Wednesday, November 13, 2024

DHA RFI: Risk Management Framework

Notice ID: HT001122RFI0138

“The DHA Component Acquisition Execute (CAE) in support of the DHA Medical Logistics Division – Ft Detrick, MD (in collaboration with the DAD IO/J6) is conducting market research and seeking innovative approaches from companies for assisting commercial Medical Device Equipment (MDE) manufacturers and associated software vendors to obtain DoD-approved cyber accreditations outside of (and in advance of) any DoD acquisition for such MDE or software. The overarching purpose of this RFI is to assess 1) how industry can assist MDE manufacturers and associated software vendors to obtain pre-approved Risk Management Framework (RMF) accreditations and 2) how the arrangement between industry and the manufacturers/vendors would be structured.”

“The DHA utilizes the RMF process to perform cyber accreditations of MDE and associated software. Presently, the RMF process for accrediting MDE and software takes 12-months or more and is plagued by backlogs. DHA wishes to significantly reduce this timeline and the associated backlogs by establishing a cyber accreditation pre-approval process. Specifically, DHA is considering utilizing an innovative, commercial accreditation process whereby a thirdparty vendor would assist MDE manufacturers and software vendors in navigating the RMF process and, ultimately, obtaining RMF cyber accreditation pre-approval. Accordingly, this RFI will assess industry interest, teaming possibilities, and capabilities to provide innovative, commercially available services to guide MDE manufacturers through the RMF process to achieve accreditation. It is anticipated that MDE manufacturers and related software vendors would then be better positioned to offer the latest innovative products to the Government in a timely fashion without the need to also undergo a lengthy RMF process after contract award. For clarity, the Government will not promise, guarantee, or otherwise commit to the award of any Federal contract should a vendor successfully obtain RMF pre-approval for its MDE or software.”

“To accomplish the above, the Government solicits industry input on methods it can employ to achieve the desired end state of providing RMF pre-approval support. The expected approach must be self-sufficient and will be one that does not include Government payment to the RMF pre-approval support vendor; however, the desired end state of reducing RMF approval timelines and backlogs is of paramount importance. To this end, the Government envisions that industry propose innovative methods for providing this service. For example, a vendor may wish to deliver services to MDE manufacturers and charge a fee for doing so based on pre-established cost factors (e.g., complexity of the work) set forth in a fee schedule. The Government also seeks input on how to structure the arrangement so as to ensure the process is open and available on an equal opportunity basis to all interested MDE manufacturers and software providers, is transparent to the manufacturers/providers, avoids creating organizational conflicts of interest (OCIs) or other disqualifying conflicts, and encourages the most robust possible competition for future Government requirements…”

Read more here.

[related-post]

LEAVE A REPLY

Please enter your comment!
Please enter your name here

FedHealthIT Xtra – Find Out More!

Recent News

Don’t Miss A Thing

Jackie Gilbert
Jackie Gilbert
Jackie Gilbert is a Content Analyst for FedHealthIT and Author of 'Anything but COVID-19' on the Daily Take Newsletter for G2Xchange Health and FedCiv.

Subscribe to our mailing list

* indicates required