Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF DECEMBER 20, 2009 FBO #2948
MODIFICATION

A -- Integrated Cyber Defense & Support Technologies

Notice Date
12/18/2009
 
Notice Type
Modification/Amendment
 
NAICS
541712 — Research and Development in the Physical, Engineering, and Life Sciences (except Biotechnology)
 
Contracting Office
Department of the Air Force, Air Force Materiel Command, AFRL - Rome Research Site, AFRL/Information Directorate, 26 Electronic Parkway, Rome, New York, 13441-4514
 
ZIP Code
13441-4514
 
Solicitation Number
BAA-08-08-RIKA
 
Point of Contact
Lynn G. White, Phone: (315) 330-4996
 
E-Mail Address
Lynn.White@rl.af.mil
(Lynn.White@rl.af.mil)
 
Small Business Set-Aside
N/A
 
Description
The purpose of this modification is to republish the original announcement, incorporating all previous modifications, pursuant to FAR 35.016(c). This republishing also includes the following changes: (a) FY11 funding not available for certain technology areas; (b) Expanded focus areas for certain technology areas; (c) Added Section F to white paper submission; (d) Changed submission date for FY11; and (e) Minor changes to Sections 4.2 and 4.6; and TPOC changes. No other changes have been made. NAICS CODE: 541712 FEDERAL AGENCY NAME: Department of the Air Force, Air Force Materiel Command, AFRL - Rome Research Site, AFRL/Information Directorate, 26 Electronic Parkway, Rome, NY, 13441-4514 TITLE: Integrated Cyber Defense & Support Technologies FUNDING OPPORTUNITY NUMBER: BAA 08-08-RIKA CFDA Number: 12.800 DATES: It is recommended that white papers be received by the following dates to maximize the possibility of award: FY 09 should be received no later than 01 Dec 2008; FY 10 should be submitted by 02 Jan 2009; FY 11 by 19 Jan 2010; and FY 12 by 02 Jan 2011. White papers will be accepted until 2:00 p.m. Eastern time on 30 Sep 2012, but it is less likely that funding will be available in each respective fiscal year after the dates cited. FORMAL PROPOSALS ARE NOT BEING REQUESTED AT THIS TIME. See Section IV of this announcement for further details. I. FUNDING OPPORTUNITY DESCRIPTION: This BAA is a contracting tool directly responsive to Air Force Research Laboratory (AFRL) Focused Long Term Challenge (FLTC) 5's Integrated Cyber Defense attribute. Proactively defend cyberspace by anticipating and avoiding threats through understanding the cyber situation, predicting adversarial actions, assessing potential impacts, and by implementing deterrence and effects based defensive methodologies. Detect and defeat threats and protect information systems by engagement and influence through defensive mechanisms employing such methods as adversary denial and deception. Adaptively maintain, organize, and automatically regenerate and reconstitute resources to ensure continued mission operations. The Air Force Research Laboratory, Information Directorate is soliciting whitepapers for FLTC focus areas and Computer Network, Defense & Support. The following section provides a description of six FLTC focus areas within FLTC 5's Integrated Cyber Defense attribute and a general description of the Computer Network Defense (CND) & Support Technology base. NOTE: The POC for each FLTC focus area is provided for QUESTIONS ONLY. See Section IV Paragraph 6 for submission details. Strategic Cyber Defense Background: Many describe cyberspace as a domain that favors the attacker. This reality is largely due to the reactive mindset that currently dominates our approach to cyber defense. Defensive operations are constantly playing "catch up" to an ever-increasing onslaught of attacks that seem to always stay one step ahead. In order to tip the balance in favor of the defender, we must develop a strategic approach to cyber defense that transcends the day to day reactive operations and provides the means to conduct defense in a proactive, goal-oriented fashion using systems that are robust and can be trusted to support the mission. Objective: Avoid threats entirely by obviating the effects of adversary actions, deterring attacks, and anticipating threats and proactively reshaping our defensive posture. Avoidance eliminates the need to fight or respond, and may be achieved by three avenues, each of which is described below. Research Concentration Areas: The "Strategic Cyber Defense" focus area will be concerned with the following research challenges, but other approaches that achieve the stated objective will be considered: FY11 SPECIFIC TOPIC AREA: AVOID THE CYBER THREAT Background: Many describe cyberspace as a domain that favors the attacker. This is largely due to the asymmetric advantage that an attacker currently holds in the preparation of attacks, as well as being able to choose the time and location of attacks. These factors are further compounded by the relative anonymity and static nature of current cyber infrastructures, resulting in comparatively low risk to the attacker. As a result, defensive operations are constantly playing "catch up". Objective: Avoid threats by deterring attackers, obviating the effects of adversary actions by making our systems essentially "non-interoperable" with attacks, and eliminating the attackers' advantages of time and preparation by forcing them into a continuous discovery process. To eliminate the attacker's advantage, we must develop strategies and