15 September 2021
- Draft RFS
- Security Process for Vetting Vendors
- Questions Form
- Data Rights Assertions Tables
- Data Rights License Terms Definitions
- Terms & Conditions EULA
- GFI Tech Data Distribution Agreement
- Vendor Self Vetting Form
- Telecommunications Representations
“The United States Navy (USN) detects and responds to cyber threats based on a traditional, labor-intensive, seven (7) step process that starts with preparation and information security (INFOSEC) classification and ends with system and common control authorizations and continuous monitoring. To improve how it detects and responds to cyber threats, the Navy seeks solutions that are both proactive (cyber hunt) and reactive (cyber disconnect). The Navy also seeks solutions that will address multiple domains (Platform Architecture, Cyber Attack, Cyber Vulnerability, Mitigations, and Mission Area).
To address the needs of the Navy, the United States Navy’s Naval Sea Systems Command (NAVSEA) Cyber Engineering and Digital Transformation Directorate (03) seeks prototype solutions that will expand the Navy’s capacities to develop, evaluate, and test Operational Technology and Information Technology (IT) high-priority and high-value systems and assets and improve configuration management (CM) on its ships as well as across multiple domains (Product Architecture, Cyber Attack, Cyber Vulnerability, Mitigations, and Mission Area) in order to rapidly address potential vulnerabilities across USN platforms and systems capable of mitigating the impact of adversarial attacks on its high-priority and high-value assets and corresponding missions. Ultimately, prototype solutions sought by NAVSEA 03 will support new acquisition programs, modernization programs, and in-service platforms, systems, and equipment that are critical to the Navy’s mission.
For this prototype effort, NAVSEA 03 will focus on the Platform Architecture domain, however, the other domains are critical for integration and need to be considered. The PADM prototype project will research, develop, prototype, demonstrate, and validate digital prototype modeling capabilities for nine (9) platforms and up to 21 classes, not to exceed the number of prototype models necessary to successfully demonstrate and validate the PADM prototype modeling capabilities and shall address Obsolescence; Reliability, Maintainability, and Availability (RM&A); Survivability; and Maintenance. The PADM prototype project will develop solutions that will support the development, test, verification, and validation of specific Navy platforms analysis for Risk Vulnerability Assessments (RVAs) and Security Architecture Reviews (SARs) as well as support Model-Based Systems Engineering (MBSE) efforts within Security Operations Centers (SOCs) utilizing models to support Incident Response (IR) preparation and discovery. PADM prototype capabilities will support both proactive (Cyber Hunt, Defensive, Situational Awareness, etc.) and reactive (Disconnect Strategies, Out-of-Band Network Maneuver, etc.) strategies leading to a reduction in research, development, implementation time, and costs associated with the Navy’s current seven-step Risk Management Framework (RMF) process.
Upon prototype development, NAVSEA 03 will demonstrate and assess the new capabilities on multiple Navy platforms to verify and validate prototype capabilities and determine their utility. If utility is declared, those new cybersecurity solutions, as envisioned by NAVSEA 03, will expand the Navy’s capacity to proactively test and assess the cybersecurity posture of high-priority and high-value platforms, systems, and subsystems, and protect both the Operational Technology and IT components of those mission-critical assets.”