VA-26-00050029 User and Entity Behavior Analytics (UEBA) Solution

Sources Sought Notice / RFI

This notice is for information and planning purposes only, issued by the Department of Veterans Affairs (VA) Office of Research and Development (ORD). It does not constitute a Request for Quote (RFQ), Invitation for Bid (IFB), or Request for Proposal (RFP), nor does it commit the VA to a future contract. The VA is seeking information regarding potential sources for a User and Entity Behavior Analytics (UEBA) Solution, with an anticipated NAICS code of 541519.

• Firm Name

• Point of Contact (Name, Phone, Email)

• Unique Entity ID (UEI)

• CAGE Code

• Small Business Status (including certifications like SDB, 8(a), HUBZone, SDVOSB, WOSB)

• Authorized Reseller Letter (if applicable)

• Identified tool/solution being offered

• FedRamp certification level (or ability to obtain) and projected timeframe

• The primary NAICS code is 541519.

• A Firm-Fixed Price contract is anticipated.

• The VA anticipates awarding to only one responsive, responsible contractor.

• Submit responses via email to Marcela.Clark2@va.gov.

• Deadline: 12:00 PM CST, March 13, 2026.

This section details requirements for a brand name HID Global ActiVID Validation Authority (VA) and Online Certificate Status Protocol (OCSP) responder solution, or an equivalent. The solution is intended to provide enterprise-wide certificate validation services for approximately 2 million human and device identities.

• Period of Performance: 07/1/2026 - 06/30/2027 (Base Period), with two (2) 12-month option periods.
• Key Requirements: High availability, performance (under 100MS response time, >500 requests/sec per server), Post Quantum Compliance (PQC) algorithm support, secure RESTful API integration, compliance with VA security standards, and 99.9% uptime.
• Salient Characteristics: Detailed technical specifications for VA services and OCSP responders are provided, including support for various protocols and standards (RFC 2560, 6960, 5019).
• Support Services: 12 months of 24/7 support from U.S.-based personnel, including remediation of vulnerabilities and provision of software/firmware updates.
• Optional Task: Professional services for software licensing deployment, migration, and integration.
• Compliance: Adherence to Section 508 accessibility standards, energy-efficient product requirements, and VA Technical Reference Model (TRM).
• Security: Strict adherence to VA information security and privacy language, including data breach notification, liquidated damages, and annual security awareness training. Background investigation requirements are also detailed.

Performance Work Statement (PWS)

This PWS outlines the requirements for providing a Host-Based User and Entity Behavior Analytics (UEBA) solution and comprehensive support services to the Department of Veterans Affairs (VA) Office of Information & Technology (OIT), Office of Information Security (OIS), Cyber Security Operations Center (CSOC).

The contractor will provide a Host-Based UEBA solution, including hardware, maintenance, software licenses, installation, and ongoing support. This includes project management, technical services, implementation, and maintenance of the UEBA solution to enhance cybersecurity by analyzing user, account, and host behaviors to detect anomalies and suspicious activities.

Key performance areas include technical quality, meeting project milestones and schedule, cost and staffing efficiency, and overall management integration. The COR will use a Quality Assurance Surveillance Plan (QASP) to monitor performance. Specific metrics to be reported include performance, cyber resiliency, time to detect, time to investigate, time to mitigate, false positive rates, and false negative rates.

• Performance Period: One (1) 12-month Base Period and two (2) 12-month option periods, not to exceed 36 months total. Includes seven (7) optional tasks.

• Place of Performance: Contractor facilities in the Contiguous United States (CONUS). The Government reserves the right to require personnel to work at a government facility with 30 days' notice.

• Security: Compliance with numerous federal and VA security directives, including FISMA, NIST standards, HSPD-12, FICAM, and VA Handbook 6500 series. Background investigations are required for contractor personnel.

• Technical: Solution must support IPv6, Zero Trust Architecture, and integrate with existing VA security platforms (Splunk, SOAR, EDR, SIEM, IDPS). Must comply with VA Enterprise Architecture and Technical Reference Model.

• Deliverables: Include Contractor Project Management Plan (CPMP), Weekly Activity Reports (WAR), Weekly Work Breakout Schedules (WBS), Weekly Integrated Master Schedules (IMS), Quarterly Status Reports, Technical Kickoff Meeting deliverables, Enterprise Implementation of UAM Agents, UEBA Implementation Plan, Change and Configuration Management Plan, Test Reports, and a Comprehensive Disaster Recovery Plan.

• Personnel: Contractor personnel must undergo background investigations and complete mandatory VA training. English language proficiency is required.