Submit your commercial solutions to solve national security challenges with the help from DIU.

DoD Problem and Background:

Denial or degradation of Global Positioning System (GPS) signals impact the effectiveness of U.S. forces’ position, navigation, and timing (PNT) capabilities, impeding key warfighting missions. These key mission areas include: precision weapon employment, position, navigation, and timing (PNT), communications, intelligence, surveillance, target acquisition, and reconnaissance (ISTAR), and electronic warfare. These critical Joint Force missions are currently assisted by classical sensors that observe changes in motion, electric and magnetic fields, and gravity. Driven by decades of technology maturation investments and systems engineering, these solutions provide exquisite performance in some respects. However, new innovative solutions are needed in the face of emerging competition.  

This solicitation focuses on demonstrating the military utility of quantum sensors as a critical emerging technology. Sensors designed at the atomic level offer the promise of significant improvements in precision, accuracy, and sensitivity compared to classical sensors. Specific areas of interest for this topic include: inertial measurement system sensors including gyroscope and accelerometer physics sensor packages, magnetometers for magnetic navigation and anomaly detection, and maturation of integrated photonic systems, laser components, and other enabling technology for improved quantum sensor performance and reduction of Size, Weight, Power, and Cost (SWAP-C).

Unlike satellite navigation, inertial measurement units (IMUs) and magnetic navigation (MagNav) provide navigation resilience through their inability to be jammed or spoofed. While all inertial sensors experience drift in their navigation solution, early quantum inertial sensors have demonstrated the potential to drastically reduce drift rate compared to those present in classical sensors. The result of reduced drift from quantum inertial systems is extended navigation solution holdover times, increasing mission effectiveness during absence of precision position updates from systems like GPS. Additionally, MagNav has demonstrated an ability to provide highly accurate position updates immune to external threats and is ready for additional maturation as an alternative to satellite navigation. MagNav can provide continuous, all-weather, unjammable position information to reduce navigation error when other navigation augmentation is unavailable, such as over water, when weather may obstruct celestial and terrain visibility, or during long missions when drift dominates the inertial nav solution. In general, improved quantum navigation sensors translate to enhancements across multiple PNT-dependent missions, such as dynamic space operations, precision pointing/knowledge missions, and reduces the impact from GPS navigation interference.  

In addition to navigation aiding, magnetometers are used to detect small fluctuations in the Earth’s magnetic field, addressing needs in geomagnetic surveying and magnetic anomaly detection (MAD) missions for submarines and explosive hazards (mines, unexploded ordinances, and improvised explosive devices). Atomic magnetometers have advanced to the point that sensor packages can be incorporated into Unmanned Aerial Systems (UAS) while maintaining the sensitivity required for magnetic anomaly detection missions.  

More broadly, quantum sensor technology has matured to the point that the DoD is ready for operational demonstrations in multiple DoD domains critical to the warfighter.  

Desired Solution Attributes Need Statement:

The Transition of Quantum Sensors (TQS) Program is an operational capability pathfinder conducted in concert with operational crews, acquisition teams, test and evaluation professionals, and interested allies to demonstrate advanced capabilities that leverage quantum sensors. The DoD seeks solutions to prototype and operationally demonstrate quantum sensors to address several warfighter needs. The intent is to have mid-course functional demonstrations of end-to-end solutions, followed by operational demonstrations within the next five years for relevant military applications and mission sets to conclude the prototyping program. The opportunity for design spirals, to include technical enhancement insertions, is expected during the program.

This multi-phase, multi-year initiative seeks to prototype mature technologies that will culminate in demonstrations of end-to-end DoD operational utility. As part of TQS, there are several lines of effort (LoEs) based on relevant quantum sensing phenomenology, with targeted use cases. These LoEs include: inertial sensing, magnetometers, and technology insertions for spiral enhancements to quantum sensing.   

A. Inertial Sensing:

The DoD is interested in three sectors that contribute to fielding operational quantum sensors: 1. gyroscope and accelerometer physics sensor packages, 2. inertial measurement system integrators, and 3. technical insertions to enhance performance and reduce SWAP discussed in the Technical Insertions Line of Effort (Section C).  

