SOLICITATION NOTICE
A -- The purpose of this amendment is to: 1. clarify the submission = date for proposals to 1 Apr 03; 2. Specify contract vehicles to use for a= ward of contracts & other transactions; and 3. Revise POC phone number.
- Notice Date
- 2/25/2003
- Notice Type
- Solicitation Notice
- Contracting Office
- DOI - NBC, Ft. Huachuca AZ P.O. Box 12924 ATTN: Gloria Golden 520-538-0418 Fort Huachuca AZ 85670
- ZIP Code
- 85670
- Solicitation Number
- BAA 03-02-FH Amendment 1
- Archive Date
- 2/25/2004
- Point of Contact
- Lawrence Carter COR 5205331213 Lawrence_H_Carter@nbc.gov;
- E-Mail Address
-
Email your questions to Point of Contact above or IDEASEC HELP DESK
(EC_helpdesk@NBC.GOV)
- Small Business Set-Aside
- N/A
- Description
- DESCRIPTION. This Broad Agency Announcement (BAA) (BAA-03-02-FH) con= stitutes the entire solicitation for this effort. No additional informatio= n is available, nor will a formal request for proposal or other solicitatio= n regarding this notice be issued, requests for the same will be disregarde= d.=20 INTRODUCTION: The Department of Interior, National Business Center, Acquis= ition Services Division, Southwest Branch, Fort Huachuca, AZ, acting as the= contracting agent for the Intelligence Community's Advanced Research and D= evelopment Activity (ARDA), is issuing a BAA to solicit research proposals = addressing innovative solutions to mitigate the insider threat to Intellige= nce Community systems and networks. Multiple awards are anticipated. Typic= al periods of performance for a base period will be 12 to 24 months, with t= he possibility of option years including final reports and/or demonstration= s. Individual awards for a base period are expected to be in the range of $= 500K to $750K with possible option year awards bringing the total to in exc= ess of one million ($1M) dollars. Awards totaling up to five million dolla= rs ($5M) over two years are expected from this BAA. ARDA intends to releas= e other BAA's in the future that will address related topics. Information i= n this BAA is supplemented by a Proposer Information Pamphlet (PIP) that pr= ovides further information on the eligibility, support, research areas, mul= tidisciplinary approaches, preparation and submission of proposals, and sel= ection criteria. It is available on the World Wide Web at http://www.nbc.g= ov/insider.cfm. This pamphlet may also be obtained by fax, electronic mail= , or official mail. Send requests for PIP to the Department of Interior, F= ort Huachuca by email to Gloria_M_Golden@nbc.gov or call 520-538-0411. PROGRAM BACKGROUND: The Advanced Research and Development Activity seeks i= nnovative solutions to mitigate the insider threat to Intelligence Communit= y systems and networks. Defending against an insider who attempts to abus= e his computer privileges is one of the most critical problems facing the I= NFOSEC (Information Security) segment of the Intelligence Community (IC), b= ecause the damage that can be inflicted is potentially catastrophic.=20 ARDA defines insider threat as the potential damage to the interests of an = organization done by a person regarded as loyally working for or on behalf = of the organization. The insider threat scope, in the context of this soli= citation, is limited to threats posed to assets within automated informatio= n systems (computer systems and their networks). Within such a computing e= nvironment, an organization's interests can be embodied in both implicit an= d explicit security policies. Therefore, insider threat can be more narrow= ly defined as the potential violation of system security policy by an autho= rized user. Although policy violations can be the result of carelessness o= r accident, the core concern within this context is behavior driven by deli= berate and intended actions, e.g., malicious exploitation or destruction of= data. The degree of sophistication of an insider can vary greatly, from novice to= someone possessing significant skill and experience. Similarly, the privi= leges that an insider can possess may range from those of a normal user to = powers of a system administrator applicable across most of a computing envi= ronment. Note that this solicitation limits the definition of insider thre= at to human users. It does not include malicious software that has made it= s way into an organization's network and systems, unless that software was = introduced by a member of the organization (the threatening "insider"). This BAA focuses on one aspect of the insider threat problem: document cont= rol. We select this application domain to create focus and to highlight it= s particular importance and relevance to the Intelligence Community. Such = focus will allow concentrated effort on a smaller part of a difficult probl= em and might allow specialized approaches that could be overlooked in a sea= rch for generic approaches to the insider threat problem. =20 =09 PROGRAM OBJECTIVES: Proposals are invited for innovative demonstrable docu= ment control solutions to mitigate the insider threat. This solicitation s= eeks technologies that will advance the state of the art. Commercial techn= ology may be leveraged wherever possible, but efforts that are largely engi= neering in nature or that represent incremental improvements to existing ca= pabilities will not be funded. However, teaming arrangements formed betwee= n those with products or advanced prototypes and those in the research comm= unity are encouraged. =20 =09 Technologies sought under this solicitation must be highly resistant to sub= version or circumvention by a sophisticated insider. Respondents must demo= nstrate confidence in the effectiveness of their solution to resist attack = through assurance arguments that address techniques, processes, methodologi= es, etc. they have employed. =20 Regardless of specific technology employed, successful document control sol= utions will demonstrate several basic desirable features: =B7=09Ease of Use: User interfaces should be easy to use and be free of in= ternal complexities. Complexity in the user interface fosters disuse and/o= r potential security breaching work-arounds. =B7=09Operational Transparency: Solutions should minimize the visibility o= f document protection and tracking mechanisms, thereby complicating user fo= rmulation of breaching strategies. =B7=09Portability: Document protection should be effective across a broad = spectrum of platforms and technologies within the insider environment, e.g.= , XML-based web services, client-server, wireless environments, etc. =B7=09Agility: Solutions should be capable of dynamically accommodating a = potentially fast-changing security environment, including changes to threat= conditions, mission imperatives and personnel status. =20 =B7=09Self-Protection: Although ARDA recognizes the inherent security inter= dependencies among various system components (applications, services, kerne= l-level processing, etc.), solutions should be as self-protecting as possib= le to minimize their dependency on external components. ARDA understands that applications such as document control rest on infrast= ructures that include middleware, operating systems, hardware devices and n= etwork services. In turn, the assurance arguments for the viability of any= approach for the application domain rest on the assurance argument for the= properties of the underlying infrastructure. While this solicitation is n= ot interested in general research on infrastructure security mechanisms, we= do seek advancement in infrastructure mechanisms that support the preventi= on, detection, and recovery from attacks against the document control syste= m application and the underlying system supporting that document control sy= stem. =20 TECHNICAL AND RESEARCH AREAS: This BAA solicits proposals in three topic a= reas: (1) Trustworthy Document Control, (2) Infrastructure Support and (3)= Modeling the Insider. Proposals that address topic areas outside the thre= e, listed below, will be considered, but must address the basic concerns fo= r document control to mitigate insider threat as articulated in this BAA. = Proposals unresponsive to these areas of interest will not be fully evaluat= ed. A brief description of each research area is as follows: 1. Trustworthy Document Control: ARDA seeks research that culminates in t= he creation of a document control system with the following properties: =20 =B7=09Originator Control: Document transactions can be controlled at all t= imes by its originator. In this context "originator" is defined as an indi= vidual or group of individuals who owns a document and is authorized to est= ablish or modify document permissions. Note that neither possession nor c= reation of a document implies ownership. Document transactions can include= read, write, modify, open, print, copy, distribute and destruct. Other de= sired capabilities include, but are not limited to: document self-destruct= ion, transaction limits (e.g., self-destruct after one read), man-in-the-lo= op (semi-automatic) capability for selected transactions. =B7=09Audit and Tracking: Evidence of any document transaction, both succe= ssful and unsuccessful, must be recorded to the granularity of individual u= sers and document instances. Capabilities will also support real time audi= t, post-compromise forensic analysis, and the status of a specific document= of interest, e.g., number and location of document instances, current perm= ission set, number and type of transactions, etc. Component technologies that would be used to produce such a document contro= l system, such as cryptographic subsystems, are welcome as proposals, but i= ntegrated solutions are preferred. Whether component or integrated system = is proposed, a convincing assurance argument must be made that the system w= ill achieve the protection properties sought. Proposals will be judged not= only on the basis of the claimed effectiveness of the technology and mecha= nisms created but also by the level of assurance that is claimed, through t= he assurance argument, to be achievable. 2. Infrastructure Support: ARDA seeks research into technology and mechan= isms that support the creation of protected applications such as the docume= nt control system described in the first part of the solicitation. Mechani= sms that detect, prevent or recover from attacks on the application or the = infrastructure itself are sought. We are particularly interested in reusab= le building block, assurable mechanisms that support the development of con= trolled applications that help thwart insider attacks. Desired capabilitie= s include: =B7=09Tamper resistance of security controls and audit functions =B7=09Integrity of associated document processes, data, and metadata =B7=09Strong persistent authentication for all accesses (e.g., biometrics) =B7=09Ensuring least privilege in granting permissions =B7=09Policy translation techniques =B7=09Policy configurable design=20 =B7=09Dynamic updating of document permissions =B7=09Effective document removal (e.g., not physically recoverable once per= mission revoked) 3. Modeling The Insider: ARDA seeks models of insider behavior that captu= re both authorized and unauthorized activity. For example, such models shou= ld include techniques, processes, methodologies, etc. that have been employ= ed during previous attacks. Models should be able to rank potential risks, = given a value of each document that can be targeted by a given method. Thes= e models should combine such capabilities in a way that can assess likely t= arget documents and hypothesize opportunistic periods and/or scenarios for = compromise. Such a model should be extensible to allow addition of data and= evaluation/modeling processes. The models shall be constructed to be usef= ul to detect unauthorized activity and to predict the course of a multi-sta= ge attack so as to inform appropriate defensive actions. PROPOSAL PREPARATION INSTRUCTIONS: See the Proposer Information Pamphlet (= PIP) which provides preparation and submission instructions for proposals. = It is available on the World Wide Web at http://www.nbc.gov/insider.cfm PROPOSAL SUBMISSION: Proposals are due on or before 4:00 PM, Mountain Stan= dard Time, 1 Apr 2003 to the Department of the Interior, National Business = Center, Acquisition Support Division, Southwest Branch, Post Office Box 129= 24, ATTN: BAA (G. Golden), Fort Huachuca, Arizona, 85670-2924. See the Pro= poser Information Pamphlet (PIP) which provides detailed instructions on pr= oposal submission procedures. It is available on the World Wide Web at htt= p://www.nbc.gov/insider.cfm. =20 PROPOSAL EVALUATION AND SELECTION. Proposals will be selected through a tec= hnical/scientific/business decision process using the following criteria in= descending order of importance: (1) Overall scientific and/or technical merit, including technical feasibil= ity, degree of innovation, understanding of the technical and operational a= pproach, and experimental approach. If a proposal lacks overall scientific= and/or technical merit, it will not be further considered for award. (2) The effort's potential contributions to the Intelligence Community's In= formation Security (INFOSEC) efforts. =20 (3) Cost reasonableness and realism. (4) The offeror's capabilities, related experience, facilities, techniques,= or unique combinations of these which are integral factors for achieving p= roposal objectives (5) Qualifications, capabilities, and experience of key personnel (6) The offeror's record of present and past performance Awards under this BAA will be made to responsible offerors on the basis of = the evaluation criteria above and a BEST VALUE approach to the Government. = Awards will be subject to the availability of funds. Awards may take the = form of a procurement contract or other transaction, depending upon the nat= ure of the work proposed, the required degree of interaction between partie= s, and other factors. The Government reserves the right to 1) select for a= ward all, some, or none of the proposals received, and 2) incrementally fun= d any award instrument. NOTE: THIS NOTICE WAS NOT POSTED TO FEDBIZOPPS.GOV ON THE DATE INDICATED IN THE NOTICE ITSELF (25-FEB-2003). IT ACTUALLY FIRST APPEARED ON THE FEDBIZOPPS SYSTEM ON 03-MAR-2003. PLEASE CONTACT fbo.support@gsa.gov REGARDING THIS ISSUE.
- Web Link
-
Please click here to view more details.
(http://ideasec.nbc.gov/ecprod/owa/ec$cbd.sypfirstcount?P_SERVER_ID3=3D= NB1401FH&P_OBJ_ID1=3D111977)
- Record
- SN00268811-W 20030305/030303215307 (fbodaily.com)
- Source
-
FedBizOpps.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |