Notice ID: 842468884
The Defense Information Systems Agency (DISA), Acquisition Directorate (ACQ) Endpoint Security Division (ID3) is seeking information from industry to determine if commercially available solutions exist that will meet the Department of Defense’s needs for a central attribution management portal to be deployed and managed as part of the Tagging, Reporting and Attribution Configuration Suite (TRACS).
The DOD desires to achieve near 100% continuously updated attribution of endpoints on the DOD Information Network. The attribution data will be sufficient to provide Situational Awareness (SA) and Command and Control (C2) at all levels of the DOD such that system property custodians, users, and administrators can visualize data for endpoints under their purview and maintain attribution information meaningful to them, but that same data can be used to build SA and C2 capabilities at all higher echelons all the way up to the Secretary of Defense. Data maintained by the system should leverage automation to maximum extent possible during re-organizations, deployments and departures for locations, and system commissioning and decommissioning, leaving humans to only have to enter data when there is no viable automatable method.
Solution Characteristics: To meet the stated objectives, the DoD is requesting white papers describing existing commercial products that either fully meet DOD requirements, or that can be quickly, and cost effectively modified to provide required functionality. The solution should have the following characteristics.
- Integrate seamlessly with the DOD central endpoint security configuration device data repository, currently the Continuous Monitoring and Risk Scoring (CMRS) tool, but be easily integrated with a different repository solution.
- Provide integrations to receive and expose attribution data about devices with other enterprise and component endpoint security, asset identity, and asset management systems.
- Provide robust user data entry, visualization, and analysis support to enhance the completeness, accuracy and granularity of attribution data.
- Provide robust capabilities to enable data submission using manual, semi-automated, and fully automated feeds.
- Avoid providing duplicate functionality to CMRS and other repositories where possible.
- Use the Cyber Operational Attribute Management System (COAMS) identifiers, display names, and acronyms as its primary attribution data source, while also providing robust lookup capabilities to correlate COAMS names and identifiers with other systems’ attribution data.
- Embody robust access control where users are permitted access to device and attribution data where there is a reasonable expectation that the user has a justifiable need to know for at least some of the devices in the population either because the data about the devices originated from a data source known to contain devices the user is responsible for assigning or correcting attribution data, or because the device population is assigned to a more abstract organization, location, or system level that is correct, but not at the required or optimized level of granularity (e.g. the device is attributed to DISA, but would more accurately attributed to DISA ID33) and the user has the necessary information to make corrections, or the charter to ensure that attribution has been completed for the appropriate device population
- Implement robust logging to enable identification of users who may be maliciously or ignorantly assigning incorrect attribution data.
- Enable automation so that attribution data can be assigned based on device properties, such as IP ranges, host name text, originating sensor, or other attributes in an automated bulk or continuous process.
- Provide robust adaptability using Application Programming Interfaces (APIs), available Software Development Kit (SDK), mapping tables, analytics, and intuitive, flexible user interfaces.
- Provide interfaces or existing capabilities to “brand” or “tattoo” attribution data onto devices where viable (either directly, or using endpoint management tools (e.g. Tanium, Intune, MECM) and to ingest data recovered from branded devices to update attribution data in the portal system. Also provide configurable conflict resolution logic assignment to choose whether to use endpoint attribution data, portal data, and whether to update either or both the endpoint branding and portal data.
DISA representatives may choose to meet with potential offerors and hold one-on-one discussions. Such discussions would only be intended to obtain further clarification of potential capability to meet the requirements, including any development and certification risks.
Additional Information can be found here.
Not Yet a Premium Partner/Sponsor? Learn more about the OS AI Premium Corporate and Individual Plans here. Plans start at $250 annually.