The DoD desires quantum inertial sensors to meet strategic PNT needs. Vendors may submit solutions for one or both driving use cases (see Table 1), but a technical solution is more desirable if it is modular and can lead to design iterations to address both missions with reduced non-recurring engineering.  

Compelling solutions address the following:

• Near-term solution for a fully integrated atomic IMU with plan to achieve metrics in Table 1 at end of prototyping phase,  
• Calibrated, 3rd party validated test data for existing sensors as foundation for technology solution, 
• Detailed work plan for software/firmware updates to existing sensor performance metrics for trending to objective use case metrics. 

B. Magnetic Sensing:

The DoD seeks commercial solutions to prototype advanced magnetic sensing capabilities for both MagNav and magnetic anomaly detection (MAD) relevant missions. This includes: 

1. Development of prototype magnetic sensing systems designed to meet the application requirements in Table 2;

2. Low-impact magnetic calibration techniques to eliminate own-platform interference (e.g., munitions, UAS or manned platforms); and 

3. Detection, localization, and mapping techniques, and the resultant magnetic Earth maps, that are both cost- and time-efficient for generating reference magnetic model maps over large areas of interest, to include open ocean. 

Vendors may submit solutions for one or both driving use cases (see Table 2).

Solutions specific to MagNav will require the development and testing of real-time navigation algorithms on airborne platforms. Solutions specific to MAD will require techniques to sense and track anomalous magnetic signatures against the background of the Earth's field, as well as possible clutter.

Flight tests will occur throughout the duration of this program, to which the government team may support testing on DoD operational aircraft, munitions and UAS. Risk mitigation demonstration on commercial platforms is of interest when associated with a relevant DoD mission set to overcome schedule or cost limitations. To enable this testing, the integration lead will ensure the sensor packages meet Department of the Air Force (DAF) aircraft requirements and are approved for testing, when appropriate. Specific integration choices will be informed by stakeholders and performers in the Calibration, Navigation, and MAD efforts. The integrated package should enable independent sensing and navigation solutions to be tested with real-time navigation guidance updates provided to an appropriate platform.   

Test flight data is expected to be provided to the government, MagNav and MAD performers. Sensor packages are expected to evolve throughout the duration of the program to include sensor prototypes.

Compelling solutions address the following:

- For magnetometer sensor solutions:

• Address both MagNav and MAD-based use cases as specified in Table 2,
• Operate on munition, UAS and manned platforms within various thermal, vibrational and electromagnetic interference (EMI) environmental conditions.

 - For platform calibration and noise reduction techniques:

• Can be realized without banking and turns that deviate significantly from nominal flight plans,
• Persists from prior flights, are updated throughout flight, and do not fail when traversing significant changes in latitude,
• Autonomously eliminates local interference not handled by conventional techniques. 

- For magnetic mapping techniques:

• Can achieve significant reduction in integrated cost versus conventional techniques,
• Enable rapid production of large-scale maps over open ocean that accurately account for temporal field variations. 

- For MavNag: 

• Provides real-time position updates to navigation estimator using All Source Position and Navigation (ASPN) standards,
• Algorithms that can be demonstrated on munition, UAS and manned platform use cases, 
• Techniques that limit the need for additional sensors and hardware.

   - For MAD: 

• Use case for air-launched expendable, low-cost, A-size sonobuoy UAS to autonomously detect, localize, and persistently track submerged targets,
• Use case for ground launched recoverable UAS that addresses magnetic mine detection,
• Use case for submarine launched expendable UAS for an organic self-signature measurement capability,
• Sea floor arrays with autonomous noise reduction, target detection, and tracking capabilities,
• Algorithms that adapt to changes in environmental clutter

C. Technology Insertions:

DoD seeks commercial technical solutions to advance quantum sensors performance and SWAP metrics that are achievable today. Majority of quantum sensing devices incorporate the use of lasers to manipulate atomic states to observe phenomenology. Maturation of integrated photonic systems and laser components is necessary for large improvements in SWAP when compared to what is achievable in existing efforts.    

