P5CTS System Security Update (SSU)

1. Expired 4 years and 26 weeks ago

30 Sept 2019

Synopsis had information updated as follows:

1. Paragraph 5 Section 7 changed the encryption rate to "100Mbps" and removed "1    Gbps".
2. Paragraph 5 Section 10 Subsection f. removed "aware" and replaced with "compatible".

Due date of 17 October 2019 remains unchanged.
 
No other updates were done.

*****************


P5 System Security Upgrade


Sources Sought Synopsis:


Solicitation Number: Notice Type:
FA8210-19-P5CTS_SYS_SEC_UPDATE Sources Sought


Synopsis:


1. Notice: This is not a solicitation but rather a Sources Sought Synopsis to determine potential sources for information and planning purposes only.


1.1. The purpose of this Sources Sought is to conduct market research to determine if responsible sources exist, to assist in determining if this effort can be competitive and/or a total Small Business Set-Aside. The proposed North American Industry Classification Systems (NAICS) Code is 334511, which has a corresponding Size standard of 1,250 employees. The Government will use this information to determine the best acquisition strategy for this procurement. The Government is interested in all small businesses to include 8(a), Service-Disabled Veteran-Owned, Hubzone, and Women-Owned small business concerns. The government requests that interested parties respond to this notice if applicable and identify your small business status to the identified NAICS code. Additionally, please provide any anticipated teaming arrangements, along with a description of similar services offered to the Government and to commercial customers for the past three years. Any responses involving teaming agreements should delineate between the work that will be accomplished by the prime and the work accomplished by the teaming partners.


2. SYSTEM DESCRIPTION:


The P5CTS provides realistic air combat training to the warfighter and employs instrumentation on high activity participant aircraft and Ground Subsystem (GS) components. The System contains an air-to-air data link for sharing participant Global Positioning System (GPS) based time-space-position information. The pod transmits state vectoring information for aircraft motion and location generated from GPS tracking and provides real time kill notification based on Government-furnished weapon simulations. The System is capable of employing Government-furnished weapon simulations IAW Government interface control documents (ICDs). The System includes two Airborne Subsystem (AS) (pod) configurations, AN/ASQ-T50(V)1 and AN/ASQ-T50(V)2. The AN/ASQ-T50(V)2 configured pod includes a carrier-qualified forward hanger that meets vibration and shock requirements imposed by the F/A-18 wing tip environment. The AS may operate in a completely autonomous (rangeless) mode or a Live Monitor (LM) mode with uplink control. The AS is packaged in a 5-inch diameter stainless steel tube that resembles an Air Interceptor Missile (AIM)-9 Sidewinder missile. The Ground Subsystem (GS) currently includes four configurations: Transportable Ground Subsystem (TGS) with and without Live Monitor (AN/GSQ-T105 and AN/GSQ-T104); Portable Ground Subsystem (PGS) (AN/PSQ-T3); and, Fixed Ground Subsystem (FGS) (AN/GSQ-T106). The concept of operations at fielded locations is a major factor in facilitating joint training and providing interoperability with other services and coalition partners. The System enables interoperability through its ability to post-mission merge P5CTS data with data from other Air Combat Training Systems (ACTS) and present the merged data in a post-mission debrief.



3. DATA:
The Government controls some technical data to include Interface Requirement Specification (IRS), (see Section 8, sub-Section E below). The Government has not received a complete P5CTS Technical Data Package (TDP). The original Prime Contractor and/or its Subcontractors control design data.


