Cyber Technology Services

Quality Assurance Surveillance Plan (QASP)

This document outlines the Quality Assurance Surveillance Plan (QASP) for the Cyber Technology Services (CTS) – CISA/CSD Threat Hunting contract. It details how the government will systematically evaluate contractor performance against the stated contract's key services and deliverables. The QASP explains the monitoring methods, frequency, personnel involved, and documentation procedures.

• Government Roles: Defines responsibilities for the Contracting Officer (CO) and Contracting Officer's Representative (COR) in contract administration and day-to-day surveillance.
• Contractor Representatives: Identifies primary points of contact for performance and quality matters.
• Performance Standards: Lists key performance areas derived from the Performance Work Statement (PWS), including Program Management, IT Support, IT Engineering, IT Sustainment, Laboratory Support, IT Service Desk, and ODC/Travel Management.
• Incentives: Outlines how performance evaluations, award fees, and incentives will be used, based on meeting or exceeding performance standards and delivering high-quality, timely results.
• Surveillance Methods: Details various methods the COR will use, including Direct Observation, Management Information Systems (MIS), Periodic Inspection, Validated User/Customer Complaints, 85% Inspection, Random/Periodic Sampling, Progress/Status Meetings, and Analysis of Contractor Progress Reports.
• Quality Assurance Surveillance Plan Table: Provides a detailed breakdown of specific service outputs, performance objectives, Acceptable Quality Levels (AQLs), methods of inspection, and potential positive and negative incentives.
• Ratings: Describes the qualitative rating scale (Exceptional, Satisfactory, Unsatisfactory) used to assess performance.
• Documenting Performance: Explains how acceptable and unacceptable performance will be documented, including the use of Contract Discrepancy Reports (CDRs).
• Frequency of Measurement: Specifies the typical frequencies for monitoring and performance assessment meetings (weekly, monthly, quarterly, annually).

This QASP provides insight into how the government will measure and evaluate the contractor's performance. Bidders can use this to understand the specific performance standards, metrics, and quality expectations that will be applied to the contract, aiding in proposal development and understanding the government's oversight approach.

Statement of Work (SOW) / Performance Work Statement (PWS)

This Performance Work Statement (PWS) outlines the requirements for Cyber Technology Services (CTS) to support the Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Division (CSD), specifically the Threat Hunting (TH) Sub-Division. The primary goal is to detect malicious cyber activity, proactively hunt for threats, and respond to cyber incidents targeting U.S. infrastructure to mitigate national risk.

The contractor will provide a comprehensive range of services including:

• Program Management: Overarching support, standards development, and implementation across all task areas.
• IT Architecture, Technology, and Innovation Services: Engineering support for innovative systems, emerging technologies, process improvement, technical planning, and IT Service Management (ITSM).
• IT Engineering, Development Operations, and Services: Full systems and software architecture lifecycle support, DevSecOps, Agile methodologies, Continuous Integration/Continuous Delivery (CI/CD) pipelines, security engineering, and cybersecurity engineering.
• Data Management & Analytics: Data collection, integration, governance, and analytics to improve data quality and consistency.
• IT Sustainment, Operations and Maintenance (O&M) Services: Operating and maintaining government-managed systems, including incident and problem management, network and communication services, systems administration, and transitions to operations.
• IT Security Operations Services: Continuous monitoring of networks, systems, and applications to detect security threats, vulnerability management, and authorization processes.
• Laboratory Support Services: Providing full-range laboratory support, including malware analysis, Industrial Controls Systems (ICS) laboratory support, and simulation environment operations and maintenance.
• IT Service Desk, Asset Management & Logistical Support: Providing IT service desk support, asset management, and logistical services.

The period of performance is five years, consisting of a one-year base period and four one-year option periods. Performance will occur at a combination of Government locations, contractor-owned facilities, and other worksite locations, including specific sites in Arlington, VA; Bluemont, VA; Washington, DC; Pensacola, FL; Idaho Falls, ID; and Richland, WA.

• DevSecOps and Agile Methodologies: Emphasis on adopting and implementing DevSecOps principles and Agile practices.
• Security Clearances: Contractor personnel may require DHS Suitability/Public Trust, Secret, Top Secret (TS), or Top Secret/Sensitive Compartmented Information (TS/SCI) clearances.
• Reporting: Regular reporting is required, including Monthly Status Reports (MSR), Financial Status Reports (FSR), Entry on Duty Reports (EODR), Risk Management Reports (RMR), and Weekly Task Status Reports.
• Deliverables: Numerous deliverables are specified, including various plans, reports, and documentation, with specific due dates and formats.
• Key Personnel: Specific Key Personnel roles are defined, including Senior Contracts Program Manager, Project Managers, and Senior Information Technology Program Manager, with defined experience and qualifications.

Request for Information (RFI)

This RFI is issued by the Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA) for market research purposes. CISA is seeking information from qualified companies interested in and capable of supporting the Cyber Technology Services (CTS) requirement. This RFI is not a solicitation for quotes or proposals, and no contract will be awarded based on responses. The information gathered will help CISA refine the scope, technical approach, contract type, potential contract vehicles, and acquisition method.

The CTS requirement involves supporting day-to-day operations, sustainment of Government networks, and cybersecurity activities for the Cybersecurity Division (CSD), including IT Development Operations, IT Security Operations, Operation and Maintenance (O&M), and Technology and Innovation services. The draft Performance Work Statement (PWS) outlines eight task areas:

• Program Management
• IT Architecture, Technology, and Innovation Services
• IT Engineering, Development Operations and Services
• Data Management & Analytics
• IT Sustainment, Operations and Maintenance (O&M) Services
• IT Security Operations and Services
• Laboratory Support Services
• IT Service Desk, Asset Management & Logistical Support

Respondents should submit documentation demonstrating their capabilities for all task areas, or for four or more task areas. Responses should be brief, concise, and clearly demonstrate the ability to perform each task area. Include:

• Company's core capabilities and one example of experience for each task area.

• Experience in large-scale cybersecurity engineering, DevSecOps, 24x7x365 SOC operations, and threat-hunting.

• Organization's size and socio-economic status.

• Information on subcontracting or teaming arrangements.

• Responses to nine specific questions regarding process, project management, IT systems delivery, data governance, past performance, contract type recommendations, potential ambiguities, innovative practices, and key roles/qualifications.

• Capabilities statement package: maximum 10 pages (8.5 x 11-inch, font no smaller than 10 point).

• Include a Cover Page with company name, POC, SAM.GOV UEI, CAGE code, Business Type, NAICS Code, and size standard.

• Submit electronically in Microsoft Word or PDF format.

• Deadline: 4:00 p.m. EST, June 19, 2026.

• Email submissions to: hannah.moussa@cisa.dhs.gov and jennifer.burbage@cisa.dhs.gov.

• Applicable NAICS Code: 541519 – Other Computer Related Services.

• Small Business Size Standard: $34M.

• Product Service Code: DA01 IT and Telecom Business Application/Application Development Support Services.

• Note: Strategic sourcing contract vehicles are mandatory for use, with limited exceptions.

• No costs incurred responding will be paid by the Government.

• Failure to respond will not preclude participation in future solicitations.

• All information received becomes Government property.

• Respondents must refrain from providing proprietary, confidential, or classified information.