Public Key Infrastructure Key Migration
Page 1 of 2
Request for Information for
United States (U.S.) Department of Veterans Affairs (VA)
Office of Information and Technology (OI&T)
Service Delivery and Engineering (SDE)
Enterprise Systems Engineering (ESE)
Enterprise Messaging and Collaboration Service (EMCS)
Public Key Infrastructure Key Migration
December 5, 2016
VA118-17-N-1808
THIS IS NOT A SOLICITATION. This is a Request for Information (RFI)/Sources Sought notice issued in accordance with Federal Acquisition Regulation 15.201(e) to conduct market research. This RFI is issued solely for information and planning purposes it does not constitute a Request for Quote (RFQ) - or a promise to issue a RFQ in the future. This request for information does not commit the Government to contract for any supply or services whatsoever. The Department of Veterans Affairs (VA) is not, at this time, seeking proposals and will not accept unsolicited costs incurred in response to this RFI; all costs associated with responding to this RFI will be solely at the interested vendor s expense. Not responding to this RFI does not preclude participation in any future RFQ, if any is issued. Any information submitted by respondents to this RFI is strictly voluntary. All submissions become Government property and will NOT be returned. This announcement is based upon the best information available and is subject to future modification.
Overview: VA uses ActivIdentity (AI, now HID Global) Card Management System (CMS) to issue personal identity verification cards to VA users. The CMS generates keys on user smartcards, and transfers the key for escrow (backup) with the Certificate Authority (CA) hosted and operated by Verizon Business on VA s behalf. The CMS leverages the UniCert programming interface to request and manage keys during card issuance; this is a network-based communication set of programming interfaces offered by Verizon for VA to use over the hypertext transfer protocol secure protocol.
This purpose of this requirement is for the Contractor to perform a public key infrastructure (PKI) key migration of all escrowed encryptions keys from a Verizon UniCert 5.2.2 infrastructure to Entrust Security Manager 8. The migration shall be performed in a manner consistent with Federal Common Policy security requirements, which means that all keys will be protected by Federal Information Policy Standard Publication 140-2 security at all times during the process. The vendor will deliver to VA the aforementioned outcome of encrypted keys along with the solution used to perform the migration. The overall purpose of this procurement is to extract keys from VA s existing CA, store the cryptographic material securely, convert the keys to a format that will be consumable by a target Entrust CA, and facilitate the export of the keys to a target Entrust CA hosted by Treasury.
Information Requested:
Company Information/Socio-Economic Status:
Provide your company size and point of contact information;
Provide supply schedule contract number, if applicable, or state if open market;
VA has identified the appropriate North American Industry Classification System (NAICS) Code 541512, which has a size standard of $27.5 Million for this RFI. Please identify and explain any other NAICS codes your company believes would better represent the predominated work included in the attached Performance Work Statement (PWS);
Indicate whether your company, subcontractors, teaming partners, joint ventures have a Federal Socio-Economic Status, e.g., Small Business, Service-Disabled Veteran Owned Small Business, Veteran Owned Small business, Women-Owned Small Business, Disadvantaged Small business, and Hub Zone. If Service Disabled or Veteran Owned Small business, is your company and/or partners registered in VA s VetBiz repository?
Capabilities/Qualifications:
Provide overview of proposed approach including a description of the capabilities/qualification/skills your company possesses in order to complete the requirements of the attached PWS as well as a draft schedule to complete the work. If you are a small business and encourage VA to consider a small business set-aside, your response shall demonstrate the ability to perform more than 50% of the work required by this effort.
Additional Questions:
What else would you need to know in order to propose? Are there any aspects of our requirement that are unclear or appear to be missing? Please provide any feedback on the draft PWS.
The Government has reason to believe that the migration will require keys to be converted into a format that the Entrust CA can use and that the only way to do this is with licensing rights to Entrust source code, Entrust key formats, and the structure of the Entrust database.B Does industry agree? Please explain why or why not.
Specific Response Instructions: Please limit your response to no more than 15 pages (excluding transmittal page) and ensure that any business sensitive material is clearly marked as Proprietary Information. The Government does not seek nor will it review any marketing material not related to the requirements discussed herein.
Responses are requested no later than 12:00 PM EST, December 12, 2016 via email to Keiahna Brewer, Contract Specialist at Keiahna.Brewer@va.gov. Please note VA118-17-N-1808 PKI Key Migration in the subject line of your response.
***See attached document: P02 - PWS for RFI.
Keiahna Brewer
Keiahna.Brewer@va.gov
keiahna.brewer@va.gov
