The U.S. Department of Commerce’s Bureau of Industry and Security has issued a request for information to gather industry input to assist NATO in developing a conformance testing tool for cryptographic key management.
Published on Monday, the RFI originates from the NATO Communications and Information Agency and is part of efforts to enhance the NATO Key Management Interoperability Specification, NKMIS for short. NKMIS aims to standardize cryptographic key management interactions among NATO member states.
The notice seeks to guide the design and implementation of a conformance testing tool that will act as the “single reference implementation” for validating compliance with the specification. NATO is looking for approximate cost estimates and feedback on the draft statement of work to refine requirements and plan for future solicitations.
According to the draft SOW, the chosen contractor will deliver an automated tool that validates whether the relevant systems meet the conformance indicators outlined in NKMIS. The tool must pinpoint specific deficiencies when tests fail and should be developed using widely adopted and freely available programming frameworks such as C, Java, or Python.
The tool must also verify the integration of digitally secure communication platforms to ensure proper encryption, authentication and message integrity.
Final deliverables will include the conformance tool, complete documentation, demonstrations, a comprehensive test plan and a well-documented source code. All components must be NATO-owned and should not depend on proprietary technologies. The project may also lead to future follow-on contracts as NKMIS is anticipated to evolve.
According to the special notice, site acceptance testing will occur at NATO facilities in The Hague, Netherlands. Responses to the RFI must be submitted by Aug. 19.