Request for Information: Enterprise Logging Ingest and Cyber Situational Awareness Refinery (ELICSAR) Vulnerability Assessment & Learning - Automated Remediation (VALAR)

Other / Unclassified

This document is a memorandum from the Department of the Air Force, Air Force Life Cycle Management Center (AFLCMC), Cryptologic and Cyber Systems Division, to respondents of the Request for Information (RFI) with Notice ID ELICSARVALARFY26RFI. It serves as a notice of conclusion for the ELICSAR VALAR Program RFI.

This document informs potential bidders that the RFI process for the ELICSAR VALAR program has concluded. The Government has decided to pursue an alternative acquisition strategy and will not be proceeding with a subsequent Request for Proposal (RFP) as a direct result of this RFI. No further activities related to this RFI will occur. Bidders are encouraged to monitor for future opportunities.

Request for Information (RFI)

This RFI is issued by the Air Force Life Cycle Management Center (AFLCMC), Defensive Cyber Systems Branch (HNCD) for market research and planning purposes. The government is seeking information on solutions to sustain and enhance the existing Enterprise Logging Ingest and Cyber Situational Awareness Refinery (ELICSAR) Big Data Platform (BDP) and integrate a data analysis toolset. The goal is to improve querying, visualization, and collaboration capabilities, moving towards a more cloud-native approach and optimizing compute and storage. This also aims to develop a comprehensive Data Fabric for the Cyberspace Operations System (CSOS) mission, aligning with Joint Cyber Warfighting Architecture (JCWA) requirements.

Industry sources are requested to submit answers to questions and fields provided in an accompanying Excel document (Attachment 1). The highest classification for responses should be no higher than Controlled Unclassified Information (CUI).

• RFI Open Date: September 30, 2025

• Question Submission Period: September 30, 2025 – November 19, 2025, 1600 CST

• Answers to Questions Posting: No later than November 20, 2025

• RFI Closing Date: November 2025, 2025, 1600 CST

• All questions must be submitted via email by November 19, 2025, 1600 CST to AFLCMC.HNCD.ELICSAR@us.af.mil (Technical) or to the Contracting Officer/Specialist (Contractual).

• Contact Information:

  • Ms. Promise Reichmuth (Contracting Officer): promise.reichmuth.2@us.af.mil
  • Mr. Jaret Higley (Contracting Specialist): jaret.higley@us.af.mil

• This RFI is for market research only and does not constitute an invitation for bids, RFP, solicitation, or RFQ.

• The government will not reimburse respondents for any costs associated with preparation or submission.

• Submissions will not be returned and become U.S. Government property.

• The government reserves the right to extend response and question periods, especially in the event of a government shutdown.

• Respondents may be invited to a one-on-one demonstration session.

• The information provided is subject to change and is not binding on the government.

Questions & Answers / Clarifications

This document provides the Government's responses to questions submitted by vendors regarding the Enterprise Logging Ingest and Cyber Situational Awareness Refinery (ELICSAR) Vulnerability Assessment & Learning - Automated Remediation (VALAR) Request for Information (RFI).

• Attachment 1 Completion: "N/A" is acceptable for fields that are not applicable. All responses must be captured on Attachment 1.
• Demonstration Opportunity: The format, length, and specifics of one-on-one demos are to be determined if the Government pursues them.
• Submission Logistics: Vendors have leverage to label emails appropriately, identifying the company and RFI title. If a response was already submitted and no request for revision was received, it is deemed acceptable.
• RFP Timeline: The Government is not requesting an RFP at this time. Vendors should refer to RFI amendments for timeline clarifications.
• Cloud Environment: The current cloud environment is AWS, though the Government may change solutions.
• Data Volume: Expect petabytes of daily data, text-based and PCAP.
• Zero Trust: Implementation is expected to align with DoD CIO Zero Trust Reference Architecture v2.0.
• Test Environment: The Government will sponsor a test environment for integration, security validation, and performance benchmarking.
• Work Performance: Hybrid/on-site/remote execution models are acceptable.
• ELICSAR Baseline: The baseline is JCRS-D, currently using AWS and associated CSP tools.
• Apache NiFi/N8N: The latest versions are implemented.
• Interoperability: Transport requirements for ELICSAR and LEAP/LTAC edge systems are defined. NIST framework will be used for Zero Trust Architecture compliance.
• Data Fabric Standards: Architecture requirements will be delivered to the working vendor.
• API Documentation: API documentation and data interface standards will be provided to the working vendor.
• Character Count: There is no preference for including or excluding spaces in the character count for responses.
• Kafka Usage: Kafka has been used in the past and may be used in the future for the Data Fabric.
• Corporate Experience: All project references, including subcontractor/partner experience, will be considered.
• Personnel Clearances: Personnel must be able to perform work with NIPR, SIPR, JWICS, and SAP clearance levels.
• ATO Experience: Experience with NIPRNet and SIPRNet enclaves will be taken into consideration for ATO requirements.
• CMMC Level 2: The Government's evaluation process for companies with ongoing CMMC Level 2 assessments is not detailed in this response.
• CSDS/CDRL/DID Experience: This refers to the activity of developing and delivering these artifacts as part of a technical delivery.
• OCONUS Staffing: There will be some permanent onsite position requirements for the OCONUS region.

