Security Operations Center and Application Monitoring Services

Agency: General Services Administration
State: District of Columbia
Level of Government: Federal
  • D - Automatic Data Processing and Telecommunication Services
Opps ID: NBD00159272652525807
Posted Date: Oct 4, 2017
Due Date: Oct 13, 2017
Solicitation No: 18FSOC2
Source: Members Only
Solicitation Number :
Notice Type :
Sources Sought
Synopsis :
Added: Sep 27, 2017 7:30 am Modified: Oct 04, 2017 4:22 pm Track Changes


Security Operations Center (SOC) & Application Monitoring Services for LOGIN.GOV

THIS IS NOT A SOLICITATION FOR PROPOSALS. THIS IS A SOURCES SOUGHT NOTICE ONLY for planning and information purposes. It shall not be considered as a request for proposal or as an obligation on the part of the Government to acquire any products or services. No entitlement to payment of direct or indirect costs or charges by the Government will arise as a result of responses to this notice or the Government's use of such information. No contract will be awarded as a result of this notice. Data submitted in response to this notice will not be returned. All submissions become Government property and will not be returned. The Government reserves the right to use information provided by respondents for any purpose deemed necessary and legally appropriate. The information provided in this notice is subject to change and is not binding on the Government.


The General Services Administration is issuing this Sources Sought Notice on behalf of 18F to identify potential vendors who can provide Managed Security and IT Service in of support 18F's product. provides simple and secure access to public-facing federal consumer services and information, while protecting consumer privacy. is an open source, single sign on service for government that provides the public with a better customer experience and improved security, while offering the government cross-agency integration at lower costs. encrypts the personal information of each user separately, using a unique value generated from each user's password. implements the latest National Institute of Standards and Technology (NIST) standards for secure authentication and verification. Our plans for ongoing security include regular penetration testing and external security reviews.

Individual accounts get two layers of security. requires two-factor authentication as well as strong passwords that meet NIST requirements. evaluates and implements new authentication methods as they become widely available to make sure that remains accessible and secure.

Encrypting personal data separately means that cannot share any information with other government entities without users' permission. Database administrators cannot decrypt a user's personal information without the user's password.

Additional information can be found at , and in's open source repository: .

The 18F identity playbook, with additional information about the methodology, can be found at: .

An overview of's security approach can be found at: .

The team follows the Digital Services Playbook: .


Information is being requested to identify potential sources that meet the following criteria:

  • U.S based firms with relevant vetted security/IT service professionals, facilities, infrastructure and information systems located within U.S

  • Vendor shall have industry or Government certified services if offering is inclusive of any external managed service components.


See attached SOC SOW - DRAFT for description of services to be performed.


This is an information gathering exercise to identify potential sources and to help develop the requirements and the acquisition strategy for required services.

CONFIDENTIALITY: No proprietary, classified, confidential, or sensitive information should be included in your response. The Government reserves the right to use any non-proprietary technical information in any resultant solicitation(s).

Response Format/Page Limitations:

The overall total page limit for responses to this RFI is two (5) double-sided pages; or a total of four (10) single-sided pages. Responses should be submitted in Microsoft Word or PDF format. Responses should be complete and sufficiently detailed. Please do not submit marketing material. Responses should include the following information:


A1. Company Name/Address/Contact Information and DUNS number;

A2. Business size/classification; and

A3. Identify any GSA schedules or other existing contract vehicles your firm holds that supports the work described in this RFI.


B1. Describe your firm's past performance experience and qualifications, for a minimum of three contracts of a similar scale that are less than three years old and that involve use of capabilities and activities relevant to those necessary for meeting the's requirements and tasks specified in attached Draft SOW, including contract number, customer name and address, brief synopsis of work performed and qualification of staff involved in providing services.

B2. Describe your firm's overall approach and ability to meet the requirements and tasks specified in attached Draft SOW. Specifically:

  • Your firm's ability to meet the mandatory criteria stated above.

  • Provide a typical timeline to set up your systems and commence operations.

  • Provide a copy of your proposed Service Level Agreement (SLA).

  • Propose a responsibility assignment (RACI) matrix in a managed service engagement similar to what's described in Draft SOW.

B3. Describe the different deployment options are supported by your SEIM.

  • Are you able to deploy your solution within LG AWS account so that all data is stored within LG security boundary?

  • Which deployment model would you recommend and why?

B4. Describe your approach to measure the effectiveness of all dimensions of the SOC including but not limited to: Network Defense, Vulnerability Management, Monitoring, Continuous Diagnostics and Mitigation, Threat Information Exchange, Incident Response and Event notifications. How would you recommend integrating metrics into overall contractual arrangements and incentives that would facilitate performance-based acquisition?

B5. Provide examples of your firm's experience in vetting and engaging security and IT professionals in similar projects.

B6. Describe your approach for Transitioning out. What approach would you recommend that will allow GSA to take over complete control of SIEM and all govt. data if needed?


C1. Identify small business contracting and subcontracting opportunities.

C2. Based on your review of the Draft SOW, please provide estimated cost of requested services as given below, type of contract you would recommend and why.

  • Security Data Collection, Aggregation, and Correlation Support

  • Continuous Monitoring, Detection and Analysis (Tier 1)

  • Incident Assessment and Response Support (Tier 1, Tier 2)

  • Cyber Intelligence Support, Remediation/Mitigation based on findings, automated and manual interventions (Tier 2)

  • Security Infrastructure Enhancement (Tier 2)

C3. Provide comments/suggestions and/or insights you may want the government to consider.

Please consult the list of document viewers if you cannot open a file.
Draft SOW
Other (Draft RFPs/RFIs, Responses to Questions, etc..)
Draft SOW
Posted Date:
September 27, 2017
Description: Draft SOW
Contracting Office Address :
301 7th St SW Rm 6109
Washington, District of Columbia 20407
United States
Primary Point of Contact. :
Al Munoz,
Contracting Officer
Phone: 2027344226

Related Document

Sep 28, 2017[Sources Sought] Security Operations Center and Application Monitoring Services


Not a USAOPPS Member Yet?

Get unlimited access to thousands of active local, state and federal government bids and awards in All 50 States.

Start Free Trial Today >