REQUEST FOR INFORMATION - 19AQMM19R0031
Department of State, Bureau of Diplomatic Security, C/ST/SSI/NSM/IDM
Identity Management System and Credential Management System (IDMS)
Purpose
This is a Request for Information (RFI) as outlined in FAR 15.201(c)(7). The purpose of this RFI is to accomplish market research pursuant to Federal Acquisition Regulation (FAR) Part 10, and to identify sources capable of performing the services described herein. This notice is issued solely for information and planning purposes and does not constitute a Request for Proposal (RFP) or a commitment on the part of the Government to conduct a solicitation for the below-listed services in the future. Responders are advised that the Government will not pay for information submitted in response to this RFI, nor will it compensate interested parties for any costs incurred in the development/furnishing of a response.
Please note that a decision not to submit a response to this RFI will not preclude a vendor from participating in any future solicitation.
Description of the Requirement
Homeland Security Presidential Directive 12 (Policy for a Common Identification Standard for Federal Employees and Contractors) - or HSPD 12 - was signed on August 27, 2004, in response to the general threat of unauthorized physical access to facilities and logical access to Information Technology (IT) assets. HSPD 12 applies to all federal employees and contractors, including contractor employees. The HSPD 12 program uses Personal Identity Verification (PIV) credentials and services that facilitate trusted physical and logical access to federally controlled facilities and IT networks using smart card technology. The Department calls its implementation of HSPD-12 and its official credential "One Badge."
The Department has implemented One Badge, a hardware appliance-based HSPD-12 compliant Identity Management System and Credential Management System (IDMS) solution, domestically and at selected pilot sites overseas. One Badge provides identity management, card management, and an authentication mechanism for physical access to all of its domestic facilities. It also provides identity management and card management at the overseas pilot locations.
The overall security requirement of the future IDMS requirement would be Top Secret Facility Clearance/Top Secret level of safeguarding.
The DOS DS/C/ST/FSE is seeking information pertaining to models and solutions for providing these supplies and services. Consequently, all sources are invited to submit information, experience, comments, feedback, and recommendations for implementation of HSPD-12 related PIV services as identified below:
4.1. PIV Issuance System: Full-featured system that meets the requirements of FIPS 201-2 and all relevant and supporting Special Publications (SP).
4.2. Security: Compliant with requirements defined in NIST and GSA security policies and procedures for a FIPS-199 security level of HIGH.
4.3. System Interface: Options for supporting multiple interfaces related to data and access consumption and distribution to differing system components throughout the current enterprise; as well as future considerations.
4.4. Card Issuance: Must meet PIV Credentials issued in accordance with FIPS 201-2 and supporting SP.
4.5. Training: Delivery mechanisms and content for training system role holders and individual credential holders, to include certification and refresher trainings.
4.6. Helpdesk Services: Describe past experiences for providing helpdesk services for system users and administrators.
4.7. System Reporting: At a minimum, activity and transaction reports, with robust customization capabilities, including FICAM report capabilities.
4.8. PIV Issuance Architecture: Support for additional credential types, such as temporary badges, PIV interoperable credentials, and tokens. Provide capability to support additional uses and technologies to support derived credentials.
4.9. Transition: Discuss experience and strategies for HSPD-12 system transition with minimal operational impacts.
4.10. Service Level Agreements (SLAs): Provide metrics for the evaluation and management of performance.
4.11. Systems Solutions: Describe system capabilities addressing the convergence of Physical and Logical Access Control Systems across an enterprise.
4.12. Authentication: Illustrate support of multiple authentication modes for controlling access (e.g., PKI, ID factors, etc.).
4.13. Visitor Management: Provide visitor access management capabilities.
4.14. Credential Issuance: Experience issuing and managing PIV-like credentials (PIV-I, Facility and Logical Access Credentials, Facility Access, and non-PIV cards.
4.15. Physical Access Control System (PACS) Integration: Describe capabilities and experience integrating with legacy and distributed PACS infrastructures and strategies to achieve integrated, interconnected and secure access; specifically identify experience with symmetric key based authentication, and Software House C-Cure 9000.
4.16. Path Validation: Perform full path, attribute and access validation of the individual, their credential and access privileges.
4.17. Internal Systems Interoperability: Integrate with existing DOS infrastructure authoritative data sources for provisioning, authentication, authorization, audit, personnel security, and access management (i.e., active directory, HR Services, clearance verification systems, etc.).
4.18. External Systems Interoperability: Describe your experience addressing Federal Agencies and DOD interoperability, to include issuing and managing subordinate and partner agency credentials using various topologies.
4.19. System Administration: Experience supporting, training, and managing system administrators and other individuals whose job function requires multiple credentials.
4.20. Engineering Capabilities: Experience in modifying and customizing non-PIV applets and containers. Additionally, provide description of derived credential production and management capabilities.
4.21. Location Requirement: Experience delivering full-scale solutions including management, maintenance and customization at a government facility without an external physical system.
In support of the above operations, the Department is seeking information on possible sources to provide the above services.
Instructions
The Government is seeking responses from ONLY SMALL BUSINESSES under NAICS 541512, in order to establish an effective acquisition strategy regarding small business set-asides. Responses must be limited to 10 pages or less and be submitted in Microsoft Word or Portable Document format (PDF), using Times New Roman, 12-point font. The Government will not entertain telephone calls or questions for this RFI. The responses should include the following information:
A. Company Profile, to include:
1. All interested companies must have an active registration in the System for Award Management (SAM) and not be on the Excluded Party List.
If applicable, a statement self-certifying the company as small under the NAICS code 541512, Computer Systems Design Services, and identifying the socioeconomic category of the business (e.g., 8(a), Service Disabled Veteran Owned, Women Owned, HUBzone, Small Business, etc.).
2. Information regarding all Government wide acquisition contracts held, i.e., vehicle name, contract number, etc.
3. DUNS Number
4. CAGE Code to include National Industrial Security Program Clearance Information (if applicable).
5. Company Point-of-Contact and contact information, i.e., telephone number and email address.
B. Technical Capability, to include:
1. Summary of company's technical capabilities which would support the services described herein. The Government would like to see information regarding whether or not the required knowledge exists in-house or if the company plans to subcontract.
2. A list of up to three (3) U.S. Government contracts under which the company has previously performed services similar to those described herein with regard to scope, and complexity, specifically demonstrating experience in identity management and credential management services. The list shall include -
a. Agency name,
b. Contract number,
c. Contracting Officer name, email address, and telephone number,
d. Dates of performance; and
e. Brief description of work performed, including security clearance requirements.
Submit your response no later than Friday, March 01, 2019 at 12:00 PM Eastern Time, to Farzad Afrasiabi at AfrasiabiF@state.gov.
