TITLE: Multi-Integrated Domain Administrative Support Solution
ACQUISITION PROGRAM: PMA-205
Naval Aviation Training Systems
The technology within this
topic is restricted under the International Traffic in Arms Regulation (ITAR),
22 CFR Parts 120-130, which controls the export and import of defense-related
material and services, including export of sensitive technical data, or the
Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls
dual use items. Offerors must disclose any proposed use of foreign nationals
(FNs), their country(ies) of origin, the type of visa or work permit possessed,
and the statement of work (SOW) tasks intended for accomplishment by the FN(s)
in accordance with section 3.5 of the Announcement. Offerors are advised
foreign nationals proposed to perform on this topic may be restricted due to
the technical data under US Export Control Laws.
OBJECTIVE: Design and develop
a cross-domain solution (CDS) technology that allows a centrally located system
administrator to disseminate network configuration information to multiple
DESCRIPTION: One of the core
security features of distinct information networks is that they are separate
from other computer networks. This is primarily implemented to ensure that if
one is compromised, the other remains unaffected as access to the network is
limited and restricted by an administrator.
Although the cyber security benefits of individual networks are clear, there is
a desire for a secure CDS to allow a central system administrator to manage
multiple networks. Cross-domain solutions provide the ability to transfer
information between two domains with different security levels that are
isolated from each other. Currently, each network administrator must set up
separate instances for their own respective domains, which poses
software-related concurrency challenges. The desired solution is envisioned as
a standalone solution, or a technology that can be added to an existing
cross-domain solution for network communication between trusted and untrusted
networks. Key factors in an envisioned solution include the scalability of the
architecture (e.g., number of networks, components) and the supportability of
the device (i.e., being able to change the rulesets when new versions of
host-based security system (HBSS) or a domain controller are released). Having
the ability to manage all domains with a single cyber security solution
(through a specialized guard) would significantly lessen both the initial
acquisition and sustainment costs of any procurement that had the requirement
for multiple classification levels. Proposers should consider and adhere to
Risk Management Framework (RMF) guidelines [Ref 3].
Work produced in Phase II may become classified. Note: The prospective
contractor(s) must be U.S. Owned and Operated with no Foreign Influence as
defined by DOD 5220.22-M, National Industrial Security Program Operating
Manual, unless acceptable mitigating procedures can and have been implemented and
approved by the Defense Security Service (DSS). The selected contractor and/or
subcontractor must be able to acquire and maintain a secret level facility and
Personnel Security Clearances, in order to perform on advanced phases of this
contract as set forth by DSS and NAVAIR in order to gain access to classified
information pertaining to the national defense of the United States and its
allies; this will be an inherent requirement. The selected company will be
required to safeguard classified material IAW DoD 5220.22-M during the advance
phases of this contract.
PHASE I: Design, develop, and
demonstrate the feasibility of a proof-of-concept cross-domain solution and
network communication between trusted and untrusted networks. Identify
Information Assurance (IA) challenges or CDS policy that impact prototype
development. Consider RMF guidelines in initial design to support information
assurance compliance throughout the effort. Develop plans for the prototype to
be developed in Phase II.
PHASE II: Design and develop
a prototype technology solution and implement it in a laboratory test
environment. Demonstrate that relevant IA policies and safety concerns are
addressed while enabling enhanced information flow. Continue to consider and
adhere to RMF guidelines during the development to support information
It is probable that the work under this effort will be classified under Phase
II (see Description section for details).
PHASE III DUAL USE
APPLICATIONS: Complete development of CDS based on Phases I and II efforts,
targeting the representative domain and networks. Demonstrate and evaluate the
utility of CDS within a targeted transition environment. Transition and deliver
a fully-featured CDS to the Navy.
Any company that wishes to segregate its network for security or any other
reason could make use of this application. Whether protecting Health Insurance
Portability and Accountability Act (HIPAA) information or trade secrets, the
ability to seamlessly manage multiple networks would be useful to any number of
private sector companies (e.g., medical insurance, hospital/medical groups,
industry associated with government contracting, pharmaceuticals, information
technology, law firms) that wish to practice good cyber security on a budget.
1. Liguori, A., Benedetto,
F., Giunta, G., Kopal, N., and Wacker, A. “SoftGap: A Multi Independent Levels
of Security Cross-Domain Solution”. 2015 3rd International Conference on Future
Internet of Things and Cloud, August 2015, pp. 754-759. https://www.computer.org/web/search?cs_search_action=advancedsearch&search-options=dl&searchOperation=exact&searchText=SoftGap%3A+A+Multi+Independent+Levels+of+Security+Cross-Domain+Solution
2. Ollett, A., Robertson, S.,
Baker, D., Lafon, F., Giesbertz, B., Liu, M., Fernando, N., and Parkinson, A.
“Reducing the footprint of deployed information systems with Cross Domain
Solutions”. Journal of Battlefield Technology, 2013, 16(1), 1. http://www.argospress.com/articles/2013/reducing-the-footprint-of-deployed-information-systems-with-cross-domain-solutions
3. Risk Management Framework
(RMF) for DoD Information Technology (IT)F: http://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/851001_2014.pdf
KEYWORDS: Cyber Security;
Cross-domain Solution (CDS); Controlled Interface (CI); Guard, Ruleset;
Live-Virtual-Constructive (LVC); Multi-level Security
** TOPIC NOTICE **
These Navy Topics are part of the overall DoD 2018.2 SBIR BAA. The DoD issued its 2018.2 BAA SBIR pre-release on April 20, 2018, which opens to receive proposals on May 22, 2018, and closes June 20, 2018 at 8:00 PM ET.
Between April 20, 2018 and May 21, 2018 you may talk directly with the Topic Authors (TPOC) to ask technical questions about the topics. During these dates, their contact information is listed above. For reasons of competitive fairness, direct communication between proposers and topic authors is not allowed starting May 22, 2018 when DoD begins accepting proposals for this BAA.
However, until June 6, 2018, proposers may still submit written questions about solicitation topics through the DoD's SBIR/STTR Interactive Topic Information System (SITIS), in which the questioner and respondent remain anonymous and all questions and answers are posted electronically for general viewing until the solicitation closes. All proposers are advised to monitor SITIS during the Open BAA period for questions and answers and other significant information relevant to their SBIR/STTR topics of interest.
Topics Search Engine: Visit the DoD Topic Search Tool at sbir.defensebusiness.org/topics/ to find topics by keyword across all DoD Components participating in this BAA.
Proposal Submission: All SBIR/STTR Proposals must be submitted electronically through the DoD SBIR/STTR Electronic Submission Website, as described in the Proposal Preparation and Submission of Proposal sections of the program Announcement.
Help: If you have general questions about DoD SBIR program, please contact the DoD SBIR Help Desk at 800-348-0787 or via email at email@example.com