Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF OCTOBER 16, 2008 FBO #2516
SOLICITATION NOTICE

A -- Integrated Cyber Defense & Support Technologies

Notice Date
10/14/2008
 
Notice Type
Presolicitation
 
NAICS
541712 — Research and Development in the Physical, Engineering, and Life Sciences (except Biotechnology)
 
Contracting Office
Department of the Air Force, Air Force Materiel Command, AFRL - Rome Research Site, AFRL/Information Directorate, 26 Electronic Parkway, Rome, New York, 13441-4514
 
ZIP Code
13441-4514
 
Solicitation Number
BAA-08-08-RIKA
 
Point of Contact
Lynn G. White,, Phone: (315) 330-4996
 
E-Mail Address
Lynn.White@rl.af.mil
 
Small Business Set-Aside
N/A
 
Description
NAICS CODE: 541712 FEDERAL AGENCY NAME: Department of the Air Force, Air Force Materiel Command, AFRL - Rome Research Site, AFRL/Information Directorate, 26 Electronic Parkway, Rome, NY, 13441-4514 TITLE: Integrated Cyber Defense & Support Technologies ANNOUNCEMENT TYPE: Initial announcement FUNDING OPPORTUNITY NUMBER: BAA 08-08-RIKA CFDA Number: 12.800 DATES: It is recommended that white papers be received by the following dates to maximize the possibility of award: FY 09 should be received no later than 01 Dec 2008; FY 10 should be submitted by 02 Jan 2009; FY 11 by 02 Jan 2010; and FY 12 by 02 Jan 2011. White papers will be accepted until 2:00 p.m. Eastern time on 30 Sep 2012, but it is less likely that funding will be available in each respective fiscal year after the dates cited. FORMAL PROPOSALS ARE NOT BEING REQUESTED AT THIS TIME. See Section IV of this announcement for further details. I. FUNDING OPPORTUNITY DESCRIPTION: This BAA is a contracting tool directly responsive to Air Force Research Laboratory (AFRL) Focused Long Term Challenge (FLTC) 5's Integrated Cyber Defense attribute. Proactively defend cyberspace by anticipating and avoiding threats through understanding the cyber situation, predicting adversarial actions, assessing potential impacts, and by implementing deterrence and effects based defensive methodologies. Detect and defeat threats and protect information systems by engagement and influence through defensive mechanisms employing such methods as adversary denial and deception. Adaptively maintain, organize, and automatically regenerate and reconstitute resources to ensure continued mission operations. The Air Force Research Laboratory, Information Directorate is soliciting whitepapers for FLTC focus areas and Computer Network, Defense & Support. The following section provides a description of six FLTC focus areas within FLTC 5's Integrated Cyber Defense attribute and a general description of the Computer Network Defense (CND) & Support Technology base. NOTE: The POC for each FLTC focus area is provided for QUESTIONS ONLY. See Section IV Paragraph 6 for submission details. Strategic Cyber Defense Background: Many describe cyberspace as a domain that favors the attacker. This reality is largely due to the reactive mindset that currently dominates our approach to cyber defense. Defensive operations are constantly playing "catch up" to an ever-increasing onslaught of attacks that seem to always stay one step ahead. In order to tip the balance in favor of the defender, we must develop a strategic approach to cyber defense that transcends the day to day reactive operations and provides the means to conduct defense in a proactive, goal-oriented fashion using systems that are robust and can be trusted to support the mission. Objective: Avoid threats entirely by obviating the effects of adversary actions, deterring attacks, and anticipating threats and proactively reshaping our defensive posture. Avoidance eliminates the need to fight or respond, and may be achieved by three avenues, each of which is described below. Research Concentration Areas: The "Strategic Cyber Defense" focus area will be concerned with the following research challenges, but other approaches that achieve the stated objective will be considered: First, most threats should be made irrelevant by eliminating vulnerabilities beforehand. In accordance with established anti-tamper tenets, vulnerabilities can be eliminated beforehand by either moving them "out of band" (i.e., making them technically or physically inaccessible to the adversary), or "designing them out" completely through systematic design practices. Furthermore, since cyberspace is a man-made technological domain, the "laws" of cyberspace can be re-written, and therefore the domain can be modified at any level to favor defensive forces. We need to modify, extend, or replace vulnerable and insufficient protocols, architectures, instruction sets, etc. as necessary to secure critical warfighting systems. This concept of conducting cyber operations with assured systems is as basic as flightworthiness is to air operations, but is many times neglected. Technologies supporting this component of strategic cyber defense include (but are not limited to): • Methods for implementing "Information Assurance (IA) inside": Assured and trustworthy systems and compositions of systems, typically from untrustworthy components • Techniques to guarantee assurance and trustworthiness attributes, potentially through application of advancements in the Anti-tamper and Software protection fields of research • Automatic vulnerability identification and mitigation • Secure protocol design • Techniques for automated diversity: for example via instruction set, address space, and program structure randomization to render code-specific attacks inoperative, while guaranteeing correctness and safety of randomized code • "Operating System-less" computer architectures Second, avoiding the threat becomes possible if the perceived cost of attacking can be raised, and/or if the benefits of attacking can be lowered, and/or if the threat of retaliation is credible. Technologies of interest here include any that help enable a future National policy of cyber deterrence, including (but not limited to): • Threat traceback and attribution (to include determination of intent) • Threat geolocation • Adversary understanding and cost models (i.e., risk vs. reward) • Measurement and control of adversary perception of Air Force network capabilities • Information valuation • Denial of adversary's situation awareness and understanding, while avoiding conflicts with friendly information operations • Means to measure and determine equity in response Finally, imminent and active threats will be avoided by way of anticipation followed by immediate evasive action. Anticipating a cyber threat includes setting up early indications & warnings (I&W) mechanisms that detect anomalous activities or entities, rapidly analyzing the corresponding feature set of the activity (to include attribution and geolocation), predicting future behaviors and effects, and provisioning agile defensive systems in the most effective way. Avoiding threats in real-time is accomplished through the use of polymorphic techniques to present an agile "moving target" that allows systems to employ evasion tactics, and escape tactics if a viable threat is confronted. The ability to modify the domain will be leveraged so that modification can take place many times per second at multiple layers of networking. Thus, the attacker loses the advantage of time and the benefit of previously collected intelligence. Technologies supporting this component of strategic cyber defense include (but are not limited to): • Cyber indications and warnings, distant early warning • Escape and evasion techniques • " Everything-hopping" (rapidly reconfigurable system and network parameters, re-addressable nodes) • Dynamic protocols • Masking and obfuscation of critical Air Force network components • Polymorphic communication, networking and computing systems • Secure "Network IFF" - Identification Friend or Foe When threats cannot be avoided by obviating effects or deterring execution, we must have the means to defeat them and survive the attacks in cases where they cannot be completely defeated. These aspects of cyber defense, which complete a true defense in depth capability, are addressed in the remainder of the areas described by the BAA. Questions regarding this FLTC area can be directed to: Walt Tirenin (315) 330-1871 Walt.Tirenin@rl.af.mil Global Cyber Situational Understanding Background: Situation Awareness (SA) as defined by Dr. Mica Endsley is a "state of knowledge" and is inherently oriented towards the human mind (Endsley, M.R. "Theoretical Underpinnings of Stituational Awareness: A Critical Review). What this research area addresses is research and development of the processes which "achieve, acquire, or maintain SA". The SA Reference Model created by AFRL captures these processes diagrammatically. These processes include various components of SA such as; perception (data, object, and situation assessment), comprehension (situation, threat, and impact assessment of the now), and projection (threat and impact assessment of plausible futures). All aspects of SA are considered for a myriad of cyber operators ranging from network security analysts, to cyber attack, to commanders. Objective: The goal of the Cyber Situational Understanding area is to enable situation awareness for cyber operators by applying various technologies and visualization techniques. Research Concentration Areas: The "Global Cyber Situational Understanding" focus area will be concerned with the following research challenges, but other approaches that achieve the stated objectives will be considered: • Enabling Human perception of N-dimensional cyberspace • Validating the authenticity or value of cyber event data (e.g. ensure it is not spoofed or misleading) • Developing meaningful cyber defense metrics • Developing appropriate cyber event ‘observables' Questions regarding this FLTC area can be directed to: George Tadda (315) 330-3957 George.Tadda@rl.af.mil Incorruptible Data Codes / Executables Background: The Department of Defense (DoD) requires trustworthy data and software executables for successful performance