DA10--Fast IDentity Online 2 (FIDO2) - VA-26-00064800

SOL #: 36C10B26Q0466Sources Sought

Overview

Buyer

Veterans Affairs
Veterans Affairs, Department Of
TECHNOLOGY ACQUISITION CENTER NJ (36C10B)
EATONTOWN, NJ, 07724, United States

Place of Performance

Place of performance not available

NAICS

Other Computer Related Services (541519)

PSC

Support Services, Delivered As A Service Contract (Saa S Or Subscription) Involved With The Analysis, Design, Development, Code, Test And Release Packaging Services Associated With Application Development Projects, As Well As Off The Shelf Business Software. (DA10)

Set Aside

No set aside specified

Timeline

1
Posted
May 26, 2026
2
Response Deadline
Jun 2, 2026, 5:00 PM

Qualification Details

Fit reasons
  • NAICS alignment with historical contract wins in similar service areas.
  • Scope strongly matches core technical capabilities and delivery model.
Risks
  • Past performance thresholds may require one additional teaming partner.
  • Potential clarification needed on staffing minimums before bid/no-bid.
Next steps

Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.

Quick Summary

The Department of Veterans Affairs (VA) is conducting market research through a Request for Information (RFI) for a Fast IDentity Online 2 (FIDO2) Solution. This RFI seeks brand-name or equivalent hardware and software for token-based multi-factor authentication (MFA) and certificate management, integrating with the VA's CyberArk platform across 180 locations. Vendors must also demonstrate capability for an outsourced logistics solution for token management. Responses are due by June 2, 2026, at 1:00 PM EST. This RFI is for planning purposes only and requires vendors to address their ability to meet a potential Service-Disabled Veteran-Owned Small Business (SDVOSB) set-aside.

Purpose & Scope

This RFI is for planning purposes only and does not constitute a solicitation. The VA Office of Information & Technology (OIT) is seeking information on FIDO2 solutions to support privileged credential usage. The solution should provide token-based MFA and certificate management, integrating with the VA's existing CyberArk platform. A key component is an outsourced logistics solution for storing, managing, and issuing physical tokens.

Key Requirements for Solution

The anticipated solution, detailed in the draft Product Description (PD), includes:

  • Core Solution: Brand-name Yubico or Intercede (or equivalent) for MFA tokens and certificate management.
  • Hardware: USB-A and USB-C connectors for authentication devices.
  • Deployment: On-premise, cloud-based, or hybrid environments; SaaS solutions must be FedRAMP authorized.
  • Integration: Must integrate with VA's enterprise CyberArk platform.
  • Logistics: Outsourced solution for storing, managing, and issuing tokens.
  • Deliverables: Software licenses, subscriptions, hardware tokens, maintenance, technical support, and initial installation services for the certificate database.
  • Compliance: Adherence to Section 508, VA Technical Reference Model (TRM), Zero Trust security controls, IPv6, Trusted Internet Connection (TIC) 3.0, and Generative AI requirements (if applicable).
  • Anticipated Period of Performance: One 12-month base period (August 25, 2026 – August 24, 2027) with four 12-month option periods for maintenance.

Response Requirements

Interested vendors must submit a response (limited to 10 pages, no marketing materials) including:

  • Company information: Name, Address, POC, Phone, Email, Business Size/Status (with SBA VETCert proof for VOSB/SDVOSBs), DUNS, NAICS, Socioeconomic data, and existing Contractual Vehicles.
  • Summary of technical capability to meet PD requirements.
  • Summary of capability and experience in providing and maintaining an online ordering website for physical token procurement and phased delivery.
  • Corporate experience with specific examples (agency, POC, dollar value, contract number).
  • Intent and ability to meet the SDVOSB set-aside requirement (VAAR 852.219-73 and 13 CFR §125.6), including subcontracting plans and team member information.
  • Assessment of the draft PD's sufficiency and recommendations if insufficient.

Contract & Timeline

  • Opportunity Type: Sources Sought / Request for Information (RFI)
  • NAICS Code: 541519 (Other Computer Related Services) with a 150-employee size standard.
  • Product Service Code: DA10
  • Response Due: June 2, 2026, 1:00 PM EST
  • Published: May 26, 2026

Submission Details

Responses must be emailed to Erin Butler (Erin.Butler3@va.gov) and Mina Awad (Mina.Awad@va.gov). The subject line must be "Fast IDentity Online Solution". The email file size shall not exceed 5 MB.

Additional Notes

This RFI is for market research only; the Government is not obligated to acquire products/services and will not pay for information submitted.

People

Points of Contact

Erin ButlerContract SpecialistPRIMARY
Erin.Butler3@va.gov
848-377-5512

Files

Files

Download
Download
View

Versions

Version 1Viewing
Sources Sought
Posted: May 26, 2026
DA10--Fast IDentity Online 2 (FIDO2) - VA-26-00064800 | GovScope