Responses Due By

2022-05-16 23:59:59 US/Eastern Time

View CSO Procedure

Work With Us - Commercial Companies - Submit Solution

Enhanced Protection of Information Capabilities (EPIC)

Project Description

Exploitation of digital footprints is a primary concern for the Department of Defense (DoD). The privacy and protection of DoD personnel in specialized professions is critical for safeguarding sensitive information and the lives of servicemembers and affiliated personnel. Yet, current practices and digital services continue to proliferate data that may be aggregated to identify and track DoD personnel. Without the knowledge and tools to manage and protect digital information, DoD personnel remain vulnerable through higher risk of information spillage and privacy breaches. Indeed, adversaries have exploited security gaps to gain access to sensitive DoD information. 


In response, the DoD seeks a blend of 3 separate technical, analytical, and training solutions to address key digital fingerprint security gaps with the following qualities:


  1. The DoD seeks technical solutions capable of customizing validated commercial technologies for onboarding, managing, and offboarding personnel and their data over the course of their career. These technologies and portals must be tailorable to allow for secure communications on unclassified channels. They should be hosted on a secured, cloud-based platform that enables protection of both the identities of the applicants and the requisite hiring entity, as well as the obfuscation of data throughout. The web portal should ensure modern and effective cybersecurity protocols throughout to include digital authentication compatibility (e.g., DoD Common Access Card (CAC) authentication), end-to-end encryption of data transmission, and secure data storage processes. The web portal will serve as a focal point for personnel, providing informational tools and integrating with screening/assessment algorithms, while enabling secure, obfuscated communication methods between entities. Example user interfaces should be capable of supporting all or some of the following components:
    1. An information page on which descriptive text, contact information, and multimedia files may reside.
    2. A Screening Tool that determines whether individual candidates are qualified to submit an application and determines access to other site features.
    3. An Application Portal with dynamic content and fields conditional on responses that is capable of securely receiving and temporarily storing applicant-provided files and information.
    4. An Alumni Network Platform with forums for information sharing and communication among separated personnel.
    5. A Communication App that can support direct secure end-to-end encrypted messaging and/or Voice over Internet Protocols (VoIP) calls among users.
  2. The DoD seeks specialized training solutions capable of providing instruction related to human intelligence, ubiquitous technical surveillance (UTS), and counterintelligence to assist in training personnel on how to best protect personal and organizational information. Tailored courses of instruction that can be iterated based on organizational needs and feedback, and implement the most current doctrine, tactics, techniques, and procedures through hands-on training, practical exercises, and role-playing scenarios are preferred.
  3. The DoD seeks analysis solutions from industry experts in managing an organization’s digital signature through continuous risk management. Specifically, the approach should focus on best practices related to safeguarding data footprints, attacks, and spillages. Successful solutions should be capable of analyzing organizational and individual processes; these solutions should leverage industry standards and best practices to reduce data vulnerabilities throughout the organization. Analysis tools should address one or both of the following:
    1. Continuous UTS analysis of an organization’s vulnerabilities and threats through the survey and assessment of organizational behavior and digital signature practices to guide recommendations of organizational risk management techniques and services.
    2. Implementation of user and entity behavior analytics (UEBA) with a Zero Trust approach to monitor for and flag deviations in patterns using data gathered on existing DoD systems operating in classified channels.

Notes

  • The DoD partner will be responsible for the majority of the integration of technical solutions into existing government software services. Therefore, technical proposals should be commercial on-premise or commercial Software as a Service (SaaS) solutions.
  • Multiple contract awards are planned, and a single company is not expected to provide a solution that covers all 3 solution areas. The most worthy product mix will include point-solutions with evidence of similar deployments to supplement an existing system.
  • Preferential consideration will be given to solutions that have been built and deployed for similar problem sets at similar scale. Specific examples of similarly scaled implementations of comparable criticality are expected.
  • The DoD may facilitate teaming arrangements among submissions offering complimentary capabilities to achieve desired effect. Companies are also welcome to present their own teaming arrangements in their solution briefs. 
  • If technology solutions are proprietary, companies must be able to describe the technology in use.
  • Academic research proposals are not desired.
  • Where required (technical and analysis solutions), existing authority to operate (ATO) and/or certification as a system of record are a plus. Vendors must possess or be able to obtain Federal Risk and Authorization Management Program (FedRAMP) Moderate/High accreditation along with Defense Information Systems Agency (DISA) Impact Level (IL)-4 provisional authority (PA) or offer solutions that are compatible with services that have already attained an ATO and are DISA IL-4-compliant. Final product(s) must be compliant with FedRAMP Moderate to High Impact Risk Level. For more information, see DISA DoD Cloud Authorization Process document.
  • This solicitation is open to U.S. vendors only, and selected companies must possess or be able to obtain a U.S. National Security Facility Clearance.
  • Companies without a Commercial and Government Entity (CAGE) code code will be required to register in the Systems for Award Management (SAM) if selected. The DoD recommends that prospective companies begin this process as early as possible.
  • Any resulting agreement from this AOI will include language requiring your company to confirm compliance with Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. 115-232). If you are unable to confirm compliance with the referenced law, the government is unable to enter into an agreement with your company
  • This solicitation will be awarded as a 10 U.S.C. 4022 (formerly 10 U.S.C. 2371b) Other Transaction (OT) authority agreement. Any small business or non-traditional vendor is encouraged to apply. Vendors not meeting those conditions can qualify under the following conditions:
    • Teams with at least one non-traditional defense contractor or non-profit research institution with significant participation in the prototype project.
    • At least one-third of total costs must be paid by parties to the OT other than the government.