of assigned missions. However, despite existing security measures designed to prevent malicious manipulation of data and executable (both static and dynamic), a determined party can easily manipulate both data and software executables on commercial off the shelf (COTS) information systems. Recently the Office of the Secretary of Defense (OSD) has invested in the Software Protection Initiative (SPI) to pursue research and development in an array of technologies for prevention of piracy, malicious tampering, and reverse engineering of DoD application software. The technologies developed and the research outcomes of SPI form the foundation for continued advancement of capabilities the DoD requires to assure trust in the data and executables. Objective: Deliver self-contained verifiably incorruptible/trustworthy data and executables while at rest, under execution, or in transit upon and within any environment/system relevant to the warfighter. This includes both our own systems and systems that we do not own or directly control. Research Concentration Areas: The "Incorruptible Data Codes / Executables" focus area is interested in the research challenges identified below. However, different approaches and concepts deemed to have significant potential to achieve the stated objectives will be considered. • Data (easily manipulated, many types, can be highly complex, comes from trusted and untrusted sources, utilized in a multitude of diverse environments) • Measuring and verifying incorruptibility/trust • Software-only data and executable protections • Data and executable self-protection • Hardware assisted data and executable protections • Development and technical evaluation and refinement of watermarking algorithms and, in particular, protocols for the purpose of information provenance, pedigree, and assurance o Addressing all forms of data and multimedia formats; to include: images, audio, video, formatted and raw data types o Protocols with provable security which incorporate other accepted security mechanisms (timestamping, hashing, key exchange, etc.) o Disadvantaged, rich and heterogeneous environments/platforms. Focus on DoD Global Information Grid (GIG) applications and scenarios o Particular emphasis on:  Interaction of watermarked data with watermarked/secured code which has Anti-Tamper and Protection guarantees  Watermarking algorithms and protocols which provide multiple aspects (provenance, pedigree, assurance) while working in conjunction with data for specific application (sensing, etc) Questions regarding this FLTC area can be directed to: Chris Reuter (937) 320-9068 x113 Christopher.Reuter@wpafb.af.mil Regarding watermarking technologies: Chad Heitzenrater (315) 330-2575 Chad.Heitzenrater@rl.af.mil Cybercraft Background: The Cybercraft focus area seeks to provide combatant commanders with a root of trust for defending the computer network upon which US dominance in Air, Space, and Cyberspace relies. The Cybercraft system provides a trusted platform for automated command, control, communications (C3), and delivery of defensive cyber capabilities. Objective: The Cybercraft focus area aims to address critical Air Force cyber defense issues including the disparity between time-to-attack and time-to-defend, trust of current cyber defenses, and situational awareness in cyberspace. Core Cybercraft components include the following: Platform - Hardware "root of trust" which enables trusted execution of payloads and ensures a user with root access to the underlying system cannot compromise the Cybercraft system. Payloads - Platform-specific executables that provide specific capabilities. Categories of payloads include sensors (sense the environment), effectors (change the environment) and decision engines (interpret policy and issue commands). Policies - Encode the commander's intent or rules of engagement in a machine-readable format. Cybercraft Store - Provides non-volatile storage of commands, payloads, policies, and environment data. Operator Interface - Allows Cybercraft operators to upload new policies, new payload executables, and issue commands to one or more Cybercraft platforms. Visualization - Provides multi-level, geospatial, logical, and dynamic situational awareness and mission mapping for commanders and Cybercraft operators. Research Concentration Areas: The Cybercraft focus area will be concerned with the following research challenges, but other approaches that achieve the stated objectives will be considered: • Map and Mission Context - Cybercraft aims to provide situational awareness and mission mapping of the Air Force cyber domain at operational, tactical, and strategic levels. This area includes delivering geospatial, logical, and dynamic visualizations of millions of cyber assets, mapping these assets to the warfighting missions they support, and developing the operator interface. • Environment Description - This research area involves creating an ontology and machine-readable knowledge representation to enable the Cybercraft system