GSA's $35.3M IT security contract with Knowledge Consulting Group Inc. shows fair value but limited competition
Contract Overview
Contract Amount: $35,269,817 ($35.3M)
Contractor: Knowledge Consulting Group Inc
Awarding Agency: General Services Administration
Start Date: 2015-02-27
End Date: 2018-06-16
Contract Duration: 1,205 days
Daily Burn Rate: $29.3K/day
Competition Type: FULL AND OPEN COMPETITION
Number of Offers Received: 10
Pricing Type: TIME AND MATERIALS
Sector: IT
Official Description: THIS TO IS TO DESIGN, CONFIGURE, AND OPERATE A CMAAS SOLUTION FOR DHS THAT COMPLIES WITH APPLICABLE STANDARDS AND DEMONSTRATES IMPROVED DETECTION AND ANALYSIS OF IT SECURITY EVENTS IN COOPERATION WITH DHS CDM PROGRAM OFFICE (FOR ALL TASK ORDERS) AND THE DHS COMPONENTS (AS THE DHS CDM END USERS IN THIS TASK ORDER).
Place of Performance
Location: RESTON, FAIRFAX County, VIRGINIA, 20191
State: Virginia Government Spending
Plain-Language Summary
General Services Administration obligated $35.3 million to KNOWLEDGE CONSULTING GROUP INC for work described as: THIS TO IS TO DESIGN, CONFIGURE, AND OPERATE A CMAAS SOLUTION FOR DHS THAT COMPLIES WITH APPLICABLE STANDARDS AND DEMONSTRATES IMPROVED DETECTION AND ANALYSIS OF IT SECURITY EVENTS IN COOPERATION WITH DHS CDM PROGRAM OFFICE (FOR ALL TASK ORDERS) AND THE DHS COMPONENTS (AS THE DHS… Key points: 1. The contract's value appears reasonable given the scope of IT security services provided. 2. Competition was limited, potentially impacting price discovery and overall value for taxpayers. 3. The contract's duration and task order structure suggest a need for ongoing IT security support. 4. Performance context is tied to DHS's Continuous Diagnostics and Mitigation (CDM) program. 5. This contract falls within the broader IT services sector, specifically focusing on cybersecurity solutions.
Value Assessment
Rating: fair
The total award amount of $35.3 million over approximately three years for a Cloud Management as a Service (CMAAS) solution for DHS IT security events appears to be within a reasonable range for specialized IT services. Benchmarking against similar large-scale IT security contracts is challenging without more granular data on service specifics and performance metrics. However, the pricing structure, likely influenced by the time and materials (T&M) award type, suggests a need for careful monitoring to ensure cost-effectiveness and prevent scope creep.
Cost Per Unit: N/A
Competition Analysis
Competition Level: full-and-open
This contract was awarded under full and open competition, with 10 bidders initially vying for the work. While a competitive initial pool is positive, the specific award mechanism (BPA Call) might indicate a more streamlined process for subsequent task orders. The level of competition at the task order level is not detailed, but the initial 10 bidders suggest a healthy market interest in providing these IT security services.
Taxpayer Impact: A competitive initial bidding process is beneficial for taxpayers as it encourages multiple vendors to offer their best pricing and solutions, potentially leading to cost savings. However, the ultimate impact on taxpayer value depends on the ongoing competition and oversight throughout the contract's life.
Public Impact
The Department of Homeland Security (DHS) and its components are the primary beneficiaries, receiving enhanced IT security detection and analysis capabilities. The contract delivers critical services for managing cloud environments and improving the detection of IT security events. The geographic impact is national, supporting DHS's cybersecurity posture across its various agencies. Workforce implications include the need for skilled IT security professionals to manage and operate the CMAAS solution.
Waste & Efficiency Indicators
Waste Risk Score: 50 / 10
Warning Flags
- Potential for cost overruns due to Time and Materials (T&M) contract type if not closely managed.
- Ensuring consistent performance and service levels across all DHS components under the CMAAS solution.
- Dependency on contractor expertise for critical IT security functions.
- The effectiveness of the 'improved detection and analysis' needs continuous validation.
- Potential for vendor lock-in if the CMAAS solution becomes deeply integrated without clear exit strategies.
Positive Signals
- Awarded under full and open competition, indicating a broad market approach.
- Supports a critical government function: IT security for a major agency (DHS).
- The contract is part of the broader DHS Continuous Diagnostics and Mitigation (CDM) program, suggesting alignment with strategic security goals.
- Task order structure allows for flexibility in addressing evolving security needs.
- Contractor has a defined role in enhancing cybersecurity capabilities.
Sector Analysis
This contract operates within the Information Technology (IT) services sector, specifically focusing on cybersecurity and cloud management solutions. The market for these services is substantial and growing, driven by increasing cyber threats and the shift to cloud-based infrastructure. Comparable spending benchmarks would typically involve other large government contracts for managed security services, cloud integration, and IT operations support. The $35.3 million award is significant but not extraordinary within the context of federal IT spending for critical infrastructure protection.
