VA-26-00050029 User and Entity Behavior Analytics (UEBA) Solution

SOL #: VA-26-00050029Sources Sought

Overview

Buyer

Veterans Affairs

Veterans Affairs, Department Of

TECHNOLOGY ACQUISITION CENTER NJ (36C10B)

EATONTOWN, NJ, 07724, United States

Place of Performance

Apple Springs, TX

NAICS

Other Computer Related Services (541519)

PSC

Security And Compliance Support Delivered As A Service, By Subscription, Or Service Contract. Includes Support Of Security Policies/Controls, Processes, Measuring Compliance Of Relevant Legal/Compliance Requirements, To Include Section 508, And Responding To Security Breaches. Also Provides Support For It Security Systems Providing Continuous Diagnostics And Mitigation (Cdm) For Real Time Cyber Security And Protection Such As Vulnerability Scanning, Managing Firewalls, Intrusion Prevention Systems, And Security Information And Event Management (Siem). Includes Disaster Recovery (Dr) Services To Support Dr Policy, Process And Means, Dedicated Failover Facilities And Perform Dr Testing. (DJ10)

Set Aside

No set aside specified

Original Source

https://sam.gov/opp/f69fbe2e890842a3818b4d5690e5999c/view

Timeline

Posted

Mar 5, 2026

Last Updated

Mar 10, 2026

Response Deadline

Mar 12, 2026, 4:59 PM

Qualification Details

Fit reasons

NAICS alignment with historical contract wins in similar service areas.
Scope strongly matches core technical capabilities and delivery model.

Risks

Past performance thresholds may require one additional teaming partner.
Potential clarification needed on staffing minimums before bid/no-bid.

Next steps

Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.

Quick Summary

The Department of Veterans Affairs (VA), specifically the Office of Information & Technology (OIT), Office of Information Security (OIS), Cyber Security Operations Center (CSOC), is conducting market research via a Sources Sought notice for a Host-Based User and Entity Behavior Analytics (UEBA) Solution. This effort aims to enhance cybersecurity by detecting anomalies and suspicious activities. Responses are due March 12, 2026.

Scope of Work

The contractor will provide a comprehensive Host-Based UEBA solution, including necessary hardware, software licenses, maintenance, installation, and ongoing support. This encompasses project management, technical services, implementation, and continuous maintenance. The solution will analyze user, account, and host behaviors to identify and alert on anomalous activities, thereby strengthening the VA's cybersecurity posture.

Contract & Timeline

Type: Sources Sought / Market Research
Duration: One 12-month Base Period and two 12-month option periods, totaling 36 months, plus seven optional tasks.
Set-Aside: None specified.
Response Due: March 12, 2026, 4:59 PM EST
Published: March 5, 2026
Place of Performance: Contractor facilities within the Contiguous United States (CONUS).

Special Requirements & Deliverables

Security: Compliance with federal and VA directives (FISMA, NIST, HSPD-12, FICAM, VA Handbook 6500 series). Contractor personnel require background investigations.
Technical: Solution must support IPv6, Zero Trust Architecture, and integrate with existing VA security platforms (Splunk, SOAR, EDR, SIEM, IDPS). Must comply with VA Enterprise Architecture and Technical Reference Model.
Deliverables: Key deliverables include a Contractor Project Management Plan (CPMP), Weekly Activity Reports (WAR), Weekly Work Breakout Schedules (WBS), Weekly Integrated Master Schedules (IMS), Quarterly Status Reports, Technical Kickoff Meeting deliverables, Enterprise Implementation of UAM Agents, UEBA Implementation Plan, Change and Configuration Management Plan, Test Reports, and a Comprehensive Disaster Recovery Plan.

Performance Standards

Performance will be monitored via a Quality Assurance Surveillance Plan (QASP), focusing on technical quality, project milestones, cost/staffing efficiency, and management integration. Metrics include performance, cyber resiliency, time to detect/investigate/mitigate, and false positive/negative rates.