Compelling solutions shall address the following:

• Clear insertion pathway to quantum sensor technical solutions, which may occur in mid-course solution spirals 
• Modular and broad applicability to more than a single sensor/vendor technical solution, but component or sub-system solution that boosts several quantum sensing solutions
• Applicability to larger community outside the TQS performers

Shared AOI Objectives for all Bidders

• Bidders may submit collaboratively or independently while addressing a subset of the problem statement. Each submitter must identify willingness to collaborate and partner with technical insertion, sensor, and integrator performers. 
• Compelling solutions illustrate the maturity of the solution, to include existing hardware performance metrics and ability to scale an end-to-end system demonstration rapidly.
• Unique domain requirements (e.g. radiation hardening, extensive space qualification) are not required and will be considered further into the prototype cycle if necessary. However, ruggedization and mission relevant environment qualification is expected.
• International partners will be considered with prototypes meeting applicable International Traffic in Arms Regulations (ITAR).
• Compelling solutions may include architectures, materials and radioisotopes that leverage extensive investment, maturity, and supply chain robustness. Additionally, approaches that lend towards manufacturability, sustainment, and operationally fielding in the applicable domains are desired.
• Vendors are encouraged to incorporate PNT government-owned or open standards to support integration with other sensors, inertial measurement system integration packages, or alternative algorithms. Compatibility with existing standards is desirable.
• Technical insertion bid submissions, may be submitted as a teaming arrangement and/or single integrator for sensor/primes, or incorporate technical proposals with interface definitions on these subsystems to allow for insertion of capability with solution providers. Compelling tech insertions will show clear on-boarding or enhancement opportunities for the sensor and integrator solutions.  
• A vendor may have multiple submissions, either as part of a team, or independently for multiple LoEs. 

Appendix 1 – Inertial User Case Description:

The DoD use cases may be described by inertial operational metrics below.  The metrics listed correlate to the desired prototype end state.

Table 1 - Quantum Sensing Inertial Mission Use Cases

Appendix 2 – Magnetometers User Case Description:

The DoD inertial use cases may be described by operational metrics below.  The metrics listed correlate to the desired prototype end state.

Table 2 - Quantum Sensing Magnetometer Mission Use Cases



Joint Cyber Hunt Kit (JCHK)

Problem Statement and Concept of Operations

The Department of Defense (DoD) conducts hunt operations on DoD and international or domestic partner networks in order to discover advanced persistent threats (APT), and analyze their tactics, techniques, and procedures (TTP). These hunt operations require a next-generation deployable Joint Cyber Hunt Kit (JCHK) with cutting edge commercial off the shelf (COTS) and free and open source software (FOSS) capabilities.

The desired JCHK solution is best described as a mobile “security operations center (SOC) in a box” that can be transported by a nine person team, anywhere in the world. This hunt kit must be capable of standalone operation because it will most often operate in an environment where it is not permissible to connect to the internet, and not permissible to send data offsite for analysis. The hunt kit must also be capable of performing all hunt operation activities without requiring additional processing or storage resources from a partner’s on-premise infrastructure. Furthermore, the hunt kit must be transportable as carry-on luggage, meeting weight and dimension limitations on international commercial airlines, and be compatible with the limited wattage and poorly conditioned power available in developing nations. In addition to the described “SOC in a Box” capability, the JCHK shall also be a modular system that allows for additional processors, storage, software, and capability packages, as future requirements are realized.

Key hunt activities include: determining the best locations to place network sensors; determining all possible paths to sensitive information; validating and augmenting the network map using network traffic files; scanning the network for software, firmware, and configuration vulnerabilities; determining possible attack vectors and their likelihoods; analyzing PCAP files to determine normal behavior patterns; determining the causes of anomalous behaviors; discovering the TTPs APTs used to gain access to a network; discovering the TTPs APTs used to move within a network; discovering the infrastructure that APTs prepared within a network; discovering the TTPs APTs used for the Command and Control (C&C) of infrastructure; discovering and analyzing the TTPs APTs used to attack a target; discovering the TTPs APTs used to exfiltrate data, or deny critical services within a network; discovering the TTPs APTs used to defend their infrastructure or activities from detection or degradation by network defenses; and determining TTPs that network defenders could use to deter, disrupt, and defeat APT activities.

