29 Jun 2018

Advanced Analytics, Artificial Intelligence and Machine Learning Capabilities for the Cybersecurity Cloud Solution Program

Type of document: Contract Notice
Country: United States

Advanced Analytics, Artificial Intelligence and Machine Learning Capabilities for the Cybersecurity Cloud Solution Program

Department of the Treasury

Official Address:
IRS, 1111 Constitution Ave, NW,
Washington DC 20024

Zip Code:

Justin C. DeWitt, Contracting Officer, Phone 2406137333, Email justin.c.dewitt@irs.gov – Malcolm Sykes, Technical POC, Email malcolm.v.sykes@irs.gov


Date Posted:


Contract Description:
The Internal Revenue Service’s (IRS) Cybersecurity Division has a business need for an Artificial Intelligent (AI) machined-based analytical platform to proactively detect and respond to cyber- and insider-related threats. The IRS intends to use the results of this RFI to assist in the assessment of on-going industry efforts within the identified focus areas. The finding will also help to shape the path forward for potential acquisitions to include determination of contractual mechanisms to potentially pursue capabilities.

This is a Request for Information (RFI) (hereinafter Notice). This is NOT a solicitation for proposals, proposal abstracts, request for bids or quotations, nor, a promise to issue a solicitation in the future. The IRS is seeking information from industry regarding artificial intelligence, machine learning, cognitive computing and data analytics techniques, algorithms, and capabilities that have application to cybersecurity areas at IRS: threat intelligence, insider threat, cyber operations and processing, exploitation & dissemination (PED) / big data analytics. The purpose of this notice is for the Government to obtain market research information and gain an understanding of the marketplace. Utilizing the RFI, the IRS is seeking to identify solutions and approaches that currently exist in the marketplace and information regarding innovative ideas or concepts regarding the service in question.

The IRS is seeking an Artificial Intelligence (AI) platform that:

1. Supports local settings for specific needs and has global settings where attack sequences can be shared between environments.
2. Automatically and continuously learns the environment(s) improving accuracy.
3. Triages alerts to reduce false positives to parts-per-billion events.
4. Provides context for alerts/cases used for investigation.
5. Identifies previously unknown threats and tracks entities over time.
6. Analyzes data and provides context for alerts/cases used for investigation.

The IRS is seeking Machine Learning (ML) Analytics that:

1. Applies diverse, multiple modes of behavioral ML analytics (unsupervised, semi-supervised, and supervised) specifically designed based on cyber use case that provide comprehensive coverage of the operational arena
2. Supports streaming data sources to provide near real-time assessment
3. Able to utilize near real-time data sources to provide analytic views of correlated activities for near real-time monitoring of cyber threats across government networks
4. Can process, analyze, and identify threats in highly diverse sets of IT data sources, along with Operational Technology (OT) data sources, including Internet of Things (IoT) devices and Industrial Control Systems (ICS)
5. Ability to identify unknown threats using unsupervised analytic techniques and behavioral-based analytics, along with known threats using external threat intelligence
6. Supports streaming and batched configurations

The IRS is seeking a customizable User Interface (UI) that is:

• Intuitive and flexible
• Integrates well with existing cybersecurity investments
• Role-based access and dashboards (administrators, senior users, end user/operator, leadership)
• Provides alerts functionality that enables identification and location of the threat to deliver maximum information to decision-makers
• Delivers case management services
• Simplifies data management for rapid correlation and traceability

The IRS intends to leverage a Big Data Cloud that is:

• Deployable in System High FEDRAMP GovCloud (Sofware As A Service (SaaS)
• Supports forensic search of aggregate archive data
• Centralized collection, aggregation, and storage of security log files
• Fully elastic to accommodate data expansion

Optional Services that the IRS is potentially interested in acquiring include:

• Platform availability with actionable results within 48 hours
• Guided Tier 3/4 investigative services
• 24×7 Security Operations Center (SOC) services
• Cybersecurity evaluations and recommendations
• Detailed investigation reports and prioritized lists of events for remediation delivered to customer operations center
• Full cyber remediation services

Requested Information:


1. What constraints are there with data volume (capacity and scalability), velocity (events consumed by time), and variability (structured and unstructured and varying sources?)
2. Are there specific training datasets to accelerate learning and for ongoing learning?
3. How are events/alerts contextualized and aligned with the affected technical environment or business processes?
4. Does your product provide false positives and confidence metrics?
5. How is detection and disposition of 0-day or first-time detection of patterns managed?
6. What are the bandwidth considerations for data volumes to be transferred to/from cloud-based environment?
7. Does the capability consist of Inference-engine based on learned behavior and best practices?
8. Is the product or service FEDRAMP certified and at what level?
9. What security standards and controls does your solution follow? All solutions will have to comply with IRS security assessments and controls.
10. What is the backup procedure for catastrophic events?
11. Could you provide information regarding your current licensing and related service agreement information?