Non-Traditional Defense Contractor definition: An entity that is not currently performing and has not performed, for at least the one-year period preceding the solicitation of sources by DoD for the procurement or transaction, any contract or subcontract for the DoD that is subject to full coverage under the cost accounting standards prescribed pursuant to section 1502 of title 41 and the regulations implementing such section (see 10 U.S.C 2302(9)).


Solution Brief Requirements:


Solution Briefs should not exceed five (5) written pages using 12-point font or, alternatively, Solution Briefs may take the form of briefing slides which should not exceed fifteen (15). Please note that there is a 10MB file upload limit.


Suggested Content:


  • Title Page (does not count against the page limit): Company Name, Title, Date, Point of Contact Name, E-Mail Address, Phone, and Address. Specifically identify the solicitation for which the Solution Brief is submitted. Indicate the solution area(s) of Technical, Training, and Analysis being addressed.
  • Executive Summary (one page): Provide an executive summary of the solution.
  • Technology Concept: Describe the unique aspects of your technology and the proposed work as it relates to the solicitation. Describe the data, including data elements, age and volume. Identify whether the effort includes a pilot or demonstration of existing technology (identified as commercially ready and viable technology), or the development of technology for a potential defense application. If development or adaptation is proposed, identify a suggested path to mature the technology. Identify aspects which may be considered proprietary.
  •  Company Information: Provide a brief overview of the company, including a summary of gross sales/revenue and investors funding rounds (if applicable). Provide a summary of product history, roadmap, and go-to-market strategy.
  • Unnecessarily elaborate brochures or proposals are not desired.
  • Including an existing customer list and/or customer case studies is encouraged.


Awarding Instrument:


This Area of Interest (AOI) will be awarded in accordance with the Commercial Solutions Opening (CSO) procedures outlined in HQ0845-20-S-C001, posted on SAM.gov, Updated Published Date: March 23, 2020. See https://sam.gov/opp/e00f6563e0c84a04adc0a36215663e15/view.

Awarding Process

DIU

Before You Submit

Companies are advised that any Prototype Other Transaction (OT) agreement awarded in response to this solicitation may result in the direct award of a follow-on production contract or agreement without the use of further competitive procedures. Follow-on production activities will result from successful prototype completion.

The follow-on production contract or agreement will be available for use by one or more organizations within the Department of Defense. As a result, the magnitude of the follow-on production contract or agreement could be significantly larger than that of the Prototype OT agreement. All Prototype OT agreements will include the following statement relative to the potential for follow-on production: “In accordance with 10 U.S.C. § 4022(f), and upon a determination that the prototype project for this transaction has successfully been completed, this competitively awarded Prototype OT agreement may result in the award of a follow-on production contract or transaction without the use of competitive procedures.”

2018 Other Transaction Guide

Have a question about this solicitation?

Need clarification? Having technical issues?
Reach out to our team.

Contact Us

Submission Form
Please fill out the following form in its entirety.

Company Information
Company Contact Information

Submitter Information

Is your company headquarters address different from your company address?


Please tell us your company headquarters address
Is your company a partially or wholly owned subsidiary of another company?


Please tell us about your parent company
Is your company currently operating in stealth mode?



Is this your company’s first submission to a Defense Innovation Unit solicitation?
This applies to solution briefs submitted in response to project-specific solicitations.


Is your company registered in Systems Award Management (SAM.gov) and assigned a current Commercial and Government Entity (CAGE) code?


Please enter your CAGE code

Solution Brief

Solution briefs must be saved as a PDF that is 10MB or smaller. Papers should be approximately 5 or fewer pages and slide decks should be approximately 15 or fewer slides.

Upload (1) One Solution Brief Document
I certify that this submission contains no data designated higher than "Controlled Unclassified Information" (CUI). Submissions with CUI and "FOUO" material may be accepted.


Any agreement awarded off of this solicitation will include language requiring your company to confirm compliance with Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. 115-232). If you are not able to comply with the law, the Government may not be able to award the agreement.

We Work With You

If we think there’s a good match between your solution and our DoD partners, we’ll invite you to provide us with a full proposal — this is the beginning of negotiating all the terms and conditions of a proposed prototype contract.

After a successful prototype, the relationship can continue and even grow, as your company and any interested DoD entity can easily enter into follow-on contracts.

Our Process

  1. We solicit commercial solutions that address current needs of our DoD partners.

  2. You send us a short brief about your solution.

  3. We’ll get back to you within 30 days if we’re interested in learning more through a pitch. If we're not interested, we'll strive to let you know ASAP.