Request for Information for Electronic Security System (ESS) for Naval Hospital Bremerton (NHB)

Statement of Work (SOW) / Performance Work Statement (PWS)

This Performance Work Statement (PWS) outlines the requirements for a comprehensive upgrade and potential replacement of the Electronic Security System (ESS) at Naval Hospital Bremerton (NHB). The primary objective is to modernize the ESS to protect assets, people, facilities, sensitive information, and equipment, thereby supporting the mission of the Defense Health Agency (DHA) and NHB.

• Provide all necessary personnel, equipment, supplies, and non-personal services for the design, installation, and testing of the ESS.

• Deliver a fully functional, reliable, and integrated ESS, including Video Surveillance Systems (VSS), Access Control System (ACS), and Intrusion Detection System (IDS).

• Ensure comprehensive camera surveillance with adequate video recording and storage capabilities for all required hospital areas.

• Implement a standalone, cyber-secure system capable of achieving a DoD Risk Management Framework (RMF) Authority to Operate (ATO).

• Integrate all subsystems, provide comprehensive training, and deliver complete system documentation.

• Provide warranty and ongoing maintenance support.

• Operational Availability: Minimum of 100% measured monthly, supported by an uninterruptible power supply (UPS) for at least two hours.

• System Latency: Maximum of 10 seconds delay between sensor activation and operator workstation annunciation (goal of 3-5 seconds).

• Intrusion Detection System (IDS): Probability of Detection (Pd) of at least 95%; Nuisance/False Alarm Rates (NAR/FAR) not to exceed 3 alarms/month for interior sensors and 3 alarms/day for exterior sensors.

• Access Control System (ACS): FIPS 201 compliant, using DoD Common Access Card (CAC) as the primary credential. Log alarms for "forced entry" and "door held open" events.

• Video Surveillance System (VSS): Minimum HD 1080p resolution, frame rates appropriate for scene monitoring. Retain video for a minimum of 30 days.

• Place of Performance: Naval Hospital Bremerton (NHB) in Bremerton, WA.

• Period of Performance: To be determined at contract award.

• The system must be standalone and not connected to the existing hospital network, unless it achieves full RMF accreditation.

• Compliance with numerous DoD and NIST publications, including RMF, cybersecurity requirements, and specific UFC standards.

• Contractor personnel must adhere to specific identification and security clearance requirements.

• Cybersecurity requirements include NIST SP 800-171, CMMC, and specific DoD cybersecurity policies.

• The Contractor must provide a Quality Control Plan (QCP) and adhere to the Quality Assurance Surveillance Plan (QASP).

Sources Sought / Request for Information (RFI)

This RFI is issued by the Defense Health Agency (DHA) for market research to assist in developing a procurement strategy for an Electronic Security System (ESS) for Naval Hospital Bremerton (NHB). The DHA is seeking information from qualified and experienced sources, particularly small businesses, capable of providing a comprehensive, integrated, and cyber-secure ESS. The goal is to procure, install, and/or modernize the ESS to protect personnel, patients, assets, and sensitive information, ensuring compliance with DoD, UFC, and DHA directives, including stringent cybersecurity requirements and HIPAA.

• Design, procurement, installation, testing, and accreditation of a complete and fully operational ESS.

• Integration of subsystems: Intrusion Detection System (IDS), Access Control System (ACS), and Video Surveillance System (VSS).

• Management under a single, unified Physical Security Information Management (PSIM) or similar central management platform.

• Compliance with DoD Risk Management Framework (RMF) for Authority to Operate (ATO).

• Compliance with HIPAA Security Rule.

• Capability statements are requested, limited to ten (10) pages.

• Must include company information (UEI, CAGE, size, POC, GWACs/GSA Schedules).

• Must provide 2-4 examples of similar projects within the last five years, detailing contract number, dollar value, period of performance, client, and a description of work performed.

• Specific experience required in integrating multi-vendor ACS, IDS, and VSS in sensitive environments, implementing PSIM, and adhering to relevant DoD standards (UFC 4-021-02, UFC 4-010-06).

• Technical approach to designing, installing, and accrediting a compliant ESS in a 24/7 operational hospital environment.

• Description of cybersecurity accreditation capabilities and quality control processes.

• Recommendation and justification for one of five draft PWS Courses of Action (COAs).

• Market research pricing for recommended COA.

• Anticipated teaming or subcontracting strategy.

• Responses due by 24 June 2026, 11:00 AM Pacific Time, via email.

• The government is specifically seeking information from small businesses.

• This RFI does not constitute a solicitation or a promise to issue one.

• No costs incurred in responding will be reimbursed.

• Respondents must be registered in the System for Award Management (SAM).

• Questions regarding this notice must be submitted in writing via email.