This is a combined synopsis/solicitation for commercial products or commercial services. Proposals are being requested and a written solicitation, with the redacted Justification For An Exception To Fair Opportunity, is attached.
This requirement is issued as a 100% total small business set-aside.
The Department of Veterans Affairs (VA), Office of Information & Technology (OIT), Office of the Chief Technology Officer (OCTO) has a requirement for the renewal of the Brand Name ID.me Identity and Access Management (IAM) Credential Service Provider (CSP) Software-as-a-Service (SaaS) solution which includes an annual Credential Brokers license, maintenance support and help desk assistance. VA, OIT, OCTO requires the ID.me CSP SaaS solution to support new and renewal user proofing subscriptions, which allow individuals to prove their identities and establish credentials for the purposes of secure authentication into external VA systems, such as VA.gov, the VA Health and Benefits mobile app, VA s Enterprise Service Desk, and more. VA requires a CSP that can be used by anyone who needs to interact with VA s external digital tools, including Veterans and beneficiaries, family members, dependents, and caregivers that live in the United States or abroad; VA employees and Contractors; and other professionals interacting with VA in an official capacity. To support all users, VA requires a CSP that allows users having difficulty completing identity verification remotely to transfer to a human-assisted process with a person who can act as a trusted referee, which the National Institute of Standards (NIST) defines as a person or organization that can vouch for the identity of the end user. VA also requires a CSP that meets Federal identity standards set by NIST at the following levels: 800-63-2 Level of Assurance (LOA) 1, 2, and 3; NIST 800-63-3 Identity Assurance Level (IAL) 1, 2; and Authenticator Assurance Level (AAL) 1, 2, and 3. In addition, VA requires a CSP that is compliant with the Office of Management and Budget Memo 19-17, which requires federal agencies to use NIST 800-63 compliant credentials that are federally or commercially shared, and with Executive Orders 14249, 14247, and 14271, which prioritize fraud reduction and usage of commercially available solutions. Also, VA requires a CSP that can verify users internationally. Finally, VA requires a CSP that is interoperable with its current infrastructure, including VA s Single Sign-On external (SSOe) technical stack, the VA.gov platform, the VA Health and Benefits Mobile platform, the VA Lighthouse Application Programming Interface (API) and the My HealtheVet (MHV) platform.
For ID.me, VA requires renewal of the yearly Credential Broker license, which allows up to 125 million Multi-Factor Authentication (MFA) events in the Base Period and in each Option Period, as well as maintenance support and help desk support. The Broker License will provide Veterans with publicly available customer support, including an inbound and outbound call center, video chat, live chat, and email channels as well as maintenance that includes software updates, patches, and fixes. Escalation support channels shall be available for VA employees, Contractors, and designated representatives. Help desk inquiries associated with VA will be prioritized across general support, escalations, and fraud investigations. The required support shall ensure the ID.me IAM CSP solution continually meets NIST 800-63-2 LOA 1, 2, 3 and remains accredited at NIST 800-63-3 IAL 1, 2; and AAL 1, 2, and 3 throughout the Period of Performance (PoP) and be compliant with a minimum of Web Content Accessibility Guidelines 2.1 Level A and Level AA accessibility standards.
Additionally, VA requires 600,000 new users and 4.25 million renewal user identity proofing subscriptions in the Base Period; 580,000 new users and 4.55 million renewal user identity proofing subscriptions in Option Period 1; 560,000 new user and 4.84 million renewal user identity proofing subscriptions in Option Period 2; and 540,000 new user and 5.12 million renewal user identity proofing subscriptions in Option Period 3. VA also requires Optional Tasks for an additional 400,000 new user and 2 million renewal user identity proofing subscriptions at the LOA3 level, and 60,000 new user and 90,000 renewal user identity proofing subscriptions at the IAL2 level in the Base Period; and 460,000 new user and 2,090,000 renewal user identity proofing subscriptions in each Option Period. Finally, VA requires Optional Tasks to increase MFA events by either 5 million events or 10 million events for the Base Period and each Option Period.
Offerors should read this announcement, and attachment(s), when providing a response. The BASIS FOR AWARD, and SUBMISSION INSTRUCTIONS are listed in Section E of attached Solicitation# 36C10B26Q0130. Offerors are to submit their proposal on the full requirement identified. Partial proposals will not be considered. Only one proposal per Offeror will be considered. An incomplete and / or late proposal will not be considered for evaluation and / or award. The Government reserves the right to cancel this solicitation, either before or after the response date. The Contracting Officer reserves the right to make no award under this procedure.
This solicitation requires registration with the System for Award Management (SAM) in order to be considered for award, pursuant to applicable regulations and guidelines. Registration information can be found at www.sam.gov. Registration in SAM must be listed as "ACTIVE" at time of award.
Interested Offerors are to email their signed proposal to William Waterhouse, Contract Specialist, via the email specified in this announcement. Questions concerning this solicitation should be addressed to William Waterhouse, Contract Specialist, via the email specified. Any question(s) received telephonically will not be answered and you are directed to submit your question(s) in writing to the Contract Specialist via the email specified in this announcement. All questions and answers specific to this solicitation will be posted on the SAM.gov - Contract Opportunities domain website.
The deadline for question submittal is 10:00 a.m. Eastern Time on Friday, April 24, 2026. Interested Offerors are requested to submit questions at the earliest possible date to enable the Government to provide a comprehensive and timely response. Any amendment(s) to this solicitation will be posted on the SAM.gov - Contract Opportunities domain website. No telephone requests for the solicitation will be accepted, no written requests will be accepted and no hard copies of the solicitation package will be mailed.
