36C10X20Q0226 – Sources Sought – U012–SIEM Training Request For Information

Aug 20, 2020 | Sources Sought

This is a REQUEST FOR INFORMATION only. Pursuant to FAR Part 10.002(b)(2)(iii) and (viii) (Market Research), the purpose of this notice is to:

1) Determine the commercial practices of companies engaged in providing the needed service;
2) Determine feasibility of use of General Services Administration (GSA) Federal Supply Schedule (FSS) Pursuant to FAR Part 8, FAR Part 12 and/or FAR Part 15;
3) Determine availability of Service-Disabled Veteran Owned Small Business (SDVOSB) and VOSB set aside pursuant to FAR Part 19

This notice in no way obligates the Government to any further action.


This notice is issued by the Department of Veterans Affairs (VA), Strategic Acquisition Center, Frederick, MD (SAC-F), to identify sources capable of providing the services described in the attached DRAFT Statement of Work (SOW). Additionally, vendors are requested to ask questions or provide comments on the draft SOW to address any potential vague or ambiguous language or provide insights into areas the Government has not considered.

Anticipated NAICS Code/Size Standard:

The applicable NAICS Code is 611310, Colleges, Universities, and Professional Schools. The small business size standard is $30 million.

Submission Information:

All responses must be submitted to Roxana.Cepeda@va.gov, Justin.Cole4@va.gov, and Michael.Stevens5@va.gov no later than September 3, 2020 at 10:00a.m. Eastern Prevailing Time with an email titled SIEM Training RFI Response. Responders will receive an electronic confirmation acknowledging receipt of a response but will not receive individualized feedback on any questions. If your company has the potential capability to perform these contract services, please respond to this Request for Information by providing a capability statement. The number of pages is limited to a total of 5 pages; size shall be no greater than 8 1/2″ x 11″. The top, bottom, left and right margins shall be a minimum of one inch each. Font size shall be no smaller than 12-point. Times New Roman fonts are required. Samples in item 12 below are exempt from page and font requirements and size limitations.


This Request for Information is for market research purposes only and does not constitute a Request for Quotation. It is not considered to be a commitment by the Government to award a contract nor will the Government pay for any information provided. No basis for a claim against the Government shall arise from a response to this Request for Information or Government use of any information provided. Failure to submit information in sufficient detail may result in considering a company as not a viable source and may influence competition and set-aside decisions. Regardless of the information obtained from this Request for Information, the Government reserves the right to consider any arrangement as deemed appropriated for this requirement. Respondents are advised, the Government is under no obligation to acknowledge receipt of the information received or provide feedback to respondents with respect to any information submitted. No proprietary, classified, confidential, or sensitive information should be included in your response to this Request for Information.

SIEM Training Statement of Work (SOW):

1. Background: The Department of Veterans Affairs (VA), Office of Information & Technology (OI&T), Office of Information Security (OIS) delivers available, adaptable, secure, and cost-effective technology services to VA, transforming the Department into an innovative, 21st century organization, and acts as a steward for all VA s IT assets and resources. OIT delivers the necessary technology and expertise that supports Veterans and their families through effective communication and management of people, technology, business requirements, and financial processes. To meet these goals, OI&T strives to provide high quality, effective, and efficient Information Technology (IT) services to those responsible for providing care to the Veterans at the point-of-care as well as throughout all the points of the Veterans health care in an effective, timely and compassionate manner. VA depends on Information Management/ Information Technology (IM/IT) systems to meet mission goals.

It is important that Veterans most sensitive information about their personal identity and medical records be protected. VA systems contain sensitive but unclassified data, personally identifiable information (PII), and protected health information (PHI) that, if compromised, may have a negative impact on Veterans, VA, and the Federal Government. The challenge is to ensure that VA safeguards this information in a way that minimizes any interference with the business processes and technologies that are used to deliver services to our nation s Veterans. To meet this challenge and comply with Federal legislation, VA established an enterprise-wide information security program with a mission promising to serve our Veterans, their beneficiaries, employees, and all VA stakeholders by ensuring the confidentiality, integrity, and availability of VA sensitive information and information systems.

To serve that constituency, VA operates a network of more than 1,500 facilities, and has over 350,000 employees. Among the many professions represented in the vast VA workforce are physicians, nurses, counselors, statisticians, architects, engineers, computer specialists, and attorneys.

VA computer networks encounter 45 million weekly security related events and have over; 500,000 workstations, 350,000 users, 500 network security appliances, and 25,000 servers. The requirement for network security support is mainly derived from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 series, Incident Response (IR) Control Families. VA requires the capability to identify, detect, protect, and rapidly respond to assure containment and remediation (recover) of any security attacks against our systems. Any security incidents such as computer viruses, malicious software (malware), and other suspicious activity must be detected, contained, and removed from VA systems, and must also be analyzed using advanced digital media analytics capabilities to fully determine the FboNotice cause details for how these incidents occurred and to determine if the viruses and malware may have spread to other VA computers and networks. Success in achieving effective enterprise network defense capabilities at VA involves the ability to leverage Intelligence collected, the Information Security
Continuous Monitoring (ISCM) capabilities deployed across the enterprise, and Advanced Persistent Threat hunting abilities of security experts.