associated technologies to deter adversaries before they strike, modify the cyber domain to our advantage, and introduce agility into our systems and networks to evade attacks and disrupt the adversary's cyber planning processes. For FY11, we are specifically seeking white papers only in the area of "Assured and Dynamic Configuration" as described below. Assured and Dynamic Configuration: We desire a dynamic and proactive capability for automatically generating, effecting, and validating a functional and secure system/network configuration based on policy, architectural specifications, and operational requirements to proactively and continually invalidate the adversaries' efforts to map and understand our networks. A key element of this technology challenge is effectively generating and implementing secure and operationally-responsive configurations without introducing new vulnerabilities, and doing so in a manner that is transparent to authorized users of the systems and networks. We are looking for approaches that primarily integrate existing technologies into a comprehensive capability for assuring configuration under dynamic and proactive reconfiguration, and verify that configurations have been correctly executed. Consider trade-offs between proactive threat mitigation and resource consumption. Questions regarding this FLTC area can be directed to: Walt Tirenin (315) 330-1871 Walt.Tirenin@rl.af.mil Global Cyber Situational Understanding Background: Situation Awareness (SA) as defined by Dr. Mica Endsley is a "state of knowledge" and is inherently oriented towards the human mind (Endsley, M.R. "Theoretical Underpinnings of Situational Awareness: A Critical Review). What this research area addresses is research and development of the processes which "achieve, acquire, or maintain SA". The SA Reference Model created by AFRL captures these processes diagrammatically. These processes include various components of SA such as; perception (data, object, and situation assessment), comprehension (situation, threat, and impact assessment of the now), and projection (threat and impact assessment of plausible futures). All aspects of SA are considered for a myriad of cyber operators ranging from network security analysts, to cyber attack, to commanders. To enable the understanding of an adversary in the cyberspace domain, decision makers need an awareness of adversarial capabilities, opportunities, past behavior and intent. This ‘Knowledge of Them' is a key component of the larger concept of Situation Awareness. Analysis of existing data sources can assist with developing this understanding but require technologies to perform the analysis. Objective: The goal of this research for FY11 is to leverage existing data through analysis that develops an understanding of cyberspace adversarial capability, opportunity, past behavior and intent with the objective of providing this automated analysis to broader Situation Awareness tools. Research Concentration Areas: The "Global Cyber Situational Understanding" focus area will be concerned with the following research challenges, but other approaches that achieve the stated objectives will be considered: • Enabling Human perception of N-dimensional cyberspace • Validating the authenticity or value of cyber event data (e.g. ensure it is not spoofed or misleading) • Developing meaningful cyber defense metrics • Developing appropriate cyber event ‘observables' • Developing analysis technologies that can identify the cyber threat in terms of adversarial capability, opportunity, past behavior and intent This research area adds the following specific research challenges;" Identify and leverage existing data sources that contribute to the understanding and analysis of the cyber adversary, identify any shortcomings within the data sources. This area could also be viewed as a ‘deep dive' into the data available to develop awareness of an adversary. For the current cycle supporting the FY 11 investment strategy process, we are specifically seeking white papers in the area of "Cyber Adversary Situation Awareness". Questions regarding this FLTC area can be directed to: George Tadda (315) 330-3957 George.Tadda@rl.af.mil or Michael Manno (315)-330-7517, Michael.manno@rl.af.mil Incorruptible Data Codes / Executables Background: The Department of Defense (DoD) requires trustworthy data and software executables for successful performance of assigned missions. However, despite existing security measures designed to prevent malicious manipulation of data and executable (both static and dynamic), a determined party can easily manipulate both data and software executables on commercial off the shelf (COTS) information systems. Recently the Office of the Secretary of Defense (OSD) has invested in the Software Protection Initiative (SPI) to pursue research and development in an array of technologies for prevention of piracy, malicious tampering, and reverse engineering of DoD application software. The technologies developed and the research outcomes of SPI form the foundation for continued advancement of capabilities the DoD requires to assure trust in the data and executables. Objective: Deliver self-contained verifiably incorruptible/trustworthy data and executables while at rest, under execution, or in transit upon and within any environment/system relevant to the warfighter. This includes both our own systems and systems that we do not own or directly control. Research Concentration Areas: The "Incorruptible Data Codes / Executables" focus area is interested in the research challenges identified below. However, different approaches and concepts deemed to have significant potential to achieve the stated objectives will be considered. • Data (easily manipulated, many types, can be highly complex, comes from trusted and untrusted sources, utilized in a multitude of diverse environments) • Measuring and verifying incorruptibility/trust • Software-only data and executable protections • Data and executable self-protection • Hardware assisted data and executable protections • Development and technical evaluation and refinement of watermarking algorithms and, in particular, protocols for the purpose of information provenance, pedigree, and assurance o Addressing all forms of data and multimedia formats; to include: images, audio, video, formatted and raw data types o Protocols with provable security which incorporate other accepted security mechanisms (timestamping, hashing, key exchange, etc.) o Disadvantaged, rich and heterogeneous environments/platforms. Focus on DoD Global Information Grid (GIG) applications and scenarios o Particular emphasis on:  Interaction of watermarked data with watermarked/secured code which has Anti-Tamper and Protection guarantees  Watermarking algorithms and protocols which provide multiple aspects (provenance, pedigree, assurance) while working in conjunction with data for specific application (sensing, etc) Funding for this technology area is not available in FY11 thus no white paper inputs will need submission for this FY Questions regarding this FLTC area can be directed to: Chris Reuter (937) 320-9068 x113 Christopher.Reuter@wpafb.af.mil Regarding watermarking technologies: Chad Heitzenrater (315) 330-2575 Chad.Heitzenrater@rl.af.mil Cybercraft ((Now referred to as Defense, Introspection, and Control of the Enterprise (DICE)) Background: The Cybercraft focus area seeks to provide combatant commanders with a root of trust for defending the computer network upon which US dominance in Air, Space, and Cyberspace relies. The Cybercraft system provides a trusted platform for automated command, control, communications (C3), and delivery of defensive cyber capabilities. Objective: The Cybercraft focus area aims to address critical Air Force cyber defense issues including the disparity between time-to-attack and time-to-defend, trust of current cyber defenses, and situational awareness in cyberspace. Core Cybercraft components include the following: Platform - Hardware "root of trust" which enables trusted execution of payloads and ensures a user with root access to the underlying system cannot compromise the Cybercraft system. Payloads - Platform-specific executables that provide specific capabilities. Categories of payloads include sensors (sense the environment), effectors (change the environment) and decision engines (interpret policy and issue commands). Policies - Encode the commander's intent or rules of engagement in a machine-readable format. Cybercraft Store - Provides non-volatile storage of commands, payloads, policies, and environment data. Operator Interface - Allows Cybercraft operators to upload new policies, new payload executables, and issue commands to one or more Cybercraft platforms. Visualization - Provides multi-level, geospatial, logical, and dynamic situational awareness and mission mapping for commanders and Cybercraft operators. FY11 FOCUS AREA: DEFENSE, INTROSPECTION, AND CONTROL OF THE ENTERPRISE (DICE) Background: The current focus of computer security is at the operating system (e.g. role-based users), applications (e.g. anti-virus programs), and the network (e.g. firewalls). The focus of the DICE program is below the operating system at the hardware and virtualized hardware layers. Innovative technology developments are sought to defend computers and computer networks, and assure dynamic mission objectives. The vision of this program is "A trusted execution environment within each device (e.g. computer, network router) that is a platform for conducting cyber defensive operations that uses "out of band" communication, and remains trusted should the host be compromised." The two areas of high interest are 1) Virtualization and 2) Root of Trust. Virtualization: The combination of complex applications running on complex operating systems presents a very large footprint to attack. Additionally, DoD has very little control over modern shrink-wrapped software applications and operating systems. Current cost concerns prohibit DoD from developing, building, and maintaining their own applications, operating systems, and hardware. Virtualization technologies offer ways to defeat cyber attacks prior to engagement. Key concepts include but are not limited to: A secure environment that encapsulates and protects the operating systems, device drivers, and applications; secure, segregated, inaccessible areas for critical code; and secure communications for critical code processes. Root of Trust: The integrity of computers and computer networks is dependent on the integrity of the host hardware and host root account. This area of research investigates modeled hardware root of trust that imparts immunity