Accessibility Information

Users of assistive technologies such as screen readers should use the following link to activate Accessibility Mode before continuing: Learn more and Activate accessibility mode.

Identity and Access Management (IdAM) Development and Sustainment Support

Solicitation Number: E200247
Agency: Defense Information Systems Agency
Office: Procurement Directorate
Location: DITCO-Scott
  • Print
Sources Sought
Added: Jun 15, 2009 10:44 am

Request for Information (RFI) for
Defense Information Systems Agency (DISA)
Identity and Access Management (IdAM) Development and Sustainment Support

Contracting Office Address:
Defense Information Systems Agency, DITCO-Scott PL8313, P.O. 2300 East Drive, Bldg 3600, Scott AFB, IL, 62225-5406

PURPOSE: The Defense Information Systems Agency (DISA), Program Executive Office - Information Assurance/NetOps (PEO-IAN), is conducting this Request for Information (RFI) as market research to determine sources with CORE competencies and demonstrated experience in conducting experiments, pilots, and participating in exercises to demonstrate Identity and Access Management (IdAM) technical capabilities and product performance with regards to management of user authorizations, e.g. Privilege Management. Areas of focus will include development of a Privilege Management strategy for the DoD and evaluation and integration of implementation techniques such as Role Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Risk Adaptive Access Control (RAdAC). The DoD's net-centric information sharing environment, and evolution towards increased interoperability with other federal agencies and coalition partners, requires applications and systems to evolve their current authentication, authorization, and access control paradigms to support both anticipated and unanticipated users.


This RFI is issued solely for information and planning purposes and does not constitute a solicitation. All information received in response to this RFI marked Proprietary will be handled accordingly. Responses to the RFI will not be returned. Whatever information is provided in response to this RFI will be used to assess tradeoffs and alternatives available for determining how to proceed in the acquisition process for IdAM contracts. In accordance with FAR 15.201(e), responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract.

This RFI is a request for interested parties to describe their technical capabilities and demonstrated experience with Privilege Management system development and accreditation, policy development and approval, product evaluations, and technical support of deployed systems. All interested contractors are requested to provide written response to the questions below. A response to this RFI is necessary in order to assist DISA in determining the potential levels of interest, adequate competition, and technical capability within the Small Business Community to provide the required services. In addition, this information will also be used to assist DISA in establishing a basis for developing any subsequent potential subcontract/small business participation plan and/or small business goal percentages.

TARGET AUDIENCE: In particular, only small businesses are requested to respond to this RFI to assist the DISA in formulating an acquisition strategy that fairly considers small business ability to participate in the acquisition, either as prime contractors or as subcontractors.

Sources Sought:
This Sources Sought Synopsis is requesting responses to the following criteria ONLY from small businesses that can provide the required services under the North American Industry Classification System (NAICS) Code 541712. In addition to Small Businesses, this Synopsis is encouraging responses from qualified and capable Service Disabled-Veteran Owned Small Businesses, Veteran-Owned Small Businesses, Women-owned Small Businesses, HUBZone Small Businesses, Small Disadvantaged Small Businesses, Historically Black Colleges and Universities/Minority Institutions, Small Business Joint Ventures, Consortiums and Teaming Partners. This Sources Sought Synopsis is issued to assist the agency in performing market research to determine whether or not there are qualified and capable Small Businesses to provide the aforementioned service.

Small businesses must submit responses that demonstrate their qualifications to make a determination for a small business set-aside. Please note that personnel with current DoD Secret clearances (minimum) and specified personnel with current DoD Top Secret clearance will be required at contract award. Responses must demonstrate the company's ability to perform in accordance with the Limitations on Subcontracting clause (FAR 52.219-14). Interested small businesses meeting the small business standard of NAICS code 541712 are requested to submit a response to the Contracting Officer within 7 calendar days of issuance of this RFI. Late responses will not be considered. Responses should provide the business's DUNS number and CAGE code and include a statement of self certification under the NAICS code. Additionally, responses should include recent (within the past three years or work that is on-going) and relevant experience (work similar in type, scope, and complexity) to include contract numbers, project titles, dollar amounts, and points of contact with telephone numbers where the responder performed the relevant work. Provide a list of the current contract vehicles your services may be procured from, to include the General Service Administration (GSA), Federal Supply Schedule (FSS) and any other government contract vehicle. Marketing brochures and/or generic company literature will not be considered. Not addressing all the requested information may result in the Government determining the responder is not capable of performing the scope of work required.

Requested Information:
Interested vendors are requested to submit a maximum 15 page statement of their knowledge and capabilities to perform the following:

a) Describe your experience managing the technical and functional activities associated with complex access management system development and deployment. The experience should include, but not be limited to: staffing which posses, at a minimum, a current DoD Secret clearance and specified personnel with current DoD Top Secret clearance; and maintaining a contract workforce of at least 15 FTEs.

b) Describe your experience in providing the Government with management and technical support for research and analysis of current and emerging design concepts and technologies in Identity and Access Management used to generate an engineering blueprint for integrating Privilege Mangement standards-based solutions into existing DoD systems, develop and test prototypes, utilize existing DoD enterprise services such as DoD Public Key Infrastructure (PKI) and Joint Enterprise Directory Service (JEDS), and develop reference implementation guides. This should include experience in analyzing commercial products, market trends, testing global information sharing capabilities for use within the DoD. The resulting blueprint will be the IdAM framework for the entire DoD community.

c) Describe your experience with implementing systems incorporating Role Based Access Control (RBAC), Attribute-Based Access Control (ABAC), Policy Based Access Control (PBAC), or Risk Adaptive Access Control (RAdAC).

d) Describe your experience with the DISA Certification and Accreditation (C&A) to include an ability to successfully execute the DoD Information Assurance Certification and Accreditation Process (DIACAP) by providing examples of successfully fielded system deployments.

e) Describe your experience and ability to provide Operations and Maintenance Engineering Support to deployed IdAM or IdAM like systems. Support shall include testing, implementing, and assessing impacts of software/hardware patches and upgrades (Information Assurance Vulnerability Assessment (IAVA) releases, preparing Engineering Change Proposals (ECP), Software Change Proposals (SCP), analyzing Software Trouble Reports (STR)), performing backup and recovery of any replicated lab solutions, and executing Configuration Management processes. Contractor should demonstrate at least Tier 2 technical and engineering support for operational issues.

f) Describe your experience establishing and maintaining enterprise deployments of Microsoft SharePoint Servers and Cisco Securant COTS products.

g) Describe your experience in establishing repeatable processes and providing online resources to support DoD application owners with the standards, technologies, and guides for implementing local IdAM solutions and the integration of local solutions with enterprise capabilities.

Responses to this RFI are to be submitted by e-mail to and RECEIVED by COB 22 June 2009. Responses must be single-spaced, Times New Roman, 12 point font, with one inch margins, and compatible with MS Office Word 2003.

Proprietary information and trade secrets, if any, must be clearly marked on all materials. All information received that is marked Proprietary will be handled accordingly. Please be advised that all submissions become Government property and will not be returned. All government and contractor personal reviewing RFI responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized disclosure of proprietary information as described 41 USC 423. The Government shall not be held liable for any damages incurred if proprietary information is not properly identified.

Points of Contact:
Contracting Officer: Katie Tarry
Phone: 618-229-9326

Program Manager: Jackie Huff
Phone: 703-882-1127

2300 East Dr.
Building 3600
Scott AFB, Illinois 62225-5406
United States
Jackie Huff,
Program Manager
Phone: 703-882-1127
Katie M Tarry,
Contracting Officer
Phone: 618-229-9326
Fax: 618-229-9174