Small Business Impact
This contract was not set aside for small businesses, and there is no explicit information regarding subcontracting plans for small businesses. The award to Knowledge Consulting Group Inc., a mid-sized firm, suggests that the primary focus was on technical capability rather than small business participation. Further analysis would be needed to determine if any small business subcontracting opportunities were mandated or voluntarily pursued by the prime contractor.
Oversight & Accountability
Oversight for this contract would primarily fall under the General Services Administration (GSA) and the Department of Homeland Security (DHS) program office. The contract's performance is likely monitored through regular reporting, performance reviews, and adherence to service level agreements (SLAs) defined in the task orders. Transparency is facilitated through contract award data, but detailed operational performance metrics may be less publicly accessible. Inspector General jurisdiction would apply if any fraud, waste, or abuse is suspected.
Related Government Programs
- DHS Continuous Diagnostics and Mitigation (CDM) Program
- Federal Cloud Computing Strategy
- IT Security Services Contracts
- Managed Security Services (MSS)
- Cloud Management as a Service (CMAAS)
Risk Flags
- Potential for cost overruns (T&M contract type)
- Ensuring effectiveness of security solutions against evolving threats
- Limited competition at task order level (potential)
Tags
it-services, cybersecurity, cloud-computing, dhs, gsa, full-and-open-competition, time-and-materials, bpa-call, managed-services, it-operations
Frequently Asked Questions
What is this federal contract paying for?
General Services Administration awarded $35.3 million to KNOWLEDGE CONSULTING GROUP INC. THIS TO IS TO DESIGN, CONFIGURE, AND OPERATE A CMAAS SOLUTION FOR DHS THAT COMPLIES WITH APPLICABLE STANDARDS AND DEMONSTRATES IMPROVED DETECTION AND ANALYSIS OF IT SECURITY EVENTS IN COOPERATION WITH DHS CDM PROGRAM OFFICE (FOR ALL TASK ORDERS) AND THE DHS COMPONENTS (AS THE DHS CDM END USERS IN THIS TASK ORDER).
Who is the contractor on this award?
The obligated recipient is KNOWLEDGE CONSULTING GROUP INC.
Which agency awarded this contract?
Awarding agency: General Services Administration (Federal Acquisition Service).
What is the total obligated amount?
The obligated amount is $35.3 million.
What is the period of performance?
Start: 2015-02-27. End: 2018-06-16.
What is the specific nature of the 'CMAAS solution' and its key functionalities for DHS?
The CMAAS solution is designed to help the Department of Homeland Security (DHS) manage its cloud environments and enhance the detection and analysis of IT security events. Key functionalities likely include continuous monitoring of cloud assets, vulnerability assessment, threat detection, incident response support, and compliance reporting. The solution aims to provide a unified view of security posture across various cloud services utilized by DHS components. It operates in cooperation with the DHS CDM Program Office, suggesting integration with broader federal cybersecurity initiatives and standards. The specific technical details and performance metrics would be outlined in the task orders issued under this Blanket Purchase Agreement (BPA) Call.
How does the performance of Knowledge Consulting Group Inc. on this contract compare to industry benchmarks for IT security services?
Direct performance comparison to industry benchmarks is difficult without access to granular performance metrics and specific Service Level Agreements (SLAs) for this contract. However, the contract's award under full and open competition with 10 bidders suggests that Knowledge Consulting Group Inc. met the initial qualifications and proposed competitive terms. The Time and Materials (T&M) award type necessitates close monitoring by GSA and DHS to ensure that costs remain aligned with the value delivered and that performance meets expectations. A review of past performance ratings, if publicly available, would offer further insight. Generally, successful long-term IT security contracts require consistent delivery, adaptability to evolving threats, and strong client communication, all of which would be key indicators of performance.
What are the primary risks associated with this contract, and how are they being mitigated?
Primary risks include potential cost overruns due to the Time and Materials (T&M) pricing structure, which requires diligent oversight to prevent scope creep and ensure efficient resource utilization. Another risk is ensuring the effectiveness and continuous improvement of the IT security detection and analysis capabilities, as the threat landscape evolves rapidly. Vendor lock-in is also a concern if the CMAAS solution becomes deeply integrated without clear exit strategies. Mitigation strategies likely involve robust contract management by GSA and DHS, including regular performance reviews, detailed reporting requirements, and potentially fixed-price elements within task orders for specific deliverables. Strong cybersecurity expertise within the government oversight team is crucial for effective risk management.
How does this contract contribute to the overall cybersecurity posture of the Department of Homeland Security?
This contract significantly contributes to DHS's cybersecurity posture by providing a specialized Cloud Management as a Service (CMAAS) solution. It directly supports the DHS Continuous Diagnostics and Mitigation (CDM) program by enhancing the detection and analysis of IT security events within DHS's cloud environments. By centralizing or improving the management of cloud security, the contract helps DHS gain better visibility into its attack surface, identify vulnerabilities more effectively, and respond to incidents faster. This ultimately strengthens the department's ability to protect its critical infrastructure and sensitive data from cyber threats, aligning with national cybersecurity objectives.
What has been the historical spending trend for similar IT security services at GSA or DHS?
