security threat information from multiple sources and applying them to the analysis of network security status information feeds
• Experience in reporting computer security incidents to incident handlers and tracking them until they are closed


In light of the Federal Chief Information Officer 25 Point Implementation Plan to Reform Federal Information Technology Management, dated 9 December 2010, and subject to acceptance into the Federal Risk and Authorization Management Program (FedRAMP), Commerce will consider secure, reliable and cost-effective cloud technology options (as defined by NIST Special Publication 800-145) for this managed security service.


3.0 ACQUISITION STRATEGY


The Commerce acquisition strategy alternatives are still under development. The acquisition strategy will be partially dependent upon the solutions offered as a result of this RFI.


The respondent is encouraged to identify and provide any unique or innovative solutions that will result in effective/efficient operations.


3.1 Inquiries


Those who wish to submit questions concerning the RFI may do so by e-mail to Kirk D. Boykin, the Contracting Officer, email address is Kboykin@doc.gov by Tuesday, January 22, 2013 by 12:00 pm. Please include the RFI number/Title in the subject line. All questions and answers will be made available via a modification to the RFI posted on the Federal Business Opportunities website (www.fbo.gov) no later than one week before the due date of the RFI responses. Those parties that are interested in this project will be requested to provide written responses which discuss their technical solutions and the feasibility of their approach. The written responses may include other alternatives and solutions for Commerce consideration. Written responses will not be returned and become the property of the Commerce.


3.2 Instructions for RFI Responses:


Responses must be submitted electronically to the e-mail address below:


U.S. Department of Commerce
Office of Acquisition Management
ATTN: Kirk D. Boykin
EMAIL: Kboykin@doc.gov


Respondents must submit their responses via email in Portable Document Format (PDF) no later than Thursday, January 31, 2013, 12:00 p.m. EST. The response should be no more than 15 pages in length and no larger than 5 megabytes and should use font size 12 or larger.


Proprietary information submitted in response to this RFI will be protected from unauthorized disclosure as required by the Federal Acquisition Regulation (FAR). All proprietary markings should be clearly delineated. The respondent shall identify where data is restricted by proprietary or other rights and mark it accordingly.


The format for the RFI responses is described below:


The cover page shall contain (1) Company name, (2) Primary Point of Contact, (3) Phone Number and Email Address, (4) Cage Code, (5) NAICS Code, (6) Business Size, and (7) Federal Supply Schedule (FSS) Contract Number, if applicable.


Introduction: Provide a brief description of existing capability to meet the RFI objectives or provide proposed Statement of Work language for the services and/or any proposed solution. In the event your company chooses to provide information subject to inclusion in a future RFP Statement of Work (SOW), clearly identify those portions and provide any appropriate authorizations for release of that portion of information within any subsequent RFP SOW issued by Commerce, exclusive of any proprietary markings.


Technical Capability: The respondent's technical ability shall describe the services and/or any product solution(s) or dataset for the areas described in Section 2.0 of this RFI. The responses should include an overall description of the proposed services and/or any product solution(s) and provide technical data and a demonstrated ability for those areas identified. The descriptions should include schedule information for delivery of services and/or product(s); and the technical rationale for providing these to Commerce. Interested parties should provide information on their ability to use existing assets or procure, customize/configure, maintain and/or provide technical support for the resources needed for the proposed services and/or product(s). Interested parties should also describe technical benefits of their proposed services and/or product solution(s) in terms of existing technologies or resources, improvements/enhancements, cost efficiencies of their specific approach, and any other support capabilities that provide service and/or product excellence or uniqueness.


Organization Experience/Past Performance: Provide a brief description of your organization's experience in same or similar services and/or product solution(s) to both commercial and government organizations; and optionally up to three references for same or similar services and/or any product solution(s) should be provided.


Not responding to the RFI does not preclude participation in any future RFP. If a solicitation is released, it will be issued via the Federal Business Opportunities website (www.fbo.gov). It is the responsibility of the potential offerors to monitor this website for any information that may pertain to this RFI or a future RFP. The information provided in this RFI and any future changes to the RFI are subject to change and are not binding on Commerce.


Participation in this effort is strictly voluntary. All costs associated with responding to this RFI will be solely at the interested respondent's expense. Respondents are advised that the United States (U.S) Government will not pay for any information or administrative cost incurred in response to this RFI The objective of this RFI is to assess vendor capabilities and interest. Review of the responses to the RFI will focus on the offeror's technical capability to provide a quality solution, corporate experience/past performance for same or similar activity with commercial activities or government agencies, and responsiveness to the RFI.


3.3 RFI Response Due Date


Please submit information via e-mail to Kirk D. Boykin, Contracting Officer, at Kboykin@doc.gov no later than Thursday, January 31, 2013, 12:00 p.m. EST.


3.4 RFI Response Contact


Respondents to this RFI shall designate a primary and one alternate point of contact within the company (Name, Address, Email, and Telephone Number).


3.5 Clarification of RFI Responses


To fully comprehend the information contained within a response to this RFI, there may be a need to seek further clarification from those respondent(s) identified as capable. This clarification may be requested in the form of brief verbal communication by telephone; written communication; electronic communication; or a request for a presentation of the response to a specific Commerce group or groups. Commerce reserves the right to seek additional information from those vendors identified with unique solutions that are determined to be beneficial to Commerce.


 

:
14th & Constitution Avenue NW
Room 6521
Washington, District of Columbia 20230
:
Department of Commerce
1401 Constitution Avenue, NW
Washington, DC 20230-0001
Washington, District of Columbia 20230
United States
:
Kirk D. Boykin,
Contracting Officer
Phone: 2024822292
Fax: 2024820456