Request for Information (RFI) Number HHM402-20-RFI-HostBased-EndPoint

Title:   Host Based/End Point Security Industry Study   1. SCOPE This is a Request for Information (RFI), as defined in Federal Acquisition Regulation (FAR) 15.201(e).  The Government is issuing this RFI in an effort to understand market availability, for Host Based and End Point Security capabilities described in this RFI.  Any information submitted by respondents to this request is strictly voluntary.  This is not a request for proposal (RFP, request for quotation (RFQ), or invitation for bid (IFB), nor does its issuance obligate or restrict the Government to an eventual acquisition approach. The Government does not intend to award a contract on the basis of responses from this RFI or pay for the preparation of any information submitted or for the use of such information. The Government will use RFI responses for planning and market research.  To the maximum extent possible, please submit non-proprietary information.  Any proprietary information submitted should be identified as

such and will be properly protected from disclosure.  The Government is not liable for damages related to proprietary information that is not properly identified.  Proprietary information shall be safeguarded in accordance with the applicable Government regulations.  Responses to the RFI will not be returned.        2. PURPOSE  The Defense Intelligence Agency (DIA), Virginia Contracting Authority (VCA), is seeking information on businesses that have expertise in enterprise wide Host-Based and End Point Security. The objective is to identify vendors that have the capability to provide agent or agentless capability to provide Host-Based and End Point Security  to detect, prevent, and report anomalous (outside user norms) or noncompliant activity (in violation of established rule sets) occurring on their host machines that will enable effective and timely response generation in accordance with ICS 502-2.   This RFI should be able to support Cloud base, hybrid and stand-alone architectures within the IC Information Environment (IC IE).3. COMPANY CAPABILITIES  Ensure that host-based /end point asset and configuration management information is aggregated and made available in non-mutated state, which supports audit and logs in case of required investigative actions.Able to correlate trend analysis, review audit logs, and reassess existing configuration and protection requirements in response to anomalies and incidents.Automate Implementation/rollout to maintain change management processes (e.g., signature updates, sensor tuning) when available and that adhere to established host-based/end point protection requirements.Establish and maintain a Security Information and Event Management (SIEM) and repository that includes the following capabilities:Store and aggregate event and host data from multiple hosts (show scaling of end points) (Provide in detail ability to scale from 10 to Million end points)Store events/alerts – roll up/provide automated discovery and detailsIdentify the events, the enforcement of policies, and the updating of intrusion prevention/antivirus signatures on hosts/end points, to include describe management ease of implementing white list/black list management.As required support encrypted communications between servers using a Federal Information Processing Standard (FIPS) 140-2 certified cryptographic moduleUse asset tracking with configuration baseline and configuration to identify changes in baselineProvide dashboards/SIEM at the analytical, CND operational, and executive levels with attribute-based access controlsImport and integrated computer security related information made available from multiple vendors of host security productsAgent based or agentless, describe and identify which host that are configured to not interfere with the operation and collection of other IC or DOD required agents used for the detection of insider threats where utilizedProvide anti-virus/malware/spyware protection on all hosts/end points, workstations, and servers including virtual machines.Scan Enterprise Storage and remove malware from network attached storage devices (NAS).Scan desktops to view Security Content Automation Protocol (SCAP) for internal and external security auditsSupport automated discovery and defense of elastic workloads and containers to eliminate unknown areas of threat, provide multi-cloud management.Provide Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) for all hosts, workstations, and servers including virtual machinesConfigure a firewall on endpoints including virtual machines, enable white listingMonitor, block, restrict, and report on the use of removable devices and media, to include identify data removed from environment, and include audit supportMonitor, block, restrict, and report on the use of embedded devices or other user peripherals and monitor device status (whether enabled or disabled.Monitor host process via configurable Host Integrity Check that verifies the capability to compare running processes against a standard baseline for workstations, during both off network and on network operationsProvide quarantine rule set and automated remediation procedures based on host integrity check results on all hosts during both off network and on network operations.Monitor file systems via configurable host integrity tests for anomalous file system status.Monitor host configuration via a configurable Host Integrity Check for configuration drift based on compliance policy; during both off network and on network operations.Enforce security and compliance policies off-line, including connection awareness to sense and react to online/offline/online status changes; identify hosts that fail to report in that were previously managed.Monitor, detect and deter unauthorized anomalous user or privileged user activity related to end point devices including unauthorized use of removal media, unauthorized uploading and downloading of information including malware, escalation of privileges, unauthorized changing of Anti-Virus settings and unauthorized connection of user devices to government networks.  