New cybersecurity tools sought for Navy’s VRAM program

The Navy is looking for commercial off-the-shelf tools to assist its program that hosts network configuration data to monitor for vulnerabilities, according to a recent request for information.

The service wants support for its Vulnerability Remediation Asset Manager (VRAM), a web-based repository for network configuration data. The Navy is still in the process of addressing the findings of a scathing cybersecurity report in March 2019. Since then, the department has elevated its CIO position in the civilian hierarchy and released IT modernization plans to address some of the open wounds left by cyber-adversaries.

The RFI is only for ready-to-use commercial tools that will help monitor the Navy’s network configurations. VRAM catalogs the configurations to ensure compliance to technical directives and mitigate against known vulnerabilities. Some of the new requirements for tools include the ability to be hosted on .mil domains, the ability to parse large files and the capacity to work with other parts of the cybersecurity infrastructure.

“VRAM provides a streamlined tool to proactively maintain, validate, and document a system configuration baseline,” the RFI states.

The potential acquisition is being run through the Navy’s Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I). The Navy recently restructured its some of its other PEO offices to focus on enterprise IT work.

Despite the request being only for commercial off the shelf tools to support the VRAM program, the Navy is open to other suggestions on potential cyber-enhancing tools.

“The Government is also interested in the capability of companies to develop, produce and deliver any future COTS and/or NDI items at its own expense,” the RFI states.