Infant Protection and Abduction System (IPAS) in Defense Health Agency (DHA) Facilities

Summary (Newest Update)

Background The Defense Health Agency (DHA) manages Facility-Related Control Systems (FRCS) to ensure safe, secure, and resilient operations in healthcare environments. One of these systems is the Infant Protection and Abduction System (IPAS), which must comply with Department of Defense (DoD) Information Technology cybersecurity, interoperability, and sustainment requirements. The DHA aims to establish an enterprise standard for evaluating and integrating these systems. Work Details The DHA Facilities Enterprise Program Management Office is seeking vendor input on the design, capabilities, security posture, and lifecycle support of FRCS used in DHA facilities. The objective is to develop a standard IPAS profile that ensures consistent, secure, and sustainable deployment across the enterprise. Vendors are requested to provide information on various aspects including: 1. Standards guiding IPAS design and security approach; overview of solutions; deployment modes; system architecture; integration with Enterprise Security Systems. 2. Support for Risk Management Framework (RMF) authorization; communication interfaces; operation on DoD networks; interdependencies with other systems. 3. Integrated authentication and authorization capabilities; user authentication methods; support for zero-trust principles; auditing capabilities. 4. Types of data processed by IPAS including Personally Identifiable Information (PII) and electronic Protected Health Information (ePHI); encryption standards compliance. 5. Approach to patching, vulnerability management, and supporting credentialed scans. 6. Remote access capabilities for maintenance; access controls in place. 7. Addressing Operational Technology (OT) security requirements including network segmentation and patch management. 8. Supply chain risk management compliance with Defense Supplement regulations. Place of Performance The contract will be performed at Defense Health Agency facilities.