Infant Protection and Abduction System (IPAS) in Defense Health Agency (DHA) Facilities

SOL #: 832674193Sources Sought

Overview

Buyer

DEPT OF DEFENSE

Defense Information Systems Agency (Disa)

IT CONTRACTING DIVISION - PL83

SCOTT AFB, IL, 62225-5406, United States

Place of Performance

Fort Huachuca, AZ

NAICS

No NAICS code specified

PSC

No PSC code specified

Set Aside

No set aside specified

Original Source

https://sam.gov/opp/d93914bc0ae14e1b9092e5edf04c7afe/view

Timeline

Posted

Mar 12, 2026

Response Deadline

Mar 31, 2026, 9:00 PM

Qualification Details

Fit reasons

NAICS alignment with historical contract wins in similar service areas.
Scope strongly matches core technical capabilities and delivery model.

Risks

Past performance thresholds may require one additional teaming partner.
Potential clarification needed on staffing minimums before bid/no-bid.

Next steps

Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.

Quick Summary

The Defense Health Agency (DHA), through the Defense Information Systems Agency (DISA), is conducting market research via a Sources Sought / Request for Information (RFI) for an Infant Protection and Abduction System (IPAS). This RFI aims to gather information on current technologies, cybersecurity compliance (RMF), integration capabilities, and support strategies for IPAS in DHA Medical Treatment Facilities (MTFs). Responses are due by March 31, 2026.

Scope of Work

The DHA is seeking white papers detailing capabilities related to:

System Design & Capabilities: IPAS standards, core functions, deployment, architecture, and integration with Enterprise Security Systems (ESS).
Cybersecurity & Compliance: Support for Risk Management Framework (RMF) authorization, network compatibility (Med-COI, DoD networks), Zero Trust principles, and auditing.
Data Handling: Types of data, PII/ePHI handling, encryption standards (FIPS 140-3, 197, 199, 200).
Lifecycle Support: Patching, vulnerability management, credentialed scan support, and remote maintenance.
Operational Technology (OT) Security: Network segmentation, secure OT protocols, patch management, integrity monitoring, and incident response.
Supply Chain Risk Management: Compliance with DFARS clauses (e.g., Buy American), country of origin, and third-party components.

Contract & Timeline

Type: Sources Sought / Request for Information (RFI)
Set-Aside: None specified (market research stage)
Response Due: March 31, 2026, by 5:00 PM ET
Published: March 12, 2026
Questions Due: September 15, 2025, by 5:00 PM ET

Submission Guidelines

Respondents must submit a white paper, not exceeding 16 pages (single-spaced, 12-point type, 1-inch margins), via email. The email, including all associated items, must not exceed 5 MB. Submissions should be sent to jennifer.m.everly2.civ@mail.mil and son.m.pham2.civ@mail.mil. Questions must be submitted to gary.g.morrow.civ@mail.mil, jennifer.m.everly2.civ@mail.mil, and trevor.k.whitaker.civ@mail.mil.

Important Notes

This RFI is for planning purposes only and does not constitute a solicitation or commitment to award a contract. No costs incurred in response will be reimbursed. Proprietary information must be clearly marked.

People

Points of Contact

Trevor K. WhitakerPRIMARY

trevor.k.whitaker.civ@mail.mil

6678916089

Files

Download

Versions

Version 1Viewing

Sources Sought

Posted: Mar 12, 2026