Generative AI for Secure Workflow Automation and Compliance

**New Q&A added:** Q1 clarifies that classified experience at TS/SCI level is acceptable with Department of Homeland Security, not just Department of War. All other Q&As (previously Q1-Q10) renumbered to Q2-Q11 with no content changes.

**Changes to Q&A:** One new question added (Q4) clarifying security clearance distribution: core platform development at Secret level with TS/SCI-cleared SMEs for validation is possible, but expect to operate at Top Secret level for significant portions of work. Previous Q4-Q8 renumbered to Q5-Q9; former Q9 renumbered to Q10.

# Q&A Changes Summary **New Question Added:** Q2 clarifies that government customer letters of support are valuable but NOT required for submission—reducing a potential barrier to entry. **Key Takeaway:** One new Q&A addressing customer/TPOC requirements; all other questions and answers remain substantively unchanged from previous version.

Added Q1 clarifying Direct to Phase II submission (no Phase I access). All other Q&As renumbered accordingly; no substantive changes to previous answers on 12-month PoP, PoR transition, human involvement, datasets, all modules required, fine-tuning requirement, classification levels, and U.S. foundation model provenance.

Added 4 new Q&As: Program of Record transition (no specific PoRs identified), document generation approach (collaborative or autonomous acceptable with human review), Insider Threat Module datasets (flexible analysis of relevant data), and toolkit module scope (all modules required for MVP).

One new Q&A added (Q1) clarifying the period of performance conflict: **12 months applies** to OSW26BZ02-DV003 Direct to Phase II awards, not 18 months. Confirms $2M cost ceiling applies regardless. Previous Q2 and Q3 renumbered to Q2 and Q3 with no content changes.

Status changed from Pre-Release to Open

Added 4 new Q&As clarifying technical requirements: government-provided training data availability, fine-tuning as mandatory requirement, classification levels (up to TS/SCI) with synthetic data encouraged for prototyping, and foundation model provenance requirements (U.S.-based entities only; open-weight and proprietary acceptable).

This Q&A clarifies that Direct to Phase II SBIR proposals must use a 12-month period of performance for pricing and project planning, not the 18-month MVP goal mentioned elsewhere in program documentation.

New opportunity: Generative AI for Secure Workflow Automation and Compliance