HHS exploring program management office support for departmentwide zero trust implementation

Achieving zero trust will require HHS to “significantly upgrade governance and Information Technology (IT) management” the department said in a request for information about establishing a program management office.

The Department of Health and Human Services is exploring establishing a “program management office support” focused on assisting with zero-trust security implementation across the department, according to a Monday contracting solicitation.

As part of that process, the HHS’s Office of Chief Information Officer is looking for potential contractors that could identify capabilities and gaps related to zero trust in each operating division, develop and maintain a zero trust scorecard, and establish a zero-trust roadmap, among other things, according to the request for information posted to federal contracting website

The information security office within the OCIO is currently conducting market research on the establishment and maintenance of a program management office support for zero trust, according to the solicitation, and is looking to get information from interested parties by Dec. 6.

“While a few [operating divisions] within HHS have Zero Trust Maturity (ZTM) plans in place, HHS is just beginning to align resources to a department wide Zero Trust Strategy,” according to the solicitation.


HHS didn’t respond to a request for comment.

The solicitation comes as agencies work to achieve the Biden administration’s standards to improve cybersecurity through governmentwide zero-trust security architecture by the end of fiscal year 2024. 

While the Biden administration issued a strategy for achieving those goals, efforts can vary by agency. For example, the Department of Commerce’s CIO Andre Mendes told FedScoop in July that the agency elected to have a department-wide rather than letting bureaus chart their own course. 

Although the department already has many of the skills and technologies required by Biden’s zero-trust architecture strategy, the solicitation said that “putting all the components together requires HHS to significantly upgrade governance and Information Technology (IT) management, and more deeply integrate teams and technologies.”

At least one agency is already establishing a zero-trust program management office. The Department of Education is getting funding under the General Services Administration’s Technology Modernization Fund to establish an “enterprise-wide program management office dedicated to zero trust,” according to the TMF website. 


The Department of Education awarded a contract to ShorePoint Inc. to provide program management office support.

Madison Alder

Written by Madison Alder

Madison Alder is a reporter for FedScoop in Washington, D.C., covering government technology. Her reporting has included tracking government uses of artificial intelligence and monitoring changes in federal contracting. She’s broadly interested in issues involving health, law, and data. Before joining FedScoop, Madison was a reporter at Bloomberg Law where she covered several beats, including the federal judiciary, health policy, and employee benefits. A west-coaster at heart, Madison is originally from Seattle and is a graduate of the Walter Cronkite School of Journalism and Mass Communication at Arizona State University.

Latest Podcasts