from an adversary with root access to the underlying host. Innovative ways to achieve a secure root of trust on a host are sought. Also sought are ways to achieve a network root of trust. Questions regarding this FLTC area can be directed to: Joe Carrozoni (315) 330-7796 Joe.Carozzoni@rl.af.mil Assured Load Balancing Enterprise Background: The DoD has a critical need for information systems that adapt and/or gracefully degrade when unexpected events occur. These systems are subjected to constant change such as overload, component failure, cyber attacks, evolving operational requirements, and/or a dynamic operational environment. Most mission critical systems do not have adaptation mechanisms to support Quality of Service (QoS) (functionality) and/or Quality of Information Assurance (QoIA) (security) in the presence of unpredictable anomalies. A system should adapt to these changes by reconfiguring its resources to provide a different, though acceptable, level of service and/or security to its users. Without adaptation many important activities receive fewer resources than needed while less important activities waste resources by receiving more resources than necessary. Most existing systems either do not adapt or have ad hoc hardwired mechanisms to accommodate only a small, predefined, set of changes. There are no standard methodologies or common tools to assist application developers in managing this sort of adaptation. QoS to most people only deals with network/communication performance (for example diffserv, intserv, Internet Protocol Version 6 (IPV6). The QoS that is being described in this FLTC focus area is a holistic approach which incorporates the user, application, middleware and communications substrate. QoS is a service-based system that must manage/control: processing, data management, and communication resources on an end-to-end basis to support the mission critical user/application. The Air Force has invested in this holistic approach to QoS, but much more work needs to be done. QoIA is a holistic approach to security. We need to be able to quantitatively measure, characterize and control various dimensions of security (availability, integrity and confidentiality) based on user/application requirements. Many security mechanisms exist in research, COTS and government off the shelf (GOTS) that cover the various dimensions of security. What is lacking and what is the main focus of this work is quantitative measurement and fine-grained control to better characterize and utilize the security mechanisms based on mission requirement and/or user needs. Objective: Preserve mission critical functions, while controlling & conveying trustworthiness. The "Assured Load Balancing Enterprise" focus area will develop the tools and technology to realize computer-based systems (i.e., systems composed of hardware, software, and human entities) that tolerate, adapt and/or gracefully degrade based on user (mission-critical) requirements. Information systems must adapt and/or gracefully degrade to provide a guaranteed level of Quality of Service (QoS - functionality (processing, data management and communication)) and Quality of Information Assurance (QoIA - security (measuring and controlling information assurance in Cyber Space)) to the information system enterprise during system overload, component failure, and cyber attacks. This focus area will look at what it means to gracefully degrade QoS and QoIA and what the tradeoff space is between the two. This focus area will also develop QoS and QoIA aware mechanisms and survivability/assurance architectures to guarantee end-to-end QoS and QoIA by adapting and/or gracefully degrading to support mission-critical information enterprise requirements. The realization and enforcement of end-to-end QoS and QoIA implies a degree of control that is fine-grained and extensive. Therefore, an accompanying challenge to creating mechanisms for realizing and enforcing end-to-end QoS and QoIA is to protect those very same mechanisms. Research Concentration Areas: The "Assured Load Balancing Enterprise" focus area will be concerned with the following research challenges, but other approaches that achieve the stated objectives will be considered: • Cyber Defense Metrics o Formalizing QoS & QoIA so they can be quantifiably described, specified, measured and managed based on mission requirements • Graceful Degradation - Trade Space of QoS & QoIA o Understanding the trade space of QoS and QoIA on an end-to-end basis o Identifying the mechanisms and conditions that influence QoIA and how they complement or interfere with QoS o Developing algorithms that perform application-based trade space balancing between QoS (functionality) and QoIA (security) o Creating a taxonomy of QoS and QoIA services o Policy development and de-confliction • Assured End to End QoS & QoIA - (Survivability Architecture) o Composing a survivability architecture that incorporates service delivery and information assurance requirements o Measuring a system's QoS and QoIA capacity at both design time and runtime o Control plane mechanisms to monitor and adapt system performance to guarantee end-to-end QoS and QoIA o Policy enforcement o Adapting and/or gracefully degrading (per application-based, user-provided policy/requirements) QoS and QoIA individually and with respect to each