Mobile Threat Defense and Mobile Endpoint Detection & Response (MTD / Mobile EDR) Department of Justice (DOJ)

Request for Information (RFI)

Mobile Threat Defense and Mobile Endpoint Detection & Response (MTD / Mobile EDR)

Department of Justice (DOJ)

1. Purpose

The Department of Justice (DOJ) is issuing this Request for Information (RFI) to conduct market research and better understand the current capabilities of industry solutions that provide Mobile Threat Defense (MTD) and Mobile Endpoint Detection & Response (EDR) for government-managed mobile devices.

This RFI is for information-gathering purposes only and does not constitute a solicitation, request for proposal, or commitment by the Government to procure any product or service.

2. Background

Mobile devices are critical endpoints supporting DOJ mission operations, including law enforcement, litigation, national security, and executive functions. These devices are increasingly targeted by sophisticated threat actors, including nation-state adversaries, organized criminal groups, and targeted surveillance campaigns.

Traditional mobile security solutions have focused on compliance-oriented mobile threat defense. DOJ is assessing whether modern market offerings provide deeper mobile EDR-style capabilities, including investigative visibility, post-compromise analysis, and SOC-driven response, while still supporting enterprise-scale deployment, privacy protection, and federal compliance requirements.

3. Scope of Interest

DOJ is seeking information on solutions that can provide some or all of the following:

• Detection of advanced mobile threats across iOS and Android devices
• Visibility into device state, configuration, and behavioral anomalies
• Support for investigation and threat hunting on mobile endpoints
• Integration with security operations, SIEM, SOAR, identity, and device management platforms
• Privacy-preserving telemetry collection aligned with federal expectations

Respondents may address traditional MTD, mobile EDR, or hybrid approaches.

4. Requested Information

Respondents are requested to provide concise responses to the sections below. Responses should focus on current, generally available capabilities, not aspirational features.

4.1 Company Overview

• Company name and headquarters location
• Years in operation and experience in mobile security
• Experience supporting federal civilian, law enforcement, or national security customers (if applicable)

4.2 Solution Overview

• Description of the mobile security solution(s) offered
• Supported mobile platforms (iOS, Android)
• Deployment model (on-device, cloud-based, hybrid)
• Licensing model (per device, per user, tiered, etc.)

4.3 Threat Detection Capabilities

Describe the solution's ability to detect and respond to:

• Operating system compromise, rooting, or jailbreaking
• Zero-day or unknown mobile threats
• Network-based attacks (e.g., rogue Wi-Fi, MITM)
• Malicious or high-risk mobile applications
• Mobile phishing and social engineering (SMS, MMS, RCS, messaging apps, browsers)

4.4 Mobile EDR and Investigative Capabilities

Describe any mobile EDR-style capabilities, including:

• Types of mobile endpoint telemetry collected
• Support for post-compromise investigation and forensic analysis
• Threat hunting or analyst-driven investigation workflows
• Ability to distinguish high-confidence threats from low-value alerts

4.5 Security Operations and Integration

Describe integration capabilities with:

• SIEM platforms (event types, APIs, schemas, latency)
• SOAR platforms and automated response workflows
• Security operations center (SOC) workflows
• Identity, access, or conditional access systems
• Mobile device management (MDM) platforms

Indicate whether the solution requires full MDM enrollment to function.

4.6 Privacy, Data Handling, and Sovereignty

Describe:

• Types of data collected from mobile devices
• How user content is excluded or protected
• Data residency and hosting locations
• Use of third-party subprocessors or dependencies
• Controls supporting U.S. government data sovereignty expectations

4.7 Scalability and Operations

Provide information on:

• Maximum supported deployment scale
• Performance considerations for large mobile fleets
• Availability, resilience, and disaster recovery
• Administrative access controls and role separation

4.8 Compliance and Security Posture

Describe alignment with:

• NIST security controls relevant to mobile environments
• Federal cybersecurity and privacy expectations
• FedRAMP authorization status for any cloud components (if applicable)
• Supply chain risk management practices

4.9 Product Roadmap

Provide a high-level overview of the solution roadmap over the next 24 36 months, particularly as it relates to:

• Advanced mobile threat detection
• Investigative and forensic capabilities
• Integration with enterprise security ecosystems

\

4.10 Pricing Model (High Level)

Provide a high-level description of pricing structure, including:

• Licensing approach
• Any minimum commitments
• Typical cost drivers

Detailed pricing is not required at this stage.

5. Response Instructions

• Responses should not exceed 15 pages
• Marketing material may be included as appendices
• Responses should be submitted in PDF format

Note: Appendices and Attachments are not included in total as well as cover letter and table of contents.