Historical spending trends for IT security services at GSA and DHS have generally shown a consistent increase over the past decade, reflecting the growing importance of cybersecurity and the expanding digital footprint of federal agencies. Both agencies are major consumers of IT services, including network security, endpoint protection, data security, and cloud security solutions. Specific spending on CMAAS or similar managed security services has likely grown in parallel with the adoption of cloud technologies. While this specific $35.3 million contract is a significant award, it represents a portion of the overall federal investment in cybersecurity, which runs into billions of dollars annually across various agencies and contract vehicles.
Industry Classification
NAICS: Professional, Scientific, and Technical Services › Computer Systems Design and Related Services › Other Computer Related Services
Product/Service Code: INFORMATION TECHNOLOGY EQUIPMENT (INCLD FIRMWARE) SOFTWARE,SUPPLIES& SUPPORT EQUIPMENT
Competition & Pricing
Extent Competed: FULL AND OPEN COMPETITION
Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY
Offers Received: 10
Pricing Type: TIME AND MATERIALS (Y)
Contractor Details
Parent Company: Mantech International Corporation (UEI: 053518312)
Address: 2000 EDMUND HALLEY DR STE 500, RESTON, VA, 20191
Business Categories: Category Business, Small Business, Special Designations, U.S.-Owned Business
Financial Breakdown
Contract Ceiling: $38,852,583
Exercised Options: $37,324,204
Current Obligation: $35,269,817
Subaward Activity
Number of Subawards: 5
Total Subaward Amount: $9,880,322
Contract Characteristics
Commercial Item: COMMERCIAL ITEM PROCEDURES NOT USED
Parent Contract
Parent Award PIID: GS00T13AJA0016
IDV Type: BPA
Timeline
Start Date: 2015-02-27
Current End Date: 2018-06-16
Potential End Date: 2018-06-16 00:00:00
Last Modified: 2019-12-23
More Contracts from Knowledge Consulting Group Inc
- THE Purpose of This Task Order (TO) IS to Support the DHS, Office of Cyber Security and Communications (CS&C), Operating on Behalf of a Specific SET of Federal Agencies by Providing Tools and Sensors in Support of the Continuous Diagnostics and Mitigation (CDM) Program. Igf::ot::igf — $50.7M (General Services Administration)
- Attn: Kristin Fuller (CO) the Purpose of This Request IS to Provide Independent Information Technology Security Support Services (itsss) to the TSA / OIT Cyber Security and IAD, and to Other Program Offices Within TSA in the Area of IT Security. OIT Provides the Administration%u2019s Response to Meeting the Practical and Statutory Security Requirements Associated With the USE of Information Technology (IT) Solutions to Support Administration Assets. the Cyber Security and IAD IS the Central Office Responsible for Delivering Security Services in the Form of Program/Project Management, Functional Guidance, Technical Assistance, Security Operations, and Compliance Monitoring. the Goal IS to Ensure That TSA IS Able to Deliver the Services Mandated by LAW, and DO SO in a Manner That Fully Complies With the LAW. the Below Referenced Estimates Covers for Labor and Travel. for Questions, Contact Carl Shirley on 571-227-3749 — $36.2M (Department of Homeland Security)
- Federal Contract — $36.1M (Department of Justice)
- Attn: Jose Bumbray (CO) the Purpose of This Request IS to Exercise a Follow-On Option for Continued Incremental Funding Against a Current Contract # Hsts-03-06-A-Cio916. the Service Provider IS Knowledge Consulting Group (KCG) Iass and Provides Personnel Services (labor). the Incremental Period of Performance (POP) IS From July 14, 2008 Through March 13, 2009 (about Eight Months) for Approximately $6,000,000. the Services Include: Auditing, Security Business Analysis and Review, Security Engineering, Incident Management and Forensics, Policy and Architecture, Certifier and Accreditation Services (C&A), Comsec, Fisma Compliance, Security Compliance, Bridge SLA and Performance Metrics and Other Technical Services Support to the IT Security Office. SEE Fact Sheet for Additional Details. Sub-Portfolio Code: the IT Security Funding Code IS AS Follows: - Comsec: $800,000 - Policy & Architect: $1,450,000 - Certifier SVS: $2,550,000 - Incident Mgt&forensic: $1,200,000 for Questions Regarding This Request, Please Contact Carl Shirley (cotr) on 571-227-3749 — $28.3M (Department of Homeland Security)
- Security Oversight and Compliance Support Services (socs) — $25.1M (Department of Homeland Security)
Other General Services Administration Contracts
- Software Life Cycle Development — $1.4B (Science Applications International Corporation)
- Task Order (TO) 47qfca21f0018 IS Hereby Awarded to Booz Allen Hamilton, Inc. (BAH) to Provide Enterprise Level Data to the Ousd(c), and ITS Strategic Partners (I.E., DOD Fourth Estate, DOD Departments, and IC Community) — $1.4B (Booz Allen Hamilton Inc)
- Federal Contract — $1.2B (Booz Allen Hamilton Inc)
- THE Scope of the to IS to Provide Enterprise IT Services for the Usace — $1.1B (Science Applications International Corporation)
- Task Order Award — $1.1B (Booz Allen Hamilton Inc)