Endpoint Security Event Management

Quick Summary

The Defense Information Systems Agency (DISA) is conducting a Sources Sought to identify qualified sources for Endpoint Security Event Management (ESEMS) services. This effort supports the Department of War (DoW) Information Network – Army and the Army’s Unified Network Zero Trust Architecture initiatives. DISA is seeking both small and large businesses capable of providing comprehensive cybersecurity solutions, including fielding, installation, training, and engineering data. The anticipated contract is a single-award IDIQ with an estimated ceiling of $850M over a potential 10-year period. Responses are due by June 29, 2026, at 4:30 PM ET.

Scope of Work

The requirement encompasses a broad range of cybersecurity and IT services:

• Endpoint Security Event Management (ESEMS): Operate, maintain, and secure a global endpoint ecosystem using Microsoft Defender for Endpoint (MDE) and Elastic Defend, including EDR, application controls, automated malware quarantine, and Post-Quantum Cryptography (PQC) migration preparation.
• Comply to Connect (C2C) Framework Support: Orchestrate and enforce the DoD's C2C framework for compliant device access to DoWIN-A.
• Unified Security Incident and Event Management (USIEM): Build, federate, and maintain a hybrid-cloud USIEM ecosystem for enterprise-wide security monitoring, data aggregation, investigation, and analytics, utilizing technologies like Elastic Stack, Kubernetes, Kafka, and Cribl.
• Collaborative Development Environment (CDE): Host, administer, and maintain the "NETCOM Edge" CDE for advanced data science and analytics.
• Training and Technical Publication Development: Create modern, learner-centric training products for military personnel.
• Fielding, Field Support, and Installation: Plan and execute global fielding missions, provide technical Subject Matter Expert (SME) support, and offer 24/7 help desk and on-site Field Support Representative (FSR) services.
• Modernization and Cybersecurity Management: Evaluate new capabilities, provide incident detection and response, and utilize DevSecOps pipelines.
• Data Management and System Administration: Ensure compliance with DoW cybersecurity requirements.

Contract & Timeline

• Contract Type: Sources Sought (Anticipated single-award IDIQ)
• Estimated Ceiling: $850,000,000
• Period of Performance: 2-year base period + eight 1-year option periods (March 2027 – March 2037)
• Primary Place of Performance: Global Cyber Center, Fort Huachuca, Arizona, with oversight at Aberdeen Proving Ground, MD, and support for 4 Regional Cyber Centers.
• Published Date: June 15, 2026

Eligibility / Set-Aside

• NAICS Code: 541519 (Information Technology Value Added Resellers, Size Standard: $34M)
• Set-Aside: To be determined by DISA based on responses received.
• Required Experience: Demonstrated experience with large-scale integration (800,000+ endpoints), Zero Trust & IL5/IL6 compliance, and expertise in Microsoft Defender, Elastic Stack, Forescout, and Azure.
• Special Requirement: Must possess a Top Secret Facility Clearance. Personnel must have a minimum Secret clearance.

Submission & Evaluation

• This is a Sources Sought notice for informational purposes only; it is not a Request for Proposal.
• Interested businesses must submit a brief capabilities statement package addressing specific questions outlined in the notice.
• Response Due: June 29, 2026, at 4:30 PM ET.
• Submission Method: Email to shannon.k.jones.civ@army.mil, jennifer.l.kinser3.civ@mail.mil, and melyssa.d.lafontaine.civ@mail.mil.

Additional Notes

This requirement is a consolidated follow-on to existing contracts currently held by ECS Federal and Enterprise Resource Performance, Inc. Responses should include business details, representative information, socio-economic status, CAGE Code, and prime contract vehicles.