RFI for Third Party Testing
1. BACKGROUND
TSA protects the nation's transportation systems to ensure freedom of movement for people and commerce by providing the most effective transportation security in the most efficient way as a high performing counterterrorism organization. Critical to this mission is the ability to conduct Test and Evaluation (T&E) and qualify and procure Transportation Security Equipment (TSE) in an expedient manner.
TSA acknowledges that the timeline for the acquisition qualification process can be lengthy and as a result, impacts the ability for new entrants into TSA's qualified vendor community because of the investment necessary to follow the process through to award. One of the primary contributing factors for lengthy duration of qualification processes is the iterative cycle of test-fix-retest. This iterative cycle extends timelines and drives up acquisition costs.
TSA initiated the third party testing initiative in July 2014 with an announcement on the Federal Business Operations (FBO) website, which established the initial TSA third party testing policy. To support the implementation of third party testing, TSA approved the Third Party Testing Strategy on April 21, 2015. The strategy provides a high-level overview of the third party testing program and the associated roles and responsibilities for TSA stakeholders.
In January 2018, APM finalized a process that allows TSA to review external data for use in a TSA system evaluation. Traditionally, TSA acquisition decisions has been primarily based on effectiveness, suitability, and cyber resilience test data collected by DHS Science and Technology (S&T) and TSA test teams. The process allows TSA to review and possibly accept data from a variety of external data sources (to include data from third party testing organizations) for use in a system evaluation. The use of data sources external to TSA during review and acceptance of systems helps to expedite T&E timelines, improve the maturity of vendor submitted systems, and/or provide additional test data for demonstrating system performance.
2. OBJECTIVE
TSA is requesting information from industry on potential industry providers' (e.g., organizations, consortiums) innovative approaches, solutions, and mechanisms that will enable effective and efficient third party testing operations.
The following provides a definition of the key entities referenced in this RFI.
• Original Equipment Manufacturer (OEM): TSE manufacturer/developer submitting their system to TSA for qualification.
• Third Party Testing Organization: Testing entity, specializing in one or more subject matter areas, that verifies designated requirements in support of the OEM qualification.
• Industry Provider: Organization responsible for locating, vetting, and providing qualified third party testing organizations to OEMs. Industry providers support OEMs with locating and leveraging appropriate third party testing organizations on an as needed basis.
The high-level concept of operations TSA envisions will proceed as follows:
1) TSA releases functional requirements the TSE must meet as an appendix to the Qualification Management Plan (QMP). TSA will state those requirements that can accept third party testing data.
2) OEM works with an industry provider to locate third party testing organizations that can perform the verification.
3) If OEM utilizes third party testing organizations, the third party test plan shall be included for TSA approval in the Qualification Verification Package (QVP).
4) Third party testing organization performs test and evaluation (subject to Government observation) against the TSA designated functional requirements.
5) Third party testing results are provided within the Qualification Data Package (QDP) by the OEM.
The following provides additional details of TSA objectives:
• Funding arrangements in support of the above concept of operations are handled between the OEM, industry provider, and third party testing organization with minimal or no TSA involvement.
• TSA is considering all potential industry providers, and approaches, for fulfilling the desired support, to include small business industry providers, a consortium of multiple complementing firms, and consortiums of potential third party testing organizations.
• TSA anticipates the industry provider(s) to have the capability of identifying qualified third party testing organizations in any of the following specific area(s) relevant to the evaluation of TSE. These areas can include but are not limited to:
o Cybersecurity
o Human Systems Integration
o Safety
o Reliability
o Maintainability
o Availability
o Threat detection
o System throughput
• TSA anticipates the industry provider(s) to have pre-vetted/qualified third party testing organizations in the areas mentioned in the prior bullet in order to provide OEMs with an appropriate list of organizations in a manner that will not cause unnecessary delays to the OEMs' QDP submission to TSA. It would be the industry provider(s) responsibility to develop the criteria needed to perform the pre-vetting/qualification of third party testing organizations.
• The industry provider(s) may further support TSA in providing collaborative research and development and piloting capabilities germane to the transportation security domain.
Please see attached RFI for details on responses.
Sam Heim, Contracting Officer, Email sam.heim1@tsa.dhs.gov - Siobhan J Lawson, Contract Specialist, Email siobhan.lawson@tsa.dhs.gov
