The Department of Homeland Security, Office of Immigration and Customs Enforcement, Management and Administration Directorate, Office of the Chief Information Officer has a continuing requirement for cyber defense and intelligence support services.

The purpose of this Statement of Work (SOW) is to obtain quality professional support services to improve the ability of ICE to Identify, Protect, Detect, Respond and Recover from cyber security threats and/or incidents and events. The Contractor shall work closely and collaborate with all parties to ensure adherence to policies and procedures and provide support needed to perform the necessary actions to adhere to the DHS CSP ESM and maintain the ICE CSP Authority to Operate (ATO) as well as the Center of Excellence (COE) and Cybersecurity Services Provider (CSP) designations. Currently ICE provides services for two (2) subscribers as baseline work, but the number of subscribers is subject to increase or decrease during the life of the contract. This includes but is not limited to 24/7/365 monitoring, intrusion detection, and protective security services supporting ICE networks including local area networks (LANs), wide area networks (WAN), Trusted Internet Connections (TIC), Cloud-based infrastructure, security devices, servers, and workstations. The Contractor will also support other DHS Components as subscribers, under ICE oversight and from ICE locations, as a DHS Cybersecurity Service Provider (CSP). Under this designation, Components 3 ICE-Internal: Internal agency information. Not for public or external dissemination. may purchase their SOC/Security services from a Provider of their choice. These services may be provided by the ICE Contractor, at ICE facilities, and overseen by ICE Federal personnel with minor exceptions as determined by the Government in the scope defined by the Provider/Subscriber agreement. The Contractor shall also provide CSP assessment support, vulnerability scanning and penetration (“blue/red/purple team”) testing capabilities to support the ICE Security Authorization and Continuous Monitoring processes as required by the Federal Information Security Modernization Act (FISMA) of 2014. The ICE SOC and CSIRC are responsible for the overall security of ICE Enterprise-wide information systems and collect, investigate, and report any suspected and confirmed security violations. The term “Classified” in reference to this SOW is defined as Top Secret/SCI level or below. Additionally, ICE is designated as a DHS Center of Excellence (COE) and a DHS Cybersecurity Service Provider (CSP). The Contractor must adhere to all requirements of the DHS CSP Evaluator Scoring Metrics (ESM) current version as well as support any CSP-related assessments and activities. Where the SOC does not have direct responsibility for a metric, they are required to support the responsible teams where needed. This includes any new changes to DHS CSP ESM metrics and/or maturity levels to maintain the COE and CSP certification requirements. The Contractor should have experience either as a DHS CSP or a Department of Defense Cyber Security 88 Service Provider (CSSP).