RFI sets stage for future HSPD-12 contract

While GSA said the RFI guarantees no request for proposals, officials have said the blanket purchase agreement will replace the current Access Certificates for Electronic Services governmentwide acquisition contract, which expires in May 2006.Some experts have said it will take that long for NIST and GSA to make sure products and services conform to technical and interoperability standards. The other problem is the administration still has yet to decide on the biometric standard. Industry sources have said NIST is supposed to issue the final draft of SP 800-76, which will define the biometric standard as minutiae, as early as today. NIST has not released it at press time."It seems like the RFI is premature," said Dallas Bishoff, a senior vice president for Authsec Inc. of Columbia, Md., an authentication and authorization consulting firm. "There are a number of vendors that have no idea of what they will do to re-engineer their products because they are waiting for NIST to release the updated FIPS-201. GSA is talking about products that have not been approved yet."NIST plans to update FIPS-201 by Feb. 25, 2006.The RFI also asks vendors to identify their capability to deploy, operate and maintain one or more core compliant systems and have them in place by Aug. 27, 2006?two months before the administration's deadline for PIV II.Vendors will have to give GSA five-year cost estimates for agencies with 100,000 to more than 1 million cardholders, and comment on the practicality of certain performance metrics, such as notification of suspension or revocation to physical or logical access control systems within 20 minutes and whether registration per applicant can be done in 15 minutes."The RFI doesn't represent questions that will help the government reach better-informed positions," Bishoff said.Responses are due Jan. 9, 2006. Washington Technology's .