Video Surveillance System (VSS) in Defense Health Agency (DHA) Facilities
Overview
Buyer
Place of Performance
NAICS
PSC
Set Aside
Original Source
Timeline
Qualification Details
Fit reasons
- NAICS alignment with historical contract wins in similar service areas.
- Scope strongly matches core technical capabilities and delivery model.
Risks
- Past performance thresholds may require one additional teaming partner.
- Potential clarification needed on staffing minimums before bid/no-bid.
Next steps
Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.
Quick Summary
The Defense Information Systems Agency (DISA), on behalf of the Defense Health Agency (DHA), has issued a Request for Information (RFI) for Video Surveillance Systems (VSS) for DHA facilities. This RFI is for market research to develop an enterprise standard for VSS, ensuring compliance with DoD cybersecurity, interoperability, and sustainment requirements. Responses are due by May 29, 2026, at 5:00 PM ET.
Purpose & Scope
This RFI seeks industry input to inform the development of an enterprise standard for evaluating and integrating VSS across DHA facilities. The goal is to ensure these systems align with Department of Defense (DoD) cybersecurity, interoperability, and sustainment mandates. The place of performance is Fort Huachuca, AZ, and other DHA facilities.
Requested Information
Respondents are asked to provide detailed information on various aspects of VSS, including:
- Standards and Design: Guidance on VSS design, security (e.g., NIST SP 800-53, 800-82), deployment modes, hardware/software dependencies, secure architecture for medical facilities, and integration with Enterprise Security Systems (ESS).
- Risk Management Framework (RMF) Compliance: Support for RMF authorization, communication interfaces, operability on DHA Medical-Community of Interest (Med-COI) or other DoD networks, and system interdependencies.
- Authentication and Authorization: System and user authentication methods (PIV/CAC, biometrics), zero-trust principles, and auditing capabilities.
- Data Handling and Security: Processing of PII/ePHI, encryption standards (at rest and in transit), and compliance with FIPS 140-3, 197, 199, and 200.
- Maintenance and Vulnerability Management: Patching processes, vulnerability management, credentialed scan support, and remote access via DHA's approved B2B VPN.
- Operational Technology (OT) Security: Support for OT network segmentation, secure OT protocols, OT-specific patch management, system integrity monitoring, and incident response.
- Supply Chain Risk Management: Compliance with DFARS clauses (e.g., Buy American), and identification of third-party components.
Submission Guidelines
- Format: White paper, not exceeding 50 pages (single-spaced, 12-point type, 1-inch margins).
- Email Size: Submissions must not exceed 5 MB.
- Response Due: May 29, 2026, by 5:00 PM ET.
- Submission Email: jennifer.m.everly2.civ@mail.mil and son.m.pham2.civ@mail.mil.
- Questions Due: May 21, 2026, via email to jennifer.m.everly2.civ@mail.mil, son.m.pham2.civ@mail.mil, and trevor.k.whitaker.civ@mail.mil.
Important Notes
This RFI is solely for market research and planning purposes and does not constitute a solicitation or commitment to award a contract. The Government will not reimburse respondents for costs incurred. Proprietary information must be clearly marked.