SOURCES SOUGHT
D -- Breach and Attack Simulation (BAS)
- Notice Date
- 6/16/2023 10:23:03 AM
- Notice Type
- Sources Sought
- Contracting Office
- AOUSC-PROCUREMENT MANAGEMENT DIV WASHINGTON DC 20002 USA
- ZIP Code
- 20002
- Solicitation Number
- RFI-FY23-ITSO-BAS
- Response Due
- 6/30/2023 11:00:00 AM
- Archive Date
- 07/15/2023
- Point of Contact
- Ashley Blaze, Phone: 202-502-2361
- E-Mail Address
-
ashley_blaze@ao.uscourts.gov
(ashley_blaze@ao.uscourts.gov)
- Description
- The Administrative Office (AO) of the U.S. Courts needs to continually validate its security posture. Products in this market are often called Breach and Attack Simulation (BAS) but may also be called Threat Exposure Management (TEM) or Attack Surface Management (ASM). Gartner defines the BAS products as having the following characteristics: Automated, Consistent and�Continuous. Gartner uses the following definition. �Breach and attack simulation (BAS) technologies allow enterprises to continually and consistently simulate multiple attack vectors against an enterprise�s assets. BAS can test threat vectors such as external and insider, lateral movement and data exfiltration. BAS deployment leverages software agents, virtual machines, cloud platforms and other means to run simulations.� Gartner also indicates that the implementation of this capability is indicative of a mature organization: �Organizations with mature security programs use these technologies primarily to ensure consistent security posture over time and across multiple locations.� In order to continue to mature the AO�s cybersecurity program, the AO needs a capability to validate that the security tools are performing as expected and can detect and automatically mitigate existing and emerging threats. This capability must monitor the entire security incident cycle including the ability to measure people, processes, and technologies. Forrester Research, a leading industry analytic firm confirms that BAS solutions �assist security and IT ops teams in prioritizing remediation efforts based on the value of the asset and severity of the exposure. Organizations suffering from cloud sprawl and shadow IT should experiment with ASM and BAS for greater visibility and improved efficacy of remediation.� Information Technology Security Office (ITSO) intends to use the solution in this manner to identify the levels of risk that may not be readily apparent. The AO requires a BAS that will enable continuous and consistent testing of multiple attack vectors against the Courts' assets, including external and insider threats, lateral movement, and data exfiltration. From ITSO�s perspective this data is vital for identifying gaps in the judiciary�s security posture. It can be used to check whether deployed cyber threat detections are working (or not working), and identify what additional controls, data, detection policies, log levels, or security information and event management (SIEM) rules are needed to close any gaps. The purpose of this Request for Information (RFI) is: To gain an understanding of Industry�s view of optimum approaches for providing services under this contract. To identify sources capable of meeting the requirements. This RFI is for informational purposes only. This is not a request for proposal.� It does not constitute a solicitation and shall not be construed as a commitment by the government.� Responses in any form are not offers and the government is under no obligation to award a contract as a result of this announcement.� No funds are available to pay for preparation of responses to this announcement.� Any information submitted by respondents to this technical description is strictly voluntary.
- Web Link
-
SAM.gov Permalink
(https://sam.gov/opp/62cb2a83cb904b83a782391e1c49d29e/view)
- Place of Performance
- Address: Washington, DC 20544, USA
- Zip Code: 20544
- Country: USA
- Zip Code: 20544
- Record
- SN06719284-F 20230618/230616230110 (samdaily.us)
- Source
-
SAM.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's SAM Daily Index Page |