Foxhole Technology has won its recompete for our current work on the DISA Continuous Monitoring and Risk Scoring (CMRS) Development and Sustainment program. Awarded on the Defense Information Systems Agency (DISA), Development and Business Center (DBC), Blanket Purchase Agreement (BPA), HC1028-17-A-0010, the contract provides a period of performance through May 4, 2022.
Foxhole Technology will continue to provide a suite of Government Off-The-Shelf (GOTS) and Commercial Off-The-Shelf (COTS) based software solutions that create global and organizational risk views by applying threat and vulnerability-based scoring algorithms. We provide near-real time risk visualization, automated configuration management (CM) analysis, and continuous monitoring capabilities that enable net defense and risk awareness information. CMRS continuously assesses and measures the risk state of DoD Information Technology (IT) systems in accordance with enterprise security controls – such as software/hardware inventory; Security Technical Implementation Guide (STIG) and patch compliance; anti-virus configurations; and directive compliance. Foxhole Technology will continue to build CMRS to host DoD security information on workstations, servers, and network devices in a central repository to:
- Develop, sustain and maintain operational the CMRS application on the Microsoft .NET framework.
- Develop, sustain, and maintain CMRS analytics on the Cyber Situational Awareness Analytical Capabilities (CSAAC) Big Data Platform (BDP).
- Enhance CMRS application to include risk measurement (risk scoring) capability.
Through this new contract, Foxhole Technology will provide programmatic, technical, engineering and integration support for the continued design, development, enhancement, integration, deployment and sustainment of CMRS in the following Task Areas – all which are support the over-arching DISA DBC BPA:
Task Area 1 - Contract Level and TO Management Support [BPA Task Area 1]. Provide CO management support describing the technical approach, organizational resources, and management controls, transition plan, risk management plan to be implemented to meet the, performance, and schedule requirements through the contract execution.
Task Area 2 - Software Design and Development [BPA Task Area 2]. Provide requirements, development, testing, and deployment in support of CMRS. This effort will include gathering and managing operational, functional, and system requirements, conducting comprehensive testing, data acquisition and integration, and establishing a repeatable system engineering process, and managing users’ requirements. In addition, this includes engineering and deploying the solution to the appropriate hosting environment(s).
Task Area 3 - Software Development Support [BPA Task Area 3]. Provide cyber security and A&A support. This effort will include supporting the security posture of the development, test, implementation, and production systems to maintain compliance with DoD regulations and Risk Management Framework (RMF). In addition, this task area includes configuration management, sustainment, and system administration support.
Task Area 4 - Tier III Support [BPA Task Area 4]. Provide Tier III service desk support for after hour operational issues, and operational support activities, and operations support for operationally-focused program activities.
Task Area 5 - Product Subject Matter Expert (SME) Support [BPA Task Area 5]. Provide in-person and/or virtual training sessions, and ad-hoc training. Serve as the expert in the areas of device and vulnerability data analysis and reporting, vulnerability management, continuous monitoring, risk scoring, CMRS strategy, and Secretary of Defense (SECDEF) Cybersecurity Scorecard support.
Continuous Monitoring and Risk Scoring (CMRS) is a web based system that visualizes the cybersecurity risk of the Department of Defense (DoD) based on published asset inventory and compliance data. The risk state of the DoD Enterprise security controls for software inventory, antivirus configuration, Security Technical Implementation Guide (STIG), and Information Assurance Vulnerability Management (IAVM) vulnerability and patch compliance are measured and reported. CMRS supports the risk-management approach to cybersecurity oversight by quantitatively displaying an organization’s security posture through the use of risk dashboards. Using the risk dashboards, users can gather actionable direction, implement prioritized mitigation decisions, and ensure effectiveness of security controls in order to support their cybersecurity risk management duties.
DISA/DBC provides next generation, net-centric network operations (NetOps) and defensive cyber operations (DCO) capabilities for combatant commanders, joint/combined task forces, services, and agencies across the entire Department of Defense Information Network (DoDIN). In concert with the Department of Defense (DoD) migration to the Big Data Platform (BDP) concept, DoD programs are designated to provide the situational awareness by employing specialized components and analytic architectures that result in dynamic visualizations of potential and actual malicious trends and behavior.
For more information please contact Mark Cosgrove.