APHL's Informatics program – in association with the Centers for Disease Control and Prevention (CDC) and many state and local public health laboratories (PHLs) and public health agencies (PHAs) – has worked for more than a decade to develop the AIMS Platform as a means to exchange health information. AIMS is a secure, cloud-based environment that accelerates the implementation of health messaging by providing shared services to aid in the transport, storage, analysis, validation, translation and routing of electronic data.

The AIMS infrastructure is hosted completely within Amazon Web Services (AWS), a cloud service provider. AIMS leverages AWS' US-east-1 and US-west-1 regions and various data centers within each region and its service offerings such as the following:

  • Elastic Compute Cloud (EC2) :  ~ 100 servers
  • Relational Database Services (RDS) : ~ 23 Instances
  • Identity and Access Management
  • Workspaces - Virtual Desktops
  • Elastic Container Service for Kubernetes
  • Simple Storage Service (S3)
  • Lambda

Project Scope

APHL is requesting a security assessment to evaluate the AIMS Platform against the Federal Information Security Management Act (FISMA) by examining required controls outlined in the National Institute of Standards and Technology (NIST) Special Publication 800-53 Rev. 4.

The onsite portion of the FISMA assessment will be performed at the Tallahassee, Florida headquarters of Ruvos, LLC (Ruvos), the primary contractor to APHL on the development and maintenance of the AIMS Platform.

The successful firm will be required to deliver the following to APHL:

  • Executive summary of the assessment findings;
  • A detailed final report regarding the assessment;
  • A list of non-compliant items identified during the assessment; and
  • Any other related or supplementary material specified by the firm, APHL or Ruvos in connection with the assessment.

Project Timeline


RFQ Release                                           -    January 7, 2019

Letter of Intent Due                              -    By 5:00 PM (EST) on January 18, 2019 

Q&A Conference Call (optional)          -    1:00 PM (EST) on January 25, 2019

Quotes Due                                            -    By 5:00 PM (EST) on February 8, 2019

Quote Evaluation Period                      -    February 11, 2019 – March 8, 2019

Winning Quote Announced                 -    March 11, 2019

Onsite Assessment Work                     -    March 2019 – TBD with Vendor

All Deliverables Submitted to APHL   -   April 1, 2019

Letter of Intent

Firms interested in conducting the security assessment should send APHL a brief Letter of Intent (LOI). The LOI does not need to address any of the substantive portions listed in Required Quote Components and is due no later than 5:00 PM (Eastern Standard Time) on Letter of Intent Due date specified in Project Timeline above. Firms must submit their LOIs to Marty Sibley, Senior Specialist, Informatics (marty.sibley@aphl.org) and copy APHL Legal Team (legal@aphl.org) with the subject line AIMS Security Assessment .

Q&A Conference Call

APHL will host an optional conference call to address questions posed by interested firms. The conference call will take place on the date and time specified for the Q&A Conference Call in Project Timeline above. APHL will use the following conference line for this call:

Zoom Conference Line: https://aphl.zoom.us/j/227535724
Meeting ID: 227 535 724
Phone Number: 669-900-6833

Participation in the conference call is not required and APHL will post a summary of the information discussed on the call to its procurement website at www.aphl.org/rfp.


The AIMS Security Assessment Document will provide detailed information in regards to this request, please read it on is entirety. Feel free to contact Marty Sibley, Senior Specialist, Informatics (marty.sibley@aphl.org) with any questions.