INTRODUCTION:
This Request for Information (RFI) is to assist the Indian Health Service (IHS) in identifying potential alternative solutions, product information, and vendors that are able to support the Information Technology Access Control (ITAC) alternative requirements. IHS is seeking to identify suitable commercial-off-the-shelf (COTS) and/or government-off-the-shelf (GOTS) solutions that address all or part of the technical capabilities required.. This RFI is issued solely for information and planning purposes and does not constitute a Request for Proposal (RFP) or a promise to issue an RFP in the future. This RFI does not commit the U.S. Government to contract for any supply or service whatsoever. Furthermore, the Indian Health Service is not at this time seeking proposals and will not accept unsolicited proposals. Responders are advised that the U.S. Government will not pay for any information or administrative costs incurred in response to this RFI; all costs associated with responding to this RFI will be solely at the interested party's expense.

BACKGROUND:
IHS is a geographically diverse Agency with an established operating component hierarchy serving 49 states. The unique organizational structure includes federally operated facilities as well as autonomous, non-federally networked Tribal facilities that occasionally require access to federal information resources.
As a result of the Agency's unique political and geographical characteristics, identity and access management faces unique challenges.
The web-based ITAC system, launched by IHS in early 2010, is an electronic workflow process system used by IHS to streamline the information technology (IT) system access workflow and complies with federal requirements to track user access to federal systems.

The current IHS ITAC system was designed to manage the permissions of federal information systems and users. It has evolved to also manage some Tribal systems and Tribal users who are not monitored by the Agency's existing management infrastructure (Department of Health and Human Services [HHS], Active Directory [AD], etc.). As a result, the replacement system must surmount the challenges of uniquely identifying these users and accommodating the dynamic landscape of our user population.
ITAC streamlines the system access workflow by electronically facilitating access request submission, automating routing to appropriate approvers and grantors, and providing clarification of where an access request sits in the request processing workflow. Additionally, ITAC helps IHS to meet federal requirements by providing a fairly accurate database of all users with access to IHS information systems, which include details of permission levels and the request and approval process for gaining system access.

Supervisors use the www.ihs.gov/itac website to submit requests for new or existing users who are members of their ITAC team. The system routes the request to designated systems approvers and grantors, and notifies them by e-mail that a request is waiting for review. ITAC approvers and grantors use the home.ihs.gov/itac website to approve or process requests. When the access is granted, the grantor marks the request as complete.
When a user needs to disable system access, the ITAC system works in the same process. If a user permanently leaves IHS, the supervisor can submit a Remove User request to have all system access removed, and ITAC will archive and permanently save the profile history. All requests are permanently logged in the ITAC system and each user's profile shows which systems the user has access to.

However, what is lacking as part of the IHS ITAC implementation is a full Identity Access Management Solution (IAMS) that provides an automated process to manage user identities across all platforms. Initially, this will require the ability to thoroughly track account provisioning. In the long-term, the IAMS will need to actually provision accounts on various target platforms in compliance with NIST 800-53 security controls. It is important to note that IHS currently utilizes the NetIQ Directory Resource Administrator (DRA) to manage the account provisioning process for the Agency's Active Directory. Any IAMS implemented at IHS must seamlessly integrate with this existing system in order to maintain the IHS investment in the Active Directory account provisioning process through DRA.

RESPONSES:
Interested parties are requested to respond to this RFI by completing Attachment 1: Operational Requirements, and by providing a white paper in Microsoft Word 2010 or compatible format. The white paper/capabilities package should describe your company's ITAC solution and capabilities, knowledge, and expertise in the full range of technologies needed to support this IHS initiative. Please describe your approach to support all requirements listed in Attachment 1. White paper/capabilities submissions should be no more than fifteen (15) pages, single-spaced, in 12-point font, Times New Roman with one (1) inch margins.

Written responses are requested no later than November 17, 2014 by 5:00pm. Eastern Time. Please submit your response to the RFI via e-mail to Michael Fischer at [email protected]. Include the RFI number IHS0003 in the subject line. The government requests that submitters clearly mark any materials that contain proprietary or otherwise protected information. Documents submitted in response to this RFI will not be returned.

Bid Protests Not Available