DISA Call for White Papers
Technologies, and technology-based companies, advance so rapidly that the Department of Defense is finding it difficult to contractually engage, collaborate, and do business with high-tech companies. The traditional procurement process is too slow and based on regulations rather than negotiations. The Government's cost-based pricing system is cumbersome and expensive requiring unique accounting and auditing systems. The Government's standard approach to intellectual property can be overreaching and inflexible. The Defense Information Systems Agency (DISA) is responding to this by exercising its authority under 10 U.S.C. 2371b, Other Transaction Agreements for Prototypes. DISA will periodically post Requests for White Papers inviting companies leading innovation to submit their solutions to the Agency's capability gaps, problem statements, or areas of interest.
Mobility Enablement Prototype
Due Date: August 12, 2019 by 9:00 AM CST
Project Number: DISA-OTA-19-R-MEO
Section 1. Request for White Papers
This request for White Paper (RWP) is being issued to seek vendors capable of fulfilling the technical objectives outlined below related to Mobility Enablement in order to conduct research, development, and testing activities to stand up an environment capable of supporting the development of secure mobile applications (apps) and streamline the security approval process to properly vet the apps for use on Department of Defense (DoD) mobile devices.
1.2 Statement of Need
DISA has made progress over the past few years, delivering a secure solution for mobile communications, DoD Mobility Unclassified Capability (DMUC) and DoD Mobility Classified Capability. To improve device utility, DISA requires a capability to efficiently develop and sustain secure mobile applications. In March 2018, DISA SD3 set out to enhance the mobile end users' experience, explore ways to maximize utilization, and lower the barrier for agile mobile application development by mirroring the commercial experience. An industry survey confirmed that the utility of mobile devices stems from accessibility of native applications. DoD mobile users should have the same tools and services to which they are accustomed on their desktop/laptop computer securely available on the mobile device. The MEO is planning to utilize Other Transaction Authority (OTA) to engage industry and prototype an agile solution. The goal is to stand up an environment capable of supporting the development of secure mobile applications (apps) and streamline the security approval process to properly vet the apps for use on DoD mobile devices.
The DoD does not currently have a means to efficiently build approved applications for a DoD mobile environment with security requirements incorporated into the development process. DISA requires a capability similar to what exists in industry to adopt mature processes for mobile application development and sustainment. There is an immediate need to mirror industry's agile approach while simultaneously including the required DoD security elements into that process. The project's objective is to prototype a web-based software development environment for creating secure mobile applications suitable for the DMUC capability and streamline the security approval process to properly vet the apps for use on DMUC devices. The development environment will be accessible from anywhere and by any qualified and authorized mobile applications developer. The prototype will minimally include an environment for iPhone Operating System (iOS) and Android applications development and include an automated means for ensuring compliance with the National Information Assurance Partnership (NIAP) criteria, the DoD Security Requirements Guide (SRG), the DoD Security Technical Implementation Guides (STIGs), and any other approved security measures. The prototype will also include tools for continuous integration, code repository, issue tracking, source control, and documentation.Download the Mobility Enablement Prototype Request for White Papers [PDF]
Download the Mobility Enablement Prototype Request for White Papers Amendment 0001 [PDF] Download the Mobility Enablement Prototype Request for White Papers Amendment 0002 [PDF] Download the Mobility Enablement Prototype Request Q&A Responses [PDF]
Quantum-Resistance Cryptography Prototype
Due Date: June 14, 2019 by 9:00 AM CST
Project Number: DISA-OTA19-R-Quantum
The Defense Information Systems Agency (DISA), Emerging Technology (EM) Directorate through the DISA Procurement Services Directorate (PSD) is seeking information from Industry to evaluate the use of quantum-safe algorithms and cryptographic solutions that can defend Department of Defense (DoD) Information Technology (IT) infrastructure from malicious cyber activities.
SECTION 1 OVERVIEW/DESCRIPTION
One of the immediate concerns facing DoD has to do with public key cryptography data encryption and authentication. Theoretically, adversaries could utilize quantum computers to attack the cryptographic algorithms that are widely used for secure online transactions and communications. Certain algorithms currently utilized across the DoD on various systems are vulnerable to attacks from large-scale quantum computers. The exact time of the arrival of the quantum-computing era is unknown; however, DoD must begin now to prepare its information security systems to be able to resist attacks from large-scale quantum computers.
This request for White Paper (RWP) is being issued to conduct research, development, and testing activities associated with evaluating Quantum-Resistant algorithms, and cryptographic solutions that can be used to enable quantum-encrypted information transfer using symmetric encryption.
1.2 STATEMENT OF NEED
Arrival of the quantum-computing era is inevitable, though its timing is unknown. DoD must begin now to prepare its information security systems to protect against quantum computing attacks. One of the immediate concerns facing DoD has to do with Public key cryptography data encryption.
Due to growing concerns related to quantum computers-machines, DISA has begun to investigate quantum-resistant or quantum-safe cryptography algorithms and solutions. The goal of this prototype Other Transaction Authority (OTA) is to research, evaluate, test, and deliver a prototype utilizing cryptographic algorithms and solutions that would secure DoD IT systems against both quantum and classical computers.
The Quantum-Resistant Cryptography prototype will support the following:
- Future improvements, technical feasibility, and optional challenges associated with implementing new algorithms and solutions on the current DoD PKI/PKE components, technology, and processes;
- Time to generate Public Key, Ciphertext, and Signature Size (i.e., key size) locally on DoD devices;
- The hardware and software efficiency of the public key (encryption, encapsulation, and signature verification) and private key (decryption, decapsulation, and signing) operations dealing with traffic volume;
- Decryption/decapsulation failures associated with application utilization and identify interactive protocols that establish key failures;
- Analysis of bandwidth requirements and the ability of solutions to support systems operating in constrained environments.
- Migration options to enable a smooth transition to new algorithms and archetectures.
- Performance test results to contribute to the national discussion and build a case to recommend an algorithms and possible solutions to use as the industry standard.
The Defense Information Systems Agency, known as the Defense Communications Agency until 1991, is a United States Department of Defense combat support agency composed of military, federal civilians, and contractors. DISA's mission is to conduct DODIN operations for the joint warfighter to enable lethality across all warfighting domains in defense of our Nation. DISA is the trusted provider to connect and protect the warfighter in cyberspace. Visit https://www.disa.mil to learn more.