Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JANUARY 11, 2015 FBO #4796
MODIFICATION

A -- Innovative Cross-Domain Cyber Reactive Information Sharing (ICCyRIS)

Notice Date
1/9/2015
 
Notice Type
Modification/Amendment
 
NAICS
541712 — Research and Development in the Physical, Engineering, and Life Sciences (except Biotechnology)
 
Contracting Office
Department of the Air Force, Air Force Materiel Command, AFRL/RIK - Rome, 26 Electronic Parkway, Rome, New York, 13441-4514, United States
 
ZIP Code
13441-4514
 
Solicitation Number
BAA-RIK-14-02
 
Point of Contact
Gail E. Marsh, Phone: 315-330-7518
 
E-Mail Address
Gail.Marsh@us.af.mil
(Gail.Marsh@us.af.mil)
 
Small Business Set-Aside
N/A
 
Description
The purpose of this modification is to republish the original announcement, incorporating all previous modifications, pursuant to FAR 35.016(c). This republishing also includes the following changes: (a) Section III.5: Add Paragraph 5 with information on the Government approved accounting system requirement; (b) Section IV.1: Added new URL for BAA Guide to Industry and the Proposal Preparation Instructions; (c) Section IV.2: Removed two reference to proposals. Directions are now specific to white papers (see Proposal Preparation Instructions for proposal guidance.); (d) Section IV.3: Revise submission dates for FY17 and FY18; (e) Section VII: Updated the AFFARS Clause 5352.201-9101 version. No other changes have been made. NAICS CODE: 541712 FEDERAL AGENCY NAME: Department of the Air Force, Air Force Material Command, AFRL-Rome Research Site, AFRL/Information Directorate, 26 Electronic Parkway, Rome NY 13441-4514 TITLE: Innovative Cross-domain Cyber Reactive Information Sharing (ICCyRIS) ANNOUNCEMENT TYPE: Initial Announcement FUNDING OPPORTUNITY NUMBER: BAA-RIK-14-02 CFDA NUMBER: 12.800 I. FUNDING OPPORTUNITY DESCRIPTION : The Cross Domain Innovation & Science (CDIS) group of the Air Force Research Laboratory's Information Directorate is interested in new innovative technologies and capabilities, within the Multi-Level Security (MLS) and Cyber Security environments, that promote the state of the art for secure, accreditable resilient and reactive capabilities to enhance the sharing of information between multiple security domains within both enterprise and mobile/tactical environments. This BAA focuses on developing new technologies to allow secure data sharing; trusted computing; smart routing; cyber defense; Multi-Level Security (MLS) trust at the tactical edge; and a comprehensive, multi-security domain, user-defined operational picture to effectively and efficiently improve the state-of-the-art for defense enterprise, cloud, and mobile/tactical computing/operations. The goals of this BAA are to improve cross-domain information sharing in five distinct technology areas: 1. Multi-Enclave/Multi-Domain Cyber User Defined Operational Picture (UDOP) - Extending enterprise status monitoring efforts and Cross Domain Solutions (CDSs) adaptability to meet greater operator need. 2. High Risk Data Type Mitigation - Providing micro-virtualized ultra-high-risk content and investigations for malicious behavior before passing them to other security domains. 3. Fine-Grained Grammar for Orchestration - Use of formal grammars for quick adaptation of workflows to meet changing mission/security/performance requirements. 4. Content and Label Based Routing - Extending the trust provided at node and network environments to the information objects being passed to assure end-to-end trust in passing and delivering information to recipients. 5. MLS Trust at the Edge - Extending the robustness and usability of MLS mobile and desktop endpoint technology to meet the critical needs of our mobile warriors. General Focus Areas Applicable to all FYs : Automatically Evaluate Video Streams for Cross-Domain Releasability: Perform an analysis of alternatives and incorporate the most mature systems into a prototype for evaluating the releasability of streaming data. This specifically includes but is not limited to speech-to-text, person recognition, and object recognition functionality plus system(s) to reason over the results of these functions. Improved Security Through Virtualization: Utilize the broad swath of virtualization technologies to improve the state of the art of information assurance. Note also the related High Risk Binary Assessment Focus Area for FY 15 under this BAA, as well as the Secure Data Containers Focus Area for FY16. Novel, Trustworthy Filtration: Improve the state of data filtration through the use of techniques and procedures either previously unexplored in filtration or completely novel. Note that adding a new filter for an already covered file type is much less interesting than the ability to add classes of file types which are otherwise unaddressed by filtration engines. Note also the related High Risk Binary Assessment Focus Area for FY15 under this BAA, as well as the Imagery to Text Focus Area for