CMS Cybersecurity Center Operations Contract Awarded to Iron Vine Security for $102M
Contract Overview
Contract Amount: $102,063,427 ($102.1M)
Contractor: Iron Vine Security LLC
Awarding Agency: Department of Health and Human Services
Start Date: 2024-03-15
End Date: 2027-03-14
Contract Duration: 1,094 days
Daily Burn Rate: $93.3K/day
Competition Type: FULL AND OPEN COMPETITION
Number of Offers Received: 14
Pricing Type: FIRM FIXED PRICE
Sector: IT
Official Description: CMS CYBERSECURITY INTEGRATION CENTER OPERATIONS (CCICOPS)
Place of Performance
Location: WINDSOR MILL, BALTIMORE County, MARYLAND, 21244
State: Maryland Government Spending
Plain-Language Summary
Department of Health and Human Services obligated $102.1 million to IRON VINE SECURITY LLC for work described as: CMS CYBERSECURITY INTEGRATION CENTER OPERATIONS (CCICOPS) Key points: 1. Contract value of $102M over 3 years. 2. Awarded via full and open competition. 3. Potential risk in reliance on a single vendor for critical cybersecurity. 4. Sector: IT Services.
Value Assessment
Rating: good
The contract value of $102M for 3 years appears reasonable for comprehensive cybersecurity operations. Benchmarking against similar large-scale IT service contracts for federal agencies suggests this pricing is within expected ranges, though specific service scope is key.
Cost Per Unit: N/A
Competition Analysis
Competition Level: full-and-open
The contract was awarded through full and open competition, indicating a robust price discovery process. This method generally leads to competitive pricing as multiple vendors had the opportunity to bid.
Taxpayer Impact: The competitive award process aims to ensure taxpayer funds are used efficiently for essential cybersecurity services.
Public Impact
Ensures critical cybersecurity operations for CMS, protecting sensitive health data. Supports the ongoing security of Medicare and Medicaid systems. Potential impact on the cybersecurity landscape for federal health agencies.
Waste & Efficiency Indicators
Waste Risk Score: 75 / 10
Warning Flags
- Vendor lock-in potential
- Reliance on single vendor for critical infrastructure
Positive Signals
- Competitive award process
- Clear contract duration
Sector Analysis
This contract falls within the IT services sector, specifically focusing on cybersecurity operations for a major federal health agency. Spending benchmarks for similar cybersecurity contracts often range from tens to hundreds of millions of dollars, depending on scope and duration.
Small Business Impact
The data indicates this contract was not set aside for small businesses and the awardee, Iron Vine Security LLC, is not explicitly identified as a small business in this context. This suggests larger, established firms are competing in this space.
Oversight & Accountability
The contract is managed by the Centers for Medicare and Medicaid Services (CMS), a key agency within HHS. Oversight will focus on performance, security compliance, and adherence to contract terms to ensure effective cybersecurity.
Related Government Programs
- Other Computer Related Services
- Department of Health and Human Services Contracting
- Centers for Medicare and Medicaid Services Programs
Risk Flags
- Vendor lock-in
- Reliance on a single provider for critical infrastructure
- Potential for scope creep impacting budget
- Cybersecurity threats evolving rapidly
Tags
other-computer-related-services, department-of-health-and-human-services, md, delivery-order, 100m-plus
Frequently Asked Questions
What is this federal contract paying for?
Department of Health and Human Services awarded $102.1 million to IRON VINE SECURITY LLC. CMS CYBERSECURITY INTEGRATION CENTER OPERATIONS (CCICOPS)
Who is the contractor on this award?
The obligated recipient is IRON VINE SECURITY LLC.
Which agency awarded this contract?
Awarding agency: Department of Health and Human Services (Centers for Medicare and Medicaid Services).
What is the total obligated amount?
The obligated amount is $102.1 million.
What is the period of performance?
Start: 2024-03-15. End: 2027-03-14.
What specific cybersecurity services are included in this $102M contract, and how do they align with CMS's evolving threat landscape?
The contract likely encompasses a broad range of services including threat detection, incident response, vulnerability management, security monitoring, and potentially security architecture and engineering. Alignment with CMS's evolving threat landscape would depend on the contract's flexibility for adapting to new threats and technologies, and the vendor's proactive threat intelligence capabilities.
What are the key performance indicators (KPIs) for Iron Vine Security, and how will their performance be measured to ensure effective cybersecurity operations?
Key performance indicators would typically include metrics such as response times to security incidents, the number of vulnerabilities identified and remediated, system uptime for security tools, and compliance with security policies. Performance measurement would likely involve regular reporting, audits, and potentially service level agreements (SLAs) with defined penalties or incentives.
Given the critical nature of CMS data, what contingency plans are in place should Iron Vine Security fail to meet its contractual obligations or experience a security breach?
Contingency plans would likely involve pre-defined escalation procedures, potential for rapid transition to an alternative vendor or in-house capabilities, and contractual clauses addressing breach notification and remediation. The government would also have mechanisms for contract termination and seeking damages if obligations are not met.
Industry Classification
NAICS: Professional, Scientific, and Technical Services › Computer Systems Design and Related Services › Other Computer Related Services
Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS › IT AND TELECOM - SECURITY AND COMPLIANCE
Competition & Pricing
Extent Competed: FULL AND OPEN COMPETITION
Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY
Offers Received: 14
Pricing Type: FIRM FIXED PRICE (J)
Evaluated Preference: NONE
Contractor Details
Address: 1400 I STREET NW, SUITE 925, WASHINGTON, DC, 20005
Business Categories: Category Business, Corporate Entity Not Tax Exempt, Not Designated a Small Business, Special Designations, U.S.-Owned Business
Financial Breakdown
Contract Ceiling: $189,235,674
Exercised Options: $106,742,026
Current Obligation: $102,063,427
Actual Outlays: $53,019,308
Contract Characteristics
Commercial Item: COMMERCIAL PRODUCTS/SERVICES
Parent Contract
Parent Award PIID: 47QTCA19D00HF
IDV Type: FSS
Timeline
Start Date: 2024-03-15
Current End Date: 2027-03-14
Potential End Date: 2029-03-14 00:00:00
Last Modified: 2026-03-10
More Contracts from Iron Vine Security LLC
- Enterprise Cybersecurity Support Services — $95.3M (Department of Commerce)
- Ispss — $93.9M (Department of Health and Human Services)
- Logical Follow-On for the Information Security Support Services (ispss) Contract — $78.8M (Department of Health and Human Services)
- THE Call IS for Information Technology Security Compliance (itsc) Services — $64.4M (Department of State)
- Professional Support Service Support - Management Service Support — $33.9M (Department of Health and Human Services)
Other Department of Health and Human Services Contracts
- Contact Center Operations (CCO) — $5.5B (Maximus Federal Services, Inc.)
- TAS::75 0849::TAS Oper of Govt R&D Goco Facilities — $4.8B (Leidos Biomedical Research Inc)
- THE Purpose of This Contract IS to Provide the Full Complement of Services Necessary to Care for UC in ORR Custody Including Facilities Set-Up, Maintenance, and Support Internal and Perimeter (IF Applicable) Security, Direct Care and Supervision Inc — $3.5B (Rapid Deployment Inc)
- Contact Center Operations — $2.6B (Maximus Federal Services, Inc.)
- Federal Contract — $2.4B (Leidos Biomedical Research Inc)
View all Department of Health and Human Services contracts →