TSA wants cyber forensics info

The Transportation Security Administration wants information about commercially available computer security forensics technologies it could use for information technology security.

TSA is interested in products that would give the agency the ability to scan, capture, identify, report, and resolve IT forensics matters, according to a sources sought notice published on the Federal Business Opportunities Web site June 1. The agency said it’s not issuing a solicitation at this time.

The agency is interested in solutions that would allow TSA forensic users to deal with insider threats, e-discovery procedures, data leakage, misuse of IT assets, anomaly detection, identification of malicious code, and compliance verification, according to the notice.

TSA wants companies to provide detailed descriptions of how their products work and what makes them unique. Specifically, TSA is interested in how a product:

• Supports legal e-discovery processes.
• Manages and performs enterprise forensics activities across multiple IT systems.
• Can be used to schedule periodically recurring scans.
• Integrates with desktop products.
• Manages and tracks forensic information.
• Identifies suspicious system activities, including any known exploits.
• Supports remediation activities to remove identified threats while sweeping for known malicious code.
• Reports problems.
• Analyzes data.
• Interfaces with other systems.
• Is designed from an IT architecture perspective.