Endpoint Security Event Management

SOL #: 842674854Sources Sought

Overview

Buyer

DEPT OF DEFENSE

Defense Information Systems Agency (Disa)

IT CONTRACTING DIVISION - PL84

SCOTT AFB, IL, 62225-5406, United States

Place of Performance

Fort Huachuca, AZ

NAICS

Other Computer Related Services (541519)

PSC

Support Services Focused On Supporting Security Policies/Controls, Processes, Measuring Compliance Of Relevant Legal/Compliance Requirements, To Include Section 508, And Responding To Security Breaches. Also Provides Support For It Security Systems Providing Continuous Diagnostics And Mitigation (Cdm) For Real Time Cyber Security And Protection Such As Vulnerability Scanning, Managing Firewalls, Intrusion Prevention Systems, And Security Information And Event Management (Siem). Includes Disaster Recovery (Dr) Services To Support Dr Policy, Process And Means, Dedicated Failover Facilities And Perform Dr Testing. (DJ01)

Set Aside

No set aside specified

Original Source

https://sam.gov/opp/f52068aef10344bfa8dd49699d7f97bf/view

Timeline

Posted

Jun 15, 2026

Last Updated

Jun 15, 2026

Response Deadline

Jun 29, 2026, 4:30 PM

Qualification Details

Fit reasons

NAICS alignment with historical contract wins in similar service areas.
Scope strongly matches core technical capabilities and delivery model.

Risks

Past performance thresholds may require one additional teaming partner.
Potential clarification needed on staffing minimums before bid/no-bid.

Next steps

Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.

Quick Summary

The Defense Information Systems Agency (DISA) is conducting a Sources Sought to identify qualified businesses for Endpoint Security Event Management (ESEMS) services for Project Manager Command & Control Infrastructure (PM C2I) and Network Enterprise Technology Command (NETCOM). This effort supports the Department of War (DoW) Information Network – Army and its Unified Network Zero Trust Architecture initiatives. Responses are due by June 29, 2026, at 4:30 PM ET.

Purpose

This Sources Sought Notice aims to determine the availability and technical capability of both small and large businesses to provide comprehensive cybersecurity solutions and services. The goal is to support the Army's Unified Network Zero Trust Architecture, including fielding, installation, training, and engineering data for Army Enterprise and Tactical systems.

Scope of Work / Key Requirements

The requirement encompasses a broad range of cybersecurity and IT services:

Endpoint Security Event Management (ESEMS): Operate, maintain, and secure a global endpoint ecosystem using Microsoft Defender for Endpoint (MDE) and Elastic Defend, including EDR, application controls, automated malware quarantine, and Post-Quantum Cryptography (PQC) migration preparation.
Comply to Connect (C2C) Framework Support: Orchestrate and enforce the DoD's C2C framework for compliant device access to the DoWIN-A, involving discovery, auto-remediation, and continuous policy enforcement.
Unified Security Incident and Event Management (USIEM): Build, federate, and maintain a hybrid-cloud USIEM ecosystem for enterprise-wide security monitoring, data aggregation, investigation, and analytics, utilizing technologies like Elastic Stack, Kubernetes, Kafka, and Cribl.
Collaborative Development Environment (CDE): Host, administer, and maintain the "NETCOM Edge" CDE for advanced data science and analytics.
Training and Technical Publication Development: Develop modern, learner-centric training products for military personnel.
Fielding, Field Support, and Installation: Plan and execute global fielding missions, provide technical SME support, and offer 24/7 help desk and on-site Field Support Representative services.
Modernization and Cybersecurity Management: Evaluate new capabilities, provide incident detection and response, and utilize DevSecOps pipelines.
Data Management and System Administration: Ensure compliance with DoW cybersecurity requirements.

Contract Details

Anticipated Contract Type: Single-award Indefinite Delivery/Indefinite Quantity (IDIQ).
Estimated Ceiling: $850 million.
Period of Performance: A 2-year base period followed by eight 1-year option periods, spanning from March 2027 to March 2037.
Primary Place of Performance: Global Cyber Center, Fort Huachuca, Arizona, with oversight at Aberdeen Proving Ground, MD, and support for four Regional Cyber Centers.

Eligibility / Set-Aside

NAICS Code: 541519 (Other Computer Related Services), with a size standard of $34 million.
Set-Aside: DISA will determine the small business set-aside status based on the responses received from this market research.
Required Experience: Demonstrated experience with large-scale integration (800,000+ endpoints), Zero Trust & IL5/IL6 compliance, and expertise in Microsoft Defender, Elastic Stack, Forescout, and Azure.
Special Requirement: Offerors must possess a Top Secret Facility Clearance, and personnel must hold a minimum Secret clearance.

Submission & Evaluation

This is a Sources Sought Notice for informational purposes only and does not constitute a Request for Proposal. Interested businesses must submit a brief capabilities statement package addressing specific questions outlined in the notice. Responses will be used to inform future acquisition strategies.

Additional Notes

This requirement is a consolidated follow-on to existing contracts currently held by ECS Federal and Enterprise Resource Performance, Inc. Responses should include business details, representative information, socio-economic status, CAGE Code, and prime contract vehicles.