TSA seeks biometric identity management support

The Transportation Security Administration (TSA) is preparing to acquire new contractor support for one of its most sensitive identity management portfolios, seeking industry input for Secure Identity Management Support work tied to biometric vetting, recurrent background checks, rap sheet automation, data quality, and the modernization of enrollment and credentialing systems used across transportation security programs.

The draft Performance Work Statement (PWS) says TSA’s Enrollment Services and Vetting Programs (ESVP) office needs subject matter expertise for “secure identity management operations and maintenance” required under the Federal Aviation Administration Extension, Safety, and Security Act.

Taken together, the RFI and draft PWS describe a TSA identity environment moving toward broader recurrent vetting, greater reliance on DHS biometric infrastructure, more automated criminal history processing, and increased use of AI-enabled tools for data quality and adjudication support.

The documents do not describe a new public-facing biometric collection program by themselves. Rather, they show TSA seeking contractor expertise to maintain, modernize and integrate biometric and identity systems already used across a wide range of transportation security programs.

The result is a procurement that is technical in form but policy significant in substance.

TSA is asking industry for help with the systems, standards, data flows and automation tools that determine how biometric and biographic identity information is collected, matched, reused, validated, and adjudicated across programs affecting maritime workers, aviation workers, flight students, hazmat drivers, PreCheck applicants, and other transportation-sector populations.

To that end, TSA is testing the market for companies with deep experience in government identity systems, biometric modalities, Federal Bureau of Investigations (FBI) Rap Back, XML-formatted rap sheets, Department of Homeland Security (DHS) biometric databases, and machine learning or large language models that could support vetting modernization and enhanced adjudication.

The procurement comes as TSA is managing a broad set of vetted populations, including Transportation Worker Identification Credential (TWIC) holders, foreign flight training applicants, TSA PreCheck applicants, hazardous materials endorsement applicants, aviation workers, indirect air carriers, certified cargo screening participants, general aviation populations, and unmanned aircraft system operators, including beyond visual line of sight operations.

At the core of the requirement is TSA’s need to process, reuse, store, and analyze biometric and biographic data for initial and recurrent security threat assessments.

The PWS says those assessments involve criminal history, immigration and terrorism checks with multiple federal and state entities, including the FAA, FBI, Customs and Border Protection, U.S. Citizenship and Immigration Services, the Office of Biometric Identity Management, the Social Security Administration, the State Department and the Department of Justice.

TSA says its Enrollment Services and Vetting Programs office already relies on several systems that support biometric storage, vetting and reuse, including the Vetting and Credentialing System, Consolidated Screening Gateway, Technology Infrastructure Modernization system, Credentialing and Adjudication Application, Universal Enrollment Services system, and Aviation Channeling and Data Management System.

The draft PWS says those systems are expected to be consolidated over the next eight years as part of broader ESVP initiatives.

That consolidation is significant because TSA is not simply asking for general program management support. It is seeking contractors that can help shape the technical, biometric, and data architecture of programs that affect large transportation-sector populations and that increasingly depend on continuous or recurrent vetting rather than one-time checks.

The TWIC program remains one of the most visible parts of that portfolio. Jointly administered by TSA and the U.S. Coast Guard, TWIC is designed to prevent individuals who pose a security threat from gaining unescorted access to secure areas of the maritime transportation system.

The PWS notes that TWIC is the only TSA vetting program that issues a physical biometric credential and describes it as a program that is technologically advanced, highly visible, and sensitive from a privacy standpoint.

The Flight Training Security Program (FTSP) is another focus. TSA says the program requires support for future identity assurance requirements involving applicants, certified flight instructors and flight training facilities.

The PWS states that FTSP directly addresses vulnerabilities that contributed to the September 11 attacks and relies on a strong chain of trust to ensure foreign flight students are properly identified and vetted.

It also says DHS and Congress have recently expressed interest in FTSP’s identity assurance process, particularly the verification of applicants claiming to be U.S. citizens.

A major portion of the work involves FBI Rap Back, the recurrent vetting service that notifies subscribing agencies of new criminal history information tied to enrolled individuals.

TSA says aviation programs, TWIC, and TSA PreCheck already leverage Rap Back, and that it has expanded the service since completing a pilot in August 2016.

The PWS calls for contractor support to implement Rap Back across remaining ESVP vetting populations, automate its use in TSA systems, update interface designs and procedures, and maintain tools such as TSA’s rap sheet parsing and scoring tool.

TSA is looking for firms with specific Rap Back and FBI Next Generation Identification (NGI) experience. TSA asks vendors to describe their experience with NGI Rap Back services and with XML-formatted rap sheets, specifications and standards.

The move toward automated rap sheet parsing and scoring is one of the more consequential modernization efforts described in the PWS.

TSA says criminal history records are used extensively in its security threat assessment programs, but rap sheet adjudication remains manual because rap sheets are text-based, non-machine-readable and not standardized.

TSA is working with outside entities, including Maricopa County, Arizona, the FBI and National Law Enforcement Telecommunications System, to standardize rap sheet formats and automate parts of the adjudication process.

The draft PWS also ties TSA’s identity work directly to DHS biometric infrastructure.

TSA says it uses the DHS Automated Biometric Identification System (IDENT) encounter information system for security threat assessment programs and has established a multi-phase initiative to integrate criminal, immigration and terrorist derogatory information from IDENT into ESVP vetting and adjudication.

The PWS says TSA currently uses IDENT as a backup system for recurrent vetting in TWIC and TSA PreCheck and anticipates other ESVP-vetted programs will be enrolled in IDENT or eventual successor Homeland Advanced Recognition Technology (HART) system over the next three to five years for both initial and recurrent vetting.

The acquisition also includes a data science and AI component. The PWS says the contractor will support data system management, data quality, and data science, including “Machine Learning.”

As ESVP migrates vetted populations across systems, the contractor is expected to prioritize data integrity and use AI-driven tools and techniques to improve accuracy, consistency and reliability.

TSA specifically calls for automated and AI-enhanced data validation processes to ensure that clean, accurate, secure, and consistent data is delivered to programs, applications and services.

The PWS says validation checks may include AI-powered anomaly detection and pattern recognition to verify data integrity and compliance with established benchmarks.

TSA is considering the role of AI not only in back-end data quality, but also in the adjudication pipeline. The PWS refers to advanced machine learning techniques for formatting and presenting XML rap sheets to improve the efficiency and productivity of adjudication and vetting resources.

It also requires outcome-based metrics, including biometric match rates, data quality improvements, and reductions in adjudication time.

The draft PWS contemplates a 12-month base period with four one-year option periods, with on-site services at TSA headquarters in Springfield, Virginia.

Article Topics

biometrics  |  Homeland Advanced Recognition Technology (HART)  |  identity management  |  tender  |  TSA