to respond in an autonomous policy-driven manner. The defined structures shall capture tactical, operational, and strategic data about the Cybercraft system and its environment. • C3 Protocols and Architecture - This area consists of defining a C3 protocol and architecture to allow multiple Cybercraft to conduct coordinated operations. This also includes providing a persistent Cybercraft store of what is known about the network. The Cybercraft store must be secure, scalable, reliable, and should have no single point of failure. • Formal Model and Policy - Executing attacks in cyberspace take seconds but defending against attacks takes hours, days, or weeks. Cybercraft aims to provide a policy-driven, automated defense of cyberspace. This necessitates building a formal model and policy for Cybercraft to ensure behavior conforms to a commander's intent. The policy must enable scalability up to millions of cyber assets, balance the conflicting requirements of ease of policy creation and power of expression, and provide a mechanism for policy conflict resolution. • Trust and Self Protection Guarantee - The integrity of current cyber defense tools (e.g. anti-virus scanners, host-based intrusion detection systems) hinges on the integrity of the host root account. The results of this research area shall provide a formally modeled hardware root of trust that imparts immunity from an adversary with root access to the underlying host. • Interfaces and Payloads - This area involves defining standard interfaces (e.g. Cybercraft-to-host, Cybercraft-to-environment, Cybercraft-to-payload, and Cybercraft-to-Cybercraft) to facilitate extensibility, evolution, and interoperability. These interfaces must enable integration of disparate and unforeseen technologies. Questions regarding this FLTC area can be directed to: Sonja Glumich (315) 330-3459 Sonja.Glumich@rl.af.mil Assured Load Balancing Enterprise Background: The DoD has a critical need for information systems that adapt and/or gracefully degrade when unexpected events occur. These systems are subjected to constant change such as overload, component failure, cyber attacks, evolving operational requirements, and/or a dynamic operational environment. Most mission critical systems do not have adaptation mechanisms to support Quality of Service (QoS) (functionality) and/or Quality of Information Assurance (QoIA) (security) in the presence of unpredictable anomalies. A system should adapt to these changes by reconfiguring its resources to provide a different, though acceptable, level of service and/or security to its users. Without adaptation many important activities receive fewer resources than needed while less important activities waste resources by receiving more resources than necessary. Most existing systems either do not adapt or have ad hoc hardwired mechanisms to accommodate only a small, predefined, set of changes. There are no standard methodologies or common tools to assist application developers in managing this sort of adaptation. QoS to most people only deals with network/communication performance (for example diffserv, intserv, Internet Protocol Version 6 (IPV6). The QoS that is being described in this FLTC focus area is a holistic approach which incorporates the user, application, middleware and communications substrate. QoS is a service-based system that must manage/control: processing, data management, and communication resources on an end-to-end basis to support the mission critical user/application. The Air Force has invested in this holistic approach to QoS, but much more work needs to be done. QoIA is a holistic approach to security. We need to be able to quantitatively measure, characterize and control various dimensions of security (availability, integrity and confidentiality) based on user/application requirements. Many security mechanisms exist in research, COTS and government off the shelf (GOTS) that cover the various dimensions of security. What is lacking and what is the main focus of this work is quantitative measurement and fine-grained control to better characterize and utilize the security mechanisms based on mission requirement and/or user needs. Objective: Preserve mission critical functions, while controlling & conveying trustworthiness. The "Assured Load Balancing Enterprise" focus area will develop the tools and technology to realize computer-based systems (i.e., systems composed of hardware, software, and human entities) that tolerate, adapt and/or gracefully degrade based on user (mission-critical) requirements. Information systems must adapt and/or gracefully degrade to provide a guaranteed level of Quality of Service (QoS - functionality (processing, data management and communication)) and Quality of Information Assurance (QoIA - security (measuring and controlling information assurance in Cyber Space)) to the information system enterprise during system overload, component failure, and cyber attacks. This focus area will look at what it means to gracefully degrade QoS and QoIA and