Department of State Bureau of Diplomatic Security RFQ: Recompete of Deep Packet Capture and Inspection Solution contract

Solicitation: 19AQMM20Q0128

“The Bureau of Diplomatic Security, Directorate of Cyber and Technology Security, Office of Cyber Monitoring and Operations, Cyber Operations (DS/CTS/CMO/CO) uses numerous tools and products to ensure the cybersecurity posture of the Department’s Sensitive but Unclassified (SBU) data network. The Department of State (DOS) has deployed these tools according to a comprehensive defense-in-depth strategy, and is continuously looking to augment that strategy with new or upgraded cyber capabilities. This document outlines the requirements to upgrade one of these capabilities: deep packet (also called full packet) capture and inspection.

Among the critical capabilities required by CTS is the ability to record every packet of traffic traversing the DOS’ network border for later analysis and reconstruction, while incurring the least impact on network bandwidth to SBU network services. DOS requires a deep packet capture and inspection solution that is easy to deploy in order to combat the next generation of Internet-based threats, including zero-day and targeted Advanced Persistent Threat (APT) attacks, while interoperating well with the existing DOS security tools infrastructure. This solution will be needed to optimize the efficiency of the DOS’ Cyber Network Defenders (CNDs), and must be able to generate detailed, actionable intelligence resulting from analyzed and reconstructed sessions.

The Cyber Protection (CP), a program within DS/CTS/CMO/CO division requires a solution refresh of the Deep Packet (also called Full Packet) Capture and Inspection system in order to ensure continued service.”

“DS/CTS/CMO/CO requires the following:

  1. Replacement of the existing Deep Packet (also called full packet) Capture and Inspection solution.
  2. Option to increase the quantities of listed requirements due to growth in order to ensure continuity of service throughout the prospective contract period of performance.
  3. Capture 100 % of all network packets traversing the borders of the DOS Points of Presence (POPs). The packet capture and analysis activity must take place within the perimeter of DOS’ SBU network, at DOS facilities. Outsourced or “cloud-based” traffic monitoring services are outside the scope of this solution.
  4. Perform rapid classification and analysis of these packets, for access by DOS Security Analysts.
  5. Recall selected network packets for Analyst to reconstruct sessions of interest.
  6. Apply signatures/patterns/queries to metadata, raw packet contents, and decoded session contents, to allow for investigating whether malcode is attempting to be infiltrated into the network.
  7. Create many sorts of queries and automated alerting on the collected packets, either ad hoc or predefined, to discover anomalous network traffic.
  8. Generate both low-level and high-level reports on network traffic based on a wide range of criteria, such as time period, source and/or destination IP address, IPv4 and IPv6 protocols, ports, and services, Internet domains, and e-mail addresses…”

The period of performance includes a base year with four option years.

Read more here.


This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 1 year, 4 months ago.

  • Author
  • #102930

    Replies viewable by members only


You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.


©2021 MileMarker10, LLC all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?