Cloud Questions
1. Please provide the overall best practices to migrate from a Legacy environment to a Cloud environment for modernization across various dimensions of Cloud – Technology, Security, Implementation, Portability to prevent Vendor Lock in, Exit strategy, Operations – Disaster Recovery & Support etc., pricing models for optimal flexibility and cost.
2. Describe your experience in providing assessment, planning, implementation, operations, and performance management services to successfully migrate legacy systems/applications and implement new systems to an enterprise cloud. Provide specific examples for a significant effort in support of a federal agency or commercial entity. Specify the agency or commercial entity name, size, project type, scope, length, and deliverables.
3. Describe your experience in recommending and validating cloud architecture, design, and operations enhancements for a significant effort in support of a federal agency or commercial entity. Specify the agency or commercial entity name, size, project type, scope, length, deliverables, and outcomes realized. Does your solution support dashboards and reports (both canned and ad hoc)?
4. If there are any dependencies or technical challenges associated with seamlessly moving an application or system from one Cloud Service Provider (CSP) to another, describe them and discuss solutions to enable the desired seamless movement.
5. Describe your experience implementing Cloud solutions in the Federal Government workspace.
Other Information Requested:

Interested potential offeror’s are requested to respond to this RFI with the following information:

• Organization Name (if organization has experienced name changes, please list all previous names used)
• Company’s technical and administrative points of contact, including names, titles, addresses, telephone and fax numbers, and e-mail addresses.
• Industry (NAICS) Codes (North American Industry Classification System) and business size for each NAICS code
• Vehicles and contracts held (vehicle, agency, expiration date inclusive of Best In Class contracts, GWACs, IDIQs, and BPAs) – please highlight contracts with the Federal Government clearly
• Year company was established/founded
• Company ownership (public, private, joint venture)
• Business Classification / Socio-Economic Status (e.g., large, small, 8(a), women owned, hub-zone, SDB, Service-Disabled Veteran Owned)
• Location of corporate headquarters
• Locations of facilities within the Continental United States (CONUS)
• Locations of facilities Outside of the Continental United States (OCONUS)
• Location of data centers and/or hosting facilities
• Location where incorporated
• Overview of products and services provided
• Identification of any Best In Class contract vehicles including Government Wide Acquisition Contracts (GWAC) (e.g. GSA schedule) they may possess or are aware of that would support this possible requirement.
• Does your company support any existing Commercial and/or Federal Government agencies similar to requirements/objectives defined in this RFI? If so, please provide the contract type, contracting vehicle, service level agreements and associated performance metrics.
• What is the suggested contract type and pricing structure for a requirement such as this that will provide the Government a maximum level of cost efficiency to be obtained? If pricing of services is available, please provide as market research data to allow for the Government to be able to create an independent government cost estimate.
• Any other information that may be helpful.

Due Date: 30 business days from date of this announcement in the FBO. Pending a review of the responses, the quality of submissions and the level of specificity of the information provided, Government may conduct follow up discussions (if needed) with respondents. Please note, however, that the Government is under no obligation to conduct these follow-up Q&A sessions.

Response submissions should be submitted in Microsoft Word or PDF format and should not exceed fifteen (15) pages with Arial font greater than or equal to 11 pt. Respondents are strongly urged to adhere to this page limitation as well as to limit marketing material in order to provide more substantive information in their response.
Responses are to be submitted via e-mail to Justin C. Dewitt at Justin.C.DeWitt@irs.gov no later than July 26, 2018.

Please contact the points of contact assigned to this RFI via email ONLY at this time.

Terms and Conditions regarding this Notice:

This Notice does not obligate the Government to award a contract or otherwise pay for the information provided in response. All costs associated with responding to this Notice are solely at the responding party’s expense. The Government reserves the right to use information provided by respondents for any purpose deemed necessary and legally appropriate. Further, the Government may contact the vendor for additional information regarding the information submitted as part of this market research effort. Any organization responding to this notice should ensure that its response is complete and sufficiently detailed to allow the Government to determine the organization’s qualifications to perform the work. Respondents are advised that the Government is under no obligation to acknowledge receipt of the information received or provide feedback to respondents with respect to any information submitted. After a review of the responses received, a pre-solicitation synopsis and solicitation may be published in Government Point of Entry or other similar source (e.g. GSA E-buy). However, responses to this notice will not be considered adequate responses to a solicitation.

Responses to this notice are not offers and cannot be accepted by the Government to form a binding contract or agreement. The Government will not be obligated to pursue any particular acquisition alternative as a result of this notice. Responses to the notice will not be returned. Not responding to this notice does not preclude participation in any future solicitation, if one is issued.

No proprietary, classified, confidential, or sensitive information should be included in responses to this Notice, unless otherwise appropriately marked by the Respondant. The Government reserves the right to use any non-proprietary technical information received in response to this Notice in any resultant solicitation(s).


Response Date:

Sol Number: