Tag Archives: proposal

Notice ID 70RDA126RFI000003: Yes, It’s an RFI, But That May Be a HUGE Multi-Biometric Matching System

An interesting Request for Information (Notice ID 70RDA126RFI000003) for a multi-biometric matching system was posted on SAM.gov on Friday, and it’s turning some heads. But is YOUR organization reading an RFI that is turning YOUR heads?

Bear in mind that this is a Request for INFORMATION, not a Request for PROPOSAL. And this is made clear in the document:

“This RFI is for planning purposes only and shall not be construed as an obligation on the part of the Government. This is NOT a Request for Quotations or Proposals. No solicitation document exists, and a formal solicitation may or may not be issued by the Government as a result of the responses received to this RFI.”

Forget the technical requirements…look at the BUSINESS requirements

Now I could get into the…um…minutiae of the request for information about a biometric matching system, the requirements for everything from presentation attack detection to on-premise/hybrid/cloud deployments, and a host of other things.

But in this case, the business requirements outweigh the technical requirements…by a LONG shot.

“The Department of Homeland Security (DHS) is seeking an enterprise-wide, scalable, and secure biometric matching software solution to support mission-critical identity verification, vetting, and investigative operations across all DHS Components, including CBP, ICE, TSA, USCIS, USSS, and Headquarters. The contractor will provide a DHS-wide enterprise license for multi-modal biometric matching software, along with all associated services, integration support, maintenance, and technical assistance necessary for full operational deployment.”

And in the next section:

“DHS is looking to acquire an enterprise-wide biometric matching software solution, including all licenses, services, and technical support necessary to enable seamless integration with all DHS biometric systems.”

Matching for ALL DHS components, and integration with ALL DHS biometric systems. This could just be a teeny system for limited operations…or it could be a super system. Since they’re asking about scalability, potential respondents should probably assume the latter.

So we’re talking loads of money.

Of course it could be scaled way down when or if a final RFP comes along. And maybe the vast expanse of the RFI is merely designed to get system integrators to drool.

But where does this leave the IDENT/HART battles?

What about YOUR RFI (and RFP) responses?

Incidentally, Bredemarket offers proposal services to assist identity/biometric vendors in RFI and RFP responses such as this one. Over the years my proposals have won over $50 million in business. Presumably the respondents to this RFI have full proposal staffs (or maybe not), but if YOUR organization requires RFI and RFP assistance, schedule a meeting with Bredemarket.

Bredemarket services, process, and pricing.

(2/17/2026: See Anthony Kimery’s assessment of the RFI here.)

Identity/Biometric Marketing Leaders: In Case You Missed It

If you’re an identity/biometric marketing leader who requires content, proposal, and analysis expertise from a biometric product marketing expert, make sure you read the following:

It will be worth your while.

Landscape. Biometric product marketing expert.

Speak the Truth: Convert By Getting Your Differentiated Message Past Talkative Competitors

Are your talkative competitors eating your lunch?

How can you speak the truth about your greatness to your prospects?

  • Compelling CONTENT creation.
  • Winning PROPOSAL development.
  • Actionable ANALYSIS.
Speak the truth.

Differentiation equals conversion. When Bredemarket creates content for an identity, biometric, or technology client, my primary focus isn’t on copying what the competition is doing.

My primary focus? I ask why you do what you do. (And how you do it. And five other questions.)

Then I act.

Then your prospects pay attention.

As my converting Bredemarket clients can attest:

  • The complete go-to-market campaign, including both customer-facing and internal-facing content, that I created for one client. With additional go-to-market content for this and other clients.
  • The over $2 million of winning proposals I have written for multiple consulting clients since 2020.
  • The analyses, covering everything from market competitors to NIST FRTE results, that I have written for other clients.

What’s next?

I’m John E. Bredehoft, product marketing consultant at Bredemarket. And I’ve differentiated products in the identity, biometric, and technology sector for 30 years, generating over $50 million in conversions for my employers and consulting clients. 

Take the first step to end your company’s silence. Let’s discuss your whys, and we can work out the hows in a free 30 minute consultation.

(Stop losing prospects! Use Bredemarket content for tech marketers)

Stop losing prospects! Use Bredemarket content for tech marketers

Do You Address Business Audiences, or Technical Audiences? Yes.

As I’ve said before, there may be many different stakeholders for a particular purchase opportunity.

For the purpose of this post I’m going to dramatically simplify the process by saying there are only two stakeholders for any RFP and any proposal responding to said RFP: “business” people, and “technical” people.

Google Gemini.
  • The business people are concerned about the why of the purchase. What pressing need is prompting the business (or government agency) to purchase the product or service? Do the alternatives meet the business need?
  • The technical people are concerned about the how of the purchase. Knowing the need, can the alternatives actually do what they say they can do?

Returning to my oft-repeated example of an automated biometric identification system purchase by the city of Ontario, California, let’s look at what the business and technical people want:

By FBI – http://www.fbi.gov/news/photos, Public Domain, https://commons.wikimedia.org/w/index.php?curid=18500900.
  • The business people want compliance with purchasing regulations, and superior performance that keeps citizens off the mayor’s back. (As of January 2026, still Paul Leon.)
  • The technical people want accurate processing of biometric evidence, proper interfaces to other ABIS systems, implementation of privacy protections, FBI certifications, iBeta or other conformance statements, and all sorts of other…um…minutiae.