The VA-CSOC is responsible for identifying indicators of adversarial presence on the VA network on a 24/7/365 basis via maintaining an understanding of the motivations, tactics, techniques, and procedures of cyber adversaries. If a loss of confidentiality, integrity, or availability has occurred we move to disrupt the adversary’s activities through containment, mitigation, and eradication. The VA-CSOC performs independent verification and validation of VA’s cyber security posture, performs cyber-related reporting to outside Agencies, and leads Departmental efforts to prepare for and defend against emerging and imminent threats. There are 5 functional areas that support the VA-CSOC with Cyber Threat Intelligence (CTI) being the core of our operations:

Cyber Threat Intelligence
Identifies and analyzes threats in an effort to provide situational awareness and indications of
warning to VA, U.S Healthcare Sector and Federal government
Central repository for daily collection, review, analysis and filtration of intelligence (Healthcare)

Cyber Technical Services
Manage, plan, coordinate and implement complex security models, configurations, policy and
process in support of the VA-CSOC mission
Research & Development

Cyber Incident Response
Serves as the focal point to address cyber security incidents within the VA.
Serves as liaison with General Counsel, Office of Inspector General, US-CERT, and VA Field.
Tracks and Manages Incidents

Cyber Security Analytics
Security Monitoring
Predictive Analytics
Insider Threat
Forensics & Malware Analysis

Cyber Business Intelligence
Manage Security Investments
Strategic & Tactical Planning
Reporting & Metrics
Technical writing and document control

These core functions directly map to the NIST Cybersecurity Framework.

2. Scope of Work: The Department of Veterans Affairs Cyber Security Operations Center (VA-CSOC) requires on-demand, web-based SANS/GIAC SEC555 SIEM with Tactical Analytics Trainings, and associated GIAC certifications for 12 persons. Access to the training shall be available for 4 months. SANS and GIAC certifications are sole source products, manufactured, sold, and distributed exclusively by Escal Institute of Advanced Technologies, Inc. (dba SANS Institute, hereafter known as SANS). SANS products must be purchased directly from SANS (www.sans.org). There are no agents or dealers authorized to represent this product, other than select program specific third-party agreements to meet a specific end customer procurement requirement, such as CIS.

3. Period of Performance (POP): Date of Award plus 4 months

4. Type of Order: Firm-Fixed-Price

5. Place of Performance (POP): Web-Based

Quoter s Business Questions
Provide a brief corporate profile of your company to include the following:
Organization’s official name and dba name, if applicable;
Length of time the Organization has been in business;
Types of services provided by your Organization;
Types of clients by industry (i.e. Federal, Commercial, Local Government, etc.);
Whether the Organization is U.S. based or International;
If the Organization is a subsidiary of another Organization;
DUNS number and CAGE number;
Organization’s website address;
Main point of contact name, phone number, and email address;
SBA size designation information and small business concern type (if applicable);
Number of employees in the organization;
Organization’s most recent annual receipts amount as defined by the SBA.
Tax Identification Number
Any applicable Socio-Economical Classification(s): 8(a), HUBZone, Service-Disabled Veteran-owned, Veteran-Owned, Women-Owned and Small Disadvantaged Business.

What contract vehicle do you recommend for this requirement?
GSA Single Award BPA
Multiple Single Award BPAs
GSA Multiple Award BPA
Single Award IDIQ
Multiple Single Award IDIQs. 
Multiple Award IDIQ
Other: Please explain

Does your organization have an existing GSA schedule for this type of requirement?   

What NAICS codes would your company recommend for this action?

Draft RFI Questions:
Do you feel the requirements are clearly defined in the draft documentation provided?

What information needs to be added, changed and/or reworded within the draft documentation provided to support the acquisition?

What key questions do you need to see answered in a future SOW before you decide to respond to the solicitation?

In what format and what kind of supporting documents would be most helpful to include as exhibits in a future SOW?

Which type of resources would be required to support this task and which of these resources would you consider Key?

Can you provide a rough estimated price for the requirement as demonstrated in the draft SOW?

Quoter s Solution Questions:

Has your company currently or in the recent past provided a similar solution?

If so, please provide details on the nature of the services provided including, at a minimum, length of time; the name(s) of the organization(s); specific contractor citation and your role (prime vs/ sub). If the role was a sub-contractor, please provide your area(s) of responsibility on the contract.

What do you foresee as the biggest risks in performing the tasks in the draft documentation to meet our requirements?

This content is provided for members of the U.S. Veteran Business Alliance by Bidspeed

Bidspeed helps small business contractors win government contracts by dynamically combining several thousand publicly available data sources to provide detailed information and intelligence to government contractors, agencies, and advocacy organizations.