“Purpose: The purpose of the attached J&A is to approve the out of scope modification to provide additional services under the Enterprise Identity Management (EIDM), Remote Identity Proofing (RIDP), Multi-Factor Authentication (MFA) Services -Operations and Maintenance (O&M) task order.
Funding Summary: The total estimated cost for these additional services is $9,842,042 – $1,585,885 for Option Period 1 (current period) and $8,256,157 for Option Period 2.
Current Period of Performance: We are currently in Option Period 1 of the task order, which has a period of performance of September 8, 2018 to September 7, 2019. The first period of this modification will be Date of Award to September 7, 2019.
Future Period of Performance: The task order has five (5) remaining option periods running from September 8, 2019 to May 17, 2022 (including a 4-month Transition Out); however, the only future option period that will be impacted by this modification is Option Period 2 (September 8, 2019 to September 7, 2020).
Authority: This action will be awarded pursuant to FAR16.S0S(b)(2)(i)(A). It authorizes an exception to fair opportunity on the basis that the agency need for the supplies or services is so urgent that providing a fair opportunity would result in unacceptable delays. This modification will allow CMS applications to be migrated from the current Oracle-based EIDM system to the new cloud-based IDM solution by March 29, 2020…”
“1. Description of Supplies or Services:
CMS procured two separate contracts related to Enterprise Identity Management (EIDM), Remote Identity Proofing (RIDP), and Multi-Factor Authentication (MFA). This EIDM/RIDP/MFA O&M is the first contract (HHSM-500-2017-000151/HHSM-500-T000 I). The O&M contract maintains the existing EIDM/RJDP/MFA functions that are provided through a customized deployment of Oracle’s Identity Management suite (for EIDM), Experian Precise ID as enhanced for CMS (for RIDP), and Symantec Validation & ID Protection (VIP – for MFA). The O&M Contractor is required to maintain the current EIDM/RIDP/MFA functions until all applications have been migrated to a new Identity Management (IDM) solution.
The second contract procured (HHSM-500-2017-000061/75FCMCI 8F0002) is for an Identity Management (IDM) System Integration (SI) Contractor, which was responsible for developing a modernized Identity Management (IDM) System based on Okta’s Identity as a Service (IDaaS) solution for account creation and account management, Experian’s Precise ID (as enhanced for CMS) for RIDP, and Saviynt’s Identity Governance and Administration as a Service (IGAaaS) for role management and approval workflows. This new cloud-based IDM solution is already built and in place.
Additionally, the IDM SI contractor was required to develop a process and timeframe to migrate all current applications from EIDM/RIDP/MFA to the new IDM solution. The IDM SI contractor was to be responsible for leading this migration, with support from the EIDM/RIDP/MFA O&M contractor in migrating data and business logic, etc. from the existing EIDM/RIDP/MFA applications to the new IDM solution. After all of the applications have been fully migrated, the EIDM/RIDP/MFA O&M contractor will implement the decommissioning of the current EIDM system.
Due to the severe contractor performance issues with the IDM SI contractor, successful migration of applications to the new IDM solution by the IDM SI contractor is not possible. Therefore, this action seeks to procure services to migrate applications using EIDM as an authentication and as an authorization source to the new IDM solution, including the development of an IDM Hub Business Logic Layer, under the EIDM/RIDP/MFA O&M contract…”
Authority and Rationale
… By June 30, 2020 the current EIDM system is required to be decommissioned and no longer running in the Perspecta Data Center. The Perspecta Data Center contract ends June 30, 2020. The Oracle IDM solution, upon which EIDM is based, is not a proven cloud hosted version to which CMS could migrate. Therefore, CMS planned to migrate applications to the new IDM solution by February 28, 2019. As discussed above, the IDM SI contractor was supposed to complete this migration, but now CMS has had to shift the migration completion date to March 29, 2020. Due to various contract performance issues that still exist with the IDM SI contractor, there are unacceptable risks that they will not able to meet schedule deadlines and that CMS will not have applications that can effectively provide the identity and credentialing services required for users of CMS systems…”
