The Department of Health and Human Services (HHS) is looking for cloud hosting for the Office of the Assistant Secretary for Preparedness and Response’s (ASPR) website.
ASPR is tasked with ensuring the country is prepared for, responds to, and can recover from disasters and public health emergencies. To that end, ASPR collaborates with stakeholders, including hospitals, biotech firms, and all levels of government, to improve readiness and response capabilities.
While the Nov. 24 post on Beta.Sam.gov is just an initial request for information (RFI), HHS said that it is ultimately looking “obtain a secure, flexible, efficient, and cost-effective, commercial cloud service offering that enables scaling of infrastructure, application resources, IT capabilities or services to meet evolving application and user demand.” HHS said the cloud must be able to host data of FISMA moderate risk level.
In their submissions, respondents should “provide information on services to centrally manage, track and report cost and performance data for applications hosted including but not limited to single cloud, hybrid cloud, and multi-cloud capabilities.” The RFI noted that ASPR Information Technology Services Division does not manage or control the underlying cloud infrastructure, but does require access to monitoring tools to gain real-time insight into performance metrics of the cloud hosting environment.
The RFI states that HHS will retain full ownership of all user data, including rights to logs, scans, analytics, and other data, conducted by the vendor on their IT infrastructure, hosting environment, system(s), or service offering. HHS said that all respondents must include basic information in submission on data rights and ownership.
HHS said part of the motivation behind the move to the cloud is to implement the 2019 Federal Cloud Computing Strategy, also known as Cloud Smart, to “leverage … private industry solutions to better serve the ASPR mission, increase cybersecurity, and operational agility.” It also noted that FedRAMP approval is required and asked all respondents to state the FedRAMP approval status of their cloud capability.
Responses are due Nov. 28.