DISA RFI: DoDIN Risk and Situational Awareness Picture (DRSAP)

Notice ID:  DoDINRiskandSituationalAwarenessPicture(DRSAP)(RFI)

JFHQ-DODIN requires visualization capabilities that can provide Situational Awareness (SA) of Department of Defense Information Network (DODIN) systems, networks, and information availability. The primary purpose is to enhance knowledge of the DODIN and to improve the quality and timeliness of collaborative decision-making regarding the employment, protection, and defense of the DODIN. To be effective, DODIN SA must be available and shared in near real-time to the relevant decision-makers.  JFHQ-DODIN works in collaboration with U.S. Cyber Command (USCYBERCOM) in their vision to lead an adaptive force that assures the availability, delivery, and protection of the DODIN.

Scope of Effort: JFHQ-DODIN has developed a visualization solution called “DoDIN Risk and Situational Awareness Picture (DRSAP)”. The purpose of the DRSAP requirement is to provide operational and executive level visual that displays the Cyber Terrain risk posture of all 45 Director of Area of Operations (DAOs).

Technical Characteristics: JFHQ-DODIN requires a visualization dashboard that is flexible and customizable.

• The capability shall have the ability to collect and aggregate network data to provide an overall risk to the network.
• The capability shall have the ability to drill down with minimum clicks to gain more information about an object, incident, etc.
• The capability shall provide demonstrated Security Information and Event Management/ Security Orchestration, Automation, and Response (SIEM/SOAR) functionality.
• The capability shall have the ability to connect to Joint Cyber Command and Control (JCC2) platforms (Rally, SIGACT) and visualize the data.
• The capability shall be compatible with existing Joint Cyber Warfighting Architecture (JCWA) architecture and applications.
• The capability shall be interoperable with existing JFHQ-DODIN built SharePoint applications.
• The capability shall be able to search and visualize the asset posture of systems within each DAO. Asset posture includes the following:
  • Asset type;
  • Vulnerability status for known CVEs;
  • Security Technical Implementation Guide (STIG) compliance;
  • Operating System (OS) and OS version;
  • Installed software with version details;
  • Whether asset is forward facing directly to the internet and available services.
• The capability shall be able to search and visualize cyber sensor architectures for all DAOs supporting a TIER 1 Internet access point. Details shall include censor types and placement within the overall DODIN architecture.
• The capability shall be adaptable to visualizing new data sources dynamically as they become available.
• The capability shall visualize last seen updated data from each separate data feed.
• The capability shall have the ability to search and visualize summarized cyber events/alerts from SIEM solutions.
• The capability shall have the ability to directly link back to source of record for original data source to allow users to gather additional details for source system.
• The capability shall display nation-state and adversary activity targeting the DODIN derived from commercial and government-based threat intelligence organized actor, DAO, sector, function, Tactics, Techniques and Procedures (TTP), and date.
• The capability shall display the Scope, Assemble, Score, Relate, Enforce (SASRE) score on applicable computing devices in relation to vulnerable assets within DODIN focus on Severity, Weaponization, and Adversary Use / Exploitation and MITRE ATT&CK T-Codes.
• The capability shall provide visualization of trending details for threats, alerts. asset posture, task order status from each DAOs.
• The capability shall have the ability to search and visualize compliance status against applicable orders, issued by JFHQ-DODIN, across the entire Department of Defense (DoD) organized by DAO.
• The capability shall have the ability to display and modify risk factors and weights based on each data set available within the system.
• The capability shall have the ability to allow or restrict users to each visualization dashboard based on group membership.

Read more here.

🔊 Listen to Story