Closed Solicitation · DEPARTMENT OF VETERANS AFFAIRS
AI Summary
The Department of Veterans Affairs is seeking industry feedback for a Zero Trust encryption initiative involving the maintenance and management of its Hardware Security Module fleet. This opportunity focuses on cryptographic services and key management, aligning with NIST's post-quantum cryptographic standards. Interested parties should provide insights on technical approaches and acquisition strategies.
VA Office of Information and Technology, Infrastructure Operations operates one of the largest and most complex information technology environments in the federal government, spanning on-premises data centers, private cloud infrastructure, and public cloud services delivered through the VA Enterprise Cloud (VAEC). At the cryptographic foundation of that environment sits VA's enterprise Hardware Security Module (HSM) fleet, which provides the cryptographic backbone for VA's Public Key Infrastructure (PKI), Key Management Services (KMS), digital certificate operations, and cryptographic processing for a broad portfolio of clinical and administrative systems, including the Veterans Health Information Systems and Technology Architecture (VistA) and VAEC-hosted workloads.
The Government-furnished fleet consists of ten production network-attached HSM appliances, eight Luna Network HSM T-5000 and two Luna Network HSM T-2000, at firmware version 7.11, deployed across four geographically distributed CONUS gateway data centers, together with partition capacity licenses, HSM administration kits, and backup HSM components. The fleet is described at the gateway and metropolitan-area level in the attached sanitized Attachment A; system identifiers, serial numbers, and facility street addresses will be provided with the solicitation. The Contractor would assume full maintenance and managed-service responsibility for this equipment in its as-found configuration upon completion of transition-in.
VA is executing an enterprise Zero Trust modernization program consistent with its Critical Security Controls. Under that program, all HSM operations, including key lifecycle management, partition management, PKI operations, and cryptographic services for VA endpoints and applications, are core components of VA's Zero Trust encryption posture. In August 2024, the National Institute of Standards and Technology (NIST) finalized its first post-quantum cryptographic standards, FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA), making post-quantum cryptography (PQC) readiness a mandatory enterprise requirement for all HSM infrastructure. The Government is seeking industry feedback on technical approach, the salient characteristics, the staffing and key personnel model, the planned transition to Government operation, acquisition strategy, and pricing to inform its procurement planning.
ZERO TRUST ENCRYPTION RFI is a federal acquisition solicitation issued by DEPARTMENT OF VETERANS AFFAIRS. Review the full description, attachments, and submission requirements on SamSearch before the response deadline.
SamSearch Platform
AI-powered intelligence for the right opportunities, the right leads, and the right time.