Networx Unit Pricer

Home
Unit Pricer
ICB Pricer
Contract Mods
Lookup Tools
Service Guides: Incident Response Service (INRS)
Return to full list of service guides.

1. Overview

The Networx contracts require a basic level of security management for its contractors that ensures compliance with Federal Government generally accepted security principles and practices, or better. The contracts employ adequate and reasonable means to ensure and protect the integrity, confidentiality, and availability of Networx services, Operational Support Systems (OSS), and Government information transported or stored in the contractor's Networx services infrastructure. These requirements are detailed in Section C.3.3.2 Security Management of the Networx contracts.

In addition to this mandatory level of security, the Networx contracts provide additional security services that may be ordered on a fee-for-service basis. These are:

  • Managed Tiered Security Services (MTSS)
  • Managed Firewall Service (MFS)
  • Intrusion Detection and Prevention Service (IDPS)
  • Vulnerability Scanning Service (VSS)
  • Anti-Virus Management Service (AVMS)
  • Incident Response Service (INRS)
  • Managed E-Authentication Service (MEAS)
  • Secure Managed E-Mail Service (SMEMS)

The Incident Response Service (INRS) offering is described below.

2. Technical Description

Technical Summary

INRS is one of the security services that allow Agencies to combat cyber attacks and crime. The service helps Agencies respond to potential malicious attacks that can lead to service disruptions. INRS enables Agencies to complement in-house security expertise, or obtain outside assistance with a greater depth and breadth of experience. The service provides proactive services that are designed to prevent incidents, and reactive services that provide support for responding to malicious events. In addition, INRS provides forensics services that can assist in apprehending and prosecuting offenders. The diagram below highlights the functionalities and capabilities of INRS.



INRS Functionality

3. Technical Detail

INRS does not currently offer any features. The service does provide Agencies with secure Web access to contractor incident analyses and recommendations. INRS was not offered as a service on the FTS2001 contracts.

INRS is comprised of both proactive and reactive activities. Proactive services are designed to prevent incidents. They include onsite consulting, strategic planning, security audits, policy reviews, vulnerability assessments, security advisories, and training. Reactive services involve telephone and on-site support for responding to malicious events such as Denial of Services (DoS) attacks; virus, worm, and trojan horse infections; illegal inside activities, espionage, and compromise of sensitive internal Agency databases. INRS provides an effective method of addressing these security intrusions, thereby ensuring operational continuity in case of attacks.

Under INRS, the contractor reviews the Agency's security infrastructure and develops the appropriate strategic plans in collaboration with the customer. These plans detail the incident response process, identify internal resources, assign duties to team members, describe policies, define severity levels, list escalation chains, and specify emergency/recovery procedures.

The contractor also provides the Agency with effective incident response support around the clock. The contractor provides incident analysis and assessment in order to determine the scope and impact of incidents. In addition, the contractor coordinates with the Agency to handle potential security incidents according to the appropriate response procedures; and provides countermeasures to contain the security incident, limit its spread, and protect internal systems. The contractor assists the Agency in containing the damage, recommends the fixes necessary to eliminate identified vulnerabilities, and helps to restore the affected systems to their normal operational state. The contractor also proposes the appropriate procedures to guard against future attacks.

Furthermore, the contractor provides post-incident investigative and forensics services. This includes isolating the impacted area, capturing and collecting data, categorizing malicious or illegal events, and performing reconstruction analyses. The contractor handles and preserves the data collected according to sound scientific and evidence rules, as the information may serve as evidence in administrative actions and legal proceedings. The contractor traces the offenders and assists in prosecuting attackers, as required. These and other INRS service capabilities are detailed in Section C.2.10.5.1.4 Technical Capabilities of the Networx contracts.

Each Networx contractor may provide variations or alternatives to the offering and pricing for INRS. The specific details can be found within each contractor's Networx contract files and pricing notes for INRS.

For more information on the general INRS specifications and requirements, please refer to Section C.2.10.5 of the Networx contract for technical specifications and Section B.2.10.5 for pricing.

Please note these service guides are for informational purposes only.

4. Price Description

INRS Price Basics

INRS is one of the security services that allow Agencies to combat cyber attacks and crime. The service helps Agencies respond to potential malicious attacks that can lead to service disruptions. INRS can be ordered the following ways:

  • Proactive: Proactive services are intended to prevent security incidents. Proactive INRS consists of NRC and MRC pricing elements and is priced on an Individual Case Basis (ICB). The NRC covers the design, implementation and configuration of INRS. The MRC covers ongoing monitoring and management support provided by the contractor.
  • Reactive: Reactive services are intended to respond to malicious security incidents and are priced the following two ways:
    • Per incident basis priced ICB
    • ICB MRC which allows for unlimited incidents

    INRS was not offered as a service on the FTS2001 contracts.

    Price components required for service are:

    • Basic service (NRC and/or MRC) consisting of either:
      • Proactive INRS intended to prevent security incidents (ICB NRC + ICB MRC)
      • Reactive INRS intended to respond to malicious security incidents comprising either:
        • ICB NRC per incident
        • ICB MRC for unlimited incidents
    • No features available currently
    • Service Enabling Devices (SEDs) may be required to implement INRS. [Please note that SEDs under Networx replace the FTS2001 User-to-Network Interfaces and Access Adaptation Functions (UNIs/AAFs). SEDs may differ between Networx providers. The pricing structure for SEDs provides for either a one-time payment or monthly term payments for purchase, plus a NRC for installation and a MRC for maintenance.]

    Example 1: Proactive INRS

    • Proactive INRS NRC: Choose CLIN 370001. Prices for this CLIN are ICB and are not available in the unit pricer.
    • Proactive INRS MRC: Choose CLIN 370101. Prices for this CLIN are ICB and are not available in the unit pricer.
    • SEDs may be required to implement INRS.

    Example 2: Reactive INRS per incident

    • Reactive INRS NRC: Choose CLIN 370201 per incident. Prices for this CLIN are ICB and are not available in the unit pricer.
    • SEDs may be required to implement INRS.

    Example 3: Reactive INRS unlimited incidents

    • Reactive INRS MRC: Choose CLIN 370301 MRC for unlimited incidents. Prices for this CLIN are ICB and are not available in the unit pricer.
    • SEDs may be required to implement INRS.

    Each Networx contractor may provide variations or alternatives to the offering and pricing for INRS. The specific details can be found within each contractor's Networx contract files and pricing notes for INRS.

    For more information on the general INRS specifications and requirements, please refer to Section C.2.10.5 of the Networx contract for technical specifications and Section B.2.10.5 for pricing.