what the tradeoff space is between the two. This focus area will also develop QoS and QoIA aware mechanisms and survivability/assurance architectures to guarantee end-to-end QoS and QoIA by adapting and/or gracefully degrading to support mission-critical information enterprise requirements. The realization and enforcement of end-to-end QoS and QoIA implies a degree of control that is fine-grained and extensive. Therefore, an accompanying challenge to creating mechanisms for realizing and enforcing end-to-end QoS and QoIA is to protect those very same mechanisms. Research Concentration Areas: The "Assured Load Balancing Enterprise" focus area will be concerned with the following research challenges, but other approaches that achieve the stated objectives will be considered: • Cyber Defense Metrics o Formalizing QoS & QoIA so they can be quantifiably described, specified, measured and managed based on mission requirements • Graceful Degradation - Trade Space of QoS & QoIA o Understanding the trade space of QoS and QoIA on an end-to-end basis o Identifying the mechanisms and conditions that influence QoIA and how they complement or interfere with QoS o Developing algorithms that perform application-based trade space balancing between QoS (functionality) and QoIA (security) o Creating a taxonomy of QoS and QoIA services o Policy development and de-confliction • Assured End to End QoS & QoIA - (Survivability Architecture) o Composing a survivability architecture that incorporates service delivery and information assurance requirements o Measuring a system's QoS and QoIA capacity at both design time and runtime o Control plane mechanisms to monitor and adapt system performance to guarantee end-to-end QoS and QoIA o Policy enforcement o Adapting and/or gracefully degrading (per application-based, user-provided policy/requirements) QoS and QoIA individually and with respect to each other during malicious and non-malicious faults o Developing a QoS/QoIA dashboard for control of and visibility into system performance • Understanding how the layers of cyber defense, COTS, and legacy code impact QoS and QoIA Questions regarding this FLTC area can be directed to: Pat Hurley (315) 330-3624 Patrick.Hurley@rl.af.mil Self-Regenerating Incorruptible Enterprise Background: Existing approaches to information system security and survivability consist of preventing, detecting and containing unintentional errors and/or cyber attacks. These systems use static means to survive, but are unable to adapt, learn, tolerate and/or reconstitute dynamically in response to unforeseen errors and/or unknown cyber attacks. These systems simply fail miserably when subjected to previously unknown events. Recent research has demonstrated the ability to tolerate errors and/or attacks and gracefully degrade with respect to user (mission critical) requirements. The problem with this approach is that regardless of how well systems are protected or how well they tolerate errors and/or attacks; they will eventually fail over time unless they have the ability to self-regenerate. On the positive side, systems that tolerate by gracefully degrading service buy time to learn the root cause of errors and attacks, thereby providing valuable knowledge to the self-regeneration process. What are needed are information systems that are able to adapt, learn, tolerate and/or reconstitute dynamically in response to unforeseen errors and/or unknown cyber attacks. Objective: The objective of this "Self Regenerative, Incorruptible Enterprise" focus area is to fight through cyber attacks by enabling information systems to learn, regenerate themselves in response to unforeseen errors and/or attacks, and automatically improve their ability to deliver critical services. If successful, self-regenerative systems will reconstitute the information systems back to its initial operating capability while decreasing their vulnerability to an ever-increasing number of attacks. Research Concentration Areas: The "Self Regenerative, Incorruptible Enterprise" product will create persistent information systems and data. Persistent information systems and data are hard to disable or remove (like malware). This focus area will look at malware for techniques that can be utilized to make software more robust. Another focus area will be to use biologically inspired diversity to dynamically create and compose immune components. Information systems must automatically recognize and learn about novel cyber and service attacks to dynamically create immunized versions of information system components and data. Information systems and data must have redundancy and the ability to regenerate required functionality with increased error/attack immunity, whereby corrupted components can be regenerated without negatively affecting the whole system. This focus area will be concerned with the following research challenges, but other approaches that achieve the stated objectives will be considered: • Persistent applications and data • Reconstitution of data and