CSO - USTRANSCOM Information Technology (IT) Enterprise Modernization (ITEM) Solutions

The "Endpoint Security Criteria Requirements Matrix" document outlines the requirements and guidelines for implementing endpoint security within the Department of Defense (DoD) framework. It emphasizes a shift from a network-centric to a data-centric security model, prioritizing mobile devices and various endpoint categories, such as workstations, servers, and IoT devices. Key components of the matrix include specifications for endpoint protection platforms (EPP) and endpoint detection and response (EDR) systems, focusing on capabilities like application control, threat prevention, user activity monitoring, and encryption for data at rest. The document stipulates various authentication methods, automated compliance checks, and risk assessment practices to enhance security infrastructures. Supporting details define necessary configuration management protocols, incident response capabilities, and overall interoperability among security solutions to promote efficiency and minimize risks. It emphasizes compliance with established standards, including NIST guidelines and federal regulations, to ensure a robust cybersecurity posture across DoD networks. This document serves as a comprehensive framework for vendors and departments within the government to ensure standardized endpoint protection that aligns with evolving security threats and operational needs.

The USTRANSCOM is seeking innovative commercial solutions through the Commercial Solutions Opening (CSO) Call 001 to implement a Zero Trust (ZT) security model as part of the Combined Joint All-Domain Command and Control (CJADC2) strategy. The focus is on six Areas of Interest (AoIs) related to enhancing data access and knowledge management, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), DevSecOps integration, Endpoint Security, Data Tagging, and Software Supply Chain Risk Management (S-SCRM). Each submission must demonstrate compatibility with existing infrastructures and capabilities, emphasizing deployment across multiple environments (cloud and on-premises) while maintaining compliance with DoD standards. Solutions are expected to be ready for deployment within 30 days of award, with a requirement for proven demonstrations of effectiveness. The overall goal of this initiative is to modernize USTRANSCOM's IT systems to ensure improved cybersecurity measures and operational efficiency, thereby enhancing the Department of Defense's overall mission resilience. Interested parties must submit white papers and presentations by August 12, 2025, with options for engagement clarifications prior to submission.

The USTRANSCOM Commercial Solutions Opening (CSO) Call 001 seeks innovative commercial solutions for Zero Trust (ZT) Enterprise Modernization and Optimization, aligning with the DoD's CJADC2 strategy and ZT initiatives. The call addresses the need for comprehensive ZT solutions deployable across UNCLASSIFIED and SECRET environments, various cloud platforms, and terrestrial data centers. USTRANSCOM is requesting Phase I submissions (PowerPoint Briefing and White Paper) for six specific Areas of Interest (AoIs): Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), DevSecOps Platform Integration, Software Defined Perimeter (SDP) and Application Programming Interface (API) Management, Endpoint Security, Data Tagging, and Software Supply Chain Risk Management (S-SCRM). Solutions should be mature, complete, and integrate with other potential AoI solutions and existing infrastructure. Submissions are due by 10:00 AM (CT) on August 12, 2025, and questions must be submitted by August 6, 2025.

This document, TRANSCOM25CS001, compiles a series of questions and answers related to a Commercial Solutions Opening (CSO) for USTRANSCOM's Zero Trust Enterprise Modernization and Optimization initiative. It addresses various aspects of the solicitation, including Rough Order of Magnitude (ROM) requirements, deployment models (as-a-service, government-owned, contractor-operated), interoperability expectations, data retention policies, and mandatory integrations with DoD Identity, Credential, and Access Management (ICAM) solutions. Key clarifications include the allowance for pricing models if a ROM is not feasible, the acceptance of joint submissions, the equal consideration of government and non-government past performance, and an extension to the due dates for responses. Additionally, specific requirements for Area of Interest (AoI) 5, Data Tagging, are detailed, such as supported data types, automatic tagging capabilities, and integration with DoD authentication tools. The document also confirms that past performance is allowed in white paper submissions and clarifies the definition of a "non-traditional defense contractor."

USTRANSCOM's Commercial Solutions Opening (CSO) Call 001 Amendment 01 seeks innovative commercial solutions for Zero Trust (ZT) Enterprise Modernization and Optimization, aligning with the DoD's CJADC2 strategy. This initiative addresses the critical need for comprehensive Enterprise ZT solutions across UNCLASSIFIED and SECRET environments, including terrestrial data centers and multi-cloud environments (Azure, AWS, On-premises). Submissions are requested for six Areas of Interest (AoIs): Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), DevSecOps Platform Integration/Software Defined Perimeter (SDP)/API Management, Endpoint Security, Data Tagging, and Software Supply Chain Risk Management (S-SCRM). Solutions must be complete, sufficiently mature, and capable of rapid deployment, with proposals detailing integration, training resources, and cost estimates. White Papers and PowerPoint Briefings are due by August 14, 2025, for AoI 1, and August 26, 2025, for AoI 2-6. Questions are due by August 6, 2025.

The “Endpoint Security Criteria Requirements Matrix” provides comprehensive guidance for federal, state, and local agencies to implement robust endpoint security solutions. It outlines critical requirements for device endpoints, focusing on mobile devices and traditional workstations/servers within the Defense Information Network (DoDIN). The document emphasizes a shift from network-centric to data-centric security, advocating for a zero-trust architecture. Key components covered include Endpoint Protection Platform (EPP), Endpoint Detection & Response (EDR), and various security aspects like access control, audit and accountability, configuration management, and threat prevention. It details specific criteria for solution functionalities, deployment models (on-premises, cloud, hybrid), and integration with existing DoD systems, ensuring compliance with federal mandates and supporting defensive cyberspace operations. The matrix also defines crucial security terms and references relevant NIST and USCYBERCOM standards.