DOCUMENT
CISA Industry Day 5 AUG 21 QA Responses FINAL.pdf
OVERVIEW
Original Source
Contract Opportunity
Related Opportunity
Related Agency
Posted
Dec. 14, 2021
Type
.pdf
Size
0.14MB
Profiled People
DOCUMENT PREVIEW
EXTRACTED TEXT
CISA Industry Day Q&A
1. Thomas Schneider (Gartner, Inc): Will presentation slides be provided?
* We will make them available after industry day, along with the full Q&A responses.
2. Tamara Shanks: Will slides be made available after presentation?
* We will make them available after industry day, along with the full Q&A responses.
3. John Demmon (VAE): Will copies of today's presentation slides be made available?
* We will make them available after industry day, along with the full Q&A responses.
4. Tom Ragland: Can you also make available the DOMINO Industry Day slides, Q & A's?
* Pre-proposal conference slides/Q&As are only available from the Contracting Officer, Janeen
Guest. You may reach out to her at janeen.guest@hq.dhs.gov.
5. Theodore None Vagias: will the recording of the event be available?
* We are not recording today's presentations; however, the deck and responses to all Q&A will be
provided after Industry Day.
6. Melinda Yu: from Zach Gagnon - Clarity Cyber: What do you see as CISA plan of enforcing better
Cyber Hygiene throughout the industry?
* Cyber Hygiene, per CISAs public webpage, evaluates external network presence by executing
continuous scans of public, static IPs for accessible services and vulnerabilities. This service provides
weekly vulnerability reports and ad-hoc alerts. For more information: https://www.cisa.gov/cyber-
hygiene-services
7. Mary Jean Schmitt: Will there be a recording of these industry day presentations?
* We will not be recording the presentations; however, we will make the slide deck and full Q&A
responses available after the Industry Day.
8. Paolo Pascetta: What timeframe or time span do you focus on for emerging technologies and from
where do you obtain the information?
* Were committed to business participation in purchasing goods and services. For a wide range of
business opportunities and information on becoming a business partner, take a look at DHS Business
Opportunities [https://www.dhs.gov/business-opportunities]. Our Acquisition Planning Forecast
System [https://apfs-cloud.dhs.gov/] can help you identify procurement opportunities early in the
acquisition process.
9. Erik Gaull, CISSP, CPP (Samsung Electronics America): What mobile communications technologies
does the Field Force have?
* CISA utilizes the Cellular Wireless Managed Services (CWMS) contract to order and issue GFE
devices to all CISA employees in accordance with DHS policies and guidelines.
10. Kenneth Westrick (Comp Solutions, LLC): Hi, will there be any sub-contractor opportunities?
* For a wide range of business opportunities and information on becoming a business partner, take
a look at DHS Business Opportunities [https://www.dhs.gov/business-opportunities].
11. Eric Leggiere: Will all presentations be recorded and provided later or just the slides?
* We are not recording today's presentations; however, we will provide the deck and full Q&A
responses after Industry Day.
CISA Industry Day Q&A
12. Reechik Chatterjee (Blinkly): Navin -- could you please speak about the importance of ensuring that
communications are quantum resistant to mitigate the risk of our near peer adversaries decrypting
our data using quantum computers, etc.?
* Dawn Manga (CISA ECD): we are working on ensuring our services have cybersecurity measures
built in, but it's important to understand that these services are implemented on commercial
networks, which does present challenges that we are currently discussing with each service
provider.
13. John Hindle: Many of these services are reliant on energy grid resilience, are there any measures in
place to ensure reliability of critical power backups and monitoring of battery backups for data
centers/servers/etc.?
* Dawn Manga (CISA ECD): I will also point out that the government does not own the infrastructure
upon which these services are implemented. The services reside on commercial networks, but we
are looking at resiliency of the services we provide.
14. Kathleen Sievers, Deltek: As a BPA, will it be based on an existing vehicle, such as a GSA Schedule? If
so, which one and which SINs?
* The Program Office is still conducting market research. Please keep an eye on APFS and you may
reach out to CISA Vendor Engagement in the December timeframe for updated information.
15. Kathleen Sievers, Deltek: Will it be advertised in SAM.gov? And APFS?
* The Program Office is still conducting market research. Please keep an eye on APFS and you may
reach out to CISA Vendor Engagement in the December timeframe for updated information.
16. Denise Kellogg Gryphon Technologies 2: What contract vehicle will this opportunity be released on?
OASIS Pool 1?
* The Program Office is still conducting market research. Please keep an eye on APFS and you may
reach out to CISA Vendor Engagement in the December timeframe for updated information.
17. Kathleen Sievers, Deltek: Will you be doing public market research, such as a Sources Sought in
SAM.gov?
* The Contracting Officer has not made this determination yet.
18. James Dixon: When market research and/or pre-solicitation?
* The Program Office is still conducting market research. Please keep an eye on APFS and you may
reach out to CISA Vendor Engagement in the December timeframe for updated information.
19. Denise Kellogg Gryphon Technologies 2: Since vehicle is not yet identified, will you release info as
you know it on SAM.gov first so all of industry has insight?
* The Program Office is still conducting market research. Please keep an eye on APFS and you may
reach out to CISA Vendor Engagement in the December timeframe for updated information.
20. Karen Chew, Ascension, LLC (WOSB): Will we get a copy of the slides?
* Slides and responses to all Q&A questions will be provided after Industry Day.
CISA Industry Day Q&A
21. Mike Messer, ICF: From the agenda, it appears there will only be 2 opportunities covered during the
Industry Day event today. The last major update/review was May 2020. Will there be a review of the
CISA planned solicitations for the next 12+ months, at some point today?
* You are correct, we are only covering a few of our upcoming requirements today. However, we
are in the midst of updating APFS with all our FY22 requirements so I would monitor that closely.
22. Alan Young; Vincent Harrison: Will this be GSA OASIS release?
* Market research is still being conducted at this time. You may reach out to CISA Vendor
Engagement for additional information in the December timeframe.
23. Chris Dufour 2: Is there a way we could get an opt-in spreadsheet of all participants in today's
session so we can work on teaming/partnerships?
* The opportunity to add names to a networking list was provided at the end of the Industry Day.
All those who submitted their name received a copy of the list after Industry Day.
24. Jon Morris (Parsons): This question is specific to CSD: When will CSD have a Division specific CSD
Industry Day to re-baseline the programs and timelines that were presented in the May 2020 CSD
Industry Day?
* As CISA matures, we are trying to do more CISA-wide events, which we will discuss a bit during the
Summary Remarks today. That said, we will look into adding that information into our next Industry
Day.
25. James Dixon: Org chart slide not visible
* The Org chart is embedded in the Industry Day presentation. Attendees will receive a copy of the
presentation.
26. Bill Duckett - Tripwire: Can you discuss how CISA Policy will be projected to private industry?
* CISA Policy supports the development of national policy. At times this involves interaction with
CISA Divisions, who interact with private industry on various programs.
27. Vijaya Ramamurthi (Parsons): Can you provide insights into May Cyber EO deliverables? Thanks.
* The Executive Order 14028 on Improving the Nations Cybersecurity was signed May 12, 2021. The
EO provides direction for the Federal Civilian Executive Branch to implement a number of actions
aimed at raising the Federal governments cyber posture. As the nations lead agency for protecting
the federal civilian government and critical infrastructure against cybersecurity threats, CISA serves
a central role in implementing this executive order. In close collaboration with public and private
sector partners, CISA has been focused on developing guidance and recommendations that meet
the requirements and deadlines outlined in the EO. CISA has successfully completed all tasks on time
as of 90 days after its signing.
28. Sylvain Lacroix (Cofense PhishMe): How do you envision positioning your organization priorities with
the CDM program?
* The Continuous Diagnostics and Mitigation (CDM) Program provides a dynamic approach to
fortifying the cybersecurity of government networks and systems. The CDM Program delivers
cybersecurity tools, integration services, and dashboards that help participating agencies improve
their security posture by: reducing agency threat surface; increasing visibility into the federal
CISA Industry Day Q&A
cybersecurity posture; improving federal cybersecurity response capabilities; and streamlining
Federal Information Security Modernization Act (FISMA) reporting.
29. Melinda Yu: from Doug Natal, Sumo Logic: Are technology companies required to join CDM
contract?
* No.
