Conveyance/Vertical Transport System (C/VTCS) in Defense Health Agency (DHA) Facilities
Overview
Buyer
Place of Performance
NAICS
PSC
Set Aside
Original Source
Timeline
Qualification Details
Fit reasons
- NAICS alignment with historical contract wins in similar service areas.
- Scope strongly matches core technical capabilities and delivery model.
Risks
- Past performance thresholds may require one additional teaming partner.
- Potential clarification needed on staffing minimums before bid/no-bid.
Next steps
Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.
Quick Summary
The Defense Information Systems Agency (DISA), on behalf of the Defense Health Agency (DHA), has issued a Sources Sought / Request for Information (RFI) for Conveyance/Vertical Transport Systems (C/VTCS) in DHA Facilities. This RFI aims to gather industry input to establish an enterprise standard for these systems, focusing on current technologies, cybersecurity, integration, and support strategies. Responses are due by March 31, 2026.
Purpose & Scope
This RFI is for market research and planning purposes to inform future acquisition and authorization efforts for C/VTCS within DHA facilities. The DHA seeks to understand the current state of technology, cybersecurity compliance (specifically Risk Management Framework - RMF), integration capabilities, and support models for these critical systems.
Requested Information
Respondents are requested to provide detailed information on:
- System Design & Security: Standards, core functions, deployment, secure facility architecture, and integration with Enterprise Security Systems (ESS).
- Risk Management Framework (RMF) Compliance: Support for RMF authorization, communication interfaces, DHA network operability, and system interdependencies.
- Authentication & Authorization: System and user authentication, zero-trust principles, and auditing.
- Data Handling & Security: Data types (including PII/ePHI), FIPS-compliant encryption, and cryptographic module validation.
- Maintenance & Vulnerability Management: Patching, vulnerability management, credentialed scan support, and remote access controls.
- Operational Technology (OT) Security: Network segmentation, secure OT protocols, OT patch management, and incident response.
- Supply Chain Risk Management: DFARS compliance, country of origin for components, and third-party vendor information.
Response Guidelines
- Format: White paper, not exceeding 16 pages, 12-point type, one-inch margins.
- Submission: Email submission, maximum 5 MB.
- Response Due: March 31, 2026, 5:00 PM ET.
- Submission Email: jennifer.m.everly2.civ@mail.mil and son.m.pham2.civ@mail.mil.
- Questions Due: September 15, 2025, 5:00 PM ET (submit in writing via email).
Contract & Timeline
- Type: Sources Sought / Request for Information (RFI)
- Set-Aside: None specified (market research stage)
- Published: March 12, 2026
- Response Due: March 31, 2026
Disclaimer
This RFI is for planning purposes only and does not constitute a commitment to issue a solicitation or award a contract. No costs incurred in response will be reimbursed. All submissions become Government property.