Secure Identity Management Support

1 Performance Work Statement Transportation Security Administration Secure Identity Management Support 1. PURPOSE This Performance Work Statement (PWS) describes the subject matter expertise (SME) support needed by the Transportation Security Administration (TSA) Enrollment Services and Vetting Programs (ESVP) office related to supporting several TSA security programs. The contractor shall provide biometric technical expertise with respect to secure identity management operations and maintenance work that TSA must perform as mandated by the FAA’s Extension Safety and Security Act (FESSA). Areas of expertise may include, but are not limited to: biometric identification, authentication, and validation for use within vetting and credentialing systems; enrollment services; identity verification; and authentication technology standards. 2. BACKGROUND ESVP manages a variety of programs that are critical to U.S. transportation and national security. These programs conduct Security Threat Assessments (STA) for individuals in accordance with the programs’ statutory and regulatory requirements. A key part of these STAs is the collection, processing, and storage of biometrics, that are used to perform the required immigration, terrorism, and Criminal History Records Checks (CHRC) with multiple federal and state agencies to include the Federal Aviation Administration (FAA), Federal Bureau of Investigation (FBI), multiple Department of Homeland Security (DHS) components such as Customs and Border Protection (CBP), US Citizenship and Immigration Services (USCIS), Office of Biometric Identity Management Identification Services (OBIM), the Social Security Administration (SSA), the Department of State (DoS), and Department of Justice (DoJ). Technical expertise is needed to efficiently and effectively address capabilities, anomalies, and vulnerabilities related to biometric and identity assurance initiatives and requirements across all of the ESVP vetting and credentialing programs. For example, the implementation of recurrent vetting capabilities required by TSA to develop identity resolution guidance and tools to review biometric and biographic source encounter data. The vetted populations include: Transportation Worker Identification Credential (TWIC ® ), Flight Training Security Program (FTSP), TSA PreCheck ® Application Program (TPAP), Hazardous Materials Endorsement (HME) Threat Assessment Program (HTAP), General Aviation Program, Aviation Worker Program, Indirect Air Carrier Program, and the Certified Cargo Screening Program, and Unmanned Aircraft Systems (UAS) including Beyond Visual Line of Sight (BVLOS). Currently, there are several ESVP vetting and credentialing support systems in various stages of development that support biometric storage for vetting and reuse purposes. These systems maintain external connectivity across the ESVP security threat assessment portfolio. Specifically, the systems used to support the ESVP vetted populations include the Vetting and Credentialing System (VCS), Consolidated Screening Gateway (CSG), Technology Infrastructure Modernization (TIM) System, Credentialing and Adjudication Application (CAA), Universal Enrollment Services (UES) system, and the Aviation -- 1 of 21 -- 2 Channeling and Data Management System (ACDMS). It is anticipated that these vetting and credentialing systems will be consolidated over the next eight years in support of several ESVP initiatives. As part of its STA enrollment processes, TSA receives biometric data from both contracted enrollment vendors and other outside sources and leverages this data in direct support of initial and recurrent vetting operations. ESVP manages the TWIC ® program. The TWIC ® program is a vital national security measure that ensures that individuals who pose a security threat do not gain unescorted access to secure areas of the nation’s maritime transportation system. Jointly administered by TSA and the U.S. Coast Guard (USCG), TWIC ® was established by the Maritime Transportation Security Act (MTSA) of 2002 and amended by the Security and Accountability for Every (SAFE) Port Act of 2006. TSA is responsible for TWIC ® enrollment, security threat assessments, and system operations and maintenance. The USCG is responsible for enforcement. The TWIC ® program is highly visible, involves sensitive issues regarding privacy, is advanced technologically, and is tasked with addressing critical shortfalls in identity management related to transportation security. TWIC ® is the only TSA vetting program which issues a physical biometric credential. ESVP managed FTSP requires assistance to inform known future requirements, especially as they relate to improved identity assurance (via biometrics) with applicants, Certified Flight Instructors, and flight training facilities across the United States. FTSP is a high-visibility program that directly addresses the vulnerabilities that led to the tragic events of September 11, 2001. FTSP relies on stringent identity management processes and a strong chain of trust to ensure all foreign flight students are properly identified and vetted by the U.S. Government; this security threat assessment process includes conduct of a CHRC. Recently, DHS and U.S. Congress expressed interest in FTSP’s identity assurance process, especially the verification of applicants claiming to be U.S. citizens. ESVP manages the TSA PreCheck Application Program. Pursuant to its authority under Section 109(a)(3) of the Aviation and Transportation Security Act (ATSA), TSA introduced the TSA PreCheck Application Program in December 2013. TSA PreCheck is a voluntary passenger pre-screening initiative that determines whether passengers are low risk and thus eligible to receive expedited screening at participating airport security checkpoints. The TSA PreCheck Application Program permits U.S. citizens/nationals and Lawful Permanent Residents (LPR) to apply for the program through …