[Federal Register Volume 79, Number 7 (Friday, January 10, 2014)]
[Notices]
[Pages 1831-1832]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-00260]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket No.: 130212127-3999-04]


Proposed Establishment of a Federally Funded Research and 
Development Center

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The National Institute of Standards and Technology (NIST), 
Department of Commerce, intends to sponsor a Federally Funded Research 
and Development Center (FFRDC) to facilitate public-private 
collaboration for accelerating the widespread adoption of integrated 
cybersecurity tools and technologies. NIST published three notices in 
the Federal Register advising the public of the agency's intention to 
sponsor an FFRDC and requesting comments from the public. This notice 
provides NIST's analysis of the comments related to NIST's proposed 
establishment of the FFRDC received in response to those notices. These 
responses, as well as NIST's responses to the many acquisition-related 
comments and questions received in response to the three notices will 
be posted on FedBizOpps.

DATES: NIST published portions of a draft Request for Proposals for 
public comment in December 2013.

ADDRESSES: NIST's responses to acquisition-related comments and 
question and the draft Request for Proposals will be published for 
public comment at www.fbo.gov.

FOR FURTHER INFORMATION CONTACT: Keith Bubar via email at 
[email protected] or telephone 301-975-8329 or Keith Bubar, NIST, 
100 Bureau Drive, Mail Stop 1640, Gaithersburg, MD 20899-1640.

SUPPLEMENTARY INFORMATION: NIST has identified the need to support the 
mission of the National Cybersecurity Center of Excellence (NCCoE) 
through the establishment of an FFRDC. In evaluating the need for the 
FFRDC, NIST determined that no existing alternative sources can 
effectively meet the unique needs of NIST. The proposed NCCoE FFRDC 
will have three primary purposes: (1) Research, Development, 
Engineering and Technical support; (2) Program/Project Management 
focused on increasing the effectiveness and efficiency of cybersecurity 
applications, prototyping, demonstrations, and technical activities; 
and (3) Facilities Management. The proposed NCCoE FFRDC may also be 
utilized by other federal agencies.
    The FFRDC will be established under the regulations found at 48 CFR 
35.017.
    Comments Received and Responses: The following is a summary and 
analysis of the comments received during the public comment period and 
NIST's responses to them. NIST received comments from a total of 46 
commenters. NIST received three comments opposed to establishing the 
proposed FFRDC. In addition, NIST received two comments opposed to 
government spending in general, but not specifically directed toward 
the proposed FFRDC. Finally, NIST received a total of 73 additional 
comments/questions from 43 commenters, centered on the proposed 
acquisition and other related topics.
    A summary of the public comments opposing the establishment of the 
FFRDC, along with NIST's responses to each, are as follows:
    Comment: Two commenters stated that hundreds of private sector 
firms are capable of performing the tasks described in the notice.
    Response: NIST is aware of the vast cybersecurity research, 
development, engineering, technical, program/project management and 
facilities management capabilities available in the private sector. The 
NCCoE meets its unique mission of increasing the rate of adoption of 
more secure technologies by establishing broad consortia of academic, 
government, and private sector organizations whose engineers work side-
by-side at the center. While potentially having the appropriate 
technical capabilities, private sector firms motivated by profit and 
future competitive opportunities would not provide the same level of 
objectivity as an organization managing an FFRDC.
    Comment: One commenter stated that a Request for Information or 
draft Request for Proposals (RFP) would likely yield numerous responses 
from qualified private sector firms.
    Response: NIST intends to publish a draft RFP to allow prospective 
offerors an opportunity to ask questions and provide comments.
    Comment: Two commenters stated that any concerns about 
organizational conflicts of interest within the private sector can be 
resolved through industry divestitures and other methods, and can be 
fully addressed and prevented through provisions in the current 
acquisition system.
    Response: As established under the Federal Acquisition Regulation 
(FAR), FFRDCs are designed to prevent potential conflicts of interest 
from occurring and to allow for the independence and objectivity 
necessary to collaborate effectively with a broad consortium of 
technical organizations. By establishing an FFRDC, potential conflicts 
of interest will be avoided as the FFRDC operator will not be motivated 
by potential competitive advantages or profit, ensuring a level playing 
field for all collaborators on NCCoE activities. The FFRDC operator 
could potentially have access to the intellectual property of a large 
number of possibly competing companies collaborating on NCCoE 
activities. The

[[Page 1832]]

access to intellectual property of many companies could present 
conflicts of interest for an organization that does not meet the 
provisions of FAR 35.017(a)(3).
    Comment: One commenter stated that NIST has not adequately 
demonstrated that there are no existing contract vehicles or FFRDCs 
available to meet its needs.
    Response: Through conducting market research, NIST determined that 
neither a standard services contractor nor an existing FFRDC can 
adequately meet NIST's requirement for supporting the NCCoE. Review of 
the 40 existing FFRDCs indicated that only one incorporated 
cybersecurity in its mission and vision statement, Carnegie Mellon 
Software Engineering Institute (SEI), sponsored by the U.S. Army. SEI's 
stated mission is to ``advance the technologies and practices needed to 
acquire, develop, operate, and sustain software systems that are 
innovative, affordable, trustworthy, and enduring.'' SEI identifies its 
competencies as including software engineering and research, computer 
security, emerging software technologies, and acquisition solutions. 
SEI's mission statement and the focus of its current staff are 
significantly narrower than the NCCoE's requirement to execute applied 
research and collaborate with industry, academia, and government to 
accelerate the adoption of solutions based on existing commercial-off-
the-shelf products. The use of SEI to support the mission of the NCCoE 
would result in a significant limitation on the range of services that 
could be performed and the range of use cases to be undertaken.
    Comment: Two commenters stated that NIST has not clearly stated the 
basis, purpose and mission of the FFRDC.
    Response: In the forthcoming draft RFP, NIST will articulate its 
requirement for the FFRDC with greater specificity, and prospective 
offerors will have the opportunity to ask questions and submit 
comments.
    Comment: One commenter stated that creating a new FFRDC would 
expose NIST to significant cost vulnerabilities and potential criticism 
from Congress and others.
    Response: The competition for an Indefinite Delivery Indefinite 
Quantity (IDIQ) contract, the contracting mechanism to be used for the 
FFRDC, occurs at the base contract level. The nature of an IDIQ 
contract does allow for future actions within the scope of the contract 
to be awarded without further competition. However, NIST will review 
the scope of work thoroughly to identify areas that require 
clarification prior to release of the RFP, and the IDIQ contract will 
be competed to the maximum extent practicable. NIST will negotiate the 
cost, terms and conditions of all task orders with the FFRDC operator 
before performance commences. By using a task order based IDIQ 
contract, NIST will balance scope and cost control while allowing for 
the flexibility to address the needs of the NCCoE.
    NIST has posted a notice to the Federal Business Opportunities 
(FBO) Web site with the official responses to each comment received in 
response to the previous three Federal Register notices, including 
those comments summarized above. The FBO Reference Number for this 
notice is NCCoE--FFRDC-FRN--4. NIST published portions of a draft 
Request for Proposals for public comment in December 2013.

    Dated: January 6, 2014.
Willie E. May,
Associate Director for Laboratory Programs.
[FR Doc. 2014-00260 Filed 1-9-14; 8:45 am]
BILLING CODE 3510-13-P