SPECIAL NOTICE
A -- Strategic & Spectrum Missions Advanced Resilient Trusted Systems (S2MARTS) Request for Solutions (RFS) in support of Firmware Bill of Materials Extractor (FBME) Project No. 23-09
- Notice Date
- 12/22/2023 10:19:35 AM
- Notice Type
- Special Notice
- NAICS
- 541715
— Research and Development in the Physical, Engineering, and Life Sciences (except Nanotechnology and Biotechnology)
- Contracting Office
- NSWC CRANE CRANE IN 47522-5001 USA
- ZIP Code
- 47522-5001
- Solicitation Number
- N0016424SNB12
- Response Due
- 1/5/2024 1:00:00 PM
- Archive Date
- 01/20/2024
- Point of Contact
- Shom Berry, Phone: 812-381-3297, Luke Duwel, Phone: 812-381-7141
- E-Mail Address
-
shom.c.berry.civ@us.navy.mil, luke.a.duwel.civ@us.navy.mil
(shom.c.berry.civ@us.navy.mil, luke.a.duwel.civ@us.navy.mil)
- Description
- Special Notice N0016424SNB12 Agency:� Department of the Navy Office:� Naval Sea Systems Command Location:� NSWC Crane Division Classification Code:� AC13 � National Defense R&D Services, Department of Defense � Military; Experimental Development� NAICS Code:� 541715 � Research and Development in the Physical, Engineering, and Life Sciences (except Nanotechnology and Biotechnology) Response Due Date: 05 January 2024 Strategic & Spectrum Missions Advanced Resilient Trusted Systems (S2MARTS) Request for Solutions (RFS) in support of Firmware Bill of Materials Extractor (FBME) Project No. 23-09 PURPOSE This Request for Solutions (RFS) is issued to seek innovative solutions for a prototype Firmware Bill of Materials Extractor (FBME), a low-level software application that will aid in firmware assurance assessments of commercial-off-the-shelf (COTS) electronic systems. COTS systems are widely used in diverse applications across the Department of Defense (DoD), but their use incurs risks for cybersecurity and assurance. The Government will evaluate the solutions with the intent of awarding at least three (3) Other Transaction Agreements (OTA) under the Strategic & Spectrum Missions Advanced Resilient Trusted Systems (S2MARTS) Other Transaction Agreement (OTA) in accordance with 10 U.S.C Code � 4022. Upon successful completion of this prototype effort, the Government anticipates that a follow-on production effort may be awarded via either contract or transaction, without the use of competitive procedures if the participants in this transaction successfully complete the prototype project as competitively awarded from the RFS. BACKGROUND AND SUMMARY S2MARTS Vendors interested in responding to this RFS must be members of the Strategic & Spectrum Missions Advanced Resilient Trusted Systems (S2MARTS) consortium. Interested parties may visit S2MARTS.org for membership information. This project will be managed by a Naval Surface Warfare Center, Crane Division Project Manager. PROJECT OVERVIEW COTS systems often contain embedded software, called firmware, which controls the hardware and can contain vulnerabilities that might put the system or other connected systems at risk. Assessing the risk posed by this firmware is complicated by the fact that little information is typically disclosed about the firmware in these systems, such as what software components are included in the firmware. This makes it difficult or impossible to apply common software risk approaches to the firmware, like assessing the applicability and impact of disclosed Common Vulnerabilities and Exposures (CVEs). As the Navy lead for Joint Federated Assurance Center (JFAC) hardware assessments, NSWC Crane frequently helps program offices assess firmware risk by extracting firmware from COTS systems and manually analyzing it to identify software components and research potential vulnerabilities. However, this manual analysis is slow and costly, and it relies on the skills of a small number of experts, which cannot scale to meet the assurance needs of the large number of program offices that need to track these risks for their programs. It is for this reason that a prototype automated firmware bill of materials extractor will be developed to provide firmware insight and risk assessment capability to DoD programs. Please visit the S2MARTS website at https://s2marts.org/ to review the full RFS. � Contracting Office Address:� 300 Hwy 361 Crane, IN 47522 United States� �Primary Point of Contact.:� Shom Berry shom.c.berry.civ@us.navy.mil Phone: 812-381-3297 Secondary Point of Contact:� Luke Duwel luke.a.duwel.civ@us.navy.mil Phone: 812-381-7141
- Web Link
-
SAM.gov Permalink
(https://sam.gov/opp/20b7b4e780234defae5a522b6e5802c5/view)
- Record
- SN06920739-F 20231224/231222230046 (samdaily.us)
- Source
-
SAM.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's SAM Daily Index Page |