Evaluation of mobile device security using a wireless access method

Questions & Answers / Clarifications

This document contains responses to a Request for Information (RFI) regarding the evaluation of mobile device security using a wireless access method (RFI #: 15F067-26-PN-MEA02).

• Device Quantity & Locations: One device is anticipated at a time, across one location.
• Testing Objective: The "local wireless technologies" objective is to test if wireless access can circumvent security measures.
• Modifications: Modifications to hardware, firmware, or software are allowed for testing and development, but not for the final prototype.
• 5G/LTE & Fault Injection: Interest in 5G/LTE protocol level attacks and electromagnetic fault injection is "no".
• Technical Information Provided: The "make and model" of the mobile device will be provided.
• Funding: Funding for this effort has not yet been identified, and therefore, no funding confidence level or anticipated amount can be provided.
• Commercial Terms: The OTA will be structured with commercial-leaning terms emphasizing flexibility, streamlined execution, and a collaborative approach to risk, incorporating elements common in commercial contracting.
• Allocation of Rights: No predetermined Allocation of Rights template is identified; terms will be shaped collaboratively.
• Price Analysis: Price analysis techniques consistent with commercial practices will be used.
• License Agreements: The Government is open to recommendations regarding license agreements for prototypes during this market research phase.
• Security Posture Checks: Requirements include assessing how secure the device is from an access method involving local wireless technologies, potentially including device compromise (jailbreak/root) detection and malware detection.
• Past Performance: Past performance with the FBI or other DOJ components may be considered but is not a prerequisite. Both traditional and non-traditional vendors are welcome.
• SMS Traffic: There is no requirement to capture and save SMS traffic.
• Wireless Protocols: Applicable protocols include WiFi 802.11 a/b/g/n/ac/ax/be, Bluetooth 4/5/LE, NFC, UWB, etc., but exclude cellular.
• USB Access: USB-based access is not within the scope of the activity.
• Operating Systems: Both Android and iOS are within scope; MTE based iPhones are outside scope.
• Prototype Focus: The OTA is for a singular working prototype, with potential for follow-up work on production.
• Acquisition Approach: The acquisition approach for the prototype OTA is still being assessed and will be shaped by industry feedback.

This RFI response clarifies numerous aspects of the potential solicitation, including technical requirements, testing parameters, contractual terms, and evaluation considerations. Bidders should review these clarifications to inform their understanding and potential response to the upcoming solicitation.

Request for Information (RFI)

The Federal Bureau of Investigation (FBI) is conducting market research to identify potential sources and assess the availability of commercial products or solutions for evaluating mobile device security using a wireless access method. The FBI is seeking to determine if a commercial product currently exists that meets their needs. If not, they are interested in understanding industry capabilities and interest in developing a solution under a Prototype Other Transaction Agreement (OTA).

• Technical Objective: Provide a prototype capability that assesses the security posture of commercial mobile devices operating from an access method involving local wireless technologies.

• Constraints: The prototype must be applicable to realistic operational scenarios and compatible with current mobile operating systems.

• Deliverable: A white paper including a cover letter and technical approach.

• White Paper Due Date: 2/25/2026

• Questions Due Date: 2/13/2026 (via email to AO: Meagrinzoni@fbi.gov, subject line to identify RFI Title. Verbal questions will not be accepted.)

• Submission Format: All submissions must be unclassified. Respondents are encouraged to provide concise, relevant information.

• This RFI is for market research and does not constitute a solicitation or obligation to procure. Information provided will not be accepted as offers.

• The FBI is seeking full ownership of all intellectual property/data.

• The document defines Prototype OTAs and criteria for non-traditional Government contractors.

• The FBI is interested in solutions from non-traditional Government contractors (entities not performing government contracts for at least one year prior to solicitation).

• The Agreements Officer (AO) is the sole point of contact for official communications.

• Questions will be answered by posting responses to SAM.gov by amendment to this RFI. Not all questions are guaranteed to be answered.