The Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA) has a requirement for advanced engineering services to assist with the broad development of prototypes that are tested and once approved, maintained in a capability catalog for deployment at agencies

Established in 2012, the Continuous Diagnostics and Mitigation (CDM) Program is a dynamic approach to fortifying the cybersecurity of Government networks and systems. The CDM Program provides cybersecurity tools, integration services, and dashboards to participating agencies (Chief Financial Officers [CFO] Act agencies and non-CFO Act agencies) to support them in improving their respective security postures by delivering better visibility and awareness of their networks and defending against cyber adversaries. In supporting CISA’s mission, CDM works closely with agencies to deploy capabilities that help agencies protect their hardware and software assets, networks, and the data they contain.

The CDM solution architecture, shown below in Figure 1: CDM Logical Architecture, illustrates the solution implementation supported at CDM-participating agencies:

• Layer A is composed of tools and sensors that, together, provide the coverage of the CDM capabilities. Current Layer A tools vary by agency, and include Azure Update Manager, BigFix, Carbon Black, Cisco ISE, CrowdStrike, ForeScout, Intune, McAfee, Microsoft Active Directory, Microsoft SCCM, Pulse Secure, Qualys, Rapid7, SailPoint, ServiceNow, Splunk, Tanium, Tenable, Tripwire, ZingBox, and others.
• Layer B is the integration layer, which aggregates data from agency Layer A tools, performs data normalization, and then transforms and conforms records. Historically, Layer B is often tailored to individual agency environments and is an agency and CDM shared responsibility. The CDM PMO is pursuing a new approach, expected to be operational around the end of FY24, that will unify all agencies on one solution for data integration in Layer B.
• Layer C is the Agency Dashboard, which ingests data from Layer B and presents it to agency users in operationally relevant ways to promote the reduction of cybersecurity risk. The Agency Dashboard is standardized for participating agencies.
• Layer D, also known as the Federal Dashboard, presents a unified view of the cybersecurity posture of the entire FCEB enterprise. The Federal Dashboard is standardized for use by CISA analysts.

The CDM program implemented its mission through a combination of contracts known as the DEFEND series (group ed by agencies to support Layers A and B) and CDM Dashboard Ecosystem (Layers C and D). The future state will consolidate responsibility for the functions of Layers B, C, and D in the CDM logical architecture via the CDM Data Services (also known as Baseline Extraction and Transformation Security Information Environment or BETSIE) effort. The Government is currently conducting market research on how to best deliver capabilities (Layer A) via the recently released Deployment Services RFI.

The intent of this requirement, Advanced Engineering Services, is to provide the CDM program with specialized enterprise experience in the testing, development, implementation, and operational use of cybersecurity capabilities. This support will act in the capacity of a strategic advisor to the program, providing direct senior thought leadership to assist with setting programmatic targets on maturing complex cyber security solutions across the FCEB.

The Government believes that this requirement may introduce an Organizational Conflict of Interest (OCI) that restricts the awardee from participating in other CDM, and possibly other CISA Capacity Building, efforts.

The purpose of this requirement is to advance CDM capabilities and technologies through the incremental assessments of products and formulation and/or evaluation of operational processes via continuous research and analysis of the cybersecurity marketplace and existing implementations of toolsets at agencies, to identify potential solutions to meet Government requirements. A clear repeatable framework should be utilized to define how solution and technology decisions are approved.

This requirement assists with the broad development of prototypes that are tested and once approved, maintained in a capability catalog for deployment at agencies. This work is executed prior to the technology implementation and can serve, in some cases, as the input for deployments across the FCEB.

The following provides initial requirement objectives for advanced engineering services.

• Provide Technology Implementation Roadmap: Continuously review the cyber threat landscape, the cybersecurity tool marketplace, and any changes or innovations based on the Government or industry cybersecurity best practices. The intent of this effort is to maintain awareness of the features, benefits, and limitations of current investments and potential future investments. This effort would look to fully analyze existing in operation solutions and identify areas for improvement/standardization. Roadmaps may be tailored based on CDM customers’ specific maturity and need.
• Conduct Analysis of Alternatives: The Government plans to understand potential solutions to meet capability needs when the decision space is broad and could involve a combination of using existing tools, building a new custom solution or purchasing a new tool. An example of the type of request that would fall under an Analysis of Alternatives (AOA) would be to determine how the program can best assist agencies in measuring the transition to a zero-trust architecture.
• Develop Trade Studies: The Government plans to analyze various tool sets for potential deployments. To support the decision-making process of the Government, the contractor shall perform and document via a trade study. The intent of the trade study is to provide a bounded analysis where the scope is narrow, such as analyzing what tool can best accomplish a specific task. An example could be which COTS tool(s) can best meet the Government’s EDR requirements.
• Design, Build, and Test Solutions: Design, build and testing solutions to ensure it meets requirements. This effort would include developing a comprehensive design for each solution targeted for implementation, building a prototype of the targeted solution, including the provisioning of all necessary software, hardware, in a testing environment. Once a solution is built and configured, Government testing would occur, intending to satisfy the CDM program’s need to conduct developmental testing of capabilities within the program’s baseline. Fully built solutions would be implemented at agencies via other contracts. Piloting could occur under the Advanced Engineering Services effort.
• Support Solution Deployment: Support provided to stakeholders (Government and other contractors) in the implementation and deployment of approved solutions. In this support role, this requirements as reach-back support to stakeholders as they work to deploy solutions at agencies.