FY18. Improved Orchestration Interfaces that don't require a "Man-in-the-Loop": Research and develop better automation of multiple data flows, each containing myriad functions and decision points, intended to affect large pools of data. This may be used in conjunction with various efforts such as the National Security Agency's (NSA's) Bray tool, Data Flow Configuration Format (DFCF), Guard Remote Management Protocol (GRMP), the CDS Management Information Base (MIB), and/or others. This capability includes the ability to demonstrate proposed changes against known pools of data, provide high level metrics regarding the original and changed results on those known pools of data, and to allow the user to drill down into greater, granular detail on the metrics as needed. These interfaces should not assume any particular degree of knowledge for users beyond a general computer use competency, and must ensure users' identity and authorization via appropriate methods. Improved Machine-to-Machine Automation: Many cross domain links are established between automated systems for various purposes. There are large swaths of commonality across most of these links. Build tools to leverage unmodified CDSs from the Unified Cross Domain Management Office (UCDMO) baseline to better meet the need for creating similar links in the future. Improved Commodity Multi-Level Security (MLS) Networking: Create networking capable of mandatory access control (MAC) for content, locations and users marked, approved and operating at different levels of classification (plus releasability, caveats, and other security-relevant markings) utilizing commodity hardware, operating systems, software and infrastructure as much as practical. Complete redevelopment/replacement of existing networking infrastructure and endpoints is explicitly outside the scope of this effort. CAC Authentication via MicroSD Certificate Storage: Commercial mobile devices on their own, with standard configuration, are not secure enough for government use. However, to save money, many agencies are looking to leverage them. This poses a challenge for securing government/sensitive data access by the device user, while maintaining all the functionality of the commercial device itself. One approach is to utilize micro/nano Secure Digital (SD) cards to provide secure storage of access certificates. Phase one of this focus area will develop a secure, "read only" certificate store utilizing the Micro and Nano SD card form factors for use in physically unmodified Commercial-Off-The-Shelf (COTS) Mobile Platforms. Software applications may be modified or created in order to demonstrate the functionality. The second phase of this focus area will test the proposed solution against real world scenarios utilizing life-like certificate data to ascertain robustness against published Security Technical Implementation Guides (STIGS). Securing Commercial Off-The-Shelf (COTS) Mobile Device Common Access Card (CAC) Authentication via Near-Field Communication (NFC): Several COTS mobile devices feature NFC capabilities. Concurrently, there are requirements for warfighters to authenticate on computing resources with their Common Access Card (CAC). Unfortunately, physical external readers for CACs are unwieldy extensions to mobile devices. As such, there may be an opportunity to investigate utilizing the COTS NFC capabilities assuming they meet or exceed the security requirements accomplished by the physical readers. Given the repeated demonstrations given at most modern Black Hat events exploiting COTS NFC capabilities in many various ways, skepticism as to these devices' security capabilities will need to be assuaged and demonstrated as mitigated appropriately for operationally meaningful situations. Additionally, the demonstrated solution has additional challenges: It must be able to prevent unauthorized access to sensitive data provided via CAC PKI capabilities, it must securely account for users with multiple credentials and access their existing certificates within appropriate networks (as in Global Access List, Lightweight Directory Access Protocol (LDAP)/ Active Directory (AD), etc.), must have a segregation capability if malicious code is detected, and allow for appropriate persistence of user authentication even after the device and NFC tag are outside of scanning range. Real Time Mobile Authentication: Many mobile users, especially field operators and tactical users, require mobile devices to be unlocked or readily available at any time throughout the mission. Long passphrases can be difficult to remember and may require attention that directs their vision away from the battlefield. Unfortunately, leaving the devices unlocked poses a large security risk if the phones are lost or stolen. By leveraging the sensors on the device (ex. Camera, GPS, Accelerometer (Gate), Humidity, Temperature) along with new wearable technology (Blood pressure, Heart Beat, Body Temp) advanced policies can