1. Overview: The goal of this RFI is to seek information on Innovative Blockchain Agnostic and Interoperable Solutions relating for the protection of highly sensitive data to help DISA shape requirements.
2. Scope of Effort: DISA EM is exploring ways to use Blockchain to ensure the integrity and immutability of critical data is maintained throughout its operational lifetime, and use it to provide an alerting mechanism whenever this data is tampered with in any way. DISA EM is also interested in knowing some of the best practices with maintaining critical data in a decentralized and distributed manner.
Below is a scenario example of using Blockchain for detection and alerts:
A network intrusion occurs from an unauthorized user performing malicious activities and there is a tracing of activities being logged in the background. Simultaneous, these logs are kept in a Blockchain in order to report in an immutable way as to not change everything that has transpired. At the same time, the data is being replicated and shared via a Distributed Ledger Technology (DLT) or Blockchain in a decentralized and distributed manner. If in any way the intruder tries to cover their tracks by modifying or deleting this information stored, the system will generate an alert to a Dashboard.
3. Technical Characteristics: DISA is looking to learn more about industry capabilities using the Blockchain technology to:
a. Develop Blockchain agnostic solutions that can be interoperable across different blockchains.
b. Ensure the immutability of critical data and provide alerts of tampering of this data.
c. Store critical data in a decentralized and distributed manner.
a. What solutions are available that can leverage Blockchain technology? Please include how your platform would work. Be sure to include the type of Blockchain that would be used in the solution.
b. Please explain exactly where data would be stored and if it would be in a “centralized” or “decentralized” manner. Please include how the platform selected would achieve decentralization. What different architectural design decisions were made to ensure the solution could be highly distributed and decentralized?
c. Explain a solution that could leverage a “Private” or “Public” Blockchain. Please include how your platform works, and if the solution could be “Blockchain” agnostic.
d. Please provide a brief overview of how your solution would be applicable to Blockchain data management and alert notification.
e. Please explain if the technology of the solution would be an open source solution (or willing to be open source) under the following licenses or their equivalent: (i) for software, a GNU General Public license, MIT or BSD, (ii) for hardware, a CERN, MIT or TAPR open license and (iii) for design or content, a CC-BY license. If already open source, please provide the link to the repository.
f. Explain how your solution would achieve “immutability” using the Blockchain technology.
g. Please elaborate on the type of quantifiable results that would be available as a result of your work. Such results could include user feedback, pull-requests, engagement numbers, or other data sources. How do you validate the success of the solution?
h. Please elaborate on the magnitude of supporting infrastructure that would be necessary to implement your solution, taking into account requirements such as authentication, authorization, security and management.
i. Please include an explanation about previous experiences deploying blockchain systems for others.
j. Please include a Rough Order of Magnitude for your solution.
Interested parties are requested to respond to this RFI with a white paper. Submissions cannot exceed 10 pages, single spaced, 12-point type with at least one-inch margins on 8 1/2” X 11” page size. The response should not exceed a 5 MB e-mail limit for all items associated with the RFI response. Responses must specifically describe the vendor’s capability to meet the requirements outlined in this RFI. Oral communications are not permissible. SAM.gov will be the sole repository for all information related to this RFI.
DISA representatives may choose to meet with potential offerors and hold one-on-one discussions. Such discussions would only be intended to obtain further clarification of potential capability to meet the requirements, including any development and certification risks.
Questions regarding this announcement shall be submitted in writing by e-mail to Daniel.firstname.lastname@example.org and email@example.com. Verbal questions will NOT be accepted. Answers to questions will be posted to FBO. The Government does not guarantee that questions received after 1600 on September 10, 2021, will be answered. The Government will not reimburse companies for any costs associated with the submissions of their responses
This RFI is not a Request for Proposal (RFP) and is not to be construed as a commitment by the Government to issue a solicitation or ultimately award a contract. Responses will not be considered as proposals nor will any award be made as a result of this synopsis.
All information contained in the RFI is preliminary as well as subject to modification and is in no way binding on the Government. FAR clause 52.215-3, “Request for Information or Solicitation for Planning Purposes”, is incorporated by reference in this RFI. The Government does not intend to pay for information received in response to this RFI. Responders to this invitation are solely responsible for all expenses associated with responding to this RFI. This RFI will be the basis for collecting information on capabilities available. This RFI is issued solely for information and planning purposes. Proprietary information and trade secrets, if any, must be clearly marked on all materials. All information received in this RFI that is marked “Proprietary” will be handled accordingly. Please be advised that all submissions become Government property and will not be returned nor will receipt be confirmed. In accordance with FAR 15.201(e), responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract.