Zero Trust Post Quantum Cryptography (PQC) Roadmap AOI 26-A006 under RCC CSO N6523626S0001
Contract Overview
Solicitation details, issuing organization, response deadlines, documents, and interested companies for this government contract opportunity.
AI Contract Overview
The Department of the Navy and Marine Corps face an urgent and existential threat from cryptographically relevant quantum computers, necessitating a rapid and coordinated transition to Post-Quantum Cryptography in alignment with National Security Memorandum 10 and OMB Memorandum M-23-02. To enable this migration, the Naval Information Warfare Center Atlantic is soliciting a prototype solution capable of automatically discovering, identifying, and cataloging all cryptographic assets across enterprise IT, cloud environments, mobile systems, operational technology, and tactical weapon platforms. The goal is to generate a continuous, authoritative Cryptographic Bill of Materials that supports enterprise-wide risk reporting, vulnerability assessments, and prioritized PQC migration planning, replacing inefficient manual processes with a scalable, automated system. The solution must operate in hybrid environments—including disconnected, intermittent, low-bandwidth (DIL) settings—and must be cryptographically agile, compliant with NIST PQC standards such as FIPS 203, FIPS 204, and FIPS 205, and validated under FIPS 140-3. This solicitation, designated as Commercial Solutions Opening N65236-26-S-0001 (AOI 26-A006), is a prototype acquisition under Other Transaction Authority, with no set-aside and a strict requirement for offerors to possess a Secret Facility Clearance. Proposals must be submitted via the Vulcan platform by July 8, 2026, and cannot contain Controlled Unclassified Information. Selected offerors will be invited to a mandatory live, unclassified demonstration in Charleston, South Carolina, where they must present a Bottom Line Up Front summary of capabilities, relevance, and cost. The evaluation prioritizes comprehensive multi-environment discovery, automated CBOM generation, continuous monitoring, and technical readiness at TRL 7 or higher, with a strong emphasis on innovation, operational integration, and vendor alignment with DoN’s PQC roadmap. Successful prototypes may lead directly to a follow-on production contract without further competition, and the solicitation requires full disclosure of teaming partnerships and associated CAGE codes, as well as any proposed cost share. The point of contact for inquiries is Jessie Rehwoldt of NIWC Atlantic in North Charleston, South Carolina.
General Info
Agency
NAICS
Place of Performance
SC, USASet-Aside
Timeline
Response Deadline
Organization & Contact Information
Full Description
The advent of cryptographically relevant quantum computers (CRQCs) poses a direct, existential threat to the security and operational integrity of Department of Navy (DoN) and Marine Corps systems. In accordance with National Security Memorandum 10 (NSM-10) and OMB Memorandum M-23-02, the DoN must execute a rapid, phased, and strategically coordinated migration to Post-Quantum Cryptography (PQC). To manage risk, coordinate migration, and optimize financial investments, the DoN must first establish a complete, authoritative, and continuous baseline inventory of all cryptographic algorithms, protocols, modules, and
implementations currently deployed. Currently, cryptographic baselines rely on resourceintensive, manual processes. The DoN requires an automated solution to accelerate discovery and improve enterprise-wide visibility.
NIWC Atlantic seeks to prototype a rapidly deployable, integrated, and scalable commercial solution capable of automating the discovery, identification, and cataloging of cryptographic assets across all DoN and Marine Corps networks and systems. This includes enterprise IT (onpremise and cloud), mobile systems, operational technology (OT), and tactical/embedded weapon platforms. The ultimate objective is to automate the generation of a Cryptographic Bill of Materials (CBOM) to support central risk reporting, vulnerability assessments, and PQC migration prioritization.