The hunt kit needs to be able to perform any and all activities related to discovering APT activities and analyzing their TTPs. This includes all of the functions typically included in extended detection and response (XDR) applications, including both endpoint detection and response (EDR) and network detection and response (NDR) functions. It also includes many of the functions typically included in case management and workflow management applications, including managing all of the hunt activities across the team as they investigate issues and piece together TTPs, write reports, and communicate with their leadership and other stakeholders. While the teams are on-mission, the hunt kit also provides all of the team’s information technology (IT) resources, including desktop IT resources for communication and report development.

Finally, while there are several security-related requirements related to the hunt kit’s ability to operate on DoD networks, such as United States (US) Trade Agreement Act (TAA) compliance, DoD also desires a hunt kit whose components have no International Traffic in Arms (ITAR) or Export Administration Regulations (EAR) export restrictions so that foreign governments that partner with the US on hunts can procure the same hunt kits if they desire.

Schedule, Execution Details, and Quantity

The vendor must be capable of completing a prototype hunt kit for government testing within four months of receiving an Other Transaction (OT) award.

During the prototype phase of this acquisition, the vendor will deliver a fully integrated hardware / software solution, configure the software to best use the hardware resources, and integrate the software in order to improve workflows, dataflows, and the user experience (UX). The requirements for software integration and improvements will not be specified by the government, and are up to the vendor to choose as part of their strategy. The government’s hunt kit currently uses a mix of COTS software and FOSS, and the government will evaluate alternative software loads during the prototype phase of this acquisition. However, during any follow-on production phases of this acquisition, the government may choose to procure only hardware, software integration, and sustainment services if no compelling software solution is bid.

The vendor’s installation scripts or images will need to be compatible with the Joint Cyber Warfare Architecture (JCWA) software provisioning solution (JSPS), which uses infrastructure-as-code (IaC) technologies. IaC is defined as any software provisioning / software deployment mechanism that is automated, does not require a human with administrative rights to be involved, and can be stored in a repository. This includes Ansible deployment scripts, VMware deployment scripts, Kubernetes deployment scripts, and similar technologies. For the purposes of the prototyping efforts, the vendor may provision the software onto their hardware using any method they desire. Note that if the vendor demonstrates a provisioning solution in the prototyping phase that has sufficient merit, and is in the best interest of the government, there is a possibility that it could be added to the JSPS trade-studies.

If the government determines the prototype project to be successfully completed and decides to award a production OT or contract, the following may apply:

• United States Cyber Command (USCYBERCOM) and the Service Cyber Components (SCC), including Army Cyber Command (ARCYBER), Fleet Cyber Command/Tenth Fleet (FCC/10F), Air Forces Cyber/16th Air Force (AFCYBER), Marine Corps Forces Cyberspace Command (MARFORCYBER), and Coast Guard Cyber Command (CGCYBER) may procure hunt kits on an indefinite delivery, indefinite quantity (IDIQ) basis.
• The final quantities are unknown, but for design and production feasibility analysis purposes should be assumed to be approximately 100 hunt kits per year, with the ability to scale to approximately 250 hunt kits per year, upgrade critical technologies as necessary throughout a kit’s lifecycle, replace entire systems every 3-5 years, and be able to stock or procure parts to repair and refurbish systems as required within a 2-4 week time period.
• The government will purchase the software licenses and supply them to the vendor as government furnished equipment (GFE). It is also likely that the government will provide a small number of government off the shelf (GOTS) applications as GFE. The vendor will be responsible for integrating and sustaining all software. However, the government will own all licenses, control the distribution / prioritization of licenses, and bear all software end user license agreement (EULA) enforcement risk.

Desired Product Specifications

The DoD’s requirements are listed in 5 sections: minimum hardware requirements, optional hardware preferences, minimum software requirements, optional software preferences, and vendor support requirements. The government may further refine or elaborate on any specifications during future phases.

Minimum Hardware Requirements

The hardware solution MUST be one that:

• Can be deployable within stacked transport cases; and be deployable within a top-of-rack, or rack-mounted manner, without experiencing any degradation from electromagnetic interference or signal cross talk.
• Can operate on international power sources ranging from 100 VAC to 240 VAC and 50 to 60 Hz.
• Has the ability to operate in hot indoor temperatures, poorly conditioned power, frequent brown-outs, and occasional power surges.
• Has the ability to be easily scaled up or down to the size of the network being hunted on, as well as the ability to be connected to to-be-defined (TBD) capability expansion packages that will extend the DoD’s hunt capabilities into areas such as industrial control systems (ICS) / supervisory control and data acquisition (SCADA) systems, internet of things (IOT), wireless, and cloud, or extend the JCHK’s capabilities with artificial intelligence / machine learning (AI/ML), storage, or out-of-band (OOB) communication solutions. Proposals for COTS capability expansion packages available within the JCHK prototype and production timeline may be submitted with the JCHK proposal, as separately priced options. Capability package equipment is not part of the nine person transport limit, but carry-on transport on international airline flights is still required.
• Has all the equipment needed to tap and process all PCAP, logs, and metadata across a minimum of three “hunt sites” that each have a 1x 10 Gbps full duplex ingest line, or 2x 1 Gbps full duplex ingest lines. The hunt kit must be capable of processing this data 24x7, at fully saturated data rates, as a stand-alone system, without utilizing SPAN ports on tapped network devices. 
• Has all equipment needed to enable a minimum of nine total host analysts and/or network analysts to perform hunt activities at an “analyst site”. This equipment must include laptops with approximately 17” screens; RJ45, HDMI, USB-A and USB-C connection ports. Any wireless communication, recording, or camera capabilities present must be able to be disabled via hardware, and not be capable of being enabled via software or network communications.
• Has all equipment needed to connect all three hunt sites and the analyst site with whitelisted internet protocol (IP) addresses and virtual private network (VPN) encrypted communications. The connections must also be capable of supporting remote management of all network taps and firewalls using OOB channels; and must be able to connect to another access layer switch at the analyst site. The equipment must be able to meet all three of these conditions concurrently. 
• Has all equipment needed to perform digital forensic analysis of drives and memory, including the equipment needed to clone drives and memory, and the equipment needed to prevent write-back.
• Has the ability to use all common VPN protocols, including internet protocol security (IPsec), OpenVPN, and WireGuard.
• Network taps must be both passive and regenerative so as to not interfere with normal operation of the network it is connected too, and can operate using only an on-board battery for at least 1 hour.
• Has sensors, servers, and laptops that will allow all DoD standard hunt software loadset applications to be installed on virtual machines (VM) with their original equipment manufacturer’s (OEM) recommended resources, with no more than 75% processor utilization, 75% memory utilization, and 50% storage utilization at the sensor, server, and laptop level. For sizing purposes, assume the DoD standard hunt software loadset can be either a Splunk or Elastic based loadset, with approximately 25 total applications.
• Has the ability to store at least 7 days of PCAP collected off a minimum of 3x 10 Gbps full duplex lines, and 90 days of logs and metadata on each server.
• Supports RAID 1, 5, 6 or 10; to manage OS data using RAID 1; and to not lose queued mission data for at least 1 hour in the event of a site-power failure.
• Has all equipment to allow the hunt kit to be connected to a site network using copper, multimode fiber, or single-mode fiber transmission lines.
• Uses copper cabling with RJ45 connectors between all the stand-alone components that comprise the hunt kit, wherever feasible, to allow custom length cables to be easily created in the field. Where this is not feasible, the hunt kit must include the splicing tools needed to make the custom cable lengths.
• Has a capability that aggregates all data from all network taps, making it available for analysis by any sensor or server. The load balancing functions typically included in a packet broker are not required.
• Has network taps and firewalls without any type of in-band management capability, or the ability to turn it off.
• All transport cases and stand-alone hunt kit components should be able to be secured in a way that makes physical tampering evident by casual inspection. At a minimum, the DoD requires that all transport cases and stand-alone components have the ability to be easily secured with wire ties and/or 2.5”x9” tamper evident tape, during both transportation and operation. Alternative solutions with the same or better tamper detection abilities are acceptable.
• Has only self encrypting drives (SED) that comply with the latest version of the Federal Information Processing Standards (FIPS) specification 140, at Security Level 2 or greater, for all drives involved with processing mission, networking, or security data.
• Has a trusted platform module (TPM) with a cryptographic module that is certified by the National Information Assurance Partnership (NIAP) for each stand-alone assembly involved with processing mission, networking, or security data.
• Has all electronic subassemblies involved with processing mission, networking, or security data produced in countries that are members of the US TAA.
• Has only stand-alone assemblies that are available for purchase as COTS items without any ITAR or EAR export restrictions for TAA designated countries.
• Has an extremely high level of reliability, a high level of repairability, and good parts availability.
• Has wheeled travel cases for all equipment that allows a 6-foot-tall person to walk comfortably while towing a case and rolls easily over cobblestone streets; except for laptops, which may have backpack style travel cases that fit under an airline seat.
• Has a tool kit that contains all the tools needed to: remove all drives that process mission, network, or security data; configure the hunt kit for travel or different deployment options (top of rack, rack mounted, case mounted); and maintain or perform repairs and/or component replacements in the field. 

