HHS awards $19.7M for Security Testing to MITRE Corp, highlighting a need for specialized IT services

Contract Overview

Contract Amount: $19,673,134 ($19.7M)

Contractor: THE Mitre Corporation

Awarding Agency: Department of Health and Human Services

Start Date: 2009-07-28

End Date: 2014-04-30

Contract Duration: 1,737 days

Daily Burn Rate: $11.3K/day

Competition Type: FULL AND OPEN COMPETITION

Number of Offers Received: 4

Pricing Type: COST PLUS FIXED FEE

Sector: IT

Official Description: TAS::75 0511::TAS SECURITY TESTING AND EVALUATION OF APPLICATIONS AND INFRASTRUCTURE

Place of Performance

Location: MC LEAN, FAIRFAX County, VIRGINIA, 22102

State: Virginia Government Spending

Plain-Language Summary

Department of Health and Human Services obligated $19.7 million to THE MITRE CORPORATION for work described as: TAS::75 0511::TAS SECURITY TESTING AND EVALUATION OF APPLICATIONS AND INFRASTRUCTURE Key points: 1. The contract focuses on critical application and infrastructure security testing, a vital area for government IT. 2. MITRE Corporation, a well-established entity, secured this contract, indicating potential for strong technical expertise. 3. The duration and value suggest a significant, ongoing need for these specialized cybersecurity services. 4. The 'Other Management Consulting Services' NAICS code might obscure the specific IT security focus.

Value Assessment

Rating: fair

The contract's Cost Plus Fixed Fee (CPFF) structure can lead to cost overruns if not managed tightly. Benchmarking CPFF contracts for similar IT security services is difficult without more granular data on labor categories and overhead.

Cost Per Unit: N/A

Competition Analysis

Competition Level: full-and-open

The contract was awarded under full and open competition, suggesting a competitive bidding process. However, the specific details of the competition and how price discovery was achieved are not provided, making it hard to assess if the best value was obtained.

Taxpayer Impact: Taxpayer funds are being used for essential cybersecurity services. The CPFF structure necessitates careful oversight to ensure cost efficiency and prevent unnecessary spending.

Public Impact

Ensures the security of critical healthcare applications and infrastructure managed by CMS. Supports the ongoing operational integrity and data protection of Medicare and Medicaid systems. Addresses the growing threat landscape in cybersecurity for federal agencies. Provides specialized expertise that may not be readily available in-house.

Waste & Efficiency Indicators

Waste Risk Score: 50 / 10

Warning Flags

CPFF contract type can incentivize cost increases.
Lack of detailed competition data hinders value assessment.
NAICS code is broad and may not fully capture IT security specialization.

Positive Signals

Awarded under full and open competition.
Addresses a critical government function (cybersecurity).
Long contract duration indicates sustained need and potential for stable service delivery.

Sector Analysis

This contract falls within the IT services sector, specifically focusing on cybersecurity. Spending benchmarks for similar security testing and evaluation services can vary widely based on scope, complexity, and the specific technologies involved. The $19.7M award over nearly five years suggests a substantial and ongoing requirement.

Small Business Impact

The data indicates this contract was not set aside for small businesses (sb: false). The prime contractor, The MITRE Corporation, is a large organization, suggesting that small businesses were likely not prime awardees on this specific contract, though they may have participated as subcontractors.

Oversight & Accountability

The contract's CPFF structure requires robust oversight from HHS and CMS to monitor costs, ensure performance, and prevent potential overruns. Regular audits and performance reviews would be crucial for accountability and effective use of taxpayer funds.

Related Government Programs

Other Management Consulting Services
Department of Health and Human Services Contracting
Centers for Medicare and Medicaid Services Programs

Risk Flags

Cost Plus Fixed Fee (CPFF) contract type.
Broad NAICS code may obscure specific IT security focus.
Limited data on competition specifics and price discovery.
Lack of detailed performance metrics or outcome data.

Frequently Asked Questions

What is this federal contract paying for?

Department of Health and Human Services awarded $19.7 million to THE MITRE CORPORATION. TAS::75 0511::TAS SECURITY TESTING AND EVALUATION OF APPLICATIONS AND INFRASTRUCTURE

Who is the contractor on this award?

The obligated recipient is THE MITRE CORPORATION.

Which agency awarded this contract?

Awarding agency: Department of Health and Human Services (Centers for Medicare and Medicaid Services).

What is the total obligated amount?

The obligated amount is $19.7 million.

What is the period of performance?

Start: 2009-07-28. End: 2014-04-30.

What specific security vulnerabilities were identified and remediated under this contract, and what was the quantifiable impact on system security?

The provided data does not detail specific vulnerabilities or their quantifiable impact. To assess value, a review of performance reports, vulnerability assessments, and remediation success metrics would be necessary. Understanding the reduction in security incidents or the strengthening of defenses post-testing is key to evaluating the contract's effectiveness.

How did the CPFF structure influence the final cost compared to a fixed-price contract, and were there mechanisms in place to control costs effectively?

The CPFF structure allows for costs to fluctuate based on actual effort, potentially leading to higher final costs than a fixed-price contract if not managed diligently. Effective cost control would rely on strong government oversight, detailed cost tracking, and clear performance metrics tied to fee determination. Without this data, it's difficult to ascertain if costs were optimally managed.

What was the competitive landscape for this 'Other Management Consulting Services' contract, and did the full and open competition result in demonstrably better pricing or performance?

While awarded under 'full and open competition,' the specific details of the bidding process and the number of competitors are not provided. Assessing the 'better pricing or performance' requires comparing the awarded contract's terms, price, and outcomes against alternative proposals or market rates for similar specialized security testing services.

Industry Classification

NAICS: Professional, Scientific, and Technical Services › Management, Scientific, and Technical Consulting Services › Other Management Consulting Services

Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS › ADP AND TELECOMMUNICATIONS

Competition & Pricing

Extent Competed: FULL AND OPEN COMPETITION

Solicitation Procedures: NEGOTIATED PROPOSAL/QUOTE

Offers Received: 4

Pricing Type: COST PLUS FIXED FEE (U)

Evaluated Preference: NONE

Contractor Details

Address: 7515 COLSHIRE DR, MC LEAN, VA, 22102

Business Categories: Category Business, Corporate Entity Tax Exempt, Nonprofit Organization, Not Designated a Small Business

Financial Breakdown

Contract Ceiling: $85,301,530

Exercised Options: $19,673,134

Current Obligation: $19,673,134

Contract Characteristics

Commercial Item: COMMERCIAL ITEM PROCEDURES NOT USED

Parent Contract

Parent Award PIID: TIRNO99D00005

IDV Type: IDC

Timeline