state • Dynamically recognize, characterize and understand novel cyber attacks and service anomalies (understand root cause) • New approaches to software development (model based, specification based, component based, flow based, etc) • Dynamic synthetic diversity (machine generated correct, immune, and composable functionally equivalent software components) • Synchronizing repair activities without interrupting ongoing mission priorities • Self optimization with respect to achieving incorruptibility (restore initial operating capacity while reducing vulnerabilities to errors and attacks) Questions regarding this FLTC area can be directed to: Pat Hurley (315) 330-3624 Patrick.Hurley@rl.af.mil The scope of this BAA is not limited to the aforementioned FLTC focus area; it includes Computer Network Defense (CND) and Support Technologies. Network Defense: Employing network-based capabilities to defend friendly information resident in or transiting through networks against adversary efforts to destroy, disrupt, degrade, deny, delay, corrupt or usurp it. Actions include analyzing network activity to determine the appropriate course of action to protect, detect, and react to internal and external threats to Air Force networks. Support: The collection and production of network related data for immediate decisions involving network warfare operations. Specifically, network warfare support provides profiling, event analysis, open source review, as well as pattern analysis in support of network defense and countermeasure development. Other applicable areas of technology include, but are not limited to, Rapid/Live Forensics, Botnet Detection & Mitigation, Attack Attribution, and Insider Threat Detection & Mitigation. II. AWARD INFORMATION: Total funding for this BAA is approximately $49.9M. The anticipated funding to be obligated under this BAA is broken out by fiscal year as follows: FY 09 - $12.5M; FY 10 - $12.5M; FY 11 - $12.5M; and FY 12 - $12.4M. Individual awards will not normally exceed 36 months with dollar amounts normally ranging between $100K and $1M per year. (i.e., for a 3-year effort this means $300k to $3M CFV awards). There is also the potential to make awards up to any dollar value. The total value of all efforts awarded under this BAA will not exceed $49.9M. Awards of efforts as a result of this announcement will be in the form of contracts, grants, cooperative agreements or other transactions depending upon the nature of the work proposed. III. ELIGIBILITY INFORMATION: 1. ELIGIBLE APPLICANTS: All potential applicants are eligible. Foreign or foreign-owned offerors are advised that their participation is subject to foreign disclosure review procedures. Foreign or foreign-owned offerors should immediately contact the contracting office focal point, Lynn White, Contracting Officer, telephone (315) 330-4996 or e-mail Lynn.White@rl.af.mil for information if they contemplate responding. The e-mail must reference the title and BAA 08-08-RIKA. 2. COST SHARING OR MATCHING: Cost sharing is not a requirement. IV. APPLICATION AND SUBMISSION INFORMATION: 1. APPLICATION PACKAGE: THIS ANNOUNCEMENT CONSTITUTES THE ONLY SOLICITATION. WE ARE SOLICITING WHITE PAPERS ONLY. DO NOT SUBMIT A FORMAL PROPOSAL AT THIS TIME. Those white papers found to be consistent with the intent of this BAA may be invited to submit a technical and cost proposal, see Section VI of this announcement for further details. For additional information, a copy of the AFRL/Rome Research Sites "Broad Agency Announcement (BAA): A Guide for Industry," April 2007, may be accessed at: http://www.fbo.gov/spg/USAF/AFMC/AFRLRRS/Reference%2DNumber%2DBAAGUIDE/listing.html 2. CONTENT AND FORM OF SUBMISSION: Offerors are required to submit 4 copies of a 4-5 page white paper AND 1 electronic copy on a CD summarizing their proposed approach/solution. All whitepaper/proposals shall be submitted in Microsoft Word or PDF format, single spaced, and have a font no smaller than 12 pitch with any figures, tables and charts easily legible. The purpose of the white paper is to preclude unwarranted effort on the part of an offeror whose proposed work is not of interest to the Government. The white paper will be formatted as follows: • Section A: Title, Period of Performance, Estimated Cost, Name/Address of Company, Technical and Contracting Points of Contact (phone, fax and email), and FLTC focus area reference if applicable (e.g., Strategic Cyber Defense) or the target technology area (e.g., Rapid Forensics) - (this section is NOT included in the page count); • Section B: Innovative Claims (How will this effort enhance the state-of-the-art?); • Section C: Technical Approach (Why is this approach superior to alternatives or current practice?); • Section D: Evaluation Approach (How will you show the success of your work?); • Section E: Phasing (Is this expected to be a 1, 2, or 3 phase effort?) Provide a timeline or a brief description of the steps you expect to take in the research. The length of each section is at the discretion