SAM #ACQ-OMAS-2026-ORC-0014_Sources

Secure Cloud Center of Excellence for Indian Health Service (IHS)

This opportunity seeks to modernize and secure the Indian Health Service (IHS) cloud environment through the establishment of a Secure Cloud Center of Excellence (CCoE): - Government Buyer: - U.S. Department of Health and Human Services (HHS) - Sub-agency: Indian Health Service (IHS) - Office: Division of Information Technology - Contracting Office: OMAS Strategic Buying Center - Information Technology - OEMs and Referenced Technologies: - Palo Alto Networks (Cortex XSIAM, XSOAR) - Splunk (Enterprise Security) - Voltage SecureData - Products/Services Requested: - FedRAMP High-authorized Infrastructure-as-a-Service (IaaS) cloud platform with at least 170 compliant services - Design and deployment of a secure cloud landing zone and enclave - Automation of compliance workflows and dashboarding - Deployment of enclave-hosted large language models (LLMs) with licensing and secure containers - Integration with Palo Alto Cortex, Splunk Enterprise Security, and Voltage SecureData for Zero Trust Architecture - Agentic AI capabilities for automated operations - Role-based training and operational readiness support - Optional embedded resident architect support (time & materials) - Unique/Notable Requirements: - All cloud operations and data must remain within the continental United States - Strict tribal data sovereignty requirements - All personnel with access to tribal health data must be U.S. persons subject to federal oversight and background checks - Compliance with FedRAMP High, NIST 800-53, and Zero Trust Architecture - Multi-region deployment capability - Comprehensive training and knowledge transfer - No specific quantities or part numbers for hardware/software; services are organized by CLINs (001-005) - Place of Performance/Delivery: - Indian Health Service (IHS), Division of Information Technology, Rockville, MD

Description

BUY INDIAN SOURCES SOUGHT NOTICE

The Department of Health and Human Services (HHS), Office of Mission Acquisition Solutions (OMAS) is issuing this sources sought notice on behalf of the the Indian Health Service (IHS), to conduct market research. The goal of this market research is to identify prospective sources to fill a government requirement for cloud hosting and cloud environment management services to support the IHS' effort to establish a Cloud Center of Excellence (CCoE).

THIS IS NOT A SOLICITATION. This Sources Sought Notice is for informational and planning purposes only and shall not be construed as a solicitation, an obligation or commitment by the Indian Health Service or HHS. This notice is intended strictly for market research to determine the availability of Indian Small Businesses Economic Enterprise (ISBEE) and Indian Economic Enterprises (IEE). Your responses to the information requested will assist the Government in determining the appropriate acquisition method, including whether a set-aside is possible. The anticipated applicable NAICS code for this acquisition is 541519 - Other Computer Related Services-Information Technology Value Added Resellers.

Pursuant to 48 CFR Part 326, Subpart 326.603-3 and IHM 5.5-6, Indian Health Service must use the negotiation authority of the Buy Indian Act, 25 U.S.C. 47, to give preference to Indian Economic Enterprises (IEE), when authorized and practicable. 

HHS/OMAS does not intend to award a contract on the basis of responses nor otherwise pay for the preparation of any information submitted. HHS/OMAS may utilize responses to this notice to inform development a solicitation. Should such a requirement materialize, no basis for claims against HHS shall arise as a result of a response to this notice or HHS’s use of such information as either part of our evaluation process or in developing specifications for any subsequent requirement. Disclaimer and Important Notes.

This notice does not obligate the Government to award a contract or pay for the information provided in response. The Government reserves the right to use information provided by respondents for any purpose deemed necessary and legally appropriate. Thus, respondents should not include any sensitive or proprietary information in their submissions. Any organization responding to this notice should ensure that its response is complete and sufficiently detailed to allow the Government to determine the organization’s qualifications to perform the work. Respondents are advised that the Government is under no obligation to acknowledge receipt of the information received or provide feedback to respondents with respect to any information submitted. 

Brief Decription of Requirement:

IHS intends to establish a Secure Cloud Center of Excellence (CCoE) requiring a FedRAMP High-authorized Infrastructure-as-a-Service (IaaS) cloud platform as the foundational element. At the core, the platform must provide a FedRAMP High-Authorized IaaS Platform with a minimum of 170 compliant services, enabling the full spectrum of cloud computing, storage, networking, security, and analytics capabilities required for federal healthcare operations. The infrastructure must support multi-region deployment with U.S.-only operations specifically designed to maintain tribal data sovereignty requirements mandated by IHS's trust responsibility to federally recognized tribes. At a minimum, solution must meet the following criteria, where relevant:

FedRAMP authorized for High impact level Physical infrastructure for all all compute, storage, and networking resources located within the continental United States (CONUS). All personnel with access to tribal health data must be U.S. persons subject to federal oversight and background investigation requirements. IaaS or PaaS solutions must have documented integration with Palo Alto Cortex XSIAM and Cortex XSOAR, which form the foundation of IHS's current Security Operations Center. Splunk Enterprise Security toenable continued use of IHS's SIEM investment and established security workflows.  Voltage SecureData integration required for Zero Trust Architecture Data Pillar implementation mandated under federal cybersecurity directives. Agentic AI capabilities which enable the automation objectives central to the SCCoE's mission of reducing manual effort by 60-70%.

Additional details can be found in the Draft Statement of Work (SOW) included with this notice.

Submission Instructions: 

Interested parties who consider themselves qualified to perform the above-listed services are invited to submit a response by the date specified in this notice to the Contract Specialist, Renee Jones-Chuang, at renee.jones-chuang@hhs.gov with the subject line “ACQ-OMAS-2026-ORC-0014_Sources".  Your submission must include the following information, at a minimum:

Company Profile that includes:  UEI Name and Address Primary POC information Business size and type of ownership Socio-economic status/participation such as 8(a), WOSB/EDWOSB, SDVOSB and HUBZone Identification of Native American ownership (if applicable) A brief statement of the company’s capability that relates to the described government requirement.  Additional demonstration of capability may include current and past performance history for the same or similar requirement Information on existing governmentwide contract vehicles including: GSA NASA SEWP Governmentwide acquisition contracts (GWACs) maintained by HHS or its Divisions and available for ordering. If claiming Indian-owned Small Business Economic Enterprise (ISBEE) or Indian-owned Economic Enterprise (IEE), submit completed IHS IEE Representation Form (attached).

Automated responses or other responses that do not provide the requested information specified in this Sources Sought Notice will be noted as non-responsive and not considered in this Market Research.

Interested parties may also provide the following optional information:

Non-binding pricing information, such as: Commercial price lists Pricing under GWACs or other governmentwide vehicles An informal quote A rough order of magnitude Information on which services the respondent The suggested NAICS code for this requirement and rationale, if different from the one proposed in this notice.

Telephone inquiries will not be accepted or acknowledged, and the Government does not anticipate providing feedback or evaluations to companies regarding their submissions. Interested parties may submit questions regarding the requirement; however, the Government does not anticipate providing feedback or responses to questions. All questions may be used to inform market research.

View original listing