SAM #36C10B26Q0130

VA Solicitation for ID.me Identity and Access Management Software, Subscriptions, and Support

The Department of Veterans Affairs (VA) is seeking to renew its enterprise-wide identity and access management solution with a brand name requirement for ID.me software and services. - Government Buyer: - Department of Veterans Affairs (VA), Office of Information & Technology (OIT), Office of the Chief Technology Officer (OCTO), Technology Acquisition Center (TAC), Eatontown, NJ - OEM Highlight: - ID.me is the sole specified Original Equipment Manufacturer (OEM) for all software and services - Products and Quantities: - Annual ID.me Credential Broker License (up to 125 million Multi-Factor Authentication (MFA) events per period) - New user identity proofing subscriptions (Base Period: 600,000; Option Periods: 580,000, 560,000, 540,000) - Renewal user identity proofing subscriptions (Base Period: 4,250,000; Option Periods: 4,550,000, 4,840,000, 5,120,000) - Optional tasks for additional new and renewal subscriptions at higher assurance levels (LOA3, IAL2) and increased MFA event capacity (increments of 5 million or 10 million per period) - Services: - Maintenance support and help desk assistance (including software updates, call center, live chat, and escalation support) - Regular reporting deliverables (bi-weekly, monthly usage, SLA monitoring, user support, and MFA status reports) - Notable Requirements: - Solution must comply with NIST 800-63-2 and 800-63-3 identity standards (LOA 1-3, IAL 1-2, AAL 1-3), OMB Memo 19-17, and relevant Executive Orders - Interoperability with VA.gov, VA Health and Benefits mobile app, and other VA digital platforms - Support for international users and human-assisted identity verification - Accessibility compliance with WCAG 2.1 Level A and AA - All quantities are specified for a base period and three option periods, with optional tasks to scale as needed

Description

This is a combined synopsis/solicitation for commercial products or commercial services. Proposals are being requested and a written solicitation, with the redacted Justification For An Exception To Fair Opportunity, is attached. This requirement is issued as a 100% total small business set-aside. The Department of Veterans Affairs (VA), Office of Information & Technology (OIT), Office of the Chief Technology Officer (OCTO) has a requirement for the renewal of the Brand Name ID.me Identity and Access Management (IAM) Credential Service Provider (CSP) Software-as-a-Service (SaaS) solution which includes an annual Credential Brokers license, maintenance support and help desk assistance. VA, OIT, OCTO requires the ID.me CSP SaaS solution to support new and renewal user proofing subscriptions, which allow individuals to prove their identities and establish credentials for the purposes of secure authentication into external VA systems, such as VA.gov, the VA Health and Benefits mobile app, VA s Enterprise Service Desk, and more. VA requires a CSP that can be used by anyone who needs to interact with VA s external digital tools, including Veterans and beneficiaries, family members, dependents, and caregivers that live in the United States or abroad; VA employees and Contractors; and other professionals interacting with VA in an official capacity. To support all users, VA requires a CSP that allows users having difficulty completing identity verification remotely to transfer to a human-assisted process with a person who can act as a trusted referee, which the National Institute of Standards (NIST) defines as a person or organization that can vouch for the identity of the end user. VA also requires a CSP that meets Federal identity standards set by NIST at the following levels: 800-63-2 Level of Assurance (LOA) 1, 2, and 3; NIST 800-63-3 Identity Assurance Level (IAL) 1, 2; and Authenticator Assurance Level (AAL) 1, 2, and 3. In addition, VA requires a CSP that is compliant with the Office of Management and Budget Memo 19-17, which requires federal agencies to use NIST 800-63 compliant credentials that are federally or commercially shared, and with Executive Orders 14249, 14247, and 14271, which prioritize fraud reduction and usage of commercially available solutions. Also, VA requires a CSP that can verify users internationally. Finally, VA requires a CSP that is interoperable with its current infrastructure, including VA s Single Sign-On external (SSOe) technical stack, the VA.gov platform, the VA Health and Benefits Mobile platform, the VA Lighthouse Application Programming Interface (API) and the My HealtheVet (MHV) platform. For ID.me, VA requires renewal of the yearly Credential Broker license, which allows up to 125 million Multi-Factor Authentication (MFA) events in the Base Period and in each Option Period, as well as maintenance support and help desk support. The Broker License will provide Veterans with publicly available customer support, including an inbound and outbound call center, video chat, live chat, and email channels as well as maintenance that includes software updates, patches, and fixes. Escalation support channels shall be available for VA employees, Contractors, and designated representatives. Help desk inquiries associated with VA will be prioritized across general support, escalations, and fraud investigations. The required support shall ensure the ID.me IAM CSP solution continually meets NIST 800-63-2 LOA 1, 2, 3 and remains accredited at NIST 800-63-3 IAL 1, 2; and AAL 1, 2, and 3 throughout the Period of Performance (PoP) and be compliant with a minimum of Web Content Accessibility Guidelines 2.1 Level A and Level AA accessibility standards. Additionally, VA requires 600,000 new users and 4.25 million renewal user identity proofing subscriptions in the Base Period; 580,000 new users and 4.55 million renewal user identity proofing subscriptions in Option Period 1; 560,000 new user and 4.84 million renewal user identity proofing subscriptions in Option Period 2; and 540,000 new user and 5.12 million renewal user identity proofing subscriptions in Option Period 3. VA also requires Optional Tasks for an additional 400,000 new user and 2 million renewal user identity proofing subscriptions at the LOA3 level, and 60,000 new user and 90,000 renewal user identity proofing subscriptions at the IAL2 level in the Base Period; and 460,000 new user and 2,090,000 renewal user identity proofing subscriptions in each Option Period. Finally, VA requires Optional Tasks to increase MFA events by either 5 million events or 10 million events for the Base Period and each Option Period. Offerors should read this announcement, and attachment(s), when providing a response. The BASIS FOR AWARD, and SUBMISSION INSTRUCTIONS are listed in Section E of attached Solicitation# 36C10B26Q0130. Offerors are to submit their proposal on the full requirement identified. Partial proposals will not be considered. Only one proposal per Offeror will be considered. An incomplete and / or late proposal will not be considered for evaluation and / or award. The Government reserves the right to cancel this solicitation, either before or after the response date. The Contracting Officer reserves the right to make no award under this procedure. This solicitation requires registration with the System for Award Management (SAM) in order to be considered for award, pursuant to applicable regulations and guidelines. Registration information can be found at www.sam.gov. Registration in SAM must be listed as "ACTIVE" at time of award. Interested Offerors are to email their signed proposal to William Waterhouse, Contract Specialist, via the email specified in this announcement. Questions concerning this solicitation should be addressed to William Waterhouse, Contract Specialist, via the email specified. Any question(s) received telephonically will not be answered and you are directed to submit your question(s) in writing to the Contract Specialist via the email specified in this announcement. All questions and answers specific to this solicitation will be posted on the SAM.gov - Contract Opportunities domain website. The deadline for question submittal is 10:00 a.m. Eastern Time on Friday, April 24, 2026. Interested Offerors are requested to submit questions at the earliest possible date to enable the Government to provide a comprehensive and timely response. Any amendment(s) to this solicitation will be posted on the SAM.gov - Contract Opportunities domain website. No telephone requests for the solicitation will be accepted, no written requests will be accepted and no hard copies of the solicitation package will be mailed.

View original listing