Zero Trust Encryption RFI

The Department of Veterans Affairs (VA) is conducting market research under solicitation 36C10B26Q0474 to support its enterprise Zero Trust modernization program. This Sources Sought notice, classified under NAICS 541519 Other Computer Related Services and PSC 7G21 IT AND TELECOM - NETWORK: DIGITAL NETWORK PRODUCTS (HARDWARE AND PERPETUAL LICENSE SOFTWARE), seeks industry feedback for the maintenance and managed service of the VA's Hardware Security Module (HSM) fleet. This infrastructure serves as the cryptographic backbone for the VA’s Public Key Infrastructure (PKI), Key Management Services (KMS), and digital certificate operations across on-premises data centers and the VA Enterprise Cloud. The requirement is driven by the mandate for post-quantum cryptography (PQC) readiness following the finalization of NIST standards FIPS 203, 204, and 205.

The contractor will assume full maintenance and managed-service responsibility for a Government-furnished fleet comprising ten production network-attached appliances, including eight Luna Network HSM T-5000 and two Luna Network HSM T-2000 units. Performance is centered in Eatontown, New Jersey, and involves equipment deployed across four geographically distributed CONUS gateway data centers. Responsibilities include key lifecycle management, partition management, and cryptographic services for VA endpoints and applications such as the Veterans Health Information Systems and Technology Architecture. The VA is seeking feedback on technical approaches, staffing models, and acquisition strategies to inform its procurement planning.

This notice is set aside for SDVOSBC (SDVOSBC), and responses are due by June 23, 2026. The primary point of contact is Justin B Clark. Documentation for this request includes three attachments: a draft performance work statement, an RFI cover sheet, and a sanitized inventory of Government-furnished property.