CDC Managed Service Provider (MSP) 2.0

SOL #: 75D301_FY2027Sources Sought

Overview

Buyer

Health And Human Services
Centers For Disease Control And Prevention
CDC OFFICE OF ACQUISITION SERVICES
ATLANTA, GA, 30333, United States

Place of Performance

Atlanta, GA

NAICS

Computing Infrastructure Providers (518210)

PSC

Computing Delivered As A Service In A Public Or Private Cloud Environment, Such As Services For Traditional Mainframe Computers And Operations Running Windows, Linux, Converged Infrastructure Or Unix Operating Systems. (DB10)

Set Aside

No set aside specified

Timeline

1
Posted
Jun 18, 2026
2
Last Updated
Jun 18, 2026
3
Response Deadline
Jul 2, 2026, 2:00 PM

Qualification Details

Fit reasons
  • NAICS alignment with historical contract wins in similar service areas.
  • Scope strongly matches core technical capabilities and delivery model.
Risks
  • Past performance thresholds may require one additional teaming partner.
  • Potential clarification needed on staffing minimums before bid/no-bid.
Next steps

Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.

Quick Summary

The Centers for Disease Control and Prevention (CDC) is conducting market research through a Sources Sought / Request for Information (RFI) for Managed Service Provider (MSP) 2.0 support. The CDC seeks to identify qualified firms capable of providing comprehensive cloud hosting, infrastructure, platform, database, operational, transition, and disaster recovery services for its on-premises, private, public, and hybrid cloud environments. This RFI will inform the acquisition strategy, including potential set-asides. Responses are due by June 29, 2026.

Purpose & Scope

The CDC Office of the Chief Information Officer (OCIO) aims to consolidate support services for its diverse cloud environments under a single, unified managed services operating model. This consolidation seeks to standardize operations, reduce costs, increase service quality, improve governance, and leverage economies of scale. The contractor will be responsible for the management, operation, maintenance, modernization, security, and continuous improvement of these environments, ensuring compliance with Federal and CDC requirements (FISMA, FedRAMP, NIST, cybersecurity policies).

Key services include:

  • Program Management and Governance: Planning, reporting, risk management, performance, stakeholder engagement, and continuous improvement.
  • Infrastructure, Hardware, and Software Services: Lifecycle management, patching, vulnerability remediation, and CMDB maintenance for all infrastructure components.
  • Cloud Operations and Platform Services: 24x7x365 operations, cloud brokerage, provisioning, monitoring, automation, storage, backup/recovery, networking, security, IAM, middleware administration, incident/problem/change management, and capacity planning.
  • Software, Middleware, and Platform Administration: Installation, configuration, monitoring, patching, upgrades, and security.
  • Database Services: Comprehensive administration for relational and non-relational technologies, including security, performance, backup/recovery, and DR support.
  • Customer Engagement and Service Intake: Requirements gathering, solution design, migration planning, and service onboarding.
  • Transition Services: Support for Transition-In, Transition-Out, and workload/system migrations.
  • Disaster Recovery and Business Continuity: Planning, implementation, testing, and execution to meet RTOs/RPOs.

Requested Capabilities

Respondents should provide capability statements addressing experience in:

  • Developing and supporting scalable managed services across multi-cloud environments.
  • Consolidating managed services support and operations.
  • Ability to perform as a prime contractor or identify subcontracting areas.
  • Cloud-agnostic services, hybrid multi-cloud, and workload portability.
  • Managing risks associated with service consolidation.
  • Supporting federal product owners, 24x7x365 operations, and security management (FISMA, FedRAMP, Zero Trust).
  • Enterprise ITSM programs (ITIL), automated workflows, AI-integrated service catalogs, CMDB, Asset Management, Event/Incident Management.

Contract & Timeline

  • Type: Sources Sought / Request for Information (RFI)
  • NAICS: 518210 (Computing Delivered As A Service In A Public Or Private Cloud Environment)
  • Response Due: June 29, 2026
  • Published: June 18, 2026
  • Place of Performance: Atlanta, GA, United States
  • Contract Vehicle: CDC intends to use HHS Mandatory-Use Contract Vehicles.

Eligibility & Submission

This RFI specifically assesses the availability and capability of small businesses (Small Disadvantaged, Certified 8(a), Service-Disabled Veteran-Owned, HUBZone, Woman-Owned) and large businesses. The CDC will evaluate the feasibility of small business set-asides or partial set-asides.

Responses are limited to 10 pages or less, in Microsoft Word or Adobe PDF format, and must be submitted via email to al00@cdc.gov. This is for market research only; no solicitation exists, and the government will not provide feedback.

Contact: Won Chung (al00@cdc.gov) or Sherrie Randall (iom3@cdc.gov, 7704882822).

People

Points of Contact

Won ChungPRIMARY
al00@cdc.gov
Sherrie RandallSECONDARY
iom3@cdc.gov
7704882822

Files

Files

No files attached to this opportunity

Versions

Version 2
Sources Sought
Posted: Jun 18, 2026
View
Version 1Viewing
Sources Sought
Posted: Jun 18, 2026