Basic requirements (required) capabilities:

• The web/messaging server component is not vulnerable to remote network exploitation using zero days or NDays resulting in server compromise, unauthorized egress of server data or unauthorized access
• The Web Server component must be able to employ TLS encrypted connections by default.
• The Web Server component must be able to support MFA, cryptographically secure authentication
• Must Support IPV4 transport
• Must enable static web page rendering
• Must enable multiple http routes to segment content for requesting clients
• Must generate access, error and authentication logs
• Must enable properly authenticated HTTP Client to send and receive text messages at least 500 characters long (Web messaging) and view static web pages
• Must make messages available to clients based on user identity via a basic role-based access system
• Must be able to sustain 250 Concurrent Web Client static web page or messaging connections
• Supports HTTP/1.1 Protocol (minimum)
• Must redirect HTTP connections to HTTPS (TLS) by default
• Must be securely configurable either by command line interface or configuration file
  

Optional Desired Capabilities:

• Enable multiple routes based on authenticated user identity/role
• Uses DNS to support granular multi domain support (Virtual Hosts)
• Implement Server Name Indication protocol (supporting multisite hosting)
• IPV4 and IPV6 Support
• Support For HTTP Compression (e.g. GZIP)
• Supports HTTP/1.1 and HTTP/2.0
• Support 2000 concurrent web and or web messaging connections
• Able to limit request sizes/bodies to configurable threshold
• Able to implement socket timeouts to configurable threshold
• Enable HTTP Clients to send and receive Text and Binary messages (images) 1000 chars/2MB size
• Enable basic searching of messages by user or datetime

What is an Assessment Event (AE)?

ARCYBER submits specific problems to solve and CFIC utilizes its ecosystem and market research to attract best-of-breed submissions to solve the problem. ARCYBER subsequently reviews and selects participants with the highest value to present and/or demonstrate their capability in a one-on-one session with Government Stakeholders.

Event Overview:

Phase 1 – 6 February 2023 to 26 February 2023 Submissions Open: Interested respondents who could potentially provide solutions that meet the needs of the Stakeholders are encouraged to submit their solutions per the instructions below NLT 26 February 2023, 11:59 PM ET.

Phase 2 – 28 February 2023 to 8 March 2023 Down-selects: ARCYBER will downselect those respondents/submissions they feel have the highest potential to satisfy their capability needs. Companies with favorably evaluated submissions will receive an invitation to the Assessment Event (Phase 3) o/a 8 March.

Phase 3 – 21 March 2023 to 22 March 2023 Assessment Event (AE): During the AE, invited participants will be allotted a one-on-one session with the Government evaluation panel to pitch, demonstrate, and/or discuss their solutions. The forum will include a Q&A portion and discussions may continue outside of the event to determine who (if anyone) proceeds to Phase 4 follow-on efforts.

Phase 4 – Follow-On: The Government has several acquisition/contract vehicles (i.e., various IDIQ contracts, purchase orders, etc.) to potentially purchase the final solution if operationally viable. The Government may elect to purchase all, some, and/or none of the solutions from Phase 3 for further projects.