other during malicious and non-malicious faults o Developing a QoS/QoIA dashboard for control of and visibility into system performance • Understanding how the layers of cyber defense, COTS, and legacy code impact QoS and QoIA Funding for this technology area is not available in FY11 thus no white paper inputs will need submission for this FY. Questions regarding this FLTC area can be directed to: Pat Hurley (315) 330-3624 Patrick.Hurley@rl.af.mil Self-Regenerating Incorruptible Enterprise Background: Existing approaches to information system security and survivability consist of preventing, detecting and containing unintentional errors and/or cyber attacks. These systems use static means to survive, but are unable to adapt, learn, tolerate and/or reconstitute dynamically in response to unforeseen errors and/or unknown cyber attacks. These systems simply fail miserably when subjected to previously unknown events. Recent research has demonstrated the ability to tolerate errors and/or attacks and gracefully degrade with respect to user (mission critical) requirements. The problem with this approach is that regardless of how well systems are protected or how well they tolerate errors and/or attacks; they will eventually fail over time unless they have the ability to self-regenerate. On the positive side, systems that tolerate by gracefully degrading service buy time to learn the root cause of errors and attacks, thereby providing valuable knowledge to the self-regeneration process. What are needed are information systems that are able to adapt, learn, tolerate and/or reconstitute dynamically in response to unforeseen errors and/or unknown cyber attacks. Objective: The objective of this "Self Regenerative, Incorruptible Enterprise" focus area is to fight through cyber attacks by enabling information systems to learn, regenerate themselves in response to unforeseen errors and/or attacks, and automatically improve their ability to deliver critical services. If successful, self-regenerative systems will reconstitute the information systems back to its initial operating capability while decreasing their vulnerability to an ever-increasing number of attacks. Research Concentration Areas: The "Self Regenerative, Incorruptible Enterprise" product will create persistent information systems and data. Persistent information systems and data are hard to disable or remove (like malware). This focus area will look at malware for techniques that can be utilized to make software more robust. Another focus area will be to use biologically inspired diversity to dynamically create and compose immune components. Information systems must automatically recognize and learn about novel cyber and service attacks to dynamically create immunized versions of information system components and data. Information systems and data must have redundancy and the ability to regenerate required functionality with increased error/attack immunity, whereby corrupted components can be regenerated without negatively affecting the whole system. This focus area will be concerned with the following research challenges, but other approaches that achieve the stated objectives will be considered: • Persistent applications and data • Reconstitution of data and state • Dynamically recognize, characterize and understand novel cyber attacks and service anomalies (understand root cause) • New approaches to software development (model based, specification based, component based, flow based, etc) • Dynamic synthetic diversity (machine generated correct, immune, and composable functionally equivalent software components) • Synchronizing repair activities without interrupting ongoing mission priorities • Self optimization with respect to achieving incorruptibility (restore initial operating capacity while reducing vulnerabilities to errors and attacks) Funding for FY11 is planned in three focused technology areas, drawing down from the technology approaches described above, specifically: (1) Runtime Machine Generated Reconstitution, (2) Reconstitution of Data and State, and (3) Understanding Synthetic Diversity. The main focus of this topic area is to draw specific research for runtime machine synthesis of code to dynamically recover with immunity from cyber attacks. We seek innovative approaches that permit reasoning about and recovering from cyber attacks using high level abstractions instead of being confined to low level code analysis, as is the paradigm today. Use of high level abstractions that include, but are not limited to 4th generation high-level languages (e.g., model based, specification based, component based, flow based, and formal methods/models) will enable run-time machine synthesis of code that eradicates vulnerabilities and recovers with immunity from cyber attacks. This on-the-fly machine code regeneration makes system hardening and recovery automatic and complete. Previously damaged systems must have the ability to rapidly recover with immunity using synthetic diversity or other techniques, while maintaining data and state for continued mission progression. These systems must automatically fix/restore compromised or corrupted data and state to ensure services are available for mission critical operation. (1) Machine Generated Reconstitution - The goal of this technology area is to automatically machine generate