be created to authenticate the user with the mobile device and keep mission critical applications unlocked and ready to use. These policies should be dynamic and adapt to the environment of the user. For example, complete operations such as locking the device or in certain locations wiping the device entirely. The measures of effectiveness will measure will be measured on authentication false positive/negative rates, impacts to battery life, CPU performance, I/O performance and tactical use-cases. Focus Areas for FY15: High Risk Binary Assessment: Demonstrate a capability to automate invocation of potentially malicious content within a secure environment (such as a sandbox, virtual machine, or ‘detonation chamber'). This capability should include scripting some appropriate number of user actions within commodity, unmodified applications and monitoring the environment for malicious or unexpected behaviors. The solution should incorporate both signature based detection of suspect behaviors as well as aberrant behavior based on a learned fingerprint of the normal functioning of the consuming application(s) within the environment. For example, if a given application doesn't normally generate alternate data streams within Windows, then generating an alternate data steam upon opening a new file in that application should be flagged. Integrity of the mechanisms that identify these unexpected behaviors must be protected from tampering or observation from within the secure environment. The solution shall also include one or more ways to adapt to new exercising applications and steps within the secure environment to either extend inspection of current file types supported and/or to offer support for new file types. In the final version delivered, no particular degree of knowledge beyond a general computer use competency should be expected from operators or those who adapt the system in the aforementioned manner(s). Situational Awareness of End-to-End Multi-level Information Flow: NSA's Cross Domain Solution Management Information Base (CDS-MIB) is a CDS-independent mechanism used to report including flow performance, errors, and other various metrics related to CDS health and status. This is only part of the picture that is necessary to efficiently be aware of the true multi-level information flow picture. The addition of information pertaining to CDS support devices such as external filtering appliances, CDS pre-processors, mission applications that leverage CDS and other IT integral to cross domain services (e.g., identity management, email infrastructure) is intended to enhance end-to-end situational awareness. This will increase situation awareness of all CDSs on the network, provide more insight into network status and services status, and provide opportunity for further integration with other activities, to include prior CDIS run efforts such as Audit-Based Sensing & Protection (ASP) and Behavior Based Risk Assurance (BBRA). Once this capability is developed, other capabilities can use the information to include load balancers and automatic failover. Dynamic Mobile Device Management (DMDM): In order to provide secure containers for multiple compartments within mobile devices, a dynamic method to manage mobile devices using a secure Operating System (such as SE-Android) is required. This topic is to develop and demonstrate an innovative method for the management of such a device. This following management capabilities must be considered : support for multiple compartments on a single mobile platform, dividing each container into separate compartments, each with their own storage, keystore, and applications; the ability to provide flexible policies for the communication of all applications with each other and the device; provide high-level enforcement of applications to operate as specified by policy within a container; provide typical device management which includes: user management, device lock-down, container isolation protection, tamper resistance, and remote management (including the ability to wipe the device if compromised); provide continual assessment of the devices security state and make appropriate actions when that state is compromised. The prototype delivered must incorporate as many of these capabilities as possible and demonstrate successful container separation, device and policy management, and attestation of device security. Focus Areas for FY 16: Multi-Level-Security Mobile Secure Foundation: Currently we are tracking two major technical approaches for Multi-Level Security (MLS) on Commercial Off-The-Shelf (COTS) hardware running the Android ecosystem. The first approach utilizes a hypervisor to separate multiple virtual machines' operations within the secure device. The second utilizes Security Enhanced (SE) Android policy to separate (sets of) processes. Both of these efforts have disparate strengths and weaknesses, as measured by performance, battery life, boot and access times, and