Request for Information - FAA Cybersecurity Threat Hunting

The Federal Aviation Administration (FAA) is hereby issuing a request for information (RFI) regarding Cybersecurity Threat Hunting.

Purpose:

The purpose of this RFI is to understand both industry approaches and industry capabilities related to Cybersecurity Threat Hunting. Responses to this RFI will assist the FAA with future cybersecurity acquisition planning and future cybersecurity requirements definition in support of the FAA mission to provide the safest, most efficient aerospace system in the world.

Instructions for Submittals:

The FAA will only accept email submittals addressed to the FAA Primary Point of Contact of this RFI. The email subject line must include the SAM.gov announcement number followed by the company name. Individual e-mail message size (i.e., email body text plus any attachments) must not exceed 19MB.

The FAA requests that an industry response to this RFI include

• Company point(s) of contact, title(s), telephone number(s), email address(es)


• Company Capability statement


• Company responses/feeback to the items below, as applicable:

1. Describe the key fundamentals of a Threat Hunting program built for a federal agency.


2. Do you use an industry standard model for Threat Hunting?
   
   
   
   • If so, what model is utilized?
   
   
   • Discuss a model that you would recommend for the FAA NAS environment?
   
   
   
   


3. What tools does your threat hunting team utilize?
   
   
   
   • COTS:
   
   
   • Open Source:
   
   
   • GOTS:
   
   
   • Other:
   
   
   
   


4. Describe the deliverables involved in your Threat Hunting program


5. How long does a typical hunt last?
   
   
   
   • In edge cases, what factor(s) contribute to a hunt ending early or extending well past estimated targets?
   
   
   
   


6. What is the skillset and distribution within your personnel?
   
   
   
   • Do your Threat Hunters specialize?
     
     
     
     • If so, what specialties would your ideal team be made of?
     
     
     • If not, please discuss the core skillset your ideal team contains.
     
     
     
     
   
   
   • In an ideal team, what support personnel would you have?
   
   
   
   


7. Describe the distinction and collaboration between various groups/functions such as; threat hunting, OSINT, SOC, threat intelligence, indicator of compromise generation, etc.
   
   
   
   • What are the key groups/functions that must exist?
   
   
   • Should those key groups/functions exist within one Threat Hunting team or does collaboration work better?
   
   
   
   


8. What skillsets, tools, or other experience make a good Threat Hunter?
   
   
   
   • Discuss this per role if there are various roles.
   
   
   
   

Disclaimer:

This is not a Screening Information Request (SIR). This notice serves as performance of an FAA market analysis in accordance with AMS Procurement Guidance T3.2.1.2.A.1.

All costs associated with the preparation and/or submission of responses are the responsibility of the respondent. The U.S. Government will not pay for any information received or costs incurred associated with a submittal for this specific notice.

All proprietary and/or confidential information contained in a submission must be marked appropriately.

The FAA’s acquisition policies, guidance, and instruction are found at https://fast.faa.gov/.

Participation in this RFI notice is voluntary. Responses will be reviewed by FAA employees and a limited number of FAA support contractors working under non-disclosure agreements. Should a respondent require an NDA be signed between the respondent’s business entity and an FAA support contractor, please email the point of contact listed within this notice indicating so.

The FAA has the option of conducting one-on-one communications as deemed appropriate without the obligation to hold communications with all respondents.

A business entity responding to this notice neither qualifies respondents for, nor excludes respondents from, responding to a resulting SIR, if any.

Thank you in advance to all companies that provide a response.