Request For Information - Multi-Factor Authentication

Active

Contract Opportunity

The U.S. Department of State, Bureau of Global Acquisitions (GA) is issuing this Request for Information, as a means of conducting market research to identify qualified companies having an interest in and the resources to support this requirement.

The results of this market research will contribute to determining the method of procurement and assist DOS in developing and further defining procurement, acquisition, and development strategies.

This is not a solicitation announcement. No contract will be awarded from this announcement. This request for capability information does not constitute a request for proposals and does not bind the U.S. Government (USG) to any agreement, written or implied. Submission of any information to this market survey is purely voluntary. The USG assumes no financial responsibility for any costs incurred by respondents. Feedback and/or evaluation information will not be provided to any firm regarding their individual capability statements in response to the Request for Information.

Objectives

• Identify MFA and One-Time Password (OTP) generation technologies and approaches currently available in the market that meet or exceed mission needs.

• Assess cost models, licensing options, and support requirements.

• Identify potential risks, integration challenges, and mitigation strategies.

• Evaluate the feasibility of deploying MFA in our classified air-gapped environment.

• Identify innovative authentication methods beyond traditional PIV cards and token solutions.

Desired Outcomes

The Government is seeking solutions that demonstrate the following capabilities:

• Uses OTP generation on separate networks. The code should be generated on an internet connected computer. That OTP will be used to login/unlock the user on a separate non-internet connected “air-gapped" network computer. The office space where the OTP will be used is a restricted access space. As a result, any cell phone-based authenticator app or other solution requiring cellular phones is prohibited. Instead, the authenticator app must be generated from a server, and it cannot require a browser extension.

*Please see the attached “Diagram of Proposed OTP Implementation”

• Authentication Factors: Support for additional backup MFA authentication options is preferred (e.g. hardware tokens, smartcards).

• Integration: Compatibility with Active Directory, LDAP, Windows and Linux.

• User Experience: Intuitive interfaces and minimal friction for end-users.

• Administration: Centralized management console and policy enforcement.

• Security: Compliance with NIST 800-63, FIPS 140-2/3, and other applicable federal security requirements.

Capability Statement Requirement

If your company has the capacity to perform the services outlined in this notice, please provide a detailed capability statement addressing the following information:

(1) Company name, address, Unique Entity Identifier (UEI), CAGE code, point of contact (phone and email address), qualified small business category and certification (if applicable).

(2) Company ability to perform the services/objectives requested in this RFI.

(3) Relevant experience (what you did) past performance history (how you did it/how you performed/customer success stories).

(4) Rough order of magnitude (ROM) cost estimates, including details that could impact pricing, if available.

(5) Feedback on acquisition strategies, contract vehicles, and if applicable, resellers/ channel partners that could be used to acquire the solution.

(6) Typical deployment timelines, training, support structures, and performance metrics.

(7) Recommendations on innovative approaches or technologies (potentially including those not currently used in Government).

The deadline for submitting capability statements in response to the Request for Information is 3PM (EST) February 6, 2026. Responses are limited to 10 pages (excluding cover page and table of contents) and shall be submitted to Amanda Rajah, Contracting Officer, via email at RajahAM@state.gov and shall have the words “ Request For Information - Multi-Factor Authentication Response” in the "subject" line. Sales brochures, videos and other marketing information materials will not be accepted. Telephone inquiries will NOT be accepted or acknowledged.

Attachments/Links