Giter Club home page Giter Club logo

tts-buy-document-authentication-services's Introduction

Login.gov Document Authentication Services

This is the GitHub repository for TTS_DOCAUTH, posted on FedBizOpps.gov. Please submit any questions as an Issue in this repository by November 17, 2017 at 1:00pm EST. The Contracting Officer will only be responding to questions submitted using the Issue Template. Comments from other parties or in other formats will still be considered but we cannot commit to responding to them.

Proposals are due by December 8, 2017 at 1:00pm EST.

Background

The Login.gov program is undergoing significant modifications in direct response to recent laws passed in Congress and executive orders released by the Executive Office of the President instructing federal agencies to protect citizen data in transactions with the Government, including:

  • The Cybersecurity Information Sharing Act (CISA) passed in October 2015;
  • The Cybersecurity National Action Plan (CNAP) released in March 2016 by the Executive Office of the President to identity short- and long-term actions to meet CISA; and
  • The Implementation Plan Draft released in April 2016 as a plan for action to Executive Order 13681 - Improving the Security of Consumer Financial Transactions.

What we're hoping to end up with

Additional information is provided in Sections 2, 6, and 9 of the RFQ, but in short:

The vendor will collect documentary evidence of identity data via the login.gov platform. The login.gov application will electronically transfer these data elements to the contractor. The contractor will return a real-time verification from the data received via the login.gov platform and the results of the comparison. Based on the response, GSA will determine whether documentary evidence meets our requirements as evidence of the individual’s identity.

How to respond

Additional information is provided in Section 4 of the RFQ, but in short:

The competition for this RFQ is expected to take longer than usual. Quotes should be valid for not less than 90 days from submission. Offerors will need to submit written technical quotes as well as their proposed solution for evaluation, see paragraphs 9 and 10. Offerors must read, complete, and submit all attachments as well as the representations and certifications below and submit them with their offer.

Period of performance

Additional information is provided in Section 3 of the RFQ, but in short:

1 Base Year with 1 Option Year

Contents

  1. Request for Quotation (RFQ)

  2. Attachment A - Requirements

  3. Attachment B - Template Sources

  4. Attachment C - SLA Requirements

  5. Attachment D - Deployment Options

  6. Past Performance Questionnaire Note: Link is to a document hosted on FBO.gov.

Contributing

See CONTRIBUTING for additional information.

Public domain

This project is in the worldwide public domain. As stated in CONTRIBUTING:

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

tts-buy-document-authentication-services's People

Contributors

jprisby1 avatar oghaffari avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

jprisby1 tasligh fullstackenviormentss isabella232

tts-buy-document-authentication-services's Issues

Attachment C - SLA

Question/Comment

4 questions regarding this spreadsheet are presented below

Name and affiliation

Paul Townsend, Acuant

Section of RFQ documents

Attachment C - SLA

Question/Comment

  1. Many of the SLA requirements are specific for the vendor-hosted deployment option. Should these items be completed if software only is proposed? This includes MFA ID #1, 2, 3, 7, 8, 9, 10, 11, 12, and 13.

  2. MFA ID #4 indicates a maximum API response time of 1000ms (1 second). Across the industry, it is recognized that each actual API call to process the document images can take upwards of 3-4 seconds. Please clarify how the government intends to measure this response time.

  3. Cell B2 on Sheet3 is unreadable. Please modify the spreadsheet to clarify the contents of this cell.

  4. On Sheet3, the meaning/intent of most of the items is unclear. It seems to imply that there is some application that includes KBA, behavioral algorithms, input velocity (?), etc. There is no description in the RFQ that describes the context for most/all of these items. Please clarify.

PPQ

Peter Brason/LexisNexis/Proposal Manager

Can past performance be provided by either the prime, subcontractor or teaming partner?

NAICS 541519

Question/Comment

Can you confirm that this this is limited to a small business (under 150 people/$23M revenue)? Based on the cover page classification (NAICS 541519) we want to clarify eligibility.

Name and affiliation

Director of Field Marketing, Gemalto

Section of RFQ documents

Cover Page

Question/Comment

Can you confirm that this this is limited to a small business (under 150 people/$23M revenue)? Based on the cover page classification (NAICS 541519) we want to clarify eligibility.

Emailed question

Question/Comment

We have a new channel Director that would like to speak with you regarding your RFP for ID verification.

Can you spare 20 minutes next week to have a brief chat? Maybe Wed. after lunch?

PPQ Template missing

Question/Comment

The RFQ requires submission of Past Performance Questionnaires (PPQs) but no PPQ template is provided. Please provide the PPQ template at your earliest opportunity, preferably in MS-Word format.

Name and affiliation

Paul Townsend, Acuant

Small Business Preference

Peter Brason/LexisNexis/Proposal Manager

As a 100% small business set-aside, will preference be given for the type of small business, such as SDB, SDVOB, HubZone, Minority/Woman Owned, etc.?

Past Performance Questionnaire (Section 10., Page 15 of RFQ)

Would GSA consider allowing Past Performance references and PPQs on behalf of subcontractors, with the Small Business as the prime contractor? Many of the specified/requested capabilities are highly specialized to vendors working in the document authentication space. Many instances of past performance GSA seeks may be provided by non-Small Business technology providers versus the Small Business prime contractor.

Attachment C, Sheet 3

How do the line items of “Sheet 3” align with the requirements outlined in the RFQ? Please clarify the relevance of Sheet 3 and how vendors should respond. Are the line items part of the RFQ evaluation? If so, how are they weighed?

Submission Deadline

Given that GSA is allowing question submission up until November 10, 2017 and respondents will have limited time (with the Thanksgiving holiday) to react/respond to this feedback, would GSA consider extending the due date by three weeks?

Technical Response

Question/Comment

The expected content of the technical response is unclear from the RFQ. We understand that a narrative is required that addresses the tasks delineated in the SOO (section 6). We also understand that Services and Pricing tables must be presented, and that several attachments must be completed. Please clarify whether the pricing information and the required attachments count towards the 20-page limitation for the technical response. Please also clarify whether the pricing is expected to be presented as a separate attachment to the technical response.

Name and affiliation

Paul Townsend, Acuant

Section of RFQ documents

Section 10 - Technical Evaluation

Question/Comment

{ask away!}

Attachment D – Deployment Options

Question/Comment

Name and affiliation

Paul Townsend, Acuant

Section of RFQ documents

Attachment D – Deployment Options

Question/Comment

The RFQ requests selection of a Deployment Option, and states that if both options are selected, that the differences in pricing and technical approach must be indicated. Please clarify the government’s expectations regarding a deployment option selection as specified in this attachment, including whether the vendor needs to (1) simply identify the proposed option and/or (2) specifically address the individual requirements for the selected option as outlined within the attachment.

Attachment C, Sheet 3

Line item 10 states: Ability to provide Knowledge Based Verification Services‐Online using both FCRA or non-FCRA data (Mandatory).

Our question: Knowledge based authentication has increasingly been shown vulnerable to social engineering – while hard/arcane questions are shown to generate usability problems. Please clarify this requirement as being mandatory.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.