Information Innovation Office (I2O) Office-Wide

Other / Unclassified

This document outlines the stringent requirements and procedures for submitting classified proposals to DARPA. It details the necessary security clearances, facility approvals, and information systems required for proposers. It specifies the methods for submitting classified information, including hard copy (three copies and two CD-ROMs) and electronic submissions via approved secure networks (SAVANNAH/ASCEND, JWICS, or SIPERNET).

This document is critical for any bidder intending to submit classified information as part of their proposal. It mandates obtaining a solicitation contract security specification (DD Form 254) from the DARPA technical office. It provides detailed instructions for handling and transmitting Confidential, Secret, Top Secret, Sensitive Compartmented Information (SCI), and Special Access Program (SAP) information, including specific mailing addresses, courier requirements, and contact points for security coordination (e.g., HR001126S0001@darpa.mil, I2Osecurity@darpa.mil, DARPA CDR at 703-526-4052).

For combined classified and unclassified submissions, proposers must submit them as separate documents and notify DARPA via email. The unclassified portion should be submitted through the DARPA Broad Agency Announcement Tool (BAAT), while the classified portion must follow the specific classified submission instructions. Bidders must ensure compliance with all outlined security protocols to ensure their proposal is accepted.

Solicitation / RFP / RFQ

This document outlines the Cybersecurity Maturity Model Certification (CMMC) requirements for awards resulting from a Broad Agency Announcement (BAA) that take the form of procurement contracts. It details the different CMMC levels (1, 2, and 3) that may be required based on the sensitivity of information (Federal Contract Information - FCI, or Controlled Unclassified Information - CUI).

• CMMC Level 1 (Basic Safeguarding of FCI): Requires a current CMMC Level 1 Self-Assessment recorded in SPRS prior to award. No Plan of Actions & Milestones (POA&M) are permitted. A valid Level 1 certification is a condition of award. Subcontractors handling FCI must also maintain a Level 1 Self-Assessment.
• CMMC Level 2 (Broad Protection of CUI): Requires a current CMMC Level 2 Self-Assessment posted in SPRS prior to award. After November 10, 2026, a CMMC Level 2 Certification issued by an authorized CMMC Third-Party Assessment Organization (C3PAO) will be required prior to award. POA&Ms are permitted for closeout assessments within 180 days. A valid Level 2 certification is a condition of award. Subcontractors handling CUI must maintain Level 2 certification.
• CMMC Level 3 (Higher-Level Protection of CUI): Requires a successful Government-led CMMC Level 3 Assessment prior to contract award. This includes requirements from NIST SP 800-171 and NIST SP 800-172. POA&Ms are permitted for closeout assessments within 180 days. A valid Level 3 certification is a condition of award. Subcontractors handling CUI must maintain Level 3 certification or higher.

Not specified in this document.

• Offerors must possess the required CMMC certification/assessment status prior to award.
• Failure to possess the required certification at the time of award will result in ineligibility.

Not specified in this document.

• The specific CMMC level (1, 2, or 3) will be designated in each resulting contract.
• The Government will verify certification status in SPRS and may request supporting evidence.
• Contractors must maintain their required certification status for the full contract period.

Form / Attachment / Pricing Sheet

This document is an abstract template provided for proposers to submit their concepts for potential research or prototype projects. It outlines the required sections and formatting for abstract submissions.

• Abstract Coversheet: Includes fields for Proposer Organization, Technical and Administrative Points of Contact (POC), Award Instrument Requested, Estimated Total Cost, and Estimated Period of Performance.
• Abstract Content: Requires sections for Goals and Impact, Technical Approach, Capabilities/Management Plan, Cost and Schedule, and Bibliography.
• Formatting Requirements: Specifies a 5-page limit for the abstract content (excluding coversheet, table of contents, bibliography, and technical papers), 12-point font, 1" margins, and submission in PDF or Microsoft Word.
• Submission Requirements: Abstracts must be submitted via DARPA’s Broad Agency Announcement Tool (BAAT) for unclassified submissions. Classified abstracts have separate submission procedures.

This template is crucial for potential bidders as it dictates the structure, content, and submission method for their abstract. Adhering to these guidelines is necessary for a conforming submission. It guides bidders on what information to include regarding their proposed work, technical approach, team capabilities, and cost estimates.

Solicitation / RFP / RFQ

This Broad Agency Announcement (BAA) from the Defense Advanced Research Projects Agency (DARPA), Information Innovation Office (I2O), seeks innovative science and technology solutions to enhance national security in the information and computational domains. The I2O focuses on key thrust areas including Transformative AI, Resilient, Adaptable, and Secure Software and Complex Systems, Offensive and Defensive Cyber Security and Privacy, and Fighting in the Information Domain. DARPA is open to unconventional approaches that promise decisive information or computational advantage and may consider efforts outside these thrust areas.

The BAA solicits research that aims for revolutionary advances, not evolutionary improvements. Specific areas of interest include:

• Trustworthy, disruptive AI technologies and methodologies.
• Methods to build, understand, and secure complex software and cyber-physical systems, ensuring correctness and operation under duress.
• Advanced AI and secure tools for cyber capabilities, operating beyond human capacity and speed, to assure user privacy and counter adversary actions.
• Measuring, protecting, and detecting attacks within the information domain, encompassing cognitive, semantic, tracking, and transport levels.

Multiple awards are anticipated. DARPA may award through various instruments including Procurement Contracts, Grants, Cooperative Agreements, and Other Transactions (OT) for Prototype or Research Agreements. Cost sharing may be required for OT agreements.

• Abstract Due Date: Rolling basis until November 1, 2026, 5:00 PM ET.
• Proposal Due Date: Rolling basis until November 30, 2026, 5:00 PM ET.
• Submission Requirement: An abstract must be submitted first, followed by an invitation to submit a full proposal. Proposals submitted without an invitation will not be reviewed.
• Evaluation Criteria: Proposals will be evaluated based on Overall Scientific and Technical Merit, Potential Contribution and Relevance to the DARPA Mission, Plans to Implement Resilient Software, and Cost Realism.

All responsible sources, including U.S. and non-U.S. entities, are encouraged to submit. Historically Black Colleges and Universities, Small Businesses, Small Disadvantaged Businesses, and Minority Institutions are encouraged to participate, but no portion of this announcement is set aside for these groups. UARCs and FFRDCs are highly discouraged from proposing unless by exception and must contact the Agency POC prior to submission.

• The BAA includes several attachments and referenced websites for detailed instructions on abstract templates, submission procedures, model contracts, and general terms and conditions.
• Proposers must indicate whether their research is considered fundamental or non-fundamental.
• Potential for Human Subjects Research (HSR) and/or Animal Use should be addressed.
• The NAICS Code is 541715.