A request for information (RFI) released by the Cybersecurity and Infrastructure Security Agency (CISA) provides insight into what Federal buyers will be looking for in technology central to the Biden-Harris administration’s network visibility-focused cybersecurity executive order, specifically on network endpoint detection and response (EDR) capabilities.
CISA intends to galvanize security operations center operations by getting as close to 100 percent coverage as possible on selected and validated EDR platforms through a “gap-fill” strategy, the agency said.
The purpose of the RFI, CISA said, is to assist the government in conducting market research focused on gaining technical feedback from industry on tools and services that would provide sophisticated EDR capabilities for U.S. government agencies.
“[CISA is soliciting] expertise from industry to validate and inform on best practices in process or functionality that should be considered within the context of EDR activities [the government] is currently executing,” the RFI notes.
Another key objective of the RFI is a longer-term strategy on maintaining EDR tools across Federal networks over a longer-term period based on industry input regarding future capabilities under development, the evolution of the market based on customer requirements, and novel strategies being employed by advanced threat actors.
CISA may use the information provided by responders to continuously modernize baseline requirements for the agency’s EDR capability, “to ensure that a government baseline for EDR platforms is set at a level that is [ideal] to the evolving advanced threats that target Federal networks and tailored against unique requirements of the Federal Civilian Enterprise,” the RFI notes.
The RFI also asks respondents to state whether their EDR tool is on a list of products approved under DHS’ Continuous Diagnostics and Mitigation (CDM) program. “For your product to be considered, it needs to be on the CDM APL,” the RFI says. Responses are due Nov. 8.