Tactical Data In Use Security   2

03/12/2025: Updated RFI Response Due Date to 28th March 2025.

02/28/2025: Updated language for receiving CUI attachment.

02/27/2025: Updated RFI Response Due Date to 19th March 2025.

See RFI Tactical Data in Use Security 20 Feb 2025 version in the attachments. Changes are highlighted in red.

__________________________________________________________

Request for Information (RFI) forTactical Data in Use Security

Sources Sought Notice: Tactical Data in Use Security (DUCES)

DISCLAIMER:

THIS IS NOT A SOLICITATION: No award will be made as a result of this request. This RFI is for informational and planning purposes only; this is not an Invitation for Bid, a Request for Proposal, or a Request for Quotation. No solicitation document exists, and a formal solicitation will not be issued by the Government after receiving responses to this RFI. The Government will not be liable for payment of any costs incurred in response to this RFI and is under no obligation to act in any way on the information received. No costs incurred by interested companies in response to this announcement will be reimbursed. The information provided may be used by the Army in developing a future acquisition strategy, Performance Work Statement, Statement of Objectives, and/or Performance Based Specification(s). Interested parties are responsible for adequately marking proprietary or competition-sensitive information contained in their response.

PURPOSE:

The U.S. Army Combat Capabilities Development Command (DEVCOM), Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance and Reconnaissance (C5ISR) Center is surveying the market to locate/identify interested Business Concerns. For this RFI, the U.S. Army C5ISR Center, Engineering & Systems Integration (ESI) Directorate is interested in receiving information from companies that have solutions to integrate concepts of the Department of Defense's (DoD's) Zero Trust (ZT) capabilities, which are focused on the Data Pillar of the DoD ZT model (specifically on incorporation of data protection into tactical network architectures). The solutions should integrate seamlessly into our existing infrastructure while providing enhanced security for data in use protections against potential threats and vulnerabilities, and need to operate within a denied, degraded, intermittent, or limited (DDIL) contested communications, logistics, and information environment. This constrained, highly dynamic, and adversarial-susceptible tactical environment will be a challenge to implement ZT solutions that meet mission needs.

BACKGROUND:

Traditional network security models, which provide entities with implicit trust once inside the perimeter, are increasingly inadequate given the sophisticated nature of modern cyber threats. To address these challenges, ZT as a concept has gained prominence. ZT operates on the principle of never trust, always verify, emphasizing continuous risk assessment and real-time monitoring to ensure access to network resources is based on up-to-date information, and that trustworthiness is continually reevaluated.

Our goal is to identify cutting-edge technologies that can offer robust security measures for data in use protections. This includes, but is not limited to, leveraging advancements in encryption, anomaly detection, and secure communication protocols to protect against both current and emerging threats.

INFORMATION REQUESTED: Interested parties with the ability to prototype and demonstrate integration of Zero Trust principles into tactical network architectures should submit a response to the RFI not to exceed 15 pages in length. At a minimum, the response to the RFI should address one or more of the following areas:

1. Capability to offer data-in-use protection mechanisms for the most critical data.
2. Can you demonstrate your PET Technology? Additionally, how would you describe or categorize its performance?
3. In addition to the technical response to this RFI, please include a (estimated) Technology Readiness Level and pertinent information related to the risks to realization and/or maturation from a cost, schedule, and technical approach, including rationale.

Responses to this RFI are to be unclassified or CUI and received no later than 30 days after date of release. All responses to this RFI will be submitted via DoD SAFE. Please reach out to the technical POC at usarmy.apg.devcom-c5isr.mbx.esi-bus-ops-acq-rfi@army.mil in order to request the DoD Drop off Link when ready to submit your response to RFI. Your response to RFI submission should include a Cover Page (excluded from page count) that includes:

Note: All correspondence including the Request for the Reference Design Document and Whitepaper shall have correct CUI markings in accordance with DoDI5200.48 Controlled Unclassified Information (CUI).

In order to provide a complete response to this request all interested parties must request access to a Tactical Data in Use CUI controlled document. To gain access to a CUI version of Attachment 01, your company/entity must be certified by the Joint Certification Program (JCP). Your entity/company's Data Custodian requester (designated) on block 3A of the DD Form 2345 is the only authorized individual that can download the controlled attachment. Your entity/company is responsible for the protection of the controlled document after the download.

If your entity/company is not pre-certified by the JCP, you will need to apply for certification by completing a DD Form 2345 and emailing it to jcp-admin@dla.mil. Detailed information regarding the JCP application procedures is available at the JCP website at https://www.dla.mil/Logistics-Operations/Services/JCP/. The ESI Directorate or ACC will not review the JCP application or issue the JCP certification. Please direct any questions regarding the JCP certification process to jcp-admin@dla.mil.

Access to the controlled attachment is granted through SAM after your JCP status has been verified. Please ensure that you have the correct role when requesting access to the controlled document in SAM. The correct role is a data entry role or contracting role. To request access to download the controlled attachment, click on the tab for Attachment/Links, then click on the title of the controlled document. When you receive the pop-up window to request access, enter the reason for the request in the window, making sure to include your entity's CAGE Code and JCP Certification Number then hit submit. Please note that entering a different CAGE code or JCP certification number into the remarks section of your request in SAM will not be accepted. Only the CAGE code and JCP certification number associated with the request will be reviewed. Once the notice is submitted, the access status on the controlled document will change to Pending . The Access POC will review your request, granting access if requirements are met or reject for correction.

1. Point of contact information to include: company name, contact name, and company address.
2. CAGE Code and DUNS Number.