Credentialing Management Services Request for Information

Statement of Work (SOW) / Performance Work Statement (PWS)

This Performance Work Statement (PWS) outlines the support required by the Transportation Security Administration (TSA) Enrollment Services and Vetting Programs (ESVP) for the Credential Management Support (CMS) initiative, primarily focusing on the Transportation Worker Identification Credential (TWIC®) program.

• Provide technical expertise for the TWIC® program, including areas such as identity and biometric-based Federal databases, smart card technology, physical and logical access control systems, credential security features, and identity verification.

• Support the efficiency and effectiveness of the TWIC® program, addressing credential production, issuance, and reliability testing.

• Analyze and diagnose issues related to biometric data quality and credential operability.

• Develop and maintain publications for facility security officials and stakeholders regarding access control solutions that incorporate the TWIC® card.

• Provide support for post-implementation technology matters, including code review, systems testing, and user acceptance testing.

• Assist in evaluating the use and revocation of ESVP biometric credentials and support card reliability and failure testing.

• Conduct assessments on the costs, benefits, and feasibility of derived credentials for the TWIC® program.

• The PWS details specific requirements for deliverables, including:

  • Annual review, version update, and publication of the TWIC® Security Threat Assessment Program Credential Specification document.
  • Publication for facility security officials and stakeholders on access control solutions.
  • Quarterly reports on TWIC® card failure or reliability issues.
  • Technical advisories or memorandums.
  • Documenting the TWIC® validation card set process.
  • Configuring, issuing, and testing card stock for QTL-related analysis tools.
  • Assessment of derived credentials.

• The document also outlines reporting requirements: Monthly Reports, Monthly Touch Points, Final Report, and a Transition Plan.

• Acceptable Quality Levels (AQLs) are defined for tasks such as Monthly Status Reports and Annual Summary Reports.

• Period of Performance: 12-month base period with four (4) one-year option periods.

• Place of Performance: On-site services at TSA Headquarters, 6595 Springfield Center Drive, Springfield, VA 22150.

• Key Personnel: Specific Subject Matter Expert qualifications (Level I, II, and III) are detailed, emphasizing extensive experience in identity management, biometrics, smart card technology, and access control systems.

• Security, Personnel Requirements, Privacy Security and Privacy: Contractor must comply with defined requirements.

• 508 Compliance: All Information and Communications Technology (ICT) deliverables must conform to Section 508 standards, including providing test plans, test results, and Accessibility Conformance Reports (ACRs).

Questions & Answers / Clarifications

This document contains a list of questions related to "Credentialing Management Support" for which the government is seeking information. It is intended to gather insights from potential vendors regarding their capabilities and experience in various aspects of credentialing and identification systems.

• Digital/Mobile ID App Development: Inquires about company experience in this area.
• Quantum Cryptography: Seeks opinions on mitigating card chip and reader hardware vulnerabilities.
• Physical Identification Credentials: Asks about experience developing robust credentials for harsh environments.
• Card Reader/Technology Evaluation: Seeks experience in evaluating and testing contact and contactless card readers and related technology for credential management.
• Mobile ID Implementation: Inquires about experience in developing/implementing mobile IDs, upgrading card design/security, and supporting biometric authentication/validation/verification.
• Stakeholder Communication & Support: Requests details on experience communicating with stakeholders, credential evaluation/testing approaches, lifecycle management, integration with access control systems, and 24-hour support capabilities.
• Physical/Logical Access Control Systems: Asks about experience with these systems, including card readers and PACS integrators.
• TWIC Smart Card Configuration: Inquires about experience testing, evaluating, and configuring TWIC smart card data models and specifications.

This document is a Request for Information (RFI) and does not represent a solicitation. The questions posed will likely inform future requirements or solicitations related to credentialing management support. Vendors should review these questions to understand potential areas of interest for the government and to prepare for potential future opportunities.