You are here

Air Force Defense and Biometric Network


OUSD (R&E) CRITICAL TECHNOLOGY AREA(S): Trusted AI and Autonomy; Integrated Sensing and Cyber; Integrated Network System-of-Systems


The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws.


OBJECTIVE: The current access control systems utilized by Air Force Installations are becoming outdated, inefficient, and costly to maintain. Considering the SECAF’s Operational Imperative of Achieving Operationally Optimized Advanced Battle Management Systems/Air Force Joint All-Domain Command and Control, there is a critical need to design and build a biometric system for deployment at Access Control Points (ACPs) across Air Force Installations. The objective of this system is to verify the access authorization of individuals entering Air Force installations and facilities by utilizing advanced technologies, including artificial intelligence, machine learning, cloud computing, and advanced sensors, to create a networked system that can provide real-time information to warfighters at all levels of command. This will allow for more effective and efficient operations, enabling decision-making based on up-to-date information in any environment.


DESCRIPTION: As technology advances rapidly, the United States Air Force (USAF) must stay current to remain relevant. Older systems are becoming increasingly difficult and expensive to maintain, and current USAF systems are quickly becoming outdated, slow, bulky, and cost-ineffective. To address this issue, the Air Force Security Forces Center seeks a cloud-based software solution meeting specific criterion. This effort aligns with the Secretary of the Air Force's operational imperative, Achieving Operationally Optimized Advanced Battle Management Systems/Air Force Joint All-Domain Command and Control. This initiative requires the integration of various technologies, including artificial intelligence, machine learning, cloud computing, and advanced sensors, to create a networked system that can provide real-time information to warfighters at all levels of command.  The system must enable decision-making based on the most up-to-date information, allowing for more effective and efficient operations in any environment by meeting the following criteria:  Credential Verification- The system must be capable of verifying credentials through scanning of Common Access Cards (CAC) or other forms of identification such as temporary passes. This must be done at the ACP through a handheld scanner or, in some cases, a stationary scanner.  • Be able to integrate with the Identity Matching Engine for Security and Analysis (IMESA) for access to authoritative data sets (RAPIDS, NCIC, TSDB) • Personal Identification Verification (PIV) compliant  • Provide the capability to vet credentials to authoritative law enforcement databases including but not limited to: National Crime Information Center (NCIC) Person Files (including Wanted Persons, Violent Persons, Immigration Violators, Known or Appropriately Suspected Terrorists, and National Sex Offender Registry), Interstate Identification Index (III), National Law Enforcement Telecommunications System (Nlets), and Commercial criminal background screening. The system must be able to scan a barcode or Quick Response code (QR code) on an authorized credential to compare the information to the individual's biometric data and access authorization. The system should be designed to quickly and accurately scan the credentials, allowing for efficient and streamlined access control.  • Examples include, but not limited to: o State issued ID  o State issued Driver’s License o DoD Common Access Card (CAC) o Federal Employee CAC o Teslin IDs (Military/Civil Service retiree, Military Dependent, etc.) o Personal Identity Verification (PIV) credentials o Personal Identity Verification-Interoperable (PIV-I) credentials o Passport o Locally produced credentials containing a barcode/QR Code • Provide the service while adhering to the following: o Web based system accessible from GOV NIPR network o No major infrastructure requirements  o Discrete handheld screens  o Flexible credential scanning options (barcode, contact, contactless) o Flexible vetting options • Provide equipment that meets following criteria: o Mobile Handheld devices for scanning credentials o Docking/charging station o Spare batteries  o Local servers to store local cache o Wireless router   o Web based Registration software  o Public access to Registration site for Non-DoD personnel requesting access o Ability to upload documents and pictures     Proper training and protocols should be established to ensure that personnel are properly trained to use the credential scanning feature and that any issues with scanning or verification are addressed promptly.  The integration of credential scanning capabilities into the biometric system will enhance the overall security of Air Force installations and facilities by ensuring that only authorized personnel are granted access.   Cloud-Based- A cloud-based system offers several advantages over traditional on-premises systems. First, a cloud-based system provides flexibility, scalability, and easy access to data from anywhere, anytime. This is essential for Air Force installations with multiple ACPs spread across large geographic areas.  Additionally, a cloud-based system can be easily integrated with other systems, such as security cameras and sensors, to provide a comprehensive security solution. Cloud-based systems also offer high levels of security and reliability, as data is stored in secure data centers with multiple levels of redundancy and backups.  Finally, a cloud-based system is typically more cost effective than traditional on-premises systems, eliminating the need for expensive hardware, software, and maintenance costs.  Overall, a cloud-based system is a logical choice for the Air Force as it offers several advantages over traditional on-premises systems.  Web-Based Dashboard- A web-based dashboard must be included in the design and build of the system. It must provide real-time visibility into system performance and can quickly alert operators to any issues or anomalies. The dashboard must display key performance indicators (KPIs) such as the number of access requests, success rates, and average processing times. These metrics will help operators identify areas for improvement and optimize system performance.  In addition, the web-based dashboard should provide a user-friendly interface for operators to interact with the system. It must allow them to quickly and easily view and manage access requests, monitor system performance, and generate reports. This must help operators to make informed decisions and take timely action to address any issues.  Moreover, a web-based dashboard must enable authorized and verified personnel to remotely access the system from any location with a verified internet connection. This is particularly important for Air Force installations with multiple ACPs across large geographic areas. With a web-based dashboard, operators can manage the system from a central location, increasing operational efficiency and reducing costs.   Virtual Visitors Center capability: A virtual visitors center capability must be added to the system. This will allow visitors to remotely submit their access requests and provide the necessary information, such as identification and purpose of visit. The virtual visitors center can also provide information on installation procedures, security policies, and directions to various locations on the installation. The virtual visitor center must generate an electronic pass for the visitor to use at the ACP.   The virtual visitors center capability will reduce the burden on ACP operators by allowing them to focus on security and access control tasks. It will also increase convenience for visitors by reducing wait times and allowing them to submit their requests before arrival at the installation. The virtual visitors center should have a user-friendly interface that guides visitors through the process and provides clear instructions and feedback.   Moreover, the virtual visitors center should be integrated with the cloud-based system and web-based dashboard to provide real-time access requests and visitor information updates. This will enable ACP operators to process requests and identify potential security threats quickly.   Integration: The system must be integrated with various law enforcement and administrative networks, such as Defense Manpower Data Center (DMDC), Identity Matching Engine for Security Analysis (IMESA), Real-Time Automated Personnel Identification System (RAPIDS) and NCIC (National Crime Information Center). This will enable ACP operators to quickly verify the identity and access authorization of individuals entering the installation by accessing relevant databases and information.   Integration with DMDC will allow for real-time verification of personnel information, such as rank, status, and clearances.  I In contrast, integration with NCIC will provide access to criminal history and warrant information.   Other law enforcement networks, such as state and local databases, can also be integrated to provide additional security and background checks.  The integration with these law enforcement networks should be designed to ensure secure and timely data transmission, with appropriate access controls and encryption methods in place. The system should also have built-in protocols to ensure compliance with relevant regulations and policies, such as the Privacy Act and the Electronic Communications Privacy Act, as well as many other Air Force and DOD operating instructions specifically Air Force Instruction 31-101 v3.


PHASE I: As this is a Direct-to-Phase-II (D2P2) topic, no Phase I awards will be made as a result of this topic. To qualify for this D2P2 topic, the Government expects the Offeror to demonstrate feasibility by means of a prior “Phase I-type” effort that does not constitute work undertaken as part of a prior SBIR/STTR funding agreement.   Offerors are expected to demonstrate feasibility by submitting a white paper that details: A detailed description of the system requirements, including the types of biometric identification to be used, the number of ACPs to be equipped with the system, the system's capacity to handle peak-hour traffic, and the level of security required to protect sensitive data. A detailed description of the system architecture, including hardware components (such as cameras, scanners, and servers), software that will process and store biometric data, and the network infrastructure that will connect the system to the ACPs and other relevant Air Force facilities. A discussion of the development and testing process for the system, including creating software that performs biometric identification, integrating hardware components, and testing the system in various scenarios to ensure reliability and accuracy.


PHASE II: System Development, Testing, Deployment The system must apply for and receive an Authority to Operate (ATO) to ensure compliance with security regulations and standards. Once the ATO is received, the system can be deployed at the designated ACPs. • Develop and Test the System: Develop software that performs biometric identification, integrates hardware components, and test the system in various scenarios to ensure reliability and accuracy. Ongoing testing and evaluation should ensure the system meets the operational requirements of Achieving Operationally Optimized Advanced Battle Management Systems/Air Force Joint All-Domain Command and Control. • Deploy the System: Deploy the system at the designated ACPs, including site preparation, installation of hardware and software, and integration with existing ACP systems. Personnel should be trained to operate the system and respond to potential issues. • Maintain the System: Ongoing maintenance requirements should be carried out, including software updates, hardware maintenance, and security updates. Ongoing testing and evaluation should ensure the system meets the operational requirements of Achieving Operationally Optimized Advanced Battle Management Systems/Air Force Joint All-Domain Command and Control. • Monitor the System: Monitor the system's performance and security to identify and address potential issues promptly.


PHASE III DUAL USE APPLICATIONS: Phase III dual-use applications involve transitioning the biometric system from military to commercial or civilian applications. This may involve modifications to the system to meet the unique requirements of non-military applications and obtaining necessary certifications and approvals for commercial use. Potential civilian applications could include access control for government buildings, airports, and other secure facilities and authentication for financial transactions or other sensitive operations. The development of dual-use applications can provide additional revenue streams for the system and broaden its impact beyond military use.



  1. Protection of Sensitive Compartmented Information and Controlled Access Programs," February 2012;
  2. Joint Publication 1-02: "Department of Defense Dictionary of Military and Associated Terms," December 2010;
  3. Department of Defense Biometrics Enterprise Strategy, January 2013;
  4. Department of Defense Biometrics Task Force, "Biometrics in Support of Military Operations: Lessons from Afghanistan," September 2011;
  5. Defense Advanced Research Projects Agency (DARPA) Information Innovation Office (I2O), https Air Force Instruction 31-501, Personnel Security;
  6. Air Force Instruction 31-113, Installation Security;
  7. Air Force Instruction 10-701, Information Assurance Management;
  8. Air Force Instruction 10-2501, Air Force Emergency Management Program Planning and Operations;
  9. Air Force Instruction 31-101, Integrated Defense;
  10. Air Force Instruction 31-204, Air Force Physical Security Program;
  11. Air Force Manual 31-222, Physical Security;
  12. Air Force Manual 31-201, Security Forces Management Operations Air Force Manual 31-113, Installation Security;
  13. Air Force Manual 31-201, Security Forces Management Operations;
  14. Air Force Handbook 31-214, Security Forces Investigations and Reports;


KEYWORDS: Biometric; Access Control Points; Air Force Installations; Cloud-based system; Joint All-Domain Command and Control (JADC2); Advanced Battle Management Systems (ABMS);Artificial intelligence; Machine learning; Network infrastructure; Scalability; Reliability; Security; Testing and evaluation; Virtual visitors center; DMDC; NCIC; Law enforcement networks; Authority to operate; Dual-use applications; System architecture

US Flag An Official Website of the United States Government