Notice ID IST-1234
“Current technical capabilities for information tracking, sharing, and analysis are limited by the design of the current toolset utilized as the primary work enablers for ISTA. These applications were not designed to provide high levels of confidentiality, integrity, or accessibility for those with a need to know; nor where they intended to be the backbone of significant analytical and business processing activities in a high operational tempo (OPTEMPO) office. As workloads increase, the technology becomes a limiting factor for maturing ISTA in a way that would ensure increased capabilities in the mission to detect, deter, and mitigate insider threats.
ISTA is required to produce an annual report for the DEA Administrator on the previous year’s activities, as well as provide periodic updates to the DOJ Justice Management Division (JMD) Insider Threat Center (JINTC). Without a central capability to receive, store, track, and retrieve information, these reports become data gathering exercises that devour significant analyst and unit chief working hours.
ISTA must remain adaptable and forward looking to the challenges of an increasing remote workforce, as well as one that operates in high risk environments both domestically and internationally. Risk analysis is inherently a deliberate process that relies heavily on critical data being accessible quickly and reliably. A secure, connected, cloud-based platform that works with partners across DEA, and remains adaptable to both evolving threat landscapes as well as changing technology, is critical to long-term threat mitigation...”
“3. SCOPE The scope of these requirements encompass the following:
Performance of a requirements analysis to thoroughly understand the current legacy processes and document the current IST data and reporting requirements in addition to identifying all internal and external stakeholders;
Establishment of a commercial infrastructure as a service (SaaS) and a platform as a service (PaaS) secure host cloud platform with no hardware or software install;
Capability to perform multiple automatic upgrades per year without re-configuration
Accreditation by the Defense Information Systems Agency (DISA) – Cloud Computing Security Requirements
Provision of FedRAMP HIGH Authority to Operate (ATO)
Application Program Interface (API), allowing seamless integration with applications across the organization
Development of built-in interactive video-based training modules
Help Desk support available during business hours (typically 0730-1700EST, M-FR);
Integration of analytics tools to ingest, process, and develop analytical outputs supporting insider threat risk evaluations;
Accessible through a web browser with no software to download; and
Audio/Video storage capabilities sufficient to meet IST requirements...”
Read more here.
Reply to this post...