VA is looking to strengthen its overall cybersecurity standing with improved information technology (IT) infrastructure using an upgraded DLP posture to enhance the Department’s mission. VA’s DLP solution(s) will prevent potential data breaches / data exfiltration by monitoring, detecting, and blocking sensitive VA data – regardless of its location, by utilizing DLP software and or hardware in alignment with VA governance guidelines. In addition to minimizing both deployment and operating cost, the off-the-shelf product solution avenues are expected to provide additional tooling within the DID approach to effectively protect Personally Identifiable Information (PII), Protected Health Information (PHI), Payment Card Industry Data Security Standard (PCI-DSS), and VA sensitive information data wherever it may be.
To ensure mission success, ECSP requires contractor support to define, develop, and implement solutions required to maintain the confidentiality, integrity, and availability of Veteran and VA information. Information gathered, and lessons learned from this pilot, will used to evaluate the enterprise risk and features needed to support DLP deployment throughout the enterprise. The DLP protection afforded shall include data at rest, data in use, and data in motion.
The Contractor shall create a VA Enterprise DLP program. The Contractor shall validate the VA’s proposed DLP implementation strategy. The Contractor shall develop and document DLP functional and use case requirementsto ensure VA compliance with the HIPAA Privacy and Security Rule, Health Information Technology for Economic and Clinical Health (HITECH) Act, Privacy Act, National Institute of Standards and Technology (NIST) guidelines, Federal Information Security Management Act (FISMA), Federal Acquisition Regulation (FAR) and other laws and regulations pertaining to the protection of sensitive VA data. These functional requirements and use cases shall be applied to the respective pilots. The Contractor shall provide ECSP technical support services to include the development and maintenance of a VA Enterprise protection and prevention functional solution that provides comprehensive end-to-end Data Loss Prevention (DLP) to cover four (4) main cyber protection areas of: Storage, Endpoint, Network, and Cloud.