other metrics. Other technical approaches to achieve assured Multi Level Security operation within the Android ecosystem may also be viable, if they can be brought to a similar or higher degree of maturity as well as accomplishing the rest of the tasking by the end of this effort. This effort is to provide a secure foundation for additional development in mobile devices for multiple DoD/IC use cases. As such, the solution chosen must follow accreditation guidelines throughout the effort and ideally have zero outstanding technical issues which would preclude accreditation. Additionally, the chosen solution must adhere to the relevant portions of the Mobility Capability Package protection profiles and National Information Assurance Partnership (NIAP) guidelines. The architecture shall include components selected from the National Security Agency Commercial Solutions for Classified (CSfC) such as Data at Rest, Data in Transit, Mobile Device Management, etc. Finally, it is important that the solution be compatible with military needs for current and future tactical usage, including the continued usage of hardware peripherals. The successful solution will be based on commodity hardware, and ideally with commodity firmware utilizing hardware-based attestation (e.g. Trusted Platform Module (TPM), ARM TrustZone, Samsung KNOX, etc.) through the boot cycle and normal operation of the device. Solutions featuring custom operating systems and firmware are not ideal as they are expected to have higher procurement and maintenance costs and requirements, among other reasons. Measures of effectiveness will include the ability to integrate with existing technologies and abide by all of current and future NSA Mobility publications. The solution shall also adhere to strict requirements of battery life, CPU performance, I/O performance, boot-up times, and tactical application integration. CDS High Availability: Cross Domain Solutions (CDS) are typically less resilient than our other information technology (IT). Today we can support CDS load balancing and failover via typical mechanisms if the CDS protocols support it. There are, however, multiple technical shortfalls that limit the usability of these techniques, including the inability to: provide CDS load information to commodity load balancers, maintain configuration synchronization between multiple CDS and the ability to detect and recover from CDS failure. The purpose of this effort is to develop techniques to address these CDS availability concerns. Measures of effectiveness will include extensibility of approach to multiple CDS, ability to integrate with off-the-shelf tools for load balancing, information assurance acceptability and efficient utilization of network bandwidth for communication between components. Cross Domain Machine-to-Machine (M2M) Mediation Layer: A common approach to addressing cross domain information sharing requirements is cross-domain enablement of the underlying information technology (IT) that facilitates information sharing intra domain. Cross domain enablement of the machine-to-machine (M2M) protocols that support this IT is challenging because M2M protocols often have attributes that do not match typical CDS transfer characteristics. Some common examples include: non-atomic transactions (require more than one CDS transfer in order to complete), transactions that require ACK/NACK (CDS transfers are usually one way and may not provide failure notification) and transactions that are dependent upon one another (CDS are typically stateless and transfers are independent of one another). The purpose of this effort is to develop a mediation layer that can act as a foundation for M2M communications over a CDS. This mediation layer will be the integration point for specific protocol termination services (e.g. - DB transactions, Web Services) and would handle the necessary information management and CDS data flow understanding to map between M2M interface requirements and CDS transfer capabilities. Measures of effectiveness will include ease of integration with a new set of M2M data flows, native M2M protocol independence, ability to protect end system data integrity from CDS filtering issues, solution performance (throughput and latency) and ease of recovery when issues arise (e.g. - CDS is unavailable, CDS filters misconfigured and start failing transactions). Dynamic Mobile Device Management (DMDM): In order to provide secure containers for multiple compartments within mobile devices, a dynamic method to manage mobile devices using a secure Operating System (such as SE-Android) is required. This topic is to develop and demonstrate an innovative method for the management of such a device. This following management capabilities must be considered: support for multiple compartments on a single mobile platform, dividing each container into separate compartments, each with their own storage, key store, and applications; the ability to provide