SPECIAL NOTICE
99 -- Provably Secure, Internet Web & Messaging Server Assessment Event (AE) Related Notice
- Notice Date
- 2/6/2023 12:39:08 PM
- Notice Type
- Special Notice
- NAICS
- 541330
— Engineering Services
- Contracting Office
- ACC
- ZIP Code
- 00000
- Solicitation Number
- W52P1J-23-PS-MSAE
- Response Due
- 2/26/2023 8:59:00 PM
- Archive Date
- 02/27/2023
- Point of Contact
- Brandon Sizemore, Tim Hill
- E-Mail Address
-
bsizemore@cyberfic.org, thill@cyberfic.org
(bsizemore@cyberfic.org, thill@cyberfic.org)
- Description
- Purpose Background: The Army requires the ability to rapidly provision formally verified, provably secure computer systems that provide services or enable secure data exchange between a perpetually growing number of regional partners in a contested environment. Provably secure systems provide a root of trust to build Zero Trust (ZT) architectures upon and would accelerate the Army�s ability to exchange sensitive data with regional and theater partners in competition and during combat. The existence of software defects in many client and server applications results in the application of highly complex, costly, security controls including logical or physical separation of systems to gain a measure of confidentiality, integrity, and availability. To address the needs for a root of trust for ZT implementations and for provably secure computing and data exchange, the Army needs rapidly deployable, provably secure systems that enable key services such as routing, firewall, authentication, web and messaging functions. These systems also need to operate in contested networks that are proven to be unsusceptible to remote network exploitation using zero day or N-day exploitation methods that are often used to compromise systems and gain unauthorized access. Formally verified software is a potential solution to this problem and recent advances in provably secure computing technologies make this concept testable by building, testing and auditing prototypes that could be used during exercises and experimentation events to facilitate low-cost, secure communications with partners throughout the operational region.� Proposed Solution Overview: Employ formal verification or provably secure technology to design and implement a provably secure web and messaging server prototype that is not vulnerable to remote network exploitation using zero day or N-Day type exploits enabling the secure exchange of near real time messages between authenticated web clients over an encrypted network transport. The prototype should be designed for persistent exposure to a contested network and prevent unauthorized egress of the server�s data (e.g., messages, web pages, encryption keys and configuration data). Any internal fault conditions should result in the server to safely abort all processing and stop servicing new connections (fail closed). The prototype design must be documented and explainable so it can be used as a root of trust for broad ZT implementations and a model for future computer system design for all servers persistently exposed to contested environments.� Please see attachment for more information.
- Web Link
-
SAM.gov Permalink
(https://sam.gov/opp/bfcf733d39fc49bb97f186d1caa32ec7/view)
- Place of Performance
- Address: Augusta, GA, USA
- Country: USA
- Country: USA
- Record
- SN06582986-F 20230208/230206230109 (samdaily.us)
- Source
-
SAM.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's SAM Daily Index Page |