diverse code from high level languages, models or specs to recover with immunity from cyber attacks. Key Technology Challenges: • Run-time machine synthesis of code that recovers with immunity • Dynamically recognizing, characterizing and understanding novel cyber attacks and service anomalies • New approaches to software development (e.g., model based, specification based, component based, flow based, formal methods/models) • Synchronizing repair activities without interrupting ongoing mission priorities • Restoring initial operating capacity while reducing vulnerabilities to errors and attacks • Real-time certification and accreditation (2) Reconstitution of Data and State - The goal of this technology area is continued mission progression by maintaining/recovering data or state in real time. Key Technology Challenges: • Automatically repair corrupted data & state and remove any residue from the cyber attack • Translate data and state so it can be used by the new functionally equivalent machine generated code (3) Understanding Synthetic Diversity - The goal of this technology area is to better understand the use of synthetic diversity to break cyber attacks. Key Technology Challenges: • Ensure complete attack space coverage by expanding/developing new synthetic diversity techniques • Understanding synthetic diversity techniques' effectiveness against various classes of cyber attack Questions regarding this FLTC area can be directed to: Pat Hurley (315) 330-3624 Patrick.Hurley@rl.af.mil The scope of this BAA is not limited to the aforementioned FLTC focus area; it includes Computer Network Defense (CND) and Support Technologies. Network Defense: Employing network-based capabilities to defend friendly information resident in or transiting through networks against adversary efforts to destroy, disrupt, degrade, deny, delay, corrupt or usurp it. Actions include analyzing network activity to determine the appropriate course of action to protect, detect, and react to internal and external threats to Air Force networks. Support: The collection and production of network related data for immediate decisions involving network warfare operations. Specifically, network warfare support provides profiling, event analysis, open source review, as well as pattern analysis in support of network defense and countermeasure development. Other applicable areas of technology include, but are not limited to, Rapid/Live Forensics, Botnet Detection & Mitigation, Attack Attribution, and Insider Threat Detection & Mitigation. II. AWARD INFORMATION: Total funding for this BAA is approximately $49.9M. The anticipated funding to be obligated under this BAA is broken out by fiscal year as follows: FY 09 - $12.5M; FY 10 - $12.5M; FY 11 - $12.5M; and FY 12 - $12.4M. Individual awards will not normally exceed 36 months with dollar amounts normally ranging between $100K and $1M per year. (i.e., for a 3-year effort this means $300k to $3M CFV awards). There is also the potential to make awards up to any dollar value. The total value of all efforts awarded under this BAA will not exceed $49.9M. Awards of efforts as a result of this announcement will be in the form of contracts, grants, cooperative agreements or other transactions depending upon the nature of the work proposed. III. ELIGIBILITY INFORMATION: 1. ELIGIBLE APPLICANTS: Foreign allied participation is authorized at the prime contractor level. Foreign allied participation is allowed of the following countries: France, Germany, Greece, Israel, Italy, Luxembourg, Netherlands, Australia, Austria, Belgium, Canada, Denmark, Egypt, Finland, Norway, Portugal, Spain, Sweden, Switzerland, Turkey and United Kingdom. 2. COST SHARING OR MATCHING: Cost sharing is not a requirement. IV. APPLICATION AND SUBMISSION INFORMATION: 1. APPLICATION PACKAGE: THIS ANNOUNCEMENT CONSTITUTES THE ONLY SOLICITATION. WE ARE SOLICITING WHITE PAPERS ONLY. DO NOT SUBMIT A FORMAL PROPOSAL AT THIS TIME. Those white papers found to be consistent with the intent of this BAA may be invited to submit a technical and cost proposal, see Section VI of this announcement for further details. For additional information, a copy of the AFRL/Rome Research Sites "Broad Agency Announcement (BAA): A Guide for Industry," April 2007, may be accessed at: http://www.fbo.gov/spg/USAF/AFMC/AFRLRRS/Reference%2DNumber%2DBAAGUIDE/listing.html 2. CONTENT AND FORM OF SUBMISSION: Offerors are required to submit 4 copies of a 4-5 page white paper AND 1 electronic copy on a CD summarizing their proposed approach/solution. The CD MUST be CD-R and not CD-RW. All whitepaper/proposals shall be submitted in Microsoft Word or PDF format, single spaced, and have a font no smaller than 12 pitch with any figures, tables and charts easily legible. The purpose of the white paper is to preclude unwarranted effort on the part of an offeror whose proposed work is not of interest to the Government. The white paper will be formatted as follows: • Section A: Title, Period of Performance, Estimated Cost, Name/Address of Company, Technical and Contracting Points of Contact (phone, fax and email), and FLTC focus area reference if applicable (e.g., Strategic Cyber Defense) or the target technology area (e.g., Rapid Forensics) - (this section is NOT included in the page count); • Section B: Innovative Claims (How will this effort enhance