flexible policies for the communication of all applications with each other and the device; provide high-level enforcement of applications to operate as specified by policy within a container; provide typical device management which includes: user management, device lock-down, container isolation protection, tamper resistance, and remote management (including the ability to wipe the device if compromised); provide continual assessment of the devices security state and make appropriate actions when that state is compromised. The prototype delivered must incorporate as many of these capabilities as possible and demonstrate successful container separation, device and policy management, and attestation of device security. The solution must adhere to the relevant portions of the Mobility Capability Package protection profiles and National Information Assurance Partnership (NIAP) guidelines. The measures of effectiveness will be measured on application performance, agility to tactical low-no communication situations and the ability to integrate with components from the National Security Agency Commercial Solutions for Classified (CSfC) such as Data at Rest, Data in Transit, Mobile Device Management, etc. Focus Areas for FY 17: On-Demand Cross Domain Solution (CDS) Filtering: Provide a trustworthy mechanism to securely store, deliver, and deploy new filters into CDSs on demand. The intent is to develop a new or extend an existing agnostic Application Programmer's Interface (API) to allow multiple disparate transfer CDSs to interrogate one or more trusted store(s) for filters to be secure delivered in near-real-time, and to provide a reference implementation for that trusted store. This is intended to allow CDSs to adapt to changing workload requirements and threat environments. If the CDS already contains a similar capability or partial capability, it is expected that this API will wrapper them rather than redeveloping. Enhance Logic and Visualization for Enterprise Capabilities: Extend the ability to monitor one or more transfer Cross Domain Solutions (CDSs) beyond prior efforts' scope by incorporating business logic through a reasoning engine to examine the data collected and stored via CDS-MIB, SNMP & perhaps alternate sources as well as performing trend analysis across this information. This would be expected to be able to automatically suggest and/or enforce reporting and warning thresholds to alert responsible parties via Simple Network Management Protocol (SNMP) (for integration with enterprise management & alert systems), email and/or text to abnormal activity with respect to the CDSs' normal functioning. Given other previously developed tools, this developed capability might be expected to automatically react to incoming data and alter one or more CDSs' operational posture, either to ensure operational goals and/or reduce data exfiltration/malware infiltration. Mobile MLS Cross Domain XML Routing: Evaluate existing XML data tagging standards for use in both IP-based wired networks and wireless mobile networking environments, both for traditional tagging roles and also in support of cross security domain routing decisions. Publish this evaluation in order to gather feedback and consensus and hopefully drive standardization across DoD/IC and eventually the mobile industry. Finally, develop a prototype that enables standardized cross domain routing originating and/or ending on a mobile platform. Advanced File Typing: Perform best of breed Analysis of Alternatives between deep content inspection and/or file parsing capabilities such as Apache Tika, Data Format Description Language (DFDL), and similar. Using the best of breed, create a prototype to perform deep content inspection of files to detect and/or extract metadata, binary blobs and/or structured text content to properly & fully identify file types (Multipurpose Internet Mail Extension (MIME) types). Develop with common programmatic API calls plus appropriate web service interfaces and NSA's Filter Componentization Effort (FCE) specification. Test and evaluate performance and reliability of file type identification. Include edge cases such as polymorphism, spoofing, multiple file type compatibilities, and container file types. Focus Areas for FY 18: Imagery to Text: In order to better meet warfighter operational needs, perform an Analysis of Alternatives on commercial, open source and Government Off-The-Shelf (GOTS) tools which provide Optical Character Recognition (OCR) and related capabilities. Include analysis on cost, performance, hardware requirements, accuracy (false positive / false negative rates), and other relevant features. Use the highest rated alternative to generate raw text files from multiple (3+) disparate imagery file and/or streaming formats. Create interfaces to feed output to other processes such as the Filter Componentization Effort (FCE) specification among other relevant specifications. Ensure the product provides appropriate