Optional Hardware Preferences

The most preferred hardware solution would be one that:

• Packs the greatest amount of throughput speed, processing power, and storage capacity into a form factor that is transportable by nine personnel as carry-on luggage on standard international airline flights.
• For all drives that store mission, network or security data: has only drives that are easily removable without tools.
• Has the ability to purge non-volatile memory (NVM) in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-88 using ATA, SCSI, NVMe, TCG Opal, or TCG Enterprise cryptographic erase commands; or the ability to easily replace non-purgeable NVM using commonly available memory cards.
• Has the ability to automatically detect tampering while deployed, and to alert network defenders.
• Has the ability to automatically detect tampering during transport, and to alert network defenders, using wireless technologies that can be easily removed prior to deployment, and easily replaced for transport at the end of the mission.
• Has the ability for all small form-factor pluggable (SFP) transceivers to be replaced with multi-source agreement (MSA)-compliant SFPs without any loss of functionality.
• Requires the least number of spares and repair tools to ensure a 95% field availability level.
• Has at least 50% empty space in the laptop backpack when the hunt kit is fully packed.
• Has hard-sided travel cases that stack on their wide face in a stable manner that resists tipping over.

Minimum Software Requirements

The software solution MUST be one that: 

• Has the ability to ingest data from Splunk security information and event management (SIEM) software and forwarders, and to feed data to Splunk SIEMs.
• Has the ability to ingest data from Elastic SIEMs and forwarders, and to feed data to Elastic SIEMs.
• Has the ability to actively (ie: via interrogation or scanning techniques that are detectable by network monitoring / log analysis tools) detect network vulnerabilities, known malware, and signs of intrusion.
• Has the ability to correlate network maps, configuration data, vulnerability scans, and sensitive information locations, and to determine likely attack paths and how an attacker would prioritize them.
• Has the ability to automatically ingest NetFlow, log and metadata data from network devices and hosts, and determine what is normal versus an anomaly with very good detection and low false alarm rates.
• Has the ability to automatically ingest and incorporate cyber threat intelligence (CTI) and indicators of compromise (IOC) from a wide variety of data sources into vulnerability, threat and attack analyses.
• Has the ability to process analytics that are distributed across a set of sensors.
• Has the ability to automatically link, correlate, compare, timeline, trend, and display NetFlow, log and metadata data from network devices and hosts, in ways that make it very effective for analyzing attacker TTPs.
• Has the ability to coordinate incident analysis data and activities across a hunt team in a manner that allows team members to collaborate on analyses using teleconferencing and multi-user editable files.
• Has the ability to query any data within any hunt application, or to write a trigger that results in an action within any hunt application, using Structured Query Language (SQL) or similar.
• Has the ability to automate workflow and dataflow across hunt applications, or to call queries or triggers using only the application programming interfaces (API) for the hunt applications.
• Has the ability to create custom network topology maps that combine subsets of level 2 and level 3 topology maps, and incorporate evidence of attacker TTPs as annotations and links to the SIEM data.
• Has the ability to easily create a virtualized environment that is a digital twin of the IT environment being analyzed at the partner site, for testing purposes.
• Has the ability to automatically validate files against known hashes, of any common hash type.
• Has the ability to detect malware within files, binaries, and addressable memory, with high levels of detection but low levels of false alarm.
• Has the ability to perform malware analysis activities, including identification, triage, static analysis, dynamic analysis, and reverse engineering, all performed in a sandboxed environment.
• Has the ability to perform cyber threat emulation (CTE) activities, including probing, penetration, pivoting, evasion, and coordinated attacks, that can be packaged to simulate a particular APT’s TTPs.
• Has the ability to insert links to data, analyses, notes, dashboards, tables, charts, or graphs in a hunt application into a Microsoft (MS) Word, MS Excel, MS PowerPoint, MS Visio, or Adobe PDF document.
• Has the ability to function without needing a connection to the external internet.
• Has the ability to function in Linux, VMware, or Docker / Kubernetes environments.
• Has the ability to function using only the processing and storage resources within the hunt kit.
• Has the ability to be configured quickly and easily in a way that meets all the security control requirements for operating on a DoD network, that are applicable to software.
• Has a licensing model that allows the government to pay a fixed cost per hunt kit license per year, and allows the hunt kit to be used to hunt on networks with an unknown quantity of devices and dataflow.

