Okta Software Bridge

Maryland

07/17/2024 09:12 AM EDT

07/25/2024 08:00 AM EDT

This is a Sources Sought Notice ONLY. Requests for copies of a solicitation will not receive a response. The purpose of this notice is to obtain information regarding the availability and capability of qualified sources. This notice is strictly for market research and information purposes only. Responses will assist the Government in determining the appropriate acquisition method, including whether a set-aside is possible.

NIST is seeking responses from all responsible entities capable of fulfilling the requirement described herein. The applicable NAICS codes for this effort are 518210 – Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services with a small business size standard of $40M.

This Notice is for planning purposes only and is not a Request for Proposal or Request for Quotation or an obligation on the part of the National Institute of Standards and Technology (NIST) for conducting a follow-on activity. NIST does not intend to award a contract on the basis of this Notice, or otherwise pay for the information requested. No entitlement or payment of direct or indirect costs or charges by NIST will arise as a result of submission of responses to this Notice and NIST use of such information. Respondents should clearly mark restricted or proprietary components, interfaces and equipment, and clearly mark restricted or proprietary data and present it as an addendum to the non-restricted/non-proprietary information. In the absence of such identification, NIST will assume unlimited rights for all technical data in the information paper.

This notice is not to be construed as a commitment by the Government to issue a solicitation or ultimately award a contract or other obligating agreement. Responses will not be considered as proposals or quotes. No award will be made as a result of this notice. The Government will not be responsible for any costs incurred by the respondents to this notice.

The Government reserves the right to use information provided by respondents for any purpose deemed necessary and legally appropriate. No proprietary, classified, confidential, or sensitive information should be included in response to this notice; however, NIST will recognize as restricted or proprietary data which is clearly marked such.

2.  BACKGROUND

The Research Services Office in the Office of Information Systems Management supports NIST’s research IT environment, including laboratory automation, research data management and exchange, high performance scientific computing systems, and NIST’s scientific software portfolio. The Office performs this work in service to NIST’s Laboratory Programs collectively supporting NIST’s mission: “To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.”

Academic research institutions throughout the U.S. as well as many U. S. government research organizations are members of InCommon[1]. The InCommon organization provides identity and access management services facilitating trusted access to institution-provided Information Technology-based services. Though NIST is already an InCommon member[2] NIST’s definitive identity provider is Okta. For NIST’s researchers to seamlessly access InCommon member institution’s IT services using their NIST credentials and NIST’s authentication implementation, NIST requires a software bridge between Okta and the InCommon Federation.

3.  REQUIREMENTS

NIST is seeking sources capable of meeting the requirements defined below.

IT Security

• Provide evidence of a recent independent security audit

Authentication

• Supports NIST’s existing Okta multifactor authentication (MFA) using PIV cards and Yubikeys
• Enables NIST staff access to InCommon Federated SAML applications

Federation

• Integrates NIST’s Okta identity-based service with InCommon
• Supports Multilateral Federation
• Enables NIST platform administrators to specify research and scholarship attributes to release to InCommon Federated service providers

Hosting

• Service is hosted external to NIST

Management

• Provides a web-based interface enabling NIST-designated platform administrators to analyze usage metrics

4.  QUESTIONS REGARDING THIS NOTICE

Questions regarding this Sources Sought Notice may be submitted via e-mail to prateema.carvajal@nist.gov . Questions are due by July 25, 2024, 8:00 am ET. The subject line of the email must contain the Notice Number and the Title of this sources sought notice.  Responses to questions posed will be addressed in the form of an amendment to the Sources Sought Notice.

5.  RESPONSE INSTRUCTIONS

Interested parties that have the capabilities to meet the Government’s requirements are requested to email capabilities statement of no more than 15 pages describing their abilities to meet all requirements of this notice to prateema.carvajal@nist.gov.  Responses are due by July 25, 2024, 8:00 am, ET. The subject line of the email must contain the Notice Number and the Title of this sources sought notice. Please include the following information in the response:

1. Name of organization authorized to provide systems/services, along with their address and a point of contact for the organization (name, phone number, and email address).
2. If applicable, the respondent’s primary NAICS, size classification, and socio-economic status (i.e., Small Business, Woman Owned Small Business, Service Disabled Veteran Owned Small Business, etc.).  Please highlight if company is an 8(a) and/or owned by an Alaska Native Corporation, Indian Tribe, Native Hawiian Organization, Community Development Corporation.
3. Specific description of capabilities to address the requirements described herein.
4. Indication if the respondent(s) can provide all, or some, of the services.
5. A listing of at least two ongoing or prior engagements with InCommon members designated as research organizations or with Federally Funded Research and Development Centers (FFRDCs) that the provider is supporting. For each listing, respondent shall provide the following information:
   1. Contract, Agreement, or Grant number;
   2. Client’s name and address;
   3. Dollar value;
   4. Period of Performance;
   5. Narrative describing the basis of the engagement
6. Information on any GSA Federal Supply Schedules (FSS) or other Government-wide contracts through which the company offers these systems/services, if applicable.
7. Any other relevant information that is not listed above which the Government should consider.