DHS creating new contract for advanced cyber services

The Homeland Security Department wants agencies to have more complete situation awareness of their networks and systems.

DHS issued a request for information Nov. 23 and will hold an industry day Jan. 13 for a new situational awareness and incident response (SAIR) Tier III blanket purchase agreement.

The RFI includes both a request for comments on the capabilities needed for near-real time data on the health of agency networks and on the draft product performance requirements.

“The objective of SAIR Tier III is to provide U.S. government agencies the ability to assess, assure, monitor and measure the security posture of their information technology assets in a timely manner (i.e., near-real time.),” DHS wrote in the RFI on FedBizOpps.gov. “The government may use feedback that results from this RFI and industry day to further refine technical requirements to potentially establish qualified product list (QPL) for [commercial] products that can be utilized by federal, state and local governments for information security continuous monitoring.”


DHS’s National Cybersecurity Division would manage the QPL in terms of testing and evaluating vendor products to ensure proposed products meet any developed SAIR III minimum technical requirements. This product list also will be available for all agencies to use.

DHS wants vendors to comment on how five specific tools would be used to do continuous monitoring:

  • Asset management tools to document, track, and discover both authorized and unauthorized IT assets.
  • Configuration management tools to assess, monitor and report compliance of agency-specified security configuration settings and patches, as well as real-time altering of changes to approved baseline configurations for hardware, software, user access and security controls.
  • Vulnerability management tools to discover, identify and locate known security vulnerabilities and software security weaknesses; and report the associated potential exposure risks using the Common Vulnerability Scoring System and the Common Weakness Scoring System.
  • Malware detection tools to discover, isolate, characterize and report known malware for supporting agency’s security incident response process.
  • Situational awareness analysis and reporting tools to provide the ability to collect, associate, compile and report security posture metrics in terms of IT security governance and operational effectiveness.

DHS will hold an industry day Jan. 13 at the MITRE Corporation in McLean, Va. Vendors must register by Jan. 6.

The contract could be in place in time for agencies to meet the Office of Management and Budget’s deadline to implement continuous monitoring by the end of fiscal 2012.

OMB wants agencies to send their data to the Cyberscope tool, which is run by DHS.

“The tools and services delivered through the SAIR Tier III project will provide federal agencies with the ability to enhance/automate their existing continuous network monitoring capabilities, correlate and analyze critical security-related information, and enhance risk-based decision making at the agency and federal enterprise level,” the RFI stated. “Information obtained from the automated monitoring tools will eventually feed Cyberscope and allow for the correlation and analysis of security-related information across the federal enterprise.”

This would be the second SAIR contract. DHS and the General Services Administration awarded five vendors a spot on the SAIR Tier I in July 2009 under the SmartBuy program. GSA estimates the contracts could be worth $20 million over five years. It also said agencies could save between 1 percent and 89 percent off the current GSA schedule contract prices based on volume discounts.


GSA adds more cybersecurity software to SmartBuy program

EXCLUSIVE: OMB uses budget to set cyber deadlines

Agencies must use Cyberscope tool for FISMA reports