The Army's Request for Information (RFI) aims to gather industry feedback on safeguarding Digital Engineering (DE) capabilities and data, critical for modernization amidst evolving global challenges. The Army emphasizes the need for consistent protection requirements due to the sensitivity of DE data, which is at risk from foreign competitors. This initiative does not constitute a Request for Proposal (RFP) or solicitation but seeks to evaluate the applicability of draft policies and their impacts, including cybersecurity and supply chain implications. Interested parties are invited to respond by 12 July 2024, providing organizational details, relevant experience, and responses to specific questions outlined in attached documentation. All information received will assist the Army in shaping broad software acquisition guidance and may be aggregated for summary publication. The RFI emphasizes that submissions become government property and are not subject to reimbursement, maintaining the confidentiality of proprietary information. This initiative illustrates the Army's proactive stance in enhancing security measures for its digital engineering framework.
The Department of the Army has issued a memorandum outlining protection requirements for Digital Engineering (DE) capabilities vital for Army modernization amidst global challenges. The memo emphasizes the need for stringent cybersecurity measures to safeguard Army DE data and tools from adversaries aiming to exploit vulnerabilities. It applies to all DE-related efforts in acquisition, research, logistics, and sustainment.
The policy designates Army DE capabilities as controlled technical information (CTI) under the DoD's Controlled Unclassified Information (CUI) program. DE capabilities must comply with moderate-level cybersecurity controls to ensure data confidentiality and integrity. Notably, the memorandum does not classify CTI as the highest classification level, which may also cover classified networks.
The Army must assess internal environments for developing and storing CTI DE capabilities and review related contracts for compliance. Findings are to be reported to the Deputy Assistant Secretary of the Army within 120 days. This initiative reflects the Army's commitment to enhancing the protection of critical digital assets and maintaining a strategic technological advantage while addressing potential gaps in existing policies and guidance.
The Army is proposing a policy to classify digital engineering data as Controlled Unclassified Information (CUI) under the Controlled Technical Information (CTI) designation. This policy aims to cover data on both U.S. Government and external networks, focusing on the Defense Industrial Base and academia. To gather industry input on the draft policy, the Army requests responses regarding best practices, compliance impacts, and general feedback. Respondents are asked if they provide digital engineering tools aligned with DoD Instruction 5000.97, whether they classify such data as CUI, and how they secure it. Additionally, they must evaluate if current contracting language needs updates to align with the new policy and identify potential impacts on their operations. The call for responses underscores the Army's commitment to continuous engagement with industry stakeholders while ensuring the security and integrity of critical engineering data within defense contracts. This initiative reflects the efforts of the federal government to enhance data protection and maintain compliance in defense-related projects.
The document outlines a Second Request for Information (RFI) related to the Digital Engineering Protection Policy, soliciting feedback from industry respondents regarding their compliance with updated classification requirements. It includes two sections: Section A, targeted at organizations that previously responded to an earlier RFI, and Section B, aimed at those who did not participate. Section A requests insights on potential prohibitive impacts of the draft policy and any additional feedback. Section B contains inquiries regarding compliance with classification requirements, the adequacy of contracting language, impacts on contract execution, resources needed for compliance, best practices for securing digital engineering data, and general comments on the draft policy. The RFI seeks to enhance understanding of the implications of digital engineering capabilities and tools within government contracting, ensuring that the policy aligns with industry practices and does not hinder operational capabilities. Overall, the document emphasizes the importance of stakeholder input in refining the policy to safeguard digital engineering assets effectively while promoting compliance.
The Department of the Army issued a memorandum outlining protection requirements for Digital Engineering (DE) capabilities, crucial for modernizing Army operations amid complex global threats. It emphasizes safeguarding Controlled Technical Information (CTI) associated with DE, such as digital models, threads, and artifacts, from espionage and cyber threats. DE capabilities are essential across acquisition, research, and logistics, operating in both government-controlled and external environments, necessitating adherence to Department of Defense (DoD) cybersecurity standards.
The policy mandates that Army DE elements are treated as CTI, requiring specific security controls in line with DoD guidelines. Additionally, organizations must assess their environments for compliance and submit plans and findings to the Deputy Assistant Secretary of the Army within stipulated timeframes. The document also specifies that COTS tools generating Army data remain classified as CTI. The memorandum reinforces the need for strategic measures to protect Army digital technologies, ensuring the integrity of mission-critical systems and data, thereby maintaining the Army's strategic advantage in defense operations.
The document is a Digital Engineering Second Request for Information (RFI) that invites industry responses pertaining to a draft policy memorandum regarding digital engineering capabilities. It consists of two main sections: Section A addresses organizations that previously responded to an initial RFI and asks for specific compliance impacts and additional feedback on the updated policy. Section B targets those who did not respond earlier, focusing on compliance with classification requirements from DoDI 5000.97, the time required for compliance, potential updates to contracting language, and other compliance implications. It also queries companies about how they determine security levels for digital engineering tools and industry best practices they employ. The overarching aim of the RFI is to gather insights from industry stakeholders to refine and ensure the effective implementation of the proposed digital engineering protection policy, thereby assessing its feasibility, compliance implications, and best practices for safeguarding digital engineering resources within government contracting frameworks.
The document outlines a Request for Information (RFI) regarding a draft Digital Engineering Protection Policy, distributed to solicit feedback from industry respondents. It is divided into two main sections: Section A addresses organizations that previously participated in the RFI, prompting them to assess the draft policy's implications for compliance and provide any substantive feedback. Section B targets organizations that did not respond earlier, asking about their compliance with existing classification requirements related to digital engineering, potential impacts the draft policy could impose on contract execution, and necessary resources or changes for future compliance.
Key inquiries focus on compliance with existing Department of Defense guidelines, the adequacy of current contracting language, and any resources needed to mitigate negative impacts. Additionally, the document seeks information on industry best practices in securing digital engineering capabilities and data. This RFI emphasizes the need for industry engagement in shaping policy that could affect their operations while ensuring adherence to federal compliance standards within the context of government contracts and grants.
The Army's updated Request for Information (RFI) aims to gather industry insights on enhancing the protection of digital engineering capabilities and data essential for Army modernization in the face of growing global threats. It stresses the need for stricter safeguards against adversaries who target Army design data, risking intellectual property and operational integrity. This RFI is not a solicitation and does not commit the Army to any future acquisition but seeks written feedback on a draft protection policy, which includes potential impacts on cybersecurity, costs, and operational aspects.
Participants are encouraged to provide detailed responses, including organizational details, industry classification, and experience with overseas operations. The feedback will inform the Army's future policies regarding software solutions and may lead to further engagement opportunities. Responses must be submitted by September 27, 2024, and proprietary information will be respected, with all submissions becoming government property. The initiative reflects the Army's dedication to securing its digital engineering environments against emerging risks while ensuring that collected information serves to guide policy formation effectively.