Security Analytics Platform RFP

The Center for Internet Security, Inc. (CIS)® is seeking to upgrade the core capabilities of the CIS SOC through procurement of a Security Analytics Platform (“Platform”) (sometimes referred to as a security event and information management (SIEM) capability). The selected Platform must support the SOC analysts in their primary role of managing, investigating, and reporting on events generated from the various monitoring services, member reported incidents, Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and other federal government reported incidents, Cyber Incident Response Team (CIRT) incidents, and Cyber Threat Intelligence (CTI).

Schedule of Events

Event Target Dates
RFP Release 09/27/2021
Offeror Questions (Accepted 09/27/21 – 10/07/21) 10/07/2021
CIS Response to Offeror Questions 10/15/2021
Proposals Due to CIS by 3:00 PM EDT 10/29/2021
Notify Offeror of Demonstration Date/Time 11/05/2021
Demonstration / Presentations (Virtual) 11/10/2021 – 11/22/2021

CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities. Membership in the MSISAC is open to organizations from all 50 states, the District of Columbia, U.S. Territories, local and tribal governments, public K-12 education entities, public institutions of higher education, public utilities, councils of governments, associations of governments or government officials, authorities, and any other non-federal public entity in the United States of America. Alongside the MS-ISAC, CIS also operates the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®) which is a critical resource for cyber threat prevention, protection, response and recovery for the nation’s election offices.

The MS- and EI-ISACs provide multiple security services to SLTT organizations, at the center of which is a 24×7x365 Security Operations Center (SOC). In the SOC, a joint security operations and analytics team monitors, analyzes, and responds to cyber threat events and incidents targeting U.S. SLTT government entities. The core services of the MS- and EI-ISAC include:

• Real-time network and endpoint monitoring.

Through tools such as the Albert IntrusionDetection Systems (IDS), Endpoint Security Services (ESS), a secure web gateway through the Malicious Domain Blocking and Reporting (MDBR) offering, as well as other managed security products and services.

• Vulnerability research, scanning, and tracking.

Vulnerability analysts closely monitor the publicly known vulnerability landscape to identify, categorize, prioritize, and inform SLTTs of potential weaknesses in their environments, as well as performing assistance such as scanning and reporting, and providing resources for mitigation and remediation.

• Cyber Threat Intelligence (CTI) analysis and intelligence sharing.

Analysts monitor federal government, third party, and open sources to collect, correlate, analyze, and enrich threat information in a rigorous and focused effort to make informed assessments about cyber threats, actors, and associated tactics, techniques, and procedures (TTPs). In addition to producing and disseminating traditional finished reporting, the MS-ISAC maintains a Threat Intelligence Platform (TIP) and intelligence sharing capability to provide the SLTT community with malicious indicators in a standard format.

• Monitoring of member websites for compromises and defacements.

CIS SOC analysts notify members of potential compromises identified based on the MS-ISAC’s unique awareness of the threat landscape.

• Exercise support.

The MS-ISAC participates in federally-sponsored cybersecurity exercises and acts as a voice for SLTT governments in planning meetings.

• Cyber forensics.

The Cyber Incident Response Team (CIRT) provides SLTT governments with digital forensics and incident response (DFIR) functions that include malware analysis, host and network forensics, and mitigation, remediation, and recovery support.

• Threat analysis and situational awareness.

The Liaison Officers and Analysts Team is assigned to the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Operations Communications Center (CIOCC) in Arlington, VA and Pensacola, FL. The CIOCC is a 24×7x365 cyber situational awareness, incident response, and management center that is a national nexus of cyber and communications integration for the federal government, intelligence community, and law enforcement.