RFI sets stage for future HSPD-12 contract

The General Services Administration took an important step toward getting the blanket purchase agreement in place by May 2006 for agencies to buy approved products and services to meet Homeland Security Presidential Directive-12.

In a request for information released earlier this week, GSA wants to know whether vendors can provide one or more core components detailed in Federal Information Processing Standard 201 and National Institute of Standards and Technology Special Publication 800-73. These include:
  • Registration systems and/or services

  • Identity management systems and/or services

  • Card management system and/or services

  • Public-key infrastructure certification authority services and

  • Card printing system and/or services.

While GSA said the RFI guarantees no request for proposals, officials have said the blanket purchase agreement will replace the current Access Certificates for Electronic Services governmentwide acquisition contract, which expires in May 2006.

Some experts have said it will take that long for NIST and GSA to make sure products and services conform to technical and interoperability standards. The other problem is the administration still has yet to decide on the biometric standard. Industry sources have said NIST is supposed to issue the final draft of SP 800-76, which will define the biometric standard as minutiae, as early as today. NIST has not released it at press time.

'It seems like the RFI is premature,' said Dallas Bishoff, a senior vice president for Authsec Inc. of Columbia, Md., an authentication and authorization consulting firm. 'There are a number of vendors that have no idea of what they will do to re-engineer their products because they are waiting for NIST to release the updated FIPS-201. GSA is talking about products that have not been approved yet.'

NIST plans to update FIPS-201 by Feb. 25, 2006.

The RFI also asks vendors to identify their capability to deploy, operate and maintain one or more core compliant systems and have them in place by Aug. 27, 2006'two months before the administration's deadline for PIV II.

Vendors will have to give GSA five-year cost estimates for agencies with 100,000 to more than 1 million cardholders, and comment on the practicality of certain performance metrics, such as notification of suspension or revocation to physical or logical access control systems within 20 minutes and whether registration per applicant can be done in 15 minutes.

'The RFI doesn't represent questions that will help the government reach better-informed positions,' Bishoff said.

Responses are due Jan. 9.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected