MODIFICATION
D -- Identity Credential Services to Support the E-Authentication Initiative
- Notice Date
- 9/20/2006
- Notice Type
- Modification
- NAICS
- 522390
— Other Activities Related to Credit Intermediation
- Contracting Office
- General Services Administration, Federal Technology Service (FTS), Office of Acquisition (TQ), 10300 Eaton Place, 5th Floor, Fairfax, VA, 22030
- ZIP Code
- 22030
- Solicitation Number
- TQ-PLB-07-0001(5223)
- Response Due
- 10/6/2006
- Archive Date
- 10/21/2006
- Point of Contact
- Phillip Barber, Contracting Officer, Phone 703-306-6441, Fax 703-306-6805,
- E-Mail Address
-
phil.barber@gsa.gov
- Description
- 1.0 Contracting Office Address General Services Administration, Federal Technology Service GSA/FTS/TQ ATTN: Phillip L. Barber Contracting Officer 10300 Eaton Place, Suite 572 Fairfax, VA 22030 703-306-6441 2.0 Description The objective of this Request for Information (RFI) announcement is to obtain information on capabilities currently available in the marketplace, based on the requirements outlined, from all interested parties. Responses to this RFI will assist the Government in determining acquisition strategies. 2.1 Purpose The General Services Administration (GSA) is requesting information on the capability of commercial and other entities to provide identity credential services to support public access to Internet-based online government services. The identity credentials will meet the requirements of the Federal Government?s Assurance Level 1 and Level 2 standards, as defined in Office of Management Budget (OMB) M-04-04 ?E-Authentication Guidance for Federal Agencies,? and as measured in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63 ?Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology,? and the E-Authentication Credential Assessment Framework.? (See http://www.cio.gov/eauthentication) GSA is seeking information from multiple categories of identity credential services: ? Commercial entities for which issuance of identity credentials is currently a supporting activity to enable their customers to gain access and to conduct business with them online. Information is sought about their capabilities and desire to extend the use of those credentials to access Federal Government online services as a value-added capability to their customers. Examples of this category include, but are not limited to banking and financial services, health care services, or insurance services. ? Government and non-government entities that currently issue identity credentials as a supporting activity to enable the public to gain access and to conduct business online. Information is sought about their capabilities to extend the use of those credentials for access to Government online services as a value-added capability to their existing customers. Examples of this category include, but are not limited to Federal, State and local governments, educational institutions, associations, and other federations and partnerships. ? Commercial entities for whom issuance and maintenance of identity credentials is currently a line of business. Information is sought on their capability to provide vendor-owned and managed services to issue compliant identity credentials to the public, manage the credentials throughout the entire lifecycle (i.e., issuance, validation, revocation, renewal), and provide status and other information about the credential when requested by the Federal Government online services. 2.2 E-Authentication Federation In 2002, the Office of Management and Budget (OMB) designated GSA as the lead agency for the E-Authentication Initiative, a cross-cutting initiative of the E-Government component of the President?s Management Agenda. The E-Authentication Initiative was charged with developing a means of defining the levels of risk associated with online transactions performed between the public and government or between government entities, and to make available a set of common solutions to mitigate that risk. With the approval of its Executive Steering Committee, a governance body comprised of representatives of the 24 CIO Council agencies, the E-Authentication Initiative elected to pursue a federated approach to identity management to provide a standardized, government-wide means of authenticating users of online government services, thereby reducing the risk of E-Government. The result was the creation of the E-Authentication Federation, a public-private partnership that enables citizens, businesses and government employees to securely access online government services using log-in IDs issued by trusted third-parties, both within and outside the government. Government agencies may E-Authentication-enable any Internet-based system that has end users outside the agency?s firewall and requires identity verification of those users. Once an agency?s system has been E-Authentication-enabled, it becomes a ?relying party,? able to grant access to end users who have an identity credential from one or more of the E-Authentication Federation credential service providers (CSPs). If end users do not already have a credential from an approved CSP, they may obtain at no cost an approved credential that will be usable to gain access to multiple Federation-member services. The E-Authentication technical architecture provides the operational infrastructure of the E-Authentication Federation. The E-Authentication technical architecture is the approved authentication service component of the Federal Enterprise Architecture (FEA) and, as such, is the recommended technical approach for online user authentication for Federal agencies. As of August 2006, the E-Authentication Federation consists of 13 unique relying parties representing various Federal agencies, and 5 approved credential service providers, which issue and validate the identity credentials that constituents may use to gain access to those services. The E-Authentication program expects the Federation to expand to an estimated 450+ on-line services by the end of FY11. 2.3 Credential Service Provider Membership Membership as an E-Authentication Federation Credential Service Provider (CSP) is dependent upon meeting the following requirements: ? Completion of an Application for assessment ? Provision of an assessment package to the E-Authentication Program Management Office (PMO) ? Undergo credential assessment by E-Authentication PMO ? Submission of attestation documentation ? Undergo acceptance testing with the E-Authentication Interoperability Laboratory ? Demonstrate operational readiness, including implementation of E-Governance PKI Certificate and exchange of metadata within the Federation ? Execution of a Credential Service Provider Agreement The specific detailed requirements can be found at http://www.gio.gov/eauthentication. 