of the proposer, subject to the 5 page limit. In addition, a biographical sketch of each proposed principal investigator must be included, subject to a 1 page limit per investigator. Also include a 1 page description of the organizational capabilities, qualifications, and experience. This additional required information will not count against the previously stated 5 page limit. Multiple white papers within the purview of this announcement may be submitted by each offeror. If the offeror wishes to restrict its white papers/proposals, they must be marked with the restrictive language stated in FAR 15.609(a) and (b). In addition, respondents are requested to provide their Commercial and Government Entity (CAGE) number, their Dun & Bradstreet (D&B) Data Universal Numbering System (DUNS) number, a fax number, an e-mail address, and reference BAA 08-08-RIKA with their submission. 3. SUBMISSION DATES AND TIMES: It is recommended that white papers be received by the following dates to maximize the possibility of award: FY 09 should be received no later than 01 Dec 2008; FY 10 should be submitted by 02 Jan 2009; FY 11 by 02 Jan 2010; and FY 12 by 02 Jan 2011. White papers will be accepted until 2:00 p.m. Eastern time on 30 Sep 2012, but it is less likely that funding will be available in each respective fiscal year after the dates cited. 4. FUNDING RESTRICTIONS: The cost of preparing white papers/proposals in response to this announcement is not considered an allowable direct charge to any resulting contract or any other contract, but may be an allowable expense to the normal bid and proposal indirect cost specified in FAR 31.205-18. Incurring pre-award costs for ASSISTANCE INSTRUMENTS ONLY are regulated by the DoD Grant and Agreements Regulations (DODGARS). 5. CLASSIFICATION GUIDANCE FOR WHITE PAPER SUBMISSIONS: AFRL/RIGA will accept classified responses to this BAA when the classification is mandated by classification guidance provided by an Original Classification Authority of the U.S. Government, or when the proposer believes the work, if successful, would merit classification. Security classification guidance in the form of a DD Form 254 (DoD Contract Security Classification Specification) will not be provided at this time since AFRL is soliciting ideas only. Proposers that intend to include classified information or data in their white paper submission or who are unsure about the appropriate classification of their white papers should contact the technical point of contact listed in Section VII for guidance and direction in advance of preparation. All Proposers should review the NATIONAL INDUSTRIAL SECURITY PROGRAM OPERATING MANUAL, (NISPOM), dated February 28, 2006 as it provides baseline standards for the protection of classified information and prescribes the requirements concerning Contractor Developed Information under paragraph 4-105. Defense Security Service (DSS) Site for the NISPOM is: https://www.dss.mil/portal/ShowBinary/BEA%20Repository/new_dss_internet//isp/fac_clear/download_nispom.html 6. OTHER SUBMISSION REQUIREMENTS: DO NOT send white papers to the Contracting Officer. All responses, unclassified/classified, to this announcement must be sent U.S. Postal Service, registered mail and addressed to AFRL/RIGA, 525 Brooks Road, Rome NY 13441-4505, and reference BAA 08-08-RIKA. Electronic submission is NOT authorized. Questions can be directed to the cognizant technical POC, Patrick Hurley, (315) 330-3624, Patrick.Hurley@rl.af.mil V. APPLICATION REVIEW INFORMATION: 1. CRITERIA: The following criteria, which are listed in descending order of importance, will be used to determine whether white papers and proposals submitted are consistent with the intent of this BAA and of interest to the Government: (1) Overall Scientific and Technical Merit -- Including the approach for the development and/or enhancement of the proposed technology and its evaluation, (2) Related Experience - The extent to which the offeror demonstrates relevant technology and domain knowledge, (3) Openness/Maturity of Solution - The extent to which existing capabilities and standards are leveraged and the relative maturity of the proposed technology in terms of reliability and robustness, and (4) Reasonableness and realism of proposed costs and fees (if any). No further evaluation criteria will be used in selecting white papers/proposals. Individual white paper/proposal evaluations will be evaluated against the evaluation criteria without regard to other white papers and proposals submitted under this BAA. White papers and proposals submitted will be evaluated as they are received. 2. REVIEW AND SELECTION PROCESS: Only Government employees will evaluate the white papers/proposals for selection. The Air Force Research Laboratory's Information Directorate has contracted for various business and staff support services, some of which require contractors to obtain administrative access to proprietary information submitted by other contractors. Administrative access is defined as "handling or having physical control over information for the sole purpose of accomplishing the administrative functions specified in the administrative support contract, which do not require the review, reading, or comprehension of the content of the information on the part of non-technical professionals assigned to accomplish the specified administrative tasks." These contractors have signed general non-disclosure agreements and organizational conflict of interest statements. The required administrative access will be granted to non-technical professionals. Examples of the administrative tasks performed include: a. Assembling and organizing information for R&D case files; b. Accessing library files for use by government personnel; and c. Handling and administration of proposals, contracts, contract funding and queries. Any objection to administrative access must be in writing to the Contracting Officer and shall include a detailed statement of the basis for the objection. VI. AWARD ADMINISTRATION INFORMATION: 1. AWARD NOTICES: Those white papers found to be consistent with the intent of this BAA may be invited to submit a technical and cost proposal. Notification by email or letter will be sent by the technical POC. Such invitation does not assure that the submitting organization will be awarded a contract. Those white papers not selected to submit a proposal will be notified in the same manner. Prospective offerors are advised that only Contracting Officers are legally authorized to commit the Government. All offerors submitting white papers will be contacted by the technical POC, referenced in Section VII of this announcement. Offerors can email the technical POC for status of their white paper/proposal no earlier than 45 days after proposal submission. 2. ADMINISTRATIVE AND NATIONAL POLICY REQUIREMENTS: AFRL/RIGA will accept classified responses to this BAA when the classification is mandated by classification guidance provided by an Original Classification Authority of the U.S. Government, or when the proposer believes the work, if successful, would merit classification. Security classification guidance in the form of a DD Form 254 (DoD Contract Security Classification Specification) will not be provided at this time since AFRL is soliciting ideas only. Proposers that intend to include classified information or data in their white paper submission or who are unsure about the appropriate classification of their white papers should contact the technical point of contact listed in Section VII for guidance and direction in advance of preparation. Depending on the work to be performed, the offeror may require a SECRET facility clearance and safeguarding capability; therefore, personnel identified for assignment to a classified effort must be cleared for access to SECRET information at the time of award. In addition, the offeror may be required to have, or have access to, a certified and Government-approved facility to support work under this BAA. Data subject to export control constraints may be involved and only firms holding certification under the US/Canada Joint Certification Program (JCP) (www.dlis.dla.mil/jcp) are allowed access to such data. 3. REPORTING: Once a proposal has been selected for award, offerors will be required to submit their reporting requirement through our web-based reporting system known as JIFFY. Prior to award, the offeror will be given complete instructions regarding its use. VII. AGENCY CONTACTS: Questions of a technical nature shall be directed to the cognizant technical point of contact, as specified below: TPOC Name: Patrick Hurley Telephone: (315) 330-3624 Email: Patrick.hurley@rl.af.mil (Alternate) TPOC Name: Jason Siegfried Telephone: (315) 330-3326 Email: Jason.Siegfried@rl.af.mil Questions of a contractual/business nature shall be directed to the cognizant contracting officer, as specified below: Lynn White Telephone (315) 330-4996 Email: Lynn.White@rl.af.mil The email must reference the solicitation (BAA) number and title of the acquisition. In accordance with AFFARS 5301.91, an Ombudsman has been appointed to hear and facilitate the resolution of concerns from offerors, potential offerors, and others for this acquisition announcement. Before consulting with an ombudsman, interested parties must first address their concerns, issues, disagreements, and/or recommendations to the contracting officer for resolution. AFFARS Clause 5352.201-9101 Ombudsman (Aug 2005) will be incorporated into all contracts awarded under this BAA. The AFRL Ombudsman is as follows: Susan Hunter Building 15, Room 225 1864 Fourth Street Wright-Patterson AFB OH 45433-7130 FAX: (937) 225-5036; Comm: (937) 255-7754 All responsible organizations may submit a white paper which shall be considered.
 
Web Link
FedBizOpps Complete View
(https://www.fbo.gov/?s=opportunity&mode=form&id=e72854d6e3c1a044038563ef1e0fdfa6&tab=core&_cview=1)
 
Record
SN01691586-W 20081016/081014220300-e72854d6e3c1a044038563ef1e0fdfa6 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.