The Commerce Department is reaching out to industry stakeholders to find out the best way to move its cybersecurity operations to the cloud.
In a July 11 request for information posted on FedBizOpps, agency officials solicit details from industry vendors on shifting a series of Commerce cybersecurity operations to a cloud service provider approved by the Federal Risk and Authorization Management Program.
Specifically, Commerce wants to move its Enterprise Security Operations Center, Enterprise Cybersecurity Monitoring and Operations, and Continuous Diagnostic and Mitigation systems to the cloud.
“This acquisition will consolidate the functionality and capabilities of these programs under unified management within the DOC [Office of the Chief Information Officer] organization,” the RFI said.
ESOC handles Commerce’s cyber analytics and incident response operations, in addition to coordinating communication with the Department of Homeland Security, the U.S. Computer Emergency Readiness Team, the Office of Management and Budget, and other agencies. ECMO provides continuous monitoring of security-related information for the agency and works along with DHS’s CDM program.
Consolidating the ESOC and ECMO operations — which are located separately at a National Oceanic and Atmospheric Administration site in West Virginia and at the National Institute of Standards and Technology in Germantown, Md. — will facilitate system configurations and functionality updates, Commerce says in the RFI. The separate locations have historically led to “delays in configuration requests and in implementing new functionality,” among other challenges.
“The cloud hosting environment would have the flexibility to easily scale in order to accommodate additional functionality and data log feeds as needed, and would offer a transparent pricing model to make costs predictable,” the RFI explains.
Interested industry stakeholders will need to answer a series of questions about the risk level of the cloud migration, the feasibility of a single vendor to handle the move, data backup resources and more.
Vendors have until July 31 to respond to the RFI.