the state-of-the-art?); • Section C: Technical Approach (Why is this approach superior to alternatives or current practice?); • Section D: Evaluation Approach (How will you show the success of your work?); • Section E: Phasing (Is this expected to be a 1, 2, or 3 phase effort?) Provide a timeline or a brief description of the steps you expect to take in the research. • Section F: Biggest Technical Challenge (What are the major technical challenges in the approach?) The length of each section is at the discretion of the proposer, subject to the 5 page limit. In addition, a biographical sketch of each proposed principal investigator must be included, subject to a 1 page limit per investigator. Also include a 1 page description of the organizational capabilities, qualifications, and experience. This additional required information will not count against the previously stated 5 page limit. Multiple white papers within the purview of this announcement may be submitted by each offeror. If the offeror wishes to restrict its white papers/proposals, they must be marked with the restrictive language stated in FAR 15.609(a) and (b). In addition, respondents are requested to provide their Commercial and Government Entity (CAGE) number, their Dun & Bradstreet (D&B) Data Universal Numbering System (DUNS) number, a fax number, an e-mail address, and reference BAA 08-08-RIKA with their submission. 3. SUBMISSION DATES AND TIMES: It is recommended that white papers be received by the following dates to maximize the possibility of award: FY 09 should be received no later than 01 Dec 2008; FY 10 should be submitted by 02 Jan 2009; FY 11 by 19 Jan 2010; and FY 12 by 03 Jan 2011. White papers will be accepted until 2:00 p.m. Eastern time on 28 Sep 2012, but it is less likely that funding will be available in each respective fiscal year after the dates cited. 4. FUNDING RESTRICTIONS: The cost of preparing white papers/proposals in response to this announcement is not considered an allowable direct charge to any resulting contract or any other contract, but may be an allowable expense to the normal bid and proposal indirect cost specified in FAR 31.205-18. Incurring pre-award costs for ASSISTANCE INSTRUMENTS ONLY are regulated by the DoD Grant and Agreements Regulations (DODGARS). 5. CLASSIFICATION GUIDANCE FOR WHITE PAPER SUBMISSIONS: AFRL/RIGA will accept classified responses to this BAA when the classification is mandated by classification guidance provided by an Original Classification Authority of the U.S. Government, or when the proposer believes the work, if successful, would merit classification. Security classification guidance in the form of a DD Form 254 (DoD Contract Security Classification Specification) will not be provided at this time since AFRL is soliciting ideas only. Proposers that intend to include classified information or data in their white paper submission or who are unsure about the appropriate classification of their white papers should contact the technical point of contact listed in Section VII for guidance and direction in advance of preparation. All Proposers should review the NATIONAL INDUSTRIAL SECURITY PROGRAM OPERATING MANUAL, (NISPOM), dated February 28, 2006 as it provides baseline standards for the protection of classified information and prescribes the requirements concerning Contractor Developed Information under paragraph 4-105. Defense Security Service (DSS) Site for the NISPOM is: https://www.dss.mil/portal/ShowBinary/BEA%20Repository/new_dss_internet//isp/fac_clear/download_nispom.html 6. OTHER SUBMISSION REQUIREMENTS: DO NOT send white papers to the Contracting Officer. All responses, unclassified/classified, to this announcement must be sent U.S. Postal Service, registered mail and addressed to AFRL/RIGA, 525 Brooks Road, Rome NY 13441-4505, and reference BAA 08-08-RIKA. Electronic submission is NOT authorized. Questions can be directed to the cognizant technical POCs, Jason Siegfried, (315) 330-3326, Jason.Siegfried@rl.af.mil or John Maxey, (315) 330-3617, William.Maxey@rl.af.mil Please provide your email and/or mailing address where responses to your white paper or proposal should be sent. V. APPLICATION REVIEW INFORMATION: 1. CRITERIA: The following criteria, which are listed in descending order of importance, will be used to determine whether white papers and proposals submitted are consistent with the intent of this BAA and of interest to the Government: (1) Overall Scientific and Technical Merit -- Including the approach for the development and/or enhancement of the proposed technology and its evaluation, (2) Related Experience - The extent to which the offeror demonstrates relevant technology and domain knowledge, (3) Openness/Maturity of Solution - The extent to which existing capabilities and standards are leveraged and the relative maturity of the proposed technology in terms of reliability and robustness, and (4) Reasonableness and realism of proposed costs and fees (if any). No further evaluation criteria will be used in selecting white papers/proposals. Individual white paper/proposal evaluations will be evaluated against the evaluation criteria without regard to other white papers and proposals submitted under this BAA. White papers and proposals submitted will be evaluated as they are received. 