- DISA is surveying the industry for a consolidated Army endpoint security program worth up to $850 million
- The sources sought notice covers defending the Army’s slice of the DOW network and advancing its zero trust goals, with responses due June 29
- The effort would merge support now split between ECS Federal and small business Enterprise Resource Performance Inc.
The Defense Information Systems Agency is seeking industry sources for a consolidated Army endpoint security program it expects to award as a single-award contract worth up to $850 million.
DISA posted the sources sought notice on Monday for the Endpoint Security Event Management System on SAM.gov, which supports Project Manager Command and Control Infrastructure and the Network Enterprise Technology Command. Responses are due June 29. The notice is for market research only and does not commit the government to a solicitation.
The Army’s push toward zero trust and continuous network modernization will be front and center at the Potomac Officers Club’s 2026 Army Summit on June 18. The 11th annual gathering will feature keynotes from Army leaders, including LTG Jeth Rey, deputy chief of staff, G-6. Register now to join the conversation.
What Would the Endpoint Security Event Management System Contract Cover?
cDISA grouped the effort into four task areas: running a global endpoint ecosystem built on Microsoft Defender for Endpoint and Elastic Defend; enforcing the War Department’s Comply-to-Connect framework so only authorized, compliant devices reach the network; building and operating a hybrid-cloud unified security information and event management environment; and hosting NETCOM Edge collaborative development environment for data science and analytics.
The contractor would enforce default-deny application controls, automate malware quarantine and threat data ingestion, and run cryptographic discovery to prepare the network for post-quantum migration. The work calls for sustaining on-premises instances at regional cyber centers while standing up a centralized instance in a government Azure environment, using tools such as the Elastic Stack, Kubernetes, Apache Kafka and Cribl to feed the Army’s Big Data Platform.
DISA anticipates a two-year base period followed by eight one-year options, with performance beginning in March 2027. The primary work site is the Global Cyber Center at Fort Huachuca, Arizona, with program oversight at Aberdeen Proving Ground, Maryland, and support spanning four regional cyber centers in the U.S. and overseas.
What is ECS’ Role in Endpoint Security Event Management?
The requirement consolidates support currently split across two contracts. ECS Federal performs the larger portion under a task order issued through the General Services Administration’s Alliant 2 governmentwide vehicle, running through September 2027. Enterprise Resource Performance Inc., a small business, holds the second piece under a separate IDIQ that expires in May 2027.
ECS won its $429.5 million Army endpoint security task order in 2022 to help NETCOM secure endpoint devices across the service’s global network. The Fairfax, Virginia, company has held a position on Alliant 2 since GSA awarded the $50 billion IT vehicle to 61 firms in 2017.
