Endpoint Security Event Management

Summary (Newest Update)

Background The Defense Information Systems Agency (DISA) is seeking sources for an Endpoint Security Event Management System to support Project Manager Command & Control Infrastructure (PM C2I) and Network Enterprise Technology Command (NETCOM). This initiative aims to enhance Cyber Security solutions and services for the Department of War (DoW) Information Network – Army, aligning with the Army's Unified Network Zero Trust Architecture initiatives. Work Details The contract involves several key tasks: 1. Operate, maintain, and secure a global endpoint ecosystem using Microsoft Defender for Endpoint (MDE) and Elastic Defend, managing EDR capabilities across Army Unified Directory Services endpoints. Enforce application controls, automated malware quarantine, and continuous telemetry collection. Automate threat data ingestion to block known threats and perform cryptographic discovery and hardware readiness assessments. 2. Support the orchestration of the DoD's Comply to Connect (C2C) framework to ensure compliant device access to DoWIN-A through a 5-Step Framework: Discovery/Categorization, Interrogation of device health, Auto-Remediation, Authorization via policy-based NAC, and Continuous Policy Enforcement. Integration of security workflows with ICAM, USIEM, EDR, and vulnerability management tools is also required. 3. Build and maintain a hybrid-cloud USIEM ecosystem for enterprise-wide security monitoring using technologies like Elastic Stack and Kubernetes while sustaining existing on-premises instances at Regional Cyber Centers. 4. Host and maintain the 'NETCOM Edge' Collaborative Development Environment (CDE) for advanced data science support, ensuring high-performance storage on NIPR and SIPR networks while providing Tier 3 subject matter expertise. Period of Performance The anticipated period of performance includes a 2-year base period followed by eight 1-year option periods. Place of Performance The primary place of performance is at the Global Cyber Center in Ft. Huachuca, Arizona, with oversight at Aberdeen Proving Ground, MD, supporting Regional Cyber Centers across CONUS and OCONUS locations. Bidder Requirements Bidders must demonstrate large-scale integration experience managing EDR, C2C, and SIEM architectures across more than 800,000 endpoints. They must have a deep understanding of DoD Cloud Computing Security Requirements and compliance protocols. Additionally, bidders are required to have Top Secret Facility Clearance with personnel cleared at least at the Secret level for mission tasks.