The U.S. Holocaust Memorial Museum recently released a request for proposals from vendors who can provide comprehensive managed cybersecurity services for the museum's diverse array of systems.
Contracting officials note that while 1.7 million people visit the museum in Washington, D.C. each year, the museum's websites attract more than 13 million visitors annually.
Download: Holocaust Museum Managed Security Service Provider
Along with several public-facing websites, museum staff maintain "significant databases of historical documents and information, a digital collection of Holocaust artifacts, substantial IT infrastructure supporting the museum exhibitions and operations and the full range of business support systems."
All of these systems need to be protected from breaches and other potential incidents.
"Our goal is to ensure the museum's cyber-defense layers are monitored for attacks or malicious activity and its critical IT assets are protected from such activities," according to the RFP.
Specifically, the museum is looking for a vendor to provide managed security services in seven major areas:
- Log correlation and analysis.
- 24/7 firewall monitoring and alerting. All monitoring should be performed real time — include both perimeter firewalls and multiple security zones — and be performed from centralized and physically secure operations centers (staff monitoring from any other locations such as work-from-home situations will not be considered due to security risk).
- Placement and management of intrusion detection system (IDS) and intrusion prevention system (IPS) solutions.
- Incident response assistance, planning and testing.
- Active real time dashboard.
- 24/7 support and call center access.
- Provide knowledge transfer and training and maintain and grow the solution as the threat landscape evolves.
While the specifics on the museum's networks and systems are being held closely early in the solicitation process, contracting officials were able to give a broad overview of the assets that need to be secured:
- Approximately 500 users, 800 workstations and 150 servers.
- Mix of Apple, Unix and Windows servers and workstations.
- Common industry routing and switching equipment.
- Virtualization and other enterprise applications.
The RFP also notes the museum is in the process of moving to a third party provider of infrastructure-as-a-service for its servers.
Questions on the solicitation should be sent to the contracting officers by July 9. Final proposals are due on July 21 and an award is expected by the end of August.
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.
