Multi-Integrated Domain Administrative Support Solution
Navy SBIR 2018.2 - Topic N182-104
NAVAIR - Ms. Donna Attick - donna.attick@navy.mil
Opens: May 22, 2018 - Closes: June 20, 2018 (8:00 PM ET)

N182-104

TITLE: Multi-Integrated Domain Administrative Support Solution

 

TECHNOLOGY AREA(S): Information Systems

ACQUISITION PROGRAM: PMA-205 Naval Aviation Training Systems

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 3.5 of the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws.

OBJECTIVE: Design and develop a cross-domain solution (CDS) technology that allows a centrally located system administrator to disseminate network configuration information to multiple associated networks.

DESCRIPTION: One of the core security features of distinct information networks is that they are separate from other computer networks. This is primarily implemented to ensure that if one is compromised, the other remains unaffected as access to the network is limited and restricted by an administrator.

Although the cyber security benefits of individual networks are clear, there is a desire for a secure CDS to allow a central system administrator to manage multiple networks. Cross-domain solutions provide the ability to transfer information between two domains with different security levels that are isolated from each other.  Currently, each network administrator must set up separate instances for their own respective domains, which poses software-related concurrency challenges. The desired solution is envisioned as a standalone solution, or a technology that can be added to an existing cross-domain solution for network communication between trusted and untrusted networks. Key factors in an envisioned solution include the scalability of the architecture (e.g., number of networks, components) and the supportability of the device (i.e., being able to change the rulesets when new versions of host-based security system (HBSS) or a domain controller are released). Having the ability to manage all domains with a single cyber security solution (through a specialized guard) would significantly lessen both the initial acquisition and sustainment costs of any procurement that had the requirement for multiple classification levels. Proposers should consider and adhere to Risk Management Framework (RMF) guidelines [Ref 3].

Work produced in Phase II may become classified. Note: The prospective contractor(s) must be U.S. Owned and Operated with no Foreign Influence as defined by DOD 5220.22-M, National Industrial Security Program Operating Manual, unless acceptable mitigating procedures can and have been implemented and approved by the Defense Security Service (DSS). The selected contractor and/or subcontractor must be able to acquire and maintain a secret level facility and Personnel Security Clearances, in order to perform on advanced phases of this contract as set forth by DSS and NAVAIR in order to gain access to classified information pertaining to the national defense of the United States and its allies; this will be an inherent requirement. The selected company will be required to safeguard classified material IAW DoD 5220.22-M during the advance phases of this contract.

PHASE I: Design, develop, and demonstrate the feasibility of a proof-of-concept cross-domain solution and network communication between trusted and untrusted networks. Identify Information Assurance (IA) challenges or CDS policy that impact prototype development. Consider RMF guidelines in initial design to support information assurance compliance throughout the effort. Develop plans for the prototype to be developed in Phase II.

PHASE II: Design and develop a prototype technology solution and implement it in a laboratory test environment. Demonstrate that relevant IA policies and safety concerns are addressed while enabling enhanced information flow. Continue to consider and adhere to RMF guidelines during the development to support information assurance compliance.

It is probable that the work under this effort will be classified under Phase II (see Description section for details).

PHASE III DUAL USE APPLICATIONS: Complete development of CDS based on Phases I and II efforts, targeting the representative domain and networks. Demonstrate and evaluate the utility of CDS within a targeted transition environment. Transition and deliver a fully-featured CDS to the Navy.

Any company that wishes to segregate its network for security or any other reason could make use of this application. Whether protecting Health Insurance Portability and Accountability Act (HIPAA) information or trade secrets, the ability to seamlessly manage multiple networks would be useful to any number of private sector companies (e.g., medical insurance, hospital/medical groups, industry associated with government contracting, pharmaceuticals, information technology, law firms) that wish to practice good cyber security on a budget.

REFERENCES:

1. Liguori, A., Benedetto, F., Giunta, G., Kopal, N., and Wacker, A. “SoftGap: A Multi Independent Levels of Security Cross-Domain Solution”. 2015 3rd International Conference on Future Internet of Things and Cloud, August 2015, pp. 754-759. https://www.computer.org/web/search?cs_search_action=advancedsearch&search-options=dl&searchOperation=exact&searchText=SoftGap%3A+A+Multi+Independent+Levels+of+Security+Cross-Domain+Solution

2. Ollett, A., Robertson, S., Baker, D., Lafon, F., Giesbertz, B., Liu, M., Fernando, N., and Parkinson, A. “Reducing the footprint of deployed information systems with Cross Domain Solutions”. Journal of Battlefield Technology, 2013, 16(1), 1. http://www.argospress.com/articles/2013/reducing-the-footprint-of-deployed-information-systems-with-cross-domain-solutions

3. Risk Management Framework (RMF) for DoD Information Technology (IT)F: http://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/851001_2014.pdf

KEYWORDS: Cyber Security; Cross-domain Solution (CDS); Controlled Interface (CI); Guard, Ruleset; Live-Virtual-Constructive (LVC); Multi-level Security

TPOC-1:

Phone:

Beth Atkinson

407-380-4773

 

TPOC-2:

Phone:

John Hodak

407-380-4737

 

TPOC-3:

Phone:

Curtis Brooks

301-757-2286

 

TPOC-4:

Phone:

John Killilea

407-380-4670

 

** TOPIC NOTICE **

These Navy Topics are part of the overall DoD 2018.2 SBIR BAA. The DoD issued its 2018.2 BAA SBIR pre-release on April 20, 2018, which opens to receive proposals on May 22, 2018, and closes June 20, 2018 at 8:00 PM ET.

Between April 20, 2018 and May 21, 2018 you may talk directly with the Topic Authors (TPOC) to ask technical questions about the topics. During these dates, their contact information is listed above. For reasons of competitive fairness, direct communication between proposers and topic authors is not allowed starting May 22, 2018
when DoD begins accepting proposals for this BAA.
However, until June 6, 2018, proposers may still submit written questions about solicitation topics through the DoD's SBIR/STTR Interactive Topic Information System (SITIS), in which the questioner and respondent remain anonymous and all questions and answers are posted electronically for general viewing until the solicitation closes. All proposers are advised to monitor SITIS during the Open BAA period for questions and answers and other significant information relevant to their SBIR/STTR topics of interest.

Topics Search Engine: Visit the DoD Topic Search Tool at sbir.defensebusiness.org/topics/ to find topics by keyword across all DoD Components participating in this BAA.

Proposal Submission: All SBIR/STTR Proposals must be submitted electronically through the DoD SBIR/STTR Electronic Submission Website, as described in the Proposal Preparation and Submission of Proposal sections of the program Announcement.

Help: If you have general questions about DoD SBIR program, please contact the DoD SBIR Help Desk at 800-348-0787 or via email at sbirhelp@bytecubed.com