levels of auditing and meets relevant assurance requirements. II. AWARD INFORMATION : Total funding for this BAA is approximately $24 M. The anticipated funding to be obligated under this BAA is broken out by fiscal year as follows: FY 15 - $6M; FY 16 - $6M; FY 17 - $6M; FY 18 - $6M. Individual awards will not normally exceed 36 months with dollar amounts normally ranging between $250K to $500K per year. There is also the potential to make awards up to any dollar value. Awards of efforts as a result of this announcement will be in the form of contracts, grants or cooperative agreements or other transactions depending upon the nature of the work proposed. The Government reserves the right to select all, part, or none of the proposals received, subject to the availability of funds. All potential Offerors should be aware that due to unanticipated budget fluctuations, funding in any or all areas may change with little or no notice. III. ELIGIBILITY INFORMATION : 1. ELIGIBLE APPLICANTS: All qualified offerors who meet the requirements of this BAA may apply. This BAA is closed to foreign participation at the Prime Contractor level. Foreign Ownership, Control or Influence (FOCI) companies who have mitigated FOCI may inquire as to eligibility by contacting the contracting office focal point, Gail E. Marsh, Contracting Officer, telephone (315) 330-7518 or e-mail Gail.Marsh@us.af.mil for verification prior to submitting a white paper. Please reference BAA RIK-14-02. 2. COST SHARING OR MATCHING: Cost sharing is not a requirement. 3. System for Award Management (SAM). Offerors must be registered in the SAM database to receive a contract award, and remain registered during performance and through final payment of any contract or agreement. Processing time for registration in SAM, which normally takes forty-eight hours, should be taken into consideration when registering. Offerors who are not already registered should consider applying for registration before submitting a proposal. 4. Executive Compensation and First-Tier Sub-contract/Sub-recipient Awards: Any contract award resulting from this announcement may contain the clause at FAR 52.204-10 - Reporting Executive Compensation and First-Tier Subcontract Awards. Any grant or agreement award resulting from this announcement may contain the award term set forth in 2 CFR, Appendix A to Part 25 http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=c55a4687d6faa13b137a26d0eb436edb&rgn=div5&view= text&node=2:1.1.1.41&idno=2#2:1.1.1.4.1.2.1.1 5. GOVERNMENT APPROVED ACCOUNTING SYSTEM: An offeror must have a government approved accounting system prior to award of a cost-reimbursement contract per limitations set forth in FAR 16.301-3(a) to ensure the system is adequate for determining costs applicable to the contract. The acceptability of an accounting system is determined based upon an audit performed by the Defense Contract Audit Agency (DCAA). IMPORTANT: If you do not have a DCAA approved accounting system access the following link for instructions: https://www.fbo.gov/index?s=opportunity&mode=form&id=1cffad228f48b58057072a6c9113799d &tab=core&_cview=1 IV. APPLICATION AND SUBMISSION INFORMATION : 1. APPLICATION PACKAGE: THIS ANNOUNCEMENT CONSTITUTES THE ONLY SOLICITATION. WE ARE SOLICITING WHITE PAPERS ONLY. DO NOT SUBMIT A FORMAL PROPOSAL AT THIS TIME. Those white papers found to be consistent with the intent of this BAA may be invited to submit a technical and cost proposal, see Section VI of this announcement for further details. For additional information, a copy of the AFRL "Broad Agency Announcement (BAA): Guide for Industry," May 2012, and Proposal Preparation Instructions, Dec 2014, may be accessed at: https://www.fbo.gov/index?s=opportunity&mode=form&id=1cffad228f48b58057072a6c9113799d &tab=core&_cview=1 2. CONTENT AND FORM OF SUBMISSION: Offerors are required to submit 3 copies of a 3 to 5 page white paper summarizing their proposed approach/solution. The purpose of the white paper is to preclude unwarranted effort on the part of an offeror whose proposed work is not of interest to the Government. The white paper will be formatted as follows: Section A: Title, Period of Performance, Estimated Cost, Name/Address of Company, Technical and Contracting Points of Contact (phone, fax and email)(this section is NOT included in the page count); Section B: Task Objective; and Section C: Technical Summary and Proposed Deliverables. Multiple white papers within the purview of this announcement may be submitted by each offeror. If the offeror wishes to restrict its white papers, they must be marked with the restrictive language stated in FAR 15.609(a) and (b). All white papers shall be double spaced with a font no smaller than 12 pitch. In addition, respondents are requested to provide their Commercial and Government Entity (CAGE) number, their Dun & Bradstreet (D&B) Data Universal Numbering System (DUNS) number, a fax number, an e-mail address, and reference BAA-RIK-14-02 with their submission. All responses to this announcement must be addressed to the technical POC, as discussed in paragraph six of this section. 