Notice of Intent to Sole Source - TRM Labs
Overview
Buyer
Place of Performance
NAICS
PSC
Set Aside
Original Source
Timeline
Qualification Details
Fit reasons
- NAICS alignment with historical contract wins in similar service areas.
- Scope strongly matches core technical capabilities and delivery model.
Risks
- Past performance thresholds may require one additional teaming partner.
- Potential clarification needed on staffing minimums before bid/no-bid.
Next steps
Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.
Quick Summary
The U.S. Department of Homeland Security (DHS), Homeland Security Investigations (HSI), Office of Acquisition Management (OAQ), has issued a Notice of Intent to Sole Source to TRM Labs, Inc. for their forensic software and support services. This acquisition aims to support Homeland Security Task Force (HSTF) investigations, specifically targeting cyber-enabled fraud, ransomware, and sextortion. This is an informational notice, not a request for competitive quotes. Interested parties may submit a one-page response by June 11, 2026, at 10:00 AM EST.
Purpose
The HSTF National Coordination Center (NCC) Cyber Disruption Center (CDC) requires advanced technology solutions and operational support to effectively combat the increasing speed, scale, and sophistication of cyber threats, including fraud, ransomware, and sextortion. Existing federal resources are deemed insufficient to meet these challenges.
Scope of Work
The required services include TRM forensic software and support, enabling a team of analysts skilled in cryptocurrency tracing, blockchain analytics, and open-source intelligence. The support will facilitate rapid detection, triage, interdiction, asset recovery, and cross-sector collaboration across key mission areas:
- Scam Disruption: AI-powered triage, automated victim outreach, real-time scam wallet screening, end-to-end asset recovery, targeting transnational criminal organizations, and victim claim verification.
- Cybercrime Disruption and SLTT Resilience: Unified knowledge base, threat graph, Indicator of Compromise (IOC) database, intelligence packages, ransomware asset recovery, AI-enabled incident response for state/local/tribal/territorial entities, and collaboration tools.
- Sextortion Disruption: Targeting criminal networks, asset recovery and tracing of proceeds, expansion to consumer messaging platforms, integration of freeze pipelines, and machine learning support for victim identification and perpetrator attribution.
Special Requirements
The solution must be fully operational and deployable, supporting persistent and scalable disruption capabilities. Government personnel must be able to independently operate disruption workflows post-implementation. Robust audit, governance, and human-in-the-loop decision frameworks are essential for compliance. The NCC also requires the ability to rapidly scale operational capacity for surge events and new partnerships.
Contract & Timeline
- Type: Notice of Intent to Sole Source (anticipated Firm-Fixed Price contract)
- Duration: 12-months from time of award
- Set-Aside: None (Sole Source)
- Response Due: June 11, 2026, 10:00 AM EST
- Published: June 8, 2026
- Place of Performance: Fairfax, VA
Response Instructions
This notice is for informational purposes only. Interested parties may express their interest and demonstrate capabilities by submitting a one-page response (Times New Roman, font size <= 11.5) to the Contracting Officer, Greg Hermsen, at Gregory.M.Hermsen@ice.dhs.gov. Marketing brochures or generic company literature will not be considered. The Government reserves the right to determine if an interested vendor is capable of performing the required work.
Contact Information
Primary Point of Contact: Greg Hermsen, Gregory.M.Hermsen@ice.dhs.gov