CAT Industry Day Announcement Amendment 0001 9.2.21.pdf


Original Source
Contract Opportunity
Sept. 2, 2021



U.S. Department of Homeland Security
Transportation Security Administration
6595 Springfield Center Drive
Springfield, Virginia 20598

CAT Industry Day TSA25-04-3640

TSA Industry Day Announcement
Credential Authentication Technology

1.0 Introduction

The Transportation Security Administration (TSA) Acquisition Program Management (APM) office is
hosting a virtual Industry Day for the Credential Authentication Technology (CAT) Program.

The goals of this Industry Day are to:

Communicate TSA's CAT Program expectations and milestones;
Share system requirements for the next generation of the CAT systems (CAT-2), discuss
TSA's vision for their implementation, and allow the industry to provide feedback or
questions regarding the requirements; and
Initiate discussions between industry and government surrounding TSA's strategy to procure
CAT-2 systems based on new capabilities.

2.0 Purpose

The TSA leverages technology advances when possible to meet aviation security challenges. In
support of advancing security capabilities, APM is seeking systems that are capable of meeting TSAs
operational, functional and network interface requirements for identity document authentication
and biometric matching. This Industry Day offers the opportunity to initiate discussions with
industry representatives, access market information and innovations, and attract interest in next
generation identity authentication technology.

3.0 Event Description

Date: September 823, 2021
Location: Virtual [ WebEx Link to be sent to attendees prior to event]

The TSA intends to cover its vision, challenges, scope, expectations, requirements, and milestones
for the CAT program. Question and answer discussions will be held at the end of each topic to
ensure that the TSA and attendees are in alignment with expectations.

This Industry Day will be held virtually. Details will be provided to companies after attendance and
security requirements have been met (see Section 5.0 and Section 6.0 for details).

4.0 Draft Agenda

The following topics will be discussed during the Industry Day:

Welcome and Introductions
CAT Program Overview
CAT-2 Draft Requirement Documents: Operational Requirements Document (ORD),

Functional Requirements Document (FRD), and the Security Technology Integrated Program
TSA Network Security Requirements

Cybersecurity Assessment

U.S. Department of Homeland Security
Transportation Security Administration
6595 Springfield Center Drive
Springfield, Virginia 20598
IT System Configuration Integrated Test & Evaluation
Configuration Management

CAT Industry Day TSA25-04-3640

*A finalized Agenda will be sent out prior to the Industry Day.

5.0 Required Criteria for Attendance

Participation in this Industry Day is limited to (a) current CAT manufacturers; (b) potential CAT
manufacturers; and (c) third-party organizations with relevant experience in algorithm development,
integration, and/or identity authentication using identity documents and/or biometric matching.

To be considered for attendance, each company must submit a list of projects relevant to identity
authentication and biometric matching that has been successfully completed, and/or identity
authentication and biometric matching algorithm research papers that they have authored, together
with a short summary of each, and/or any other relevant information that will show a, b, or c above.

The total page count for the project list and summary shall not exceed one (1) page. In addition,
individuals requiring participation in the Industry Day will need to declare what company they are

Attendance at this event is subject to TSAs sole review and discretion.

6.0 Security Requirements to Attendance:

As part of this event, the TSA intends to release the draft CAT-2 requirements: ORD, FRD, and IRD for the
STIP. The goal of sharing these documents is to ensure industry understands both the requirements and
their operational/mission context, allow industry to ask questions, and to provide the opportunity for
early engagement and product development. All documents are classified as Sensitive Security
Information (SSI), and those interested in viewing these documents must satisfy the following
requirements prior to receiving them. Only those participants that are accepted by the TSA to
participate in this Industry Day based on the attendance criteria will be eligible for vetting.

The process to gain access to SSI is as follows:

SSI will be available to participants in preparing responses for this Industry Day. Potential participants
must obtain specific authorization to obtain SSI. SSI will not be available or otherwise provided or
disclosed to any person not specifically authorized to receive it. SSI provided pursuant to this Industry
Day event may only be used to satisfy requirements for participating in this event.

A. Senior Corporate Official. Each participant (and subcontractor/team member) must separately
designate in writing to the TSA Contracting Officer a single, corporate official who will serve as
the single point of contact for sensitive information. This individual must certify that all
appropriate protections will be followed, only authorized individuals will have access to sensitive
information, and that those individuals adequately understand their responsibilities to protect
this information. This official must also certify to the TSA Contracting Officer every 60 days that

U.S. Department of Homeland Security
Transportation Security Administration
6595 Springfield Center Drive
Springfield, Virginia 20598

CAT Industry Day TSA25-04-3640

all appropriate protections have been followed, only authorized individuals have access to
sensitive information, and that those individuals with access adequately understand their
responsibilities to protect this information. A copy of this certification shall also be emailed to This official will also ensure that the TSA Contracting Officer is notified
of staffing changes or circumstances in which individuals no longer need access to SSI.

B. Participant Responsibility. The TSA will review the System for Award Management (SAM) and

Dun & Bradstreet report to ensure that the corporate entity would not otherwise be precluded
from receiving a contract award. While this review does not replace the responsibility
determination required by FAR part 9, it may prohibit participants from receiving SSI
information during the pre-solicitation phase.

C. Criteria for Release. As part of this Industry Day, SSI may only be accessed by individuals who

have successfully passed a Security Threat Assessment. This assessment may include a
verification of site facility clearance in the National Industrial Security Program (NISP),
contractor suitability determination or other federal background investigation, individual
security clearance(s), and if required, a criminal history records check (CHRC) and/or a check
against terrorism or other databases.

D. Information Requirements. Consistent with the criteria for release described above, any

Industry Day participants Senior Corporate Officials must provide the appropriate information
to the TSA as identified below. Note that this requirement applies likewise to any prospective
subcontractor, joint venture partner, or team company whose access to the specified SSI and
subsequent input into a planned proposal is necessary to prepare and complete the proposal.
All information must be emailed to This information will be handled in
accordance with the applicable Privacy Act System of Records Notice (SORN), DHS/TSA 002,
Transportation Security Threat Assessment System (T-STAS), noted in Paragraph F, below.

a. Senior Corporate Officials shall provide the TSA Contracting Officer, via email, with the

CAGE code of the participants facility that will manage the SSI, company DUNS number,
and address; and

b. Senior Corporate Officials shall provide the following information for all employees who

require access to SSI in a single password protected Microsoft Excel spreadsheet
emailed to the TSA Contracting Officer. The password for the password protected
spreadsheet shall be sent to the Contracting Officer in a separate email, at the same

Employee Full Name
Employee Gender (i.e., Male or Female)
Employee Birth Date
Employee Citizenship
Indication of whether any nominated employees have:

Previously received a TSA suitability determination;
Undergone a federal background investigation; or
Possess an individual security clearance

U.S. Department of Homeland Security
Transportation Security Administration
6595 Springfield Center Drive
Springfield, Virginia 20598

CAT Industry Day TSA25-04-3640

While not required in the original information provided by the Senior Corporate Official, it should be
noted that in rare instances Social Security Numbers may be required for individuals. In those instances,
the Senior Corporate Official will receive an email from requesting the Social
Security Number for the select individuals and the Senior Corporate Official will provide the requested
information back to in a password protected document using the same
password previously provided.

E. Privacy Act Statement. The TSA will use the information provided to conduct a security threat
assessment on individuals who seek access to Sensitive Security Information. The information
will be shared within DHS with personnel who need the information to perform their official
duties. Additionally, DHS may share the information with law enforcement,