These responses clarify requirements and submission details, potentially impacting how vendors prepare their RFI responses. Vendors should refer to RFI amendments for official timeline updates.

Form / Attachment / Pricing Sheet

This document is a capability survey and business information form designed to gather detailed information from potential vendors regarding their qualifications and experience relevant to an unspecified opportunity. It is structured into two main parts: Business Information and Capability Survey.

Part I - Business Information: Collects standard company details including name, address, contact information, CAGE code, business size, ownership, existing contract vehicles, accounting system adequacy, and on-site work capability in San Antonio, Texas. It also specifically asks for business size and category certifications under NAICS codes 541511 and 541512.

Part II - Capability Survey: This extensive section probes vendor experience across several critical areas:

• Cloud Expertise & Infrastructure: Focuses on AWS cloud architecture, cross-domain solutions, automated deployments, legacy modernization, hybrid cloud synchronization, remote hardware updates, networked systems management, virtualized network elements, enterprise system integration, and workload optimization.
• Software Development & DevSecOps: Inquires about multi-vendor software sustainment, integration of third-party tools, adherence to industry best practices (NIST, DoD policies), enterprise DevSecOps, CI/CD processes, containerization, secure coding, agile methodologies, and code repository management.
• Security & Compliance: Assesses experience with DoD Information Assurance, RMF controls, ATOs, Zero Trust environments, CMMC compliance, Supply Chain Risk Management (SCRM), complex security architectures, Kubernetes security, container updates, and cybersecurity capability development, including OCONUS support.
• Data Management & Analytics: Covers experience with AI/ML integration, data acquisition and normalization, Defensive Cyber Operations, Big Data Platforms, data analytic tool creation, unstructured data parsing, SchemaONE/Elastic Common Schema, SOAR, automated data compression, and managing large data volumes (Petabytes).
• Networking & Interoperability: Asks about experience with DoD Information Networks, Air Force networking policies (including Zero Trust, ICAM), and Defensive Cyber Operations.
• Testing & Operations: Evaluates experience in integration testing, automation, regression testing, test environment development, supporting SOC/NOC, and responding to emergent security operations requirements.
• Company Capabilities & Clearances: Gathers information on facility clearances, cleared facilities in San Antonio, personnel capacity, team collaboration experience, security clearance levels (NIPR, SIPR, JWICS, SAP), and employment of foreign nationals or affiliations with foreign governments.
• System Support: Inquires about experience managing enterprise helpdesks, ServiceNow, Agile Management suites, and reporting requirements like CSDR, CDRLs, and DIDs.

This document is crucial for bidders to understand the specific technical capabilities, experience, and business qualifications the government is seeking. Responding accurately to this survey will help vendors assess their suitability for the opportunity and provide the government with the necessary information for evaluation or market research. Bidders must carefully review each section to determine if their company possesses the required expertise and certifications.

Form / Attachment / Pricing Sheet

This document provides the required format for vendors to submit questions regarding the Enterprise Logging Ingest and Cyber Situational Awareness Refinery (ELICSAR) Vulnerability Assessment & Learning - Automated Remediation (VALAR) Request for Information (RFI).

• Vendors must use the provided template to input their questions.
• The template includes fields for 'Company Name', 'Date', 'Question', and 'Government Response'.
• An example question is provided to illustrate the expected format.
• The number of questions is not limited.

This attachment is crucial for bidders who wish to seek clarification on the VALAR RFI. Following this format ensures that questions are reviewed and addressed by the government. The company name will be removed from questions when the Q&A is posted publicly.