Zero Trust Encryption RFI

Description

VA Office of Information and Technology, Infrastructure Operations operates one of the largest and most complex information technology environments in the federal government, spanning on-premises data centers, private cloud infrastructure, and public cloud services delivered through the VA Enterprise Cloud (VAEC). At the cryptographic foundation of that environment sits VA's enterprise Hardware Security Module (HSM) fleet, which provides the cryptographic backbone for VA's Public Key Infrastructure (PKI), Key Management Services (KMS), digital certificate operations, and cryptographic processing for a broad portfolio of clinical and administrative systems, including the Veterans Health Information Systems and Technology Architecture (VistA) and VAEC-hosted workloads.

The Government-furnished fleet consists of ten production network-attached HSM appliances, eight Luna Network HSM T-5000 and two Luna Network HSM T-2000, at firmware version 7.11, deployed across four geographically distributed CONUS gateway data centers, together with partition capacity licenses, HSM administration kits, and backup HSM components. The fleet is described at the gateway and metropolitan-area level in the attached sanitized Attachment A; system identifiers, serial numbers, and facility street addresses will be provided with the solicitation. The Contractor would assume full maintenance and managed-service responsibility for this equipment in its as-found configuration upon completion of transition-in.

VA is executing an enterprise Zero Trust modernization program consistent with its Critical Security Controls. Under that program, all HSM operations, including key lifecycle management, partition management, PKI operations, and cryptographic services for VA endpoints and applications, are core components of VA's Zero Trust encryption posture. In August 2024, the National Institute of Standards and Technology (NIST) finalized its first post-quantum cryptographic standards, FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA), making post-quantum cryptography (PQC) readiness a mandatory enterprise requirement for all HSM infrastructure. The Government is seeking industry feedback on technical approach, the salient characteristics, the staffing and key personnel model, the planned transition to Government operation, acquisition strategy, and pricing to inform its procurement planning.

Classifications

NAICS

541519

Other Computer Related Services

54├Professional, Scientific, and Technical Services

541├Professional, Scientific, and Technical Services

5415├Computer Systems Design and Related Services

54151├Computer Systems Design and Related Services

541519└Other Computer Related Services

PSC

7G21

IT AND TELECOM - NETWORK: DIGITAL NETWORK PRODUCTS (HARDWARE AND PERPETUAL LICENSE SOFTWARE)

7├IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS

7G├IT AND TELECOM - NETWORK

7G21└Digital network communications hardware, software, and other equipment used within the core data centers and work areas, connecting end users to the organization's Local Area Network (LAN). Wide Area Network (WAN) digital transmission equipment, supporting hardware and software directly connecting data centers, offices and third parties. Includes 1) external digital network transport equipment (Outside Plant) physical communications infrastructure connecting to LAN/WAN end points 2) copper and fiber communications systems, and 3) cellular infrastructure such as towers, repeaters, switching systems dedicated for cellular communication. Products and tools that enable or distribute voice services through on-premise digital equipment including PBX, VoIP, voicemail and handsets.

Set-Aside

SDVOSBC

Service-Disabled Veteran-Owned Small Business (SDVOSB) Set-Aside (FAR 19.14)

Documents

Primary Contact

Secondary Contact