Enable browser-protection solution that monitors, audit web based searching and browsing activity on workstations; Protect against threats on web pages and downloads.  Identified commercial robust support training to engineer, implement and sustain technical operations in support of personnel conducting host-based security activities. Identify experience in providing Tier 0 – Tier 4 Cleared Help Desk to handle technical, architecture and troubleshooting support. 4. END POINT SCENARIOS  1-1K end points:1K-100K end points:100K – greater end points:For each above: Identify types/kinds of HW and SW resources required to meet requirements above. Also, describe the level of effort and possible labor categories for architecture, engineer and implementation and continued operation in a cloud and hybrid environment.      5. ASSUMPTIONS   The Government anticipates that an award will be made during the second quarter of fiscal year (FY) 2021.     6. REQUEST FOR INDUSTRY INPUT Offerors responding to this RFI should include the following information:     Business name, business type, socio-economic status (e.g., Veteran-Owned, Woman-Owned, Disadvantaged Small Business, 8(a), etc.), business and technical points of contact (including telephone number and email address), GSA Contract number/SIN number (if applicable), and DUNS number/Cage CodeBriefly summarize your company’s experience in Section 3 “Company Capabilities”. Briefly summarize any risk management framework experience and/or if your company was able to obtain Authorization to Operate (ATO).Summarize your company’s experience in Section 4 “End Point Scenarios”. Provide specific examples for each scenarios.     7. SUBMISSION OF QUESTIONS  Questions in response to this RFI should be submitted by email to both the Contract Specialist and Technical Points of Contact no later than 4:00 PM Eastern on 17 August 2020.  Questions received after 4:00 PM Eastern on 17 August 2020 may not be answered.  The subject line of the email should read “Questions in Response to RFI Number HHM402-20-RFI-HostBased-EndPoint”.  Questions should be emailed to the Contract Specialist and Technical Points of Contact in accordance with the information stated below: Contract Specialist:  Cheryl HyattEmail address:  Cheryl.hyatt@dodiis.milTechnical Point of Contact:  Maj SaucedaEmail address:  giacomo.sauceda@dodiis.milLate questions received in response to this RFI may not be answered.  Industry responses to this request are considered as consent review by an internal team of DIA government employees. Respondents are advised that the Government is under no obligation to provide feedback with respect to any information submitted.  All submissions become Government property and will not be returned. All personnel reviewing RFI responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized disclosure of proprietary information.       NOTE:  Questions received in response to this RFI will be posted on or about 14 August 2020.8. SUBMISSION FORMAT   The subject line of the email should state “Response to RFI Number HHM402-20-RFI-HostBased-EndPointResponses shall: Be formatted for printing on 8.5 X 11 inch paper, single-spaced, Times New  Roman, 12-point font, with one (1) inch margins all around, compatible with MS Office Word 2013 or higher/newer Be submitted in Adobe PDF format.Not exceed a total page count of fifteen (15) pages.   Be marked appropriately when containing propriety or business-sensitive data Note:  Some email systems may block file types such as .zip or other macro-enabled extensions; respondents should verify receipt. identify administrative/business and technical point(s) of contact (name, address, phone number, and email address)  briefly summarize the capabilities and core competencies of the company as it relates to the Request for Information     9. SUBMISSION INSTRUCTIONS Responses to this RFI must be submitted via email to Cheryl Hyatt at Cheryl.Hyatt@dodiis.mil no later than 1600 Eastern on 17 August 2020.   10. POINTS OF CONTACT:   Primary Point of Contact: Contract Specialist:  Cheryl HyattEmail address:  Cheryl.hyatt@dodiis.mil11. DISCLAIMER     This RFI is issued solely for information gathering only.  This RFI does not constitute a formal solicitation for proposals.  In accordance with FAR 15.201(e), responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract.  This RFI does not commit the Government to contract for any supply or service in any manner.  Respondents are advised that the U.S. Government will not provide reimbursement for costs incurred in responding to this RFI.  All costs associated with responding to this RFI will be solely at the interested parties' expense.  Not responding to this RFI does not preclude participation in any future request for proposal (RFP)/request for quote (RFQ), if any is issued.  However, an Offeror's facility clearance, experience, and ability to quickly staff with qualified personnel will improve the potential for contract award.    The Defense Intelligence Agency, Virginia Contracting Agency thanks all respondents in advance for their feedback.   First Round of Questions have been posted.Question Due Date and Submission of Responses is extended to COB on 24 August 2020.