Request For Information - Multi-Factor Authentication
Overview
Buyer
Place of Performance
NAICS
PSC
Set Aside
Original Source
Timeline
Qualification Details
Fit reasons
- NAICS alignment with historical contract wins in similar service areas.
- Scope strongly matches core technical capabilities and delivery model.
Risks
- Past performance thresholds may require one additional teaming partner.
- Potential clarification needed on staffing minimums before bid/no-bid.
Next steps
Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.
Quick Summary
The U.S. Department of State, Bureau of Global Acquisitions (GA), is issuing a Request for Information (RFI) for Multi-Factor Authentication (MFA) solutions. This market research aims to identify qualified companies, determine procurement methods, and define acquisition strategies for MFA and One-Time Password (OTP) generation technologies. This is not a solicitation, and no contract will be awarded. Responses are due by February 6, 2026, at 3 PM EST.
Objectives & Desired Outcomes
The RFI seeks to:
- Identify available MFA and OTP generation technologies that meet mission needs.
- Assess cost models, licensing, and support requirements.
- Identify potential risks, integration challenges, and mitigation strategies.
- Evaluate the feasibility of deploying MFA in a classified air-gapped environment.
- Identify innovative authentication methods beyond traditional PIV cards and tokens.
Solutions must demonstrate the ability to generate OTPs on an internet-connected computer for use on a separate, non-internet-connected "air-gapped" network. Cell phone-based authenticators are prohibited; the authenticator app must be server-generated without requiring a browser extension. The attached "Diagram of Proposed OTP Implementation" further illustrates this air-gapped network setup, emphasizing no connections between networks and no mobile authenticators. Preferred solutions will also support backup MFA options (e.g., hardware tokens, smartcards), integrate with Active Directory, LDAP, Windows, and Linux, offer intuitive user experience, provide centralized administration, and comply with NIST 800-63 and FIPS 140-2/3.
Capability Statement Requirements
Respondents should provide a detailed capability statement addressing:
- Company information (name, address, UEI, CAGE, POC, small business category).
- Ability to perform the outlined services/objectives.
- Relevant experience and past performance.
- Rough order of magnitude (ROM) cost estimates.
- Feedback on acquisition strategies, contract vehicles, and potential resellers.
- Typical deployment timelines, training, support structures, and performance metrics.
- Recommendations on innovative approaches or technologies.
Submission Details
- Response Due: February 6, 2026, 3 PM EST.
- Submission Limit: 10 pages (excluding cover page and table of contents).
- Submit To: Amanda Rajah, Contracting Officer, via email at RajahAM@state.gov.
- Subject Line: "Request For Information - Multi-Factor Authentication Response".
- Sales brochures, videos, and marketing materials will not be accepted. Telephone inquiries will not be accepted or acknowledged.
Contract & Timeline
- Type: Request for Information (RFI) / Sources Sought
- Set-Aside: None specified (market research stage)
- Published: January 16, 2026