4. Government Required System Security Update
Because the P5CTS is expected to remain in service until 2030, cybersecurity must be addressed. In order to address ever-changing cybersecurity and future requirements a number of security upgrades must be completed. First, the Government requires implementation of a shop-replaceable, NSA-certified Type 1 encryption device and a separate UCDSMO-certified Cross Domain Solution (CDS) (or a derivative of a CDS) to provide maximum flexibility and avoid the need for frequent NSA recertification. The Government requires the encryption device and CDS, combined, to fit within the form factor and operate in place of the current Data Guard Processor (DGP). The encryption device must maintain an INFOSEC boundary physically separate and distinct from the CDS to support periodic CDS ruleset upgrades at the field level, to reduce accreditation issues and risk. Second, the Advanced-Digital Interface Unit (ADIU), which is the data source for the wireless data link, is currently using an untrusted Operating System (OS), which must be mitigated. Third, the FIPS -140-1 encryption algorithm in the ADIU requires an update to FIPS 140-2 Type 3 encryption. Fourth, the Range Receiver Unit (RRU) in the GS requires upgrade to its untrusted OS. And finally, the Government requires P5CTS to be modified to better support ACC Proficiency Based Training (PBT) objectives. Specifically, P5CTS must be modified to pass classified aircraft data to the ground in real-time for export into Performance Evaluation Tracking System (PETS). This modification requires extensive system and mission knowledge in order to successfully accomplish the following key tasks:
1. Develop method to provide information currently available on the 1553 weapons bus to the ground with P5 transmitted data to be fed into PETS.
2. Develop security management plan for classified information being transmitted from the 1553 weapons bus on the P5 communications link
3. Enable better support to Range Training Officer (RTO) to include full mechanization of Real-Time Kill Notification (RTKN).
4. Modify P5 data packet as required to implement this new capability
5. Integrate solution into P5 architecture


4.1. Cross Domain Solution: Currently the pod's DGP performs the CDS function and serves as the RED (Classified)/BLACK (Unclassified) signal interface point for the Data Link Transmitter (DLT) data and audio transmitter interface. The DGP is configured electrically between the DLT and the ADIU. The DGP passes data to the ADIU for processing and recording. The DGP performs an internal Built-in Test (BIT) upon receipt of a Power-on Reset (POR) signal from the ADIU. The DGP is responsible for relaying its own status, along with the statuses of the BLACK Power Supply and DLT, to the ADIU.


5. PLANNED SYSTEM REQUIREMENTS:
1) Utilize a UCDSMO-certified CDS or a derivative of a UCDSMO-certified CDS;
2) Utilize a NSA-certified Type 1 encryption device. The Type 1 encryption device shall maintain an INFOSEC boundary physically & logically separate and distinct from the CDS;
3) Field the UCDSMO-certified CDS and NSA-certified Type 1 encryption device capability currently envisioned CY2020;
4) The combined CDS (or a derivative of a CDS) and encryption device shall fit within the space allocation for the current DGP
[approximately 6 inch (L) x 3.5 inch (H) x 4. (W) inch (with connectors) with an approximate weight of 3lbs];
5) The combined CDS (or a derivative of a CDS) and encryption device shall meet or exceed a predicted reliability of 30,000 hrs;
6) The CDS (or a derivative of a CDS) and encryption device shall be interoperable with existing P5CTS USAF and USN Combat Training range infrastructure (e.g. Individual Combat Aircrew Display System (ICADS), Joint Display System, Electronic Warfare Server (EWS), Radiant Mercury);
7) The encryption device shall operate at a rate equal to or greater than 100Mbps and support a common, open-standard interface (e.g., Ethernet);
8) The AS with integrated CDS and encryption device installed shall remain capable of flight on currently certified airframes to include but not limited to F-5, AV-8, F-15, F-16, A-10, B-52 and F-18 U.S;
9) The integrated CDS and encryption solution(s) shall be cryptographically-interoperable with the F-35 Air Combat Training System (ACTS) encryption device;
10) The solution shall be capable of providing an encryption and separate CDS capability to encrypt data while meeting all the following requirements:
a. Allow update of CDS technology without affecting separate encryption device certification;
b. The encryption engine/device shall have a current NSA certification and accreditation for Type 1 encryption;
c. The CDS shall have a current UCDSMO certification;
d. Form-factor adjustments to the NSA-certified encryption device and/or the UCDSMO CDS may be acceptable assuming modified device(s) only requires delta-certification;
e. Able to store the device as an unclassified Controlled COMSEC Item (CCI) when materials are removed and the system is powered off;
f. Keying material shall be Key Management Infrastructure (KMI) compatible;
g. Capable of MIL-STD-810 qualification for temperature, humidity, vibration, altitude, shock and salt fog;
h. Capable of operating in a combat aircraft external captive store environment; and
i. Allow operating location personnel to update approved CDS rule set changes.
11) The CDS shall contain a UHF/VHF Transmitter Circuit Card Assembly (CCA) that converts real-time kill notification (RTKN) messages received from the ADIU into audio messages for broadcast to the host aircraft.
12) Perform integration of the CDS/Encryption into the P5CTS airborne subsystem.
13) Perform Software and/or hardware update to the ADIU to mitigate untrusted OS issue
14) Perform software update to Data Recording Device (DRD) to upgrade type 3 encryption from FIPS 140-1 to FIPS 140-2
15) Perform Software and/or hardware update to the RRU to mitigate untrusted OS Issues
16) Provide Proficiency Based Training Capability


