Snapshot generated Jul 15, 2026, 12:25 ET  ·  source: SAM.gov + USAspending live ETL
← All opportunities
Active Sources Sought · VETERANS AFFAIRS, DEPARTMENT OF › VETERANS AFFAIRS, DEPARTMENT OF › 256-NETWORK CONTRACT OFFICE 16 (36C256)

Zero Trust Encryption RFI

Solicitation 36C10B26Q0474 · Notice ID cefe37153fc54c809ca8274983691bb5

General Information

Classification

Notice Type Sources Sought
Status Active
Solicitation Number 36C10B26Q0474
Notice ID cefe37153fc54c809ca8274983691bb5
Posted Jun 13, 2026, 8:56 PM ET
Last Modified Jun 13, 2026, 8:56 PM ET
Response Deadline Jun 23, 2026, 12:00 PM ET (America/New_York)
Response (Actual) Jun 23, 2026, 12:00 PM ET
Archive Date Jul 8, 2026
NAICS
541519 · Other Computer Related Services
PSC
7G21 · IT AND TELECOM - NETWORK: DIGITAL NETWORK PRODUCTS (HARDWARE AND PERPETUAL LICENSE SOFTWARE)
7G - IT AND TELECOM - NETWORK
Set-aside SDVOSB
Service-Disabled Veteran-Owned Small Business (SDVOSB) Set-Aside (FAR 19.14)

Organization

Department VETERANS AFFAIRS, DEPARTMENT OF · 3600
Sub-Agency VETERANS AFFAIRS, DEPARTMENT OF · 3600
Office 256-NETWORK CONTRACT OFFICE 16 (36C256) · 36C256

Point of Contact

Justin B Clark
primary
David A. Long
secondary

Description

VA Office of Information and Technology, Infrastructure Operations operates one of the largest and most complex information technology environments in the federal government, spanning on-premises data centers, private cloud infrastructure, and public cloud services delivered through the VA Enterprise Cloud (VAEC). At the cryptographic foundation of that environment sits VA's enterprise Hardware Security Module (HSM) fleet, which provides the cryptographic backbone for VA's Public Key Infrastructure (PKI), Key Management Services (KMS), digital certificate operations, and cryptographic processing for a broad portfolio of clinical and administrative systems, including the Veterans Health Information Systems and Technology Architecture (VistA) and VAEC-hosted workloads. 

The Government-furnished fleet consists of ten production network-attached HSM appliances, eight Luna Network HSM T-5000 and two Luna Network HSM T-2000, at firmware version 7.11, deployed across four geographically distributed CONUS gateway data centers, together with partition capacity licenses, HSM administration kits, and backup HSM components. The fleet is described at the gateway and metropolitan-area level in the attached sanitized Attachment A; system identifiers, serial numbers, and facility street addresses will be provided with the solicitation. The Contractor would assume full maintenance and managed-service responsibility for this equipment in its as-found configuration upon completion of transition-in. 

VA is executing an enterprise Zero Trust modernization program consistent with its Critical Security Controls. Under that program, all HSM operations, including key lifecycle management, partition management, PKI operations, and cryptographic services for VA endpoints and applications, are core components of VA's Zero Trust encryption posture. In August 2024, the National Institute of Standards and Technology (NIST) finalized its first post-quantum cryptographic standards, FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA), making post-quantum cryptography (PQC) readiness a mandatory enterprise requirement for all HSM infrastructure. The Government is seeking industry feedback on technical approach, the salient characteristics, the staffing and key personnel model, the planned transition to Government operation, acquisition strategy, and pricing to inform its procurement planning.