30. Steven Schramm: I am confident you were pleased to see President Bidens executive order on cyber
security that mandates that DHS determine appropriate protection standards. The Solar Winds
attack made clear the vital importance of securing the supply chain for software. Equally important
is the supply chain for hardware as you mentioned in the VENN Diagram. Will CISA be
recommending as best practice the ISO 20243 compliance
1. Thomas Schneider (Gartner, Inc): Will presentation slides be provided?
* We will make them available after industry day, along with the full Q&A responses.
2. Tamara Shanks: Will slides be made available after presentation?
* We will make them available after industry day, along with the full Q&A responses.
3. John Demmon (VAE): Will copies of today's presentation slides be made available?
* We will make them available after industry day, along with the full Q&A responses.
4. Tom Ragland: Can you also make available the DOMINO Industry Day slides, Q & A's?
* Pre-proposal conference slides/Q&As are only available from the Contracting Officer, Janeen
Guest. You may reach out to her at janeen.guest@hq.dhs.gov.
5. Theodore None Vagias: will the recording of the event be available?
* We are not recording today's presentations; however, the deck and responses to all Q&A will be
provided after Industry Day.
6. Melinda Yu: from Zach Gagnon - Clarity Cyber: What do you see as CISA plan of enforcing better
Cyber Hygiene throughout the industry?
* Cyber Hygiene, per CISAs public webpage, evaluates external network presence by executing
continuous scans of public, static IPs for accessible services and vulnerabilities. This service provides
weekly vulnerability reports and ad-hoc alerts. For more information: https://www.cisa.gov/cyber-
hygiene-services
7. Mary Jean Schmitt: Will there be a recording of these industry day presentations?
* We will not be recording the presentations; however, we will make the slide deck and full Q&A
responses available after the Industry Day.
8. Paolo Pascetta: What timeframe or time span do you focus on for emerging technologies and from
where do you obtain the information?
* Were committed to business participation in purchasing goods and services. For a wide range of
business opportunities and information on becoming a business partner, take a look at DHS Business
Opportunities [https://www.dhs.gov/business-opportunities]. Our Acquisition Planning Forecast
System [https://apfs-cloud.dhs.gov/] can help you identify procurement opportunities early in the
acquisition process.
9. Erik Gaull, CISSP, CPP (Samsung Electronics America): What mobile communications technologies
does the Field Force have?
* CISA utilizes the Cellular Wireless Managed Services (CWMS) contract to order and issue GFE
devices to all CISA employees in accordance with DHS policies and guidelines.
10. Kenneth Westrick (Comp Solutions, LLC): Hi, will there be any sub-contractor opportunities?
* For a wide range of business opportunities and information on becoming a business partner, take
a look at DHS Business Opportunities [https://www.dhs.gov/business-opportunities].
11. Eric Leggiere: Will all presentations be recorded and provided later or just the slides?
* We are not recording today's presentations; however, we will provide the deck and full Q&A
responses after Industry Day.
CISA Industry Day Q&A
12. Reechik Chatterjee (Blinkly): Navin -- could you please speak about the importance of ensuring that
communications are quantum resistant to mitigate the risk of our near peer adversaries decrypting
our data using quantum computers, etc.?
* Dawn Manga (CISA ECD): we are working on ensuring our services have cybersecurity measures
built in, but it's important to understand that these services are implemented on commercial
networks, which does present challenges that we are currently discussing with each service
provider.
13. John Hindle: Many of these services are reliant on energy grid resilience, are there any measures in
place to ensure reliability of critical power backups and monitoring of battery backups for data
centers/servers/etc.?
* Dawn Manga (CISA ECD): I will also point out that the government does not own the infrastructure
upon which these services are implemented. The services reside on commercial networks, but we
are looking at resiliency of the services we provide.
14. Kathleen Sievers, Deltek: As a BPA, will it be based on an existing vehicle, such as a GSA Schedule? If
so, which one and which SINs?
* The Program Office is still conducting market research. Please keep an eye on APFS and you may
reach out to CISA Vendor Engagement in the December timeframe for updated information.
15. Kathleen Sievers, Deltek: Will it be advertised in SAM.gov? And APFS?
* The Program Office is still conducting market research. Please keep an eye on APFS and you may
reach out to CISA Vendor Engagement in the December timeframe for updated information.
16. Denise Kellogg Gryphon Technologies 2: What contract vehicle will this opportunity be released on?
OASIS Pool 1?
