Informatics Security Assessment of the AIMS Platform

APHL's Informatics program – in association with the Centers for Disease Control and Prevention (CDC) and many state and local public health laboratories (PHLs) and public health agencies (PHAs) – has worked for more than a decade to develop the AIMS Platform as a means to exchange health information. AIMS is a secure, cloud-based environment that accelerates the implementation of health messaging by providing shared services to aid in the transport, storage, analysis, validation, translation and routing of electronic data.

The AIMS infrastructure is hosted completely within Amazon Web Services (AWS), a cloud service provider. AIMS leverages AWS' US-east-1 and US-west-1 regions and various data centers within each region and its service offerings such as the following:

Elastic Compute Cloud (EC2) : ~ 100 servers
Relational Database Services (RDS) : ~ 23 Instances
Identity and Access Management
Workspaces - Virtual Desktops
Elastic Container Service for Kubernetes
Simple Storage Service (S3)
Lambda

Project Scope

APHL is requesting a security assessment to evaluate the AIMS Platform against the Federal Information Security Management Act (FISMA) by examining required controls outlined in the National Institute of Standards and Technology (NIST) Special Publication 800-53 Rev. 4.

The onsite portion of the FISMA assessment will be performed at the Tallahassee, Florida headquarters of Ruvos, LLC (Ruvos), the primary contractor to APHL on the development and maintenance of the AIMS Platform.

The successful firm will be required to deliver the following to APHL:

Executive summary of the assessment findings;
A detailed final report regarding the assessment;
A list of non-compliant items identified during the assessment; and
Any other related or supplementary material specified by the firm, APHL or Ruvos in connection with the assessment.

Project Timeline

RFQ Release - January 7, 2019

Letter of Intent Due - By 5:00 PM (EST) on January 18, 2019

Q&A Conference Call (optional) - 1:00 PM (EST) on January 25, 2019

Quotes Due - By 5:00 PM (EST) on February 8, 2019

Quote Evaluation Period - February 11, 2019 – March 8, 2019

Winning Quote Announced - March 11, 2019

Onsite Assessment Work - March 2019 – TBD with Vendor

All Deliverables Submitted to APHL - April 1, 2019

Letter of Intent

Firms interested in conducting the security assessment should send APHL a brief Letter of Intent (LOI). The LOI does not need to address any of the substantive portions listed in Required Quote Components and is due no later than 5:00 PM (Eastern Standard Time) on Letter of Intent Due date specified in Project Timeline above. Firms must submit their LOIs to Marty Sibley, Senior Specialist, Informatics (marty.sibley@aphl.org) and copy APHL Legal Team (legal@aphl.org) with the subject line AIMS Security Assessment .

Q&A Conference Call

APHL will host an optional conference call to address questions posed by interested firms. The conference call will take place on the date and time specified for the Q&A Conference Call in Project Timeline above. APHL will use the following conference line for this call:

Zoom Conference Line: https://aphl.zoom.us/j/227535724

Meeting ID: 227 535 724

Phone Number: 669-900-6833

Participation in the conference call is not required and APHL will post a summary of the information discussed on the call to its procurement website at www.aphl.org/rfp.

Materials

The AIMS Security Assessment Document will provide detailed information in regards to this request, please read it on is entirety. Feel free to contact Marty Sibley, Senior Specialist, Informatics (marty.sibley@aphl.org) with any questions.

Our Value Mega Menu	https://www.aphl.org/Lists/Mega Menu Story/DispForm.aspx?ID=1	Our Value Mega Menu	<div class="ExternalClassB536FA0EE1D943C292A8BC5098D300B8"><p>APHL’s AIMS platform exchanged over 250,000,000 messages in 2018, its 10th anniversary year. </p></div>	Our Value	<img alt="" src="/PublishingImages/cyber%20-%20iStock-880444220_super.jpg" style="BORDER:0px solid;" />
Our Work Mega Menu	https://www.aphl.org/Lists/Mega Menu Story/DispForm.aspx?ID=2	Our Work Mega Menu	<div class="ExternalClass3018644464274CF1A442E6A7546F310E"><p>APHL is helping Zimbabwe to convert to viral load (VL) testing for monitoring of HIV patients. Below, the US Ambassador to Zimbabwe, Ambassador Nichols, vists Masvingo Provincial Laboratory.</p></div>	Our Work	<img alt="" src="/PublishingImages/US-Ambassador-Zimbabwe.JPG" style="BORDER:0px solid;" />
Your Resources Mega Menu	https://www.aphl.org/Lists/Mega Menu Story/DispForm.aspx?ID=3	Your Resources Mega Menu	<div class="ExternalClass1BF7DB5AC26D44A08CEFAE1E89BC7C71"><p>APHL helped 16 state newborn screening programs to implement one or more new disorders with $1,386,820 in direct funding.</p></div>	Your Resources	<img alt="" src="/PublishingImages/Baby%20-%20PHO_INF_MEIGS_2.jpg" style="BORDER:0px solid;" />
Your Development	https://www.aphl.org/Lists/Mega Menu Story/DispForm.aspx?ID=4	Your Development	<div class="ExternalClassC1476CEF6CAA4C9A84B74137AA769F43"><p>Each year APHL partners with a public health lab to sponsor an event for local students. Here, Pasadena middle school students become “toxic crusaders” at the city’s environmental chemistry lab. </p></div>	Your Development	<img alt="" src="/PublishingImages/toxic_crusaders.JPG" style="BORDER:0px solid;" />
I Want To	https://www.aphl.org/Lists/Mega Menu Story/DispForm.aspx?ID=5	I Want To	<div class="ExternalClass6F92F0D3EF0C4D3083DEDA3F0D150994"><p>In collaboration with CDC, APHL sponsors multiple fellowships in diverse disciplines. Below, Infectious Disease Fellow Chelsea Carmen works at the bench.</p></div>	I Want To	<img alt="" src="/PublishingImages/ID-Fellow-ChelseaCarman.jpg" style="BORDER:0px solid;" />

Sign in to access more resources from APHL.org and APHLWEB.org