Notice ID SSN_04052022_TSA_CND “1.1 Purpose The Department of Homeland Security (DHS) Transportation Security Administration (TSA)/Information Technology (IT)/Information Assurance and Cybersecurity Division (IAD) Computer Network Defense (CND) branch, has a requirement for the immediate delivery of IT cybersecurity operations and engineering support services. These services are necessary to protect and maintain the availability, integrity and confidentiality of the IT security and computer security operations services utilizing TSA’s Security Operation Center (SOC). Other TSA Program Offices IT security stakeholders will also have access to the CND support services...” “1.2 Background TSA/IT/IAD is seeking CND support services to address information assurance (IA) capabilities in order to protect and defend TSA information technology infrastructure, and data, against current and future cybersecurity threats. The CND branch, within the IAD, manages the TSA SOC, which provides centralized IT security monitoring for TSA FISMA systems in the TSA Enterprise. 2.0 SCOPE OF WORK The Contractor shall provide comprehensive IT cybersecurity operations and engineering support services in accordance with (IAW) this Statement of Work (SOW) and the terms of this contract. Contractor personnel are required to provide demonstrated expertise and capabilities in the delivery of performance. The Contractor shall provide all contract deliverables documentation IAW the terms of this contract. The overall scope of this requirement is to obtain Contractor services support to assist in the following CND task areas: Task 1 – TSA SOC Concept of Operations Task 2 – SOC Services Task 3 – SOC Incident Response Management Services Task 4 – CNDS and IAD Infrastructure, Architecture, and Engineering Task 5 – Program Management Task 6 – Transition Management Optional Tasks The TSA SOC relies heavily on Security Information and Event Management (SIEM) content to identify actionable security events and incidents, which requires continuous revisions to the SIEM logic and rules (content development) to address current and emerging cyber threats. The TSA SOC currently leverages several toolsets; such as an Endpoint Detection and Response (EDR) software, Mobile Device Management (MDM) software, packet capture and network security hardware, and cloud security broker suites to conduct incident response. The Contractor shall assist with integration of security event monitoring of additional TSA offices and technologies to meet the current projected totals...” Read more here.