6. STATEMENT OF CAPABILITIES (SOC):


Each respondent is requested to submit a SOC that provides specific, relevant evidence demonstrating knowledge and experience or capability in the areas listed below as it pertains to satisfying requirements for this SSS. Small businesses with only partial capabilities of this requirement are encouraged to submit their capabilities statement demonstrating the portion of the requirement they are capable of providing/performing. This information will allow the Government to identify areas of possible breakout or possible subcontracting opportunities.
This is a SOC request for planning purposes.
a) Respondents shall address their ability to meet requirements and provide past experience or capability on similar encryption/CDS government contracts within the past 10 years, addressing security, technical key attributes/requirements, and integration with airborne/ground systems;
1. Include specific systems and experience working with NSA;
2. Include specific systems and experience certifying cross-domain solutions; and
3. Include current applications of potential solutions as well as the maturity of those applications.
b) Respondents shall address their ability to meet requirements and provide past experience or capability on similar FIPS 140-2 encryption systems
1. Include specific systems and experience working with FIPS encryption system
c) Respondents shall address their ability to meet requirements and provide past experience or capability on similar trusted OS system upgrades as a part of sustainment programs
1. Include specific systems and experience working with trusted and untrusted operating systems
2. Include specific systems and experience with performing subsystem OS upgrades
d) Respondents shall indicate whether or not they would be willing to partner with other companies as prime/sub
e) Address each System Requirement, Section 5 paragraph 10 (a) through (i) above, in separate identifiable paragraphs in alphabetical order with the requirements listed above;
f) Provide a detailed description of the UCDSMO-certified CDS and NSA-certified Type 1 encryption device that meet the requirements requested in this SSS. If no significant redesign or hardware development is required, form factor adjustments may be acceptable assuming the devices are already NSA/UCDSMO certified and delta-certification is all that is required. Provide specific information on any form factor changes that may be required. Provide information on changes that may be required to support Foreign Military Sales/Direct Commercial Sales (FMS/DCS) exportability; (Note, if multiple solutions are available at the same cost and USAF/USN performance, please include information on those which satisfy exportability concerns involving FMS/DCS; note this is not a requirement to make it exportable at this time); and
g) Respondents may be requested to provide additional information/details based on their initial response. Respondents are encouraged to respond with information not constrained by proprietary rights. However, if proprietary data is included in your reply, please mark it appropriately. AFLCMC/HBZPB uses technical and programmatic support contractors in fulfilling its mission requirements to include review of these capabilities submittals. These constraints contain an organizational conflict of interest clause that requires the service contractors to protect the data and prohibits the contractors from using the data for any purpose other than for which the data was presented.


7. SOC Format:


Interested parties are requested to submit their SOC in the form of a white paper. The Government anticipates that the SOC can be responsive in as little as 20 pages (to include cover page, appendices, tables and figures) and requests text no less than 12-point font (Arial or New Times Roman), 1.0 line spacing, and a minimum of one-inch margins in Microsoft Word, Adobe PDF or compatible format. Number and title each paragraph in your response to align with each subparagraph in the section above, ensuring that all capabilities of the Government's system requirements are addressed. If no experience/capability, indicate same in your response.


8. Format white papers as follows:


Section A: Title; Name of Company; Name; Telephone Number; Email Address for a Point of Contact; Contractor Commercial and Government Entity (CAGE) Code; Data Universal Numbering System (DUNS) number in the capability package and indicate company category (e.g., a US company large business, small business, small disadvantaged business or woman owned small business) as described by NAICS code 334511. Respondents are further requested to indicate their status as a Foreign-owned/Foreign-controlled firm and any contemplated use of foreign national employees on this effort. Those desiring to do business with the Air Force must be registered in the Governments System for Award Management System (SAM) located at https://www.sam.gov.


Section B: Background: Provide a brief history highlighting your past experience or capability designing, developing, testing, producing encryption devices, CDS, FIPS Encryption, and Trusted OSs, plus your experience with Air Combat Training Systems. Interested parties shall respond based on all paragraphs above and identify number of years and specific systems.


Section C: Experience/Capabilities: In chronological order with the system requirements Section 5 paragraph 10 listed above (a through i), identify whether or not your solution meets each requirement. If you are currently undergoing accreditation/ certification, please provide a status, cost and schedule for completion along with NSA Client Advocate POC to the Government for verification. Also identify and substantiate your technology/manufacturing readiness level for the proposed solutions.


Section D: Data Rights: Clearly identify all data rights assertions along with justification on any and all software, hardware, drawings and data that would be included with this offer.


Section E: Integrate the CDS and encryption solution(s) into the current P5CTS: Provide a list of integration options (such as your integration, P5CTS OEM integration, etc.) If your team cannot integrate, please still submit a response to this synopsis, as the government is researching market capabilities. Provide envisioned risks based on your approach with mitigating steps. Only the following non-proprietary data would be available: DGP data, system specification, AS specification, AS interface requirements specification, GS interface requirements specification and the End Cap. At the time of RFP, the Program Office will establish a bidder's library and make it available to interested pre-qualified sources. The OEM and/or its sub-contractors claim proprietary rights to system design and reproduction.


Section F: Workarounds: See the requirements section above for description of the limited conditions where form-factor only changes to a fully-accredited/certified production-ready CDS/encryption unit is allowable.


Section G: Schedule (as applicable) as described in the requirements section above. As a minimum, include major milestones such as projected delta certification date(s).
9. Classification:
Information associated with this effort is unclassified or classified up to, and including SECRET. If respondents wish to restrict distribution of White Papers, they must be marked appropriately. The Contractors shall mark all unclassified and classified responses accordingly and review to ensure consideration of operational sensitivities prior to submission. The Government will post responses to questions that are broadly applicable to all on the Federal Business Opportunities (FedBizOpps) website. The Government encourages unclassified responses to the maximum extent practicable. The Contractors must coordinate Classified responses to ensure submittal through appropriate channels in advance of submittal with both AFLCMC/PZZKC, Mr. James Recker, 6039 Wardleigh Rd. Bldg. 1206, Hill AFB, UT 84056, 801-586-6799 and AFLCMC/PZZKC, Mr. Carlos Michel, 6039 Wardleigh Rd. Bldg. 1206, Hill AFB, UT 84056 801-777-6077


 



10. Administration:


Participation is strictly voluntary with no cost or obligation to be incurred by the Government. The Government will use your responses as part of market research for this acquisition. The Government must receive responses by 17 October 2019 from posting of this SSS by 1600 hours (4pm) Central Time (which is 3pm Mountain Time). At the sole discretion of the Procuring Contracting Officer (PCO), any responses received after this date and time may not be considered. Should any interested parties desire one-on-one discussions with the Government, include such a request in your response.
Please address any comments and/or questions you may have regarding this SSS by e-mail (preferred) directly to the Mr. James Recker (james.recker@us.af.mil) and Mr. Carlos Michel (carlos.michel@us.af.mil). Interested parties may submit Capability Statements and/or questions in writing electronically to Mr. James Recker and Mr. Carlos Michel. Please annotate the subject line of e-mail responses as: " P5CTS Security System Upgrade SSU Response ". If this subject line is not included, the e-mail may not get through e-mail filters at Hill AFB. Filters are designed to delete emails without a subject or with a suspicious subject or attachment. Attachments with files ending in .zip or .exe are not allowable and will be deleted. Ensure only .pdf, .doc, .docx, .xlsx, or .xls documents are attached to your email. All other attachments may be deleted. Ensure office attachments do not contain macros; otherwise, Air Force network security will block macro-enabled attachments.


Carlos Michel, Contract Buyer, Phone 801 777-6077, Email carlos.michel@us.af.mil - James L. Recker, Contracting Officer, Phone 801 586-6799, Email james.recker@us.af.mil

• Business Services
• Technology
• Security
• Security