Cyberlock Expansion Project

Quick Summary

The U.S. Department of Commerce, National Institute of Standards and Technology (NIST) is conducting market research through a Sources Sought / Request for Information (RFI) for a Cyberlock Expansion Project. This RFI seeks industry capabilities to support a planned single-award Indefinite Delivery/Indefinite Quantity (IDIQ) contract for Cyberlock system and related services at the NIST Boulder campus. The anticipated IDIQ will have a ceiling value of $10M and a period of performance of a base year plus four option years. Responses are due by March 26, 2026, at 1:00 PM MST.

Purpose & Scope

NIST aims to identify qualified small and other than small businesses capable of providing a Cyberlock system and associated services. The planned IDIQ will support the Security Systems and Access Control Groups (SSACG) Cyberlock Program. The scope includes providing, supporting, and maintaining Cyberlock software and hardware, conducting site surveys, removing/modifying locksets, performing cylinder changes, configuring/integrating software, and installing/commissioning Cyberlocks. This notice is for market research only and does not constitute a solicitation.

Requested Information

NIST invites industry to review the draft Performance Work Statement (PWS) and submit responses to lia.arthofer@nist.gov. Responses, limited to ten pages (excluding cover and pricing), should be in Microsoft Word or PDF format (12-point font) and include:

• Cover Page: Notice details, Unique Entity ID, company information, POC, validation of company size status under NAICS 325120 (in addition to the opportunity's NAICS 561621), and SAM.gov registration status.
• PWS Suggestions: Recommendations to improve clarity and competitiveness of the draft PWS.
• Evaluation Factors: Suggested evaluation criteria for a future competitive acquisition.
• Commercial Pricing: Copies of standard commercial pricing information (e.g., catalog pricing) to help NIST estimate fair market price. Optional estimates for PWS requirements are also accepted (no proposals).
• Small Business Compliance: If a small business under NAICS 561621, indicate compliance with FAR 52.219-14 (Limitations on Subcontracting) for a potential total small business set-aside.
• Federal Contracts: Information on GSA Multiple Award Schedule or other federal contracts under which NIST could place an order.
• Teaming Arrangements: Information for each entity if responding as a team.

Anticipated Contract & Timeline

• Contract Type: Single-award Indefinite Delivery/Indefinite Quantity (IDIQ)
• Anticipated Period of Performance: One base year and four one-year option periods, with a potential 6-month extension.
• Response Due: March 26, 2026, 1:00 PM MST
• Published Date: March 24, 2026
• Place of Performance: NIST Boulder campus, CO. Contractor personnel should be located within the Mountain West/Colorado area.

Key Requirements (from Draft PWS)

• Compliance: All work must comply with Federal Information Processing Standards (FIPS) and Homeland Security Presidential Directive 12 (HSPD-12). Hardware must be Trade Agreement Act (TAA) and/or National Defense Authorization Act (NDAA) compliant.
• Personnel: Contractor personnel require RS2 Reseller, ASSA ABLOY Authorized Channel Partner certifications, and Secret level Security Clearance. Background investigations and NIST badges are mandatory.
• Technology: Use of specific brand names (RS2 Access It!, HID SAFE, ASSA ABLOY IN-Series, Cisco C9300-48U-A) is limited. Systems must support certificate-based encryption (EAP-TLS) and AES 128-bit encryption.
• Security: Adherence to NIST security requirements, system change control, and authorization.

Contact Information

For inquiries and submission of responses, contact Lia M Arthofer at lia.arthofer@nist.gov.