Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JANUARY 08, 2014 FBO #4428
MODIFICATION

A -- Innovative Cross-Domain Cyber Reactive Information Sharing (ICCyRIS)

Notice Date
1/6/2014
 
Notice Type
Modification/Amendment
 
NAICS
541712 — Research and Development in the Physical, Engineering, and Life Sciences (except Biotechnology)
 
Contracting Office
Department of the Air Force, Air Force Materiel Command, AFRL/RIK - Rome, 26 Electronic Parkway, Rome, New York, 13441-4514, United States
 
ZIP Code
13441-4514
 
Solicitation Number
BAA-RIK-14-02
 
Point of Contact
Gail E. Marsh, Phone: 315-330-7518
 
E-Mail Address
Gail.Marsh@us.af.mil
(Gail.Marsh@us.af.mil)
 
Small Business Set-Aside
N/A
 
Description
The purpose of this modification is to make the following changes to SECTION I, "Funding Opportunity Description": 1) Move two (2) focus areas from Focus Areas for FY15 to the General Focus Areas for all FYs and 2) Add a new focus area under Focus Areas for FY15. No other changes have been made. General Focus Areas Applicable to all FYs: The following paragraphs are moved from Focus Areas for FY15 and added to General Focus Areas Applicable to all FYs: CAC Authentication via MicroSD Certificate Storage Commercial mobile devices on their own, with standard configuration, are not secure enough for government use. However, to save money, many agencies are looking to leverage them. This poses a challenge for securing government/sensitive data access by the device user, while maintaining all the functionality of the commercial device itself. One approach is to utilize micro/nano Secure Digital (SD) cards to provide secure storage of access certificates. Phase one of this focus area will develop a secure, "read only" certificate store utilizing the Micro and Nano SD card form factors for use in physically unmodified Commercial-Off-The-Shelf (COTS) Mobile Platforms. Software applications may be modified or created in order to demonstrate the functionality. The second phase of this focus area will test the proposed solution against real world scenarios utilizing life-like certificate data to ascertain robustness against published Security Technical Implementation Guides (STIGS). Securing Commercial Off-The-Shelf (COTS) Mobile Device Common Access Card (CAC) Authentication via Near-Field Communication (NFC) Several COTS mobile devices feature NFC capabilities. Concurrently, there are requirements for warfighters to authenticate on computing resources with their Common Access Card (CAC). Unfortunately, physical external readers for CACs are unwieldy extensions to mobile devices. As such, there may be an opportunity to investigate utilizing the COTS NFC capabilities assuming they meet or exceed the security requirements accomplished by the physical readers. Given the repeated demonstrations given at most modern Black Hat events exploiting COTS NFC capabilities in many various ways, skepticism as to these devices' security capabilities will need to be assuaged and demonstrated as mitigated appropriately for operationally meaningful situations. Additionally, the demonstrated solution has additional challenges: It must be able to prevent unauthorized access to sensitive data provided via CAC PKI capabilities, it must securely account for users with multiple credentials and access their existing certificates within appropriate networks (as in Global Access List, Lightweight Directory Access Protocol (LDAP)/ Active Directory (AD), etc.), must have a segregation capability if malicious code is detected, and allow for appropriate persistence of user authentication even after the device and NFC tag are outside of scanning range. Focus Areas for FY15: The following is a new paragraph added under Focus Areas for FY15: Dynamic Mobile Device Management (DMDM) In order to provide secure containers for multiple compartments within mobile devices, a dynamic method to manage mobile devices using a secure Operating System (such as SE-Android) is required. This topic is to develop and demonstrate an innovative method for the management of such a device. This following management capabilities must be considered : support for multiple compartments on a single mobile platform, dividing each container into separate compartments, each with their own storage, keystore, and applications; the ability to provide flexible policies for the communication of all applications with each other and the device; provide high-level enforcement of applications to operate as specified by policy within a container; provide typical device management which includes: user management, device lock-down, container isolation protection, tamper resistance, and remote management (including the ability to wipe the device if compromised); provide continual assessment of the devices security state and make appropriate actions when that state is compromised. The prototype delivered must incorporate as many of these capabilities as possible and demonstrate successful container separation, device and policy management, and attestation of device security.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/USAF/AFMC/AFRLRRS/BAA-RIK-14-02/listing.html)
 
Record
SN03261921-W 20140108/140106234604-b0ba767b2c3425e6e1ddcd8a1dd1fd9c (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.