So both parties are reading your proposal or other document, looking for these points.

So who is your “target audience” for your proposal?

Both of them.

Whether you’re writing a proposal or a data sheet, make sure that your document addresses the needs of both parties, and that both parties can easily find the information they’re seeking.

If I may take the liberty of stereotyping business and technical users, and if the document in question is a single sheet with printing on front and back, one suggestion is to put the business benefits on the front of the document with pretty pictures that resonate with the readers, and the technical benefits on the back of the document where engineers are accustomed to read the fine print specs.

Google Gemini. It took multiple tries to get generative AI to spell “innovate” correctly.

Or something.

But if both business and technical subject matter experts are involved in the purchase decision, cater to both. You wouldn’t want to write a document solely for the techies when the true decision maker is a person who doesn’t know NFIQ from OFIQ.

System Award Management, [EXPLETIVE DELETED]

I unintentionally reveal my age when I use terms such as EXPLETIVE DELETED which date back to the Nixon Administration.

Or when the first “Sam” that comes to mind is Sam Winston, known for selling tires.

And you get Sam.

Sadly, Sam Winston passed away in 1995…in an automobile accident, no less.

But today I’m using SAM as an acronym for System Award Management.

The SAM.gov website is a centralized location to inform businesses of U.S. federal government procurements, saving businesses the trouble of visiting every single agency to find bidding opportunities.

When I started in government proposal management my employer focused on state and local opportunities, but today Bredemarket concentrates on federal ones. As a result I scan SAM.gov regularly. Not for me, but for my clients.

And for the record, there is one famous Sam (other than Altman) who is known to 21st century audiences: Samuel L. Jackson. Although I don’t know if Sam has the temperament to manage proposals.

Grok.

Who or What Requires Authorization?

There are many definitions of authorization, but the one in RFC 4949 has the benefit of brevity.

“An approval that is granted to a system entity to access a system resource.”

Non-person Entities Require Authorization

Note that it uses the word “entity.” It does NOT use the word “person.” Because the entity requiring authorization may be a non-person entity.

I made this point in a previous post about attribute-based access control (ABAC), when I quoted from the 2014 version of NIST Special Publication 800-162. Incidentally, if you wonder why I use the acronym NPE (non-person entity) rather than the acronym NHI (non-human identity), this is why.

“A subject is a human user or NPE, such as a device that issues access requests to perform operations on objects. Subjects are assigned one or more attributes.”

If you have a process to authorize people, but don’t have a process to authorize bots, you have a problem. Matthew Romero, formerly of Veza, has written about the lack of authorization for non-human identities.

“Unlike human users, NHIs operate without direct oversight or interactive authentication. Some run continuously, using static credentials without safeguards like multi-factor authentication (MFA). Because most NHIs are assigned elevated permissions automatically, they’re often more vulnerable than human accounts—and more attractive targets for attackers. 

“When organizations fail to monitor or decommission them, however, these identities can linger unnoticed, creating easy entry points for cyber threats.”

Veza recommends that people use a product that monitors authorizations for both human and non-human identities. And by the most amazing coincidence, Veza offers such a product.

People Require Authorization

And of course people require authorization also. They need authorization:

It’s not enough to identify or authenticate a person or NPE. Once that is done, you need to confirm that this particular person has the authorization to…launch a nuclear bomb. Or whatever.

Your Customers Require Information on Your Authorization Solution

If your company offers an authorization solution, and you need Bredemarket’s content, proposal, or analysis consulting help, talk to me.

CIBS: Keeping Secrets From NGI

An interesting item popped up in SAM.gov. According to a Request for Information (RFI) due February 20, the FBI may have interest in a system for secret biometric searches.

“The FBI intends to identify available software solutions to store and search subjects at the classified level.  This solution is not intended to replace the Next Generation Identification System Functionality, which was developed and implemented in collaboration with the FBI’s federal, state, local, tribal, and territorial partners. The solution shall reside at the Secret and/or Top-Secret/SCI level with the ability to support data feeds from external systems.  The solution must allow the ability to enroll and search face, fingerprint, palmprint, iris, and latent fingerprints, and associated biographic information with a given set of biometrics.”

Now remember that the Next Generation Identification (NGI) system is protected from public access by requiring all users to adhere to the CJIS Security Requirements. But the CJIS Security Requirements aren’t Secret or Top Secret. These biometric searches, whatever they are, must REALLY be kept from prying eyes.

The RFI itself is 8 pages long, and is mysteriously numbered as RFI 01302025. I would have expected an RFI number 01152026. I believe this was an editing error, since FBI RFI 01302025 was issued in 2025 for a completely different purpose.

Whatever the real number is, the RFI is labeled “Classified Identity-Based Biometric System.” No acronym was specified, so I’m self-acronyming it as CIBS. Perhaps the system has a real acronym…but it’s secret.

If your company can support such a system from a business, technical, and security perspective, the due date is February 20 and questions are due by February 2. See SAM.gov for details.