SPECIAL NOTICE
B -- Firmware Analysis
- Notice Date
- 9/14/2023 8:41:44 AM
- Notice Type
- Justification
- NAICS
- 541715
— Research and Development in the Physical, Engineering, and Life Sciences (except Nanotechnology and Biotechnology)
- Contracting Office
- SCI TECH ACQ DIV WASHINGTON DC 20528 USA
- ZIP Code
- 20528
- Solicitation Number
- FY23-00337
- Archive Date
- 09/30/2023
- Point of Contact
- Khadijah Dark, John Whipple
- E-Mail Address
-
khadijah.dark@hq.dhs.gov, john.whipple@hq.dhs.gov
(khadijah.dark@hq.dhs.gov, john.whipple@hq.dhs.gov)
- Award Number
- (TBD)
- Award Date
- 09/30/2023
- Description
- The U.S. Department of Homeland Security's (DHS) Office of Procurement Operations (OPO) intends to procure research and development services in the area of novel firmware analysis methods. The scope of work includes the idenfiticaiton of firmware components of information technology (IT) and operational technology (OT) amongst post-deployment devices, along with decomposing firmware into various sub-components of open-source software (OSS) for development of firmware bill of materials (FBOM) across a prevalence of OSS in use.� � This effort addresses requirements to analyze and decompose firmware, identify dependencies amongst OSS, and develop a cross-correlated library of firmware, associated devices,�and supporting OSS projects and libraries used in OT and IoT.� Expertise in firmware image analysis and identification of nested dependencies, including OSS dependencies, is a necessary skillset required for this potential scope of work. Analysis of firmware, while predominantly based on the vendor-provided or otherwise available images, should allow for the possibility of firmware image capture from devices post-deployment. Succesful fulfillment of this requirement is expected to build a capability to analyze firmware images at scale with a horizontal and vertical lookup of what assets run software and firmware that calls the same OSS. This requires a library of cross-correlated software dependencies with a platform to execute the requisite firmware image analysis at scale and produce SBOMs in Software Package Data Exchange (SPDX) format. In addition, it requires an API-centric solution for interoperability with other platforms.The overarching goal is to understand OSS prevalence in order to inform decisions on OSS prioritization and resource allocation to securing OSS. The market research for this requirement demonstrates that only one responsible source is available, and no other supplies or services will satisfy agency requirements.�
- Web Link
-
SAM.gov Permalink
(https://sam.gov/opp/d4cbf5ae226b4e088a392bb398ba22bc/view)
- Place of Performance
- Address: Austin, TX 78702, USA
- Zip Code: 78702
- Country: USA
- Zip Code: 78702
- Record
- SN06831181-F 20230916/230914230118 (samdaily.us)
- Source
-
SAM.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's SAM Daily Index Page |