NGA seeks insider threat detection tech for virtual networks
The National Geospatial Intelligence Agency is looking for information on how it can log activity from privileged users in an virtual environment to identify insider threats.
The highly detailed, forensic-quality streaming of audit information that NGA is seeking addresses the gap that native VMware logs have, the agency said in a sources sought notice for what it calls Virtual Environment Insider Threat/Two Person Integrity/Two Stage Control and Encryption. The system NGA describes must record behavior of users and virtual administrators and alert if the behavior deviates from established controls. The audit data must be human readable and exportable through the security information and event management tools used at NGA.
NGA also wants audit information on attempted actions that are denied, so that it can correct accidental behavior and identify potential malicious behavior. Risk-based control measures are also a big requirement in the notice, which requires monitoring and risk mitigation of system configuration and security controls to the virtual infrastructure as well as “two-person integrity” controls and role-based access systems for sensitive actions that may affect NGA’s information systems.
And as the intelligence community at large continues its move to cloud environments, NGA is requiring that potential partners encrypt NGA’s workload prior to moving into one of the community cloud offerings, as well as encrypt the workloads of organizations within NGA. This will maintain data security and operational integrity.
Additionally, tokens such as common access cards must be supported, which enables another layer of security when accessing government systems.
Responses are due Oct. 23.