2. REVIEW AND SELECTION PROCESS: Only Government employees will evaluate the white papers/proposals for selection. The Air Force Research Laboratory's Information Directorate has contracted for various business and staff support services, some of which require contractors to obtain administrative access to proprietary information submitted by other contractors. Administrative access is defined as "handling or having physical control over information for the sole purpose of accomplishing the administrative functions specified in the administrative support contract, which do not require the review, reading, or comprehension of the content of the information on the part of non-technical professionals assigned to accomplish the specified administrative tasks." These contractors have signed general non-disclosure agreements and organizational conflict of interest statements. The required administrative access will be granted to non-technical professionals. Examples of the administrative tasks performed include: a. Assembling and organizing information for R&D case files; b. Accessing library files for use by government personnel; and c. Handling and administration of proposals, contracts, contract funding and queries. Any objection to administrative access must be in writing to the Contracting Officer and shall include a detailed statement of the basis for the objection. VI. AWARD ADMINISTRATION INFORMATION: 1. AWARD NOTICES: Those white papers found to be consistent with the intent of this BAA may be invited to submit a technical and cost proposal. Notification by email or letter will be sent by the technical POC. Such invitation does not assure that the submitting organization will be awarded a contract. Those white papers not selected to submit a proposal will be notified in the same manner. Prospective offerors are advised that only Contracting Officers are legally authorized to commit the Government. All offerors submitting white papers will be contacted by the technical POC, referenced in Section VII of this announcement. Offerors can email the technical POC for status of their white paper/proposal no earlier than 45 days after proposal submission. 2. ADMINISTRATIVE AND NATIONAL POLICY REQUIREMENTS: AFRL/RIGA will accept classified responses to this BAA when the classification is mandated by classification guidance provided by an Original Classification Authority of the U.S. Government, or when the proposer believes the work, if successful, would merit classification. Security classification guidance in the form of a DD Form 254 (DoD Contract Security Classification Specification) will not be provided at this time since AFRL is soliciting ideas only. Proposers that intend to include classified information or data in their white paper submission or who are unsure about the appropriate classification of their white papers should contact the technical point of contact listed in Section VII for guidance and direction in advance of preparation. Depending on the work to be performed, the offeror may require a SECRET facility clearance and safeguarding capability; therefore, personnel identified for assignment to a classified effort must be cleared for access to SECRET information at the time of award. In addition, the offeror may be required to have, or have access to, a certified and Government-approved facility to support work under this BAA. Data subject to export control constraints may be involved and only firms holding certification under the US/Canada Joint Certification Program (JCP) (www.dlis.dla.mil/jcp) are allowed access to such data. 3. REPORTING: Once a proposal has been selected for award, offerors will be required to submit their reporting requirement through our web-based reporting system known as JIFFY. Prior to award, the offeror will be given complete instructions regarding its use. VII. AGENCY CONTACTS: Questions of a technical nature shall be directed to the cognizant technical point of contact, as specified below: TPOC Name: Jason Siegfried Telephone: (315) 330-3326 Email: Jason.Siegfried@rl.af.mil (Alternate) TPOC Name: John Maxey Telephone: (315) 330-3617 Email: William.Maxey@rl.af.mil Questions of a contractual/business nature shall be directed to the cognizant contracting officer, as specified below: Lynn White Telephone (315) 330-4996 Email: Lynn.White@rl.af.mil The email must reference the solicitation (BAA) number and title of the acquisition. In accordance with AFFARS 5301.91, an Ombudsman has been appointed to hear and facilitate the resolution of concerns from offerors, potential offerors, and others for this acquisition announcement. Before consulting with an ombudsman, interested parties must first address their concerns, issues, disagreements, and/or recommendations to the contracting officer for resolution. AFFARS Clause 5352.201-9101 Ombudsman (Aug 2005) will be incorporated into all contracts awarded under this BAA. The AFRL Ombudsman is as follows: Susan Hunter Building 15, Room 225 1864 Fourth Street Wright-Patterson AFB OH 45433-7130 FAX: (937) 225-5036; Comm: (937) 255-7754 All responsible organizations may submit a white paper which shall be considered.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/USAF/AFMC/AFRLRRS/BAA-08-08-RIKA/listing.html)
 
Record
SN02028174-W 20091220/091219000032-7de5abf5f15a9c042c147943a36103a5 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.