* The Program Office is still conducting market research. Please keep an eye on APFS and you may
reach out to CISA Vendor Engagement in the December timeframe for updated information.
17. Kathleen Sievers, Deltek: Will you be doing public market research, such as a Sources Sought in
SAM.gov?
* The Contracting Officer has not made this determination yet.
18. James Dixon: When market research and/or pre-solicitation?
* The Program Office is still conducting market research. Please keep an eye on APFS and you may
reach out to CISA Vendor Engagement in the December timeframe for updated information.
19. Denise Kellogg Gryphon Technologies 2: Since vehicle is not yet identified, will you release info as
you know it on SAM.gov first so all of industry has insight?
* The Program Office is still conducting market research. Please keep an eye on APFS and you may
reach out to CISA Vendor Engagement in the December timeframe for updated information.
20. Karen Chew, Ascension, LLC (WOSB): Will we get a copy of the slides?
* Slides and responses to all Q&A questions will be provided after Industry Day.
CISA Industry Day Q&A
21. Mike Messer, ICF: From the agenda, it appears there will only be 2 opportunities covered during the
Industry Day event today. The last major update/review was May 2020. Will there be a review of the
CISA planned solicitations for the next 12+ months, at some point today?
* You are correct, we are only covering a few of our upcoming requirements today. However, we
are in the midst of updating APFS with all our FY22 requirements so I would monitor that closely.
22. Alan Young; Vincent Harrison: Will this be GSA OASIS release?
* Market research is still being conducted at this time. You may reach out to CISA Vendor
Engagement for additional information in the December timeframe.
23. Chris Dufour 2: Is there a way we could get an opt-in spreadsheet of all participants in today's
session so we can work on teaming/partnerships?
* The opportunity to add names to a networking list was provided at the end of the Industry Day.
All those who submitted their name received a copy of the list after Industry Day.
24. Jon Morris (Parsons): This question is specific to CSD: When will CSD have a Division specific CSD
Industry Day to re-baseline the programs and timelines that were presented in the May 2020 CSD
Industry Day?
* As CISA matures, we are trying to do more CISA-wide events, which we will discuss a bit during the
Summary Remarks today. That said, we will look into adding that information into our next Industry
Day.
25. James Dixon: Org chart slide not visible
* The Org chart is embedded in the Industry Day presentation. Attendees will receive a copy of the
presentation.
26. Bill Duckett - Tripwire: Can you discuss how CISA Policy will be projected to private industry?
* CISA Policy supports the development of national policy. At times this involves interaction with
CISA Divisions, who interact with private industry on various programs.
27. Vijaya Ramamurthi (Parsons): Can you provide insights into May Cyber EO deliverables? Thanks.
* The Executive Order 14028 on Improving the Nations Cybersecurity was signed May 12, 2021. The
EO provides direction for the Federal Civilian Executive Branch to implement a number of actions
aimed at raising the Federal governments cyber posture. As the nations lead agency for protecting
the federal civilian government and critical infrastructure against cybersecurity threats, CISA serves
a central role in implementing this executive order. In close collaboration with public and private
sector partners, CISA has been focused on developing guidance and recommendations that meet
the requirements and deadlines outlined in the EO. CISA has successfully completed all tasks on time
as of 90 days after its signing.
28. Sylvain Lacroix (Cofense PhishMe): How do you envision positioning your organization priorities with
the CDM program?
* The Continuous Diagnostics and Mitigation (CDM) Program provides a dynamic approach to
fortifying the cybersecurity of government networks and systems. The CDM Program delivers
cybersecurity tools, integration services, and dashboards that help participating agencies improve
their security posture by: reducing agency threat surface; increasing visibility into the federal
CISA Industry Day Q&A
cybersecurity posture; improving federal cybersecurity response capabilities; and streamlining
Federal Information Security Modernization Act (FISMA) reporting.
29. Melinda Yu: from Doug Natal, Sumo Logic: Are technology companies required to join CDM
contract?
* No.
30. Steven Schramm: I am confident you were pleased to see President Bidens executive order on cyber
security that mandates that DHS determine appropriate protection standards. The Solar Winds
attack made clear the vital importance of securing the supply chain for software. Equally important
is the supply chain for hardware as you mentioned in the VENN Diagram. Will CISA be
recommending as best practice the ISO 20243 compliance
Show All