The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 3.5 of the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws. OBJECTIVE: Create a secure environment for collaboration between small businesses and government personnel and provide a central location for Small Business Innovation Research (SBIR) / Small Business Technology Transfer (STTR) knowledge management. DESCRIPTION: Industry and government organizations require access to collaborative data repositories that are tightly controlled with cyber secure protocols, Risk Management Framework (RMF) compliance, and role-based access controls, resulting in the implementation of DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting. This regulation can be costly to small businesses with limited resources, hindering their ability to exchange innovative ideas and research with government entities. Another challenge facing most small business employees is the inability to send encrypted emails due to the lack of a Common Access Card (CAC) or the required certificates, making secure collaboration difficult. Current processes for collaboration are not only an issue for small businesses lacking the necessary tools for security, but create an environment for the unnecessary duplication of data and a cumbersome data management environment. For example, MDA has various requirements for multiple organizational entities to manage and store data, resulting in the accumulation of storage costs and version tracking issues. There are also a number of deadlines for each group or organization that must be tracked independently by both the companies and multiple government staff. This topic seeks a mature concept for the development of a collaborative repository that: [1] Leverages advanced techniques (i.e., Artificial Intelligence/Machine Learning (AI/ML)) techniques to ensure the security of transferring data [2] Leverages advanced techniques (i.e., AI/ML) to organically address the data management issue to appropriately distribute and track data, including deliverables, to all relevant project participants and archival repositories [3] Provides architectural flexibility to seamlessly integrate future plug-ins and supplemental tools (e.g., advance search engines, source code repositories, etc.) [4] Employs two-factor authentication methods that do not restrict small businesses to the use of a CAC and/or a username/complex password combination [5] Encrypts communication while also preserving the integrity and non-repudiation of the message [6] Implements the Least Privilege principle [7] Monitors and audits user activity and data movement [8] Provides authorized users with reminders of upcoming deadlines as established in the CDRLs [9] Contains intrinsic virus scanning as part of the transfer process [10] Capable of being deployed on a DoD unclassified network PHASE I: This is a Direct to Phase 2 (D2P2) topic. Phase I -like proposals will not be evaluated and will be rejected as nonresponsive. For this topic, the Government expects that the small business would have accomplished the following in a Phase I-like effort via some other means, e.g., independent research and development (IRAD) or other source, a concept for a workable prototype or design to address, at a minimum, the basic capabilities of the stated objective above. Proposals must show, as appropriate, a demonstrated technical feasibility or nascent capability of virtual reality and/or telepresence and techniques compatible with low latency communications and/or data transfer. Proposal may provide example cases of this new capability on a specific application. The documentation provided must substantiate the proposer's development of a preliminary understanding of the technology to be applied in their Phase II proposal in meeting topic objectives. Documentation should comprise all relevant information including, but not limited to, technical reports, test data, prototype designs/models, and performance goals/results. Feasibility documentation: Proposers interested in participating in Direct to Phase II must include in their responses to this topic Phase I feasibility documentation that substantiates the scientific and technical merit and Phase I feasibility described in Phase I above has been met (i.e., the small business must have performed a proof of concept Phase I -type research and development related to the topic, but feasibility documentation MUST NOT be solely based on work performed under prior or ongoing federally funded SBIR/STTR Phase I work) and describe the potential commercialization applications. The documentation provided must validate that the proposer has completed development of the technology as stated in Phase I above in previous work or research completed. Documentation should include all relevant information including, but not limited to: technical reports, test data, prototype designs/models, and performance goals/results. Work submitted within the feasibility documentation must have been substantially performed by the proposer and/or the principal investigator (PI). PHASE II: Develop and demonstrate an innovative solution satisfying, or being capable of satisfying, requirements (1) through (10) outlined in this topic's Description section. Conduct software scans and develop detailed documentation sufficient for the software Cybersecurity Maturity Model Certification (CMMC) process (per requirement (10)) to enable the software to be placed into a government provided test environment. Demonstrate the solution's capabilities in the government test environment and with either external or simulated external users. PHASE III DUAL USE APPLICATIONS: Deploy the collaborative environment within the government unclassified network and relevant external non-CAC using organizations. Upgrade the solution's capabilities to fully satisfy requirements (1) through (10) and improvements based upon feedback from Phase II demonstration and initial users emphasizing security, usability, accessibility, and reliability. REFERENCES: 1. https://www.nist.gov/system/files/documents/2018/10/18/cui18oct2018-104501145-dod_dfars-michetti-thomas.pdf 2. https://www.acq.osd.mil/dpap/policy/policyvault/USA002829-17-DPAP.pdf 3. https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final KEYWORDS: Cybersecurity, Collaboration, Information Management, Task Management, Machine Learning, Artificial Intelligence