3. SUBMISSION DATES AND TIMES: It is recommended that white papers be received by the following dates to maximize the possibility of award: FY 15 by 30 Jan 14 and FY 16 by 15 Jan 15, FY 17 by 31 Jan 16, FY 18 by 31 Jan 17. White papers will be accepted until 2pm Eastern time on 30 September 2018, but it is less likely that funding will be available in each respective fiscal year after the dates cited. FORMAL PROPOSALS ARE NOT BEING REQUESTED AT THIS TIME. 4. FUNDING RESTRICTIONS: The cost of preparing white papers/proposals in response to this announcement is not considered an allowable direct charge to any resulting contract or any other contract, but may be an allowable expense to the normal bid and proposal indirect cost specified in FAR 31.205-18. Incurring pre-award costs for ASSISTANCE INSTRUMENTS ONLY are regulated by the DoD Grant and Agreements Regulations (DODGARS). 5. All Proposers should review the NATIONAL INDUSTRIAL SECURITY PROGRAM OPERATING MANUAL, (NISPOM), dated February 28, 2006 as it provides baseline standards for the protection of classified information and prescribes the requirements concerning Contractor Developed Information under paragraph 4-105. Defense Security Service (DSS) Site for the NISPOM is: http://www.dss.mil/. 6. OTHER SUBMISSION REQUIREMENTS: DO NOT send white papers to the Contracting Officer. All responses to this announcement must be addressed to: ATTN: Michael J. Mayhew AFRL/RIEBA ICCyRIS BAA: BAA-RIK-14-02 525 Brooks Road Rome, NY 13441-4505 Electronic submission to Michael.Mayhew.1@us.af.mil will also be accepted. In the event of a possible or actual compromise of classified information in the submission of your white paper or proposal, immediately but no later than 24 hours, bring this to the attention of your cognizant security authority and AFRL Rome Research Site Information Protection Office (IPO): Vincent Guza 315-330-4048 0730-1630 Monday-Friday 315-330-2961 Evenings and Weekends Email: vincent.guza@us.af.mil V. APPLICATION REVIEW INFORMATION : 1. CRITERIA: The following criteria, which are listed in descending order of importance, will be used to determine whether white papers and proposals submitted are consistent with the intent of this BAA and of interest to the Government: (1) Overall Scientific and Technical Merit -- Including the degree of innovation for the approach and the use of innovative modern architectures in development and/or enhancement of the proposed technology; the use of analysis, metrics & testing and adherence to Information Assurance and Cross-Domain best practices, (2) Related Experience - The extent to which the offeror demonstrates relevant technology and domain knowledge and experience within cross-domain environments, (3) Openness, Maturity & Assurance of Solution - The extent to which existing capabilities and standards are leveraged and the relative maturity of the proposed technology in terms of degree of Information Assurance and Cross-Domain standards implemented, and (4) Reasonableness and Realism of proposed costs and fees (if any). No further evaluation criteria will be used in selecting white papers/proposals. Individual white paper/proposal evaluations will be evaluated against the evaluation criteria without regard to other white papers and proposals submitted under this BAA. White papers and proposals submitted will be evaluated as they are received. 2. REVIEW AND SELECTION PROCESS: Only Government employees will evaluate the white papers/proposals for selection. The Air Force Research Laboratory's Information Directorate has contracted for various business and staff support services, some of which require contractors to obtain administrative access to proprietary information submitted by other contractors. Administrative access is defined as "handling or having physical control over information for the sole purpose of accomplishing the administrative functions specified in the administrative support contract, which do not require the review, reading, or comprehension of the content of the information on the part of non-technical professionals assigned to accomplish the specified administrative tasks." These contractors have signed general non-disclosure agreements and organizational conflict of interest statements. The required administrative access will be granted to non-technical professionals. Examples of the administrative tasks performed include: a. Assembling and organizing information for R&D case files; b. Accessing library files for use by government personnel; and c. Handling and administration of proposals, contracts, contract funding and queries. Any objection to administrative access must be in writing to the Contracting Officer and shall include a detailed statement of the basis for the objection. 