3.0 Functional Requirements Respondents are requested to provide information in response to the following functional requirements: ? Capability to issue credentials to the public in a manner compliant with requirements specified in NIST SP 800-63 for assurance levels 1 and 2 (i.e., USERID/PIN and/or USERID/Password). ? Compliance with the requirements specified in the ?Password Credential Assessment Profile v2.0.? ? Capability to provide online registration and credential maintenance (i.e., information updates, resets, termination) in a manner compliant with NIST SP 800-63. ? Capability to provide customer support services, including 24x7 help desk services. ? Capability to complete registration and issuance of the identity credentials in a single online session. ? Capability to provide a scalable architecture to support the interface to additional online services as they join the Federation. ? Capability to provide technical interface with the E-Authentication technical architecture in adopted standard(s), using approved technology products(s). ? Capability to meet the requirements to become a participating member of the E-Authentication Federation. ? Capability to provide physical and logical security for the services provided and for protection of personal and private information related to the public as required by law. 4.0 Architectural Descriptions Respondents are requested to provide brief architectural descriptions of the identity credential service they provide, including reliability, availability, and scalability characteristics to meet the functional requirements specified in Section 3.0. If the vendor provides more than one architectural option, then brief descriptions per architecture may be provided. Descriptions should be no more than five (5) pages per architecture. Respondents are requested to identify and provide information related to the feasibility and design tradeoffs/implications, if any, in order to meet the functional requirements listed in section 3.0. This information should be no more than two (2) pages per architecture. Respondents are requested to identify and provide information related to implementation schedule considerations for each architecture. This information should be no more than two (2) pages per architecture. 5.0 Cost Information It is particularly important for the government to be able to understand the cost model for an entity to provide identity management services as described in this RFI. Respondents are requested to provide cost estimate information for each architecture described in section 4.0 as follows: ? Non-recurring costs, such as initial service costs. ? Annual recurring costs ? Cost drivers ? specific factors that make up the elements of a decision to either offer a service or deploy it for Respondent?s customer base. Include models and algorithms ? Cost trade-offs ? Respondents should also identify any current GSA Schedules or contracts that would be available for the government to use in obtaining services Cost information should be provided in no more than three (3) pages per architecture. 6.0 Organizational Expertise Respondents are requested to provide brief descriptions of the organization?s, products and/or services being provided that specifically relate to this RFI. Respondents should identify their interest as a Prime Contractor, Subcontractor, or other entity. This information should not be more than five (5) pages. Respondents are requested to provide brief descriptions on government and/or non-government projects of similar size, scope, and complexity, including technical architecture, implementation challenges, and any relevant lessons learned. Respondents should identify their project support as a Prime Contractor, Subcontractor, or other entity. Respondents are requested to include information on organization experience, as well as key staff experience. The response should include (1) Project Name; (2) Point of Contact (POC); (3) Phone Number; (4) email address; and, (5) Description of Services Provided, including how many existing, active (within one year) and maximum potential number of credential holders. This information should not be more than two (2) pages per project. 7.0 Additional Information This RFI seeks information about a fully integrated service that could meet the functional capabilities, including utilizing equipment, components, and/or services provided from multiple vendors working in partnership. The Government is seeking information related to tradeoffs among risks, costs (initial and ongoing), and alternative business models and/or technical architectures. Respondents are requested to provide additional relevant information and materials, including pricing and pricing structures, suggestions, and discussion points deemed relevant. (This information should not be more than five (5) pages). 8.0 Assumptions and Constraints To the extent simplifying assumptions and constraints are needed, Respondents are requested to fully document all such assumptions and constraints in their responses. 9.0 Instructions for Responding The response should be tailored to this request and specifically address capabilities to provide the services outlined above. Respondents are specifically requested to comply with the page limits incorporated throughout this RFI. The cover letter submitted in response to this request should include the following information: a) Company Name b) Primary Point of Contact c) Address d) Telephone Number e) Fax Number f) E-mail address for POC g) Interest as Prime Contractor Subcontractor, or other. The cover letter should also indicate the Socioeconomic status of the Respondent organization as one or more of the following: (1) small business; (2) 8(a) business; (3) HUBZone small business; (4) small disadvantaged business; (5) woman-owned small business; (6) veteran-owned small business; (7) other organization. Email responses shall be submitted to: Phillip L. Barber (CPCM) Contracting Officer GSA/FTS/TQ 10300 Eaton Place, Suite 572 Fairfax, VA 22030 703-306-6441 (O) Phil.barber@gsa.gov Please submit responses via e-mail in Microsoft Office format no later than 4:00 P.M. Eastern Time on October 6, 2006. You may also submit supplemental hardcopy materials such as brochures, etc., (three (3) copies each) to the Contracting Officer. All questions shall be submitted via email to Phillip Barber, at phil.barber@gsa.gov no later than September 12, 2006, Eastern Time, 1:00 P.M. No questions will be accepted by telephone. The Government reserves the right to edit any questions as needed to protect the identity of the source, but absent this consideration, the Government intends to quote each submitted question verbatim in its response. The Government has targeted, but cannot guarantee a consolidated response to all vendors on or about September 15, 2006. The Government may request a meeting and/or operational capability demonstration from Respondents. 10.0 Disclaimer This is an RFI issued solely for information and planning purposes and does not constitute a solicitation. All information received in response to this RFI that is marked Proprietary will be handled accordingly. Responses to the RFI will not be returned. In accordance with FAR 15.201(e), responses to this notice are not offers and cannot be accepted by the Government to form a binding contract. Responders are solely responsible for all expenses associated with responding to this RFI. Individuals who would prefer a Word version of this document may contact the Contracting Officer via email. The Word document will be made available back through the email linkages. End of Description
- Place of Performance
- Address: GSA/FAS, Arlington, VA
- Zip Code: 22202
- Country: UNITED STATES
- Zip Code: 22202
- Record
- SN01149904-W 20060922/060920221614 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |