Pentagon Wants to Upgrade the IT Supporting Its Insider Threat Program


The Defense Department wants a vendor to manage the next phase of development for the insider threat program’s central database and case management.

The Defense Department’s central insider threat database and case management system is up and running but needs vendor support to reach the next level, according to a request for information posted Thursday.

The Defense Counterintelligence and Security Agency, or DCSA, was created to house the background investigation process for all of government and subsequently took over management of DOD’s internal threat group last year.

As part of its mission, DCSA manages the Defense Department’s Insider Threat Management Analysis Center, or DITMAC, and the IT systems that support that program, collectively known as the DITMAC System of Systems, or DSoS.

The system acts as the database for all insider threat-related information and the central case management system, from which case managers can share relevant information, correlate reports and recommend actions to leadership.

“The DSoS enables case management, information sharing, collaboration, analysis, and risk mitigation to address current and emerging insider threats to DoD personnel, assets, and information,” according to a sources sought notice posted to

DSoS got its own program management office in 2018, which was later wrapped into DCSA last year. As the office finds its footing in the new organizational structure, officials are looking for a vendor to help manage and upgrade the IT systems.

The sources sought notice describes the system as a “government off-the-shelf” product “using a collection of open source and licensed software.” The system is split between DCSA-owned on-premise cloud and an Amazon Web Services environment.

The system hit initial operating capability under a previous contract. Now, DCSA wants to establish a new contract to move the whole system forward.

“The contractor shall undertake an agile approach to provide the DSoS PMO with strategic planning, iterative improvements, enhancement, cybersecurity, engineering, operations and maintenance, and programmatic support services for the DSoS and its PMO,” the notice states. “Services include supporting and advising the DSoS PMO in the development of the DSoS product and program roadmap(s), and providing services to define, implement, and execute necessary activities in support of those roadmap(s).”

That work is divided into seven principle tasks, each detailed in the sources sought notice: Core and enterprise engineering support services; specialized engineering support services; tier 1 help desk and user support; training services; program support; pilots; and surge support.

DSoS was designed to be modular to allow for changes to specific capabilities without needing to overhaul the whole system, according to the notice, a feature officials want to keep going forward.

“Key to the success of the DSoS will be the ability to continue the current development framework, which allows for custom configuration of workflows, data fields and other areas through Business Process Model and Notation for specific user groups without the need for baseline code change,” the document states.

The notice also lists a set of database and cloud products prospective vendors will need to demonstrate proficiency with, including: Red Hat Enterprise Linux (RHEL), Java, Spring, MyBatis, Java Server Pages (JSP), JavaScript, CSS, Bootstrap, JQuery, Data Driven Documents (D3) for JavaScript-based User Interface (UI) libraries, ElasticCache (Redis), Elastic Container Service (ECS), ElasticSearch and Puppet, Oracle, Amazon PostgreSQL RDS database technologies, AWS technologies such as Amazon Machine Images (AMIs), Elastic Load Balancing (ELB), Managed ElasticSearch Service, and Cloud Formation.

As part of the sources sought process, DCSA officials are gauging the ability for a small business—including small disadvantaged businesses, 8(a) companies, service-disabled veteran-owned small businesses, HUBZone and woman-owned small businesses—to provide the services.

The eventual contract is expected to run from September 2021 through September 2022, with four one-year option periods.

Responses to the RFI are due by March 1.