3. The Government may simultaneously evaluate proposals received under this BAA from multiple offerors. In this case, the Government may make award based on adequate price competition, and offerors must be aware that there is a possibility of non-selection due to a proposal of similar but higher-priced technical approach as compared to another offeror. VI. AWARD ADMINISTRATION INFORMATION : 1. AWARD NOTICES: Those white papers found to be consistent with the intent of this BAA may be invited to submit a technical and cost proposal. Notification by email or letter will be sent by the technical POC. Such invitation does not assure that the submitting organization will be awarded a contract. Those white papers not selected to submit a proposal will be notified in the same manner. Prospective offerors are advised that only Contracting Officers are legally authorized to commit the Government. All offerors submitting white papers will be contacted by the technical POC, referenced in Section VII of this announcement. Offerors can email the technical POC for status of their white paper/proposal no earlier than 45 days after submission. 2. ADMINISTRATIVE AND NATIONAL POLICY REQUIREMENTS: Depending on the work to be performed, the offeror may require a Secret or Top Secret facility clearance and safeguarding capability; therefore, personnel identified for assignment to a classified effort must be cleared for access to Secret or Top Secret information at the time of award. In addition, the offeror may be required to have, or have access to, a certified and Government-approved facility to support work under this BAA. This acquisition may involve data that is subject to export control laws and regulations. Only contractors who are registered and certified with the Defense Logistics Information Service (DLIS) at http://www.dlis.dla.mil/jcp/ and have a legitimate business purpose may participate in this solicitation. For questions, contact DLIS on-line at http://www.dlis.dla.mil/jcp or at the DLA Logistics Information Service, 74 Washington Avenue North, Battle Creek, Michigan 49037-3084, and telephone number 1-800-352-3572. You must submit a copy of your approved DD Form 2345, Militarily Critical Technical Data Agreement, with your proposal. 3. DATA RIGHTS: The potential for inclusion of Small Business Innovation Research (SBIR) or data rights other than unlimited on awards is recognized. In accordance with (IAW) the Small Business Administration (SBA) SBIR Policy Directive, Section 8(b), SBIR data rights clauses are non-negotiable and must not be the subject of negotiations pertaining to an award, or diminished or removed during award administration. Issuance of an award will not be made conditional based on forfeit of data rights. If the SBIR awardee wishes to transfer its SBIR data rights to the Air Force or to a third party, it must do so in writing under a separate agreement. A decision by the awardee to relinquish, transfer, or modify in any way its SBIR data rights must be made without pressure or coercion by the agency or any other party. Non-SBIR data rights less than unlimited will be evaluated and negotiated on a case-by-case basis. Government Purpose Rights are anticipated for data developed with DoD-reimbursed Independent Research and Development (IR&D) funding. 4. REPORTING: Once a proposal has been selected for award, offerors will be given complete instructions on the submission process for the reports. VII. AGENCY CONTACTS : Questions of a technical nature shall be directed to the cognizant technical point of contact, as specified below: Michael Mayhew AFRL/RIEBA 525 Brooks Road Rome New York 13441-4505 Telephone: (315) 330-2898 Email: michael.mayhew.1@us.af.mil Questions of a contractual/business nature shall be directed to the cognizant contracting officer, as specified below (emails are preferred): Gail E. Marsh Telephone (315) 330-7518 Email: Gail.Marsh@us.af.mil The email must reference the solicitation (BAA) number and title of the acquisition. In accordance with AFFARS 5301.91, an Ombudsman has been appointed to hear and facilitate the resolution of concerns from offerors, potential offerors, and others for this acquisition announcement. Before consulting with an ombudsman, interested parties must first address their concerns, issues, disagreements, and/or recommendations to the contracting officer for resolution. AFFARS Clause 5352.201-9101 Ombudsman (Apr 2014) will be incorporated into all contracts awarded under this BAA. The AFRL Ombudsman is as follows: Ms. Barbara Gehrs AFRL/PK 1864 4th Street Building 15, Room 225 Wright-Patterson AFB OH 45433-7130 FAX: (937) 656-7321; Comm: (937) 904-4407 Email: barbara.gehrs@us.af.mil All responsible organizations may submit a white paper which shall be considered.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/USAF/AFMC/AFRLRRS/BAA-RIK-14-02/listing.html)
 
Record
SN03612974-W 20150111/150109234526-51735e41343a6e5ee5014b3a6c8bde3f (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.