Notice ID: SplunkSOAR_2023
Description
The mission of the Department of Health and Human Services (HHS), Administration for Children and Family (ACF), is to foster health and well-being by providing federal leadership, partnership, and resources for the compassionate and effective delivery of human services. ACF programs serve families and individuals to improve their economic independence and well-being. To ensure the success of this mission, the ACF Office of the Chief Technology Officer, ACF Tech is looking to procure a modernized toolset that will allow ACF to identify and get in front of security threats and incidents more quickly and efficiently.
background
ACF Tech currently supports a cloud based General Support System (GSS) in the AWS commercial cloud. This legacy environment is not built to support the functional, operational and security requirements needed to properly manage and secure modern applications. The ACF Tech NextGen Secure Cloud (NGSC) initiative builds a new, robust, and secure AWS based GSS environment, to support current and future ACF needs. NGSC has been built using modern cloud architecture practices and will leverage state of the art monitoring, management, and automation tools.
Objective: ACF Tech requires integrated System Log Aggregation, SOAR, SIEM and UBA tools to comply with Federal Mandate OMB M-21-31, as well as support compliance with Executive Order 14028 for the adoption of Zero Trust Architectures. These integrated capabilities will allow ACF operations and security staff to respond to threats in an automated fashion and will integrate with ACF Tech’s existing Splunk products and the rest of our security stack.
The combination of our existing Splunk Log Aggregation system and the Security Orchestration, Automation, and Response (SOAR) tool procured in FY 22, with new Security Information and Event Management (SIEM) and User Behavior Analytics (UBA) modules will provide:
- SOC Automation
- The tools allow for the execution of automated actions defined through Playbooks (List of workflows and actions triggered by specific events) that perform repetitive tasks so that the security team can focus on more mission critical decisions
- Orchestration
- This function allows for the integration of various tools to support defined workflows for each part of the layered security defense activity…
