RFI - DOJ JMD Secure Communications

Active

Contract Opportunity

DISCLAIMER:

THIS NOTICE IS FOR INFORMATIONAL PURPOSES ONLY. THIS IS NOT A REQUEST FOR PROPOSAL OR QUOTE. IT DOES NOT CONSTITUTE A SOLICITATION AND SHALL NOT BE CONSTRUED AS A COMMITMENT BY THE GOVERNMENT. RESPONSES IN ANY FORM ARE NOT OFFERS AND THE GOVERNMENT IS UNDER NO OBLIGATION TO AWARD A CONTRACT AS A RESULT OF THIS ANNOUNCEMENT. NO FUNDS ARE AVAILABLE TO PAY FOR PREPARATION OF RESPONSES TO THIS ANNOUNCEMENT. ANY INFORMATION SUBMITTED BY RESPONDENTS TO THIS TECHNICAL DESCRIPTION IS STRICTLY VOLUNTARY.

1. PURPOSE

The purpose of this Request for Information (RFI) is to obtain information from qualified vendors regarding secure unclassified communication platforms and services designed for use in regulated environments. This includes, but is not limited to, compliance with federal, state, and industry-specific requirements for secure messaging, collaboration, data handling, and recordkeeping. The Department of Justice (DOJ) is seeking solutions that ensure data sovereignty, meet applicable regulatory standards, and provide strong security and auditability features. The information from qualified vendors regarding solutions that enable secure, compliant, and auditable communications across widely used messaging platforms. Specifically, this includes SMS, MMS, RCS, iMessage, Signal, WhatsApp and other 3rd party communication tools.

2. BACKGROUND

The DOJ operates in highly regulated environments where the handling of sensitive communications is subject to strict compliance and oversight requirements. The organization requires a secure communications solution that:

• Protects unclassified sensitive communications against cyber, insider, and foreign intelligence threats.


• Ensures compliance with federal (e.g., FedRAMP, CJIS, NIST 800-53, NARA), state, and industry standards.


• Maintains data sovereignty within the United States to mitigate foreign supply chain risks.


• Enables robust audit, monitoring, and archiving of communications for investigative, compliance, recordkeeping, and oversight purposes.


• Enables archiving on demand of all communications for select senior officials for recordkeeping purposes.


• Provides cross-platform interoperability (mobile, desktop, web) while maintaining strict security and access controls.

3. RFI RESPONSES and QUESTIONS

Vendors are invited to respond to this RFI by providing the following details:

A. Company Overview

1. Contractor Legal/DBA Name:


2. Headquarters Address:


3. Points of Contacts (Please include Name, Email, and Phone Number)


4. Website Address:


5. DUNS Number:


6. Unique Entity Identifier (UEI):


7. Cage Code:


8. Facility Clearance:


9. Applicable NAICS Code(s):


10. Corporate Structure, Ownership and foreign affiliations:


11. Company Size or Socio-Economic Designation (as applicable):


12. Number of years in business:


13. Company’s Capability Statement limited to three (3) pages (soft copy attached to RFI response)


14. List of Existing Government Ordering Vehicle(s). (example: GSA Schedule and GWACs):


15. Relevant experience in delivering secure communication platforms and regulated industries or government agencies:


16. Anticipated conflict of interest:

B. Technical Capabilities

• Identify the product – name, description and other associated information. Identify if a commercial product currently exists that meets the Government’s needs? If so, please describe the product, its capabilities, and how it aligns with the Government’s requirements. Identify the manufacturer or vendor capable of providing the product. Include relevant product literature, specifications, and performance data.


• End-to-end encryption protocols and key management methods.


• Authentication and access control features (MFA, role-based access, etc.).


• Data storage, retention, and sovereignty policies.


• Cloud and on-premise deployment options.


• Integration capabilities with existing enterprise IT and compliance systems.


• Mobile device management (MDM) compatibility.


• If no commercial product exists, does the company have the capability and interest to develop a solution under an OTA? Describe the technical approach, relevant experience, and estimated timeline for development. Include information on prior work with OTAs, if applicable. All submissions shall be unclassified.


• Would the company need to subcontract any piece of this effort? If so, what percentage?


• What is the estimated period of performance to complete this effort?

C. Compliance & Certifications

• Current certifications (FedRAMP, CJIS, HIPAA, SOC 2, ISO 27001, etc.).


• Demonstrated compliance with U.S. cybersecurity, privacy, and recordkeeping laws.

D. Security & Risk Management

• Threat detection, monitoring, and incident response capabilities.


• Supply chain risk management practices.


• Security testing, vulnerability management, and patching practices.


• Policies for preventing foreign access to sensitive data.

E. Records Management

• Capability to facilitate adherence to the Federal Records Act (44 USC 3301) and federal recordkeeping requirements (36 CFR 1220)


• Degree of compliance with the National Archives and Records Administration’s Universal Electronic Records Management (ERM) “system” requirements which address electronic records formats, metadata capture, retention, etc. across the recordkeeping lifecycle.

4. RESPONSE GUIDELINES.

Responses shall be limited to 30 pages. Proprietary information, if any, should be minimized and MUST BE CLEARLY MARKED. To aid the Government, please segregate proprietary information. All information received marked Proprietary will be handled in accordance with 41 USC 2101- 2107. Please be advised that all submissions become Government property and will not be returned. All submissions shall be unclassified. Any information provided may be used to inform future requirements development, acquisition planning, or strategy. Respondents are advised that responses may be subject to disclosure in accordance with applicable laws and regulations.

5. THE DOJ EXPRESSLY RESERVES THE RIGHT TO:

• Use or adapt any information submitted in response to this RFI for planning purposes;


• Engage with selected respondents for follow-up discussions, demonstrations, or additional market research activities;


• Modify, refine, or entirely change requirements prior to the release of any solicitation.

Participation in this RFI is strictly voluntary and will not confer any advantage or preferential consideration in any subsequent procurement. The Department may, at its sole discretion, issue a formal solicitation at a later date, which may contain requirements that differ in scope or detail from those outlined in this RFI.

6. AFTER RESPONSES ARE SUBMITTED

A confirmation email will be sent to the Vendor’s Primary and Secondary POCs to acknowledge receipt. Additional events to support further industry discussion about responses will be provided directly to these POCs.

7. INDUSTRY DISCUSSIONS

Department representatives may or may not choose to meet with potential offerors. Such discussions would only be intended to get further clarification of potential capability to meet DOJ Secure Communication requirements.

(END)

Attachments/Links