Optional Software Preferences

The most preferred software solution would be one that:

• Has the ability to detect malware within unaddressable memory, firmware, and integrated circuits (IC) with high levels of detection, but low levels of false alarm.
• Has the ability to passively (ie: without performing any outgoing communications) detect network vulnerabilities, known malware, and signs of intrusion.
• Has automations or wizards / work-aids that allow a basic level analyst to perform malware analysis activities as thoroughly as an intermediate level analyst. 
• Has automations or wizards / work-aids that allow a basic level analyst to perform CTE activities as thoroughly as an intermediate level analyst.
• Has the ability to search information from the malware and CTE analyses from the SIEM and integrate information from the malware and CTE analyses into the network maps.

Vendor Support Requirements

The DoD requires a hunt kit vendor who:

• Has the ability to support the prototype and production contracts using only personnel who are US Persons as defined by the US Immigration Reform and Control Act (IRCA) of 1986 as amended, and using only facilities, IT equipment, and personnel located in the US.
• Has the ability to deliver the quantities of hunt kits desired, within the desired timelines, with high levels of quality assurance, and low levels of cost, schedule, and hunt kit performance risk.
• Has the ability to provide software integration, configuration, and optimization services in a fast-paced user-driven DevSecOps environment, including developing dataflow scripts and plugins, and productivity enhancement tools.
• Has the ability to provide 24x7 help desk support in the areas of hardware configuration, software configuration, hunt software usage, site-integration troubleshooting, and dataflow troubleshooting.
• Has the ability to provide system refurbishment services, including NIST SP 800-88 compliant NVM sanitization, hardware repairs, upgrades, and performance testing. 
• Has the ability to provide system logistical services and inventory management for hardware components located in sites throughout the US.
• Has the ability to provide systems engineering support in the areas of deployment technical planning, hardware/software system optimization, software suite improvement, and failures / root cause analysis.
• Has the ability to provide the security engineering and system documentation required to attain an authority to operate (ATO) to connect a system to DoD networks, including classified networks, and to support site-specific security inquiries.
• Has the ability to develop training materials including: hardware configuration and administration manuals, software configuration and administration manuals, and activity-based software usage videos.

Awarding Instrument

This Area of Interest solicitation will be awarded in accordance with the Commercial Solutions Opening (CSO) process detailed within HQ0845-20-S-C001 (DIU CSO), posted to SAM.gov on 13 Jan 2020, updated 02 Oct 2023. This document can be found at: https://sam.gov/opp/e74c907a9220429d9ea995a4e9a2ede6/view

Vendors are reminded that in order to utilize an Other Transaction (OT) agreement the requirements of 10 USC 4022 must be satisfied. Specifically reference 10 USC 4022(d), which requires significant contribution from a nontraditional defense contractor, all participants to be small business concerns, or at least one third of the total cost of the prototype project is to be paid out of funds provided by sources other than the federal government.

Follow-on Production

Companies are advised that any prototype OT agreement awarded in response to this AOI may result in the award of a follow-on production contract or transaction without the use of further competitive procedures. The follow-on production contract or transaction will be available for use by one or more organizations in the Department of Defense and, as a result, the magnitude of the follow-on production contract or agreement could be significantly larger than that of the prototype OT. As such, any prototype OT will include the following statement relative to the potential for follow-on production: "In accordance with 10 U.S.C. 4022(f), and upon a determination that the prototype project for this transaction has been successfully completed, this competitively awarded prototype OT may result in the award of a follow-on production contract or transaction without the use of competitive procedures.”