VA's $25.2M Information Security Contract Faces Scrutiny Amidst Ongoing System Deficiencies
Contract Overview
Contract Amount: $25,261,608 ($25.3M)
Contractor: ASM Research, LLC
Awarding Agency: Department of Veterans Affairs
Start Date: 2014-06-19
End Date: 2016-06-29
Contract Duration: 741 days
Daily Burn Rate: $34.1K/day
Competition Type: FULL AND OPEN COMPETITION
Number of Offers Received: 11
Pricing Type: FIRM FIXED PRICE
Sector: IT
Official Description: IGF::CT::IGF THE DEPARTMENT OF VETERANS AFFAIRS (VA), CONTINUOUS READINESS IN INFORMATION SECURITY PROTECTION (CRISP) PROGRAM HAS A REQUIREMENT FOR OPERATIONAL INFRASTRUCTURE AND SECURITY PROTECTION SUPPORT SERVICES NEEDED TO SUPPORT VA IN ADDRESSING SYSTEM SECURITY VULNERABILITIES COMPONENTS, ENSURING INFORMATION SECURITY RISK CONTROLS ARE IMPLEMENTED AND MONITORED, AND IN RESPONSE TO FEDERAL INFORMATION SYSTEMS CONTROLS AUDIT MANUAL (FISCAM) AUDIT REPORTING, WHICH HAS CONTINUALLY IDENTIFIED VA SYSTEMS AS DEFICIENT.
Place of Performance
Location: FAIRFAX, FAIRFAX County, VIRGINIA, 22033
State: Virginia Government Spending
Plain-Language Summary
Department of Veterans Affairs obligated $25.3 million to ASM RESEARCH, LLC for work described as: IGF::CT::IGF THE DEPARTMENT OF VETERANS AFFAIRS (VA), CONTINUOUS READINESS IN INFORMATION SECURITY PROTECTION (CRISP) PROGRAM HAS A REQUIREMENT FOR OPERATIONAL INFRASTRUCTURE AND SECURITY PROTECTION SUPPORT SERVICES NEEDED TO SUPPORT VA IN ADDRESSING SYSTEM SECURITY VULNERABILITI… Key points: 1. The contract addresses critical security vulnerabilities identified by FISCAM audits. 2. ASM Research, LLC holds the contract, awarded via full and open competition. 3. The primary risk lies in the VA's persistent system deficiencies despite ongoing support. 4. The sector is IT services, specifically computer systems design and security protection.
Value Assessment
Rating: questionable
The contract value of $25.2M over two years for operational infrastructure and security support appears high given the recurring audit findings. Benchmarking against similar IT security services contracts is difficult without more granular cost data, but the continued deficiencies suggest potential value for money concerns.
Cost Per Unit: N/A
Competition Analysis
Competition Level: full-and-open
The contract was awarded through full and open competition, which typically fosters competitive pricing. However, the persistent system deficiencies suggest that the competitive process may not have fully addressed the underlying security issues or that the scope of work evolved significantly.
Taxpayer Impact: Taxpayer funds are being spent on security services that have not fully resolved identified system deficiencies, raising questions about the effectiveness and efficiency of this spending.
Public Impact
Veterans' sensitive personal and health information remains at risk due to ongoing system security vulnerabilities. The Department of Veterans Affairs' ability to protect critical data is hampered by recurring audit findings. Public trust in the VA's IT infrastructure may be eroded by the continuous identification of security gaps.
Waste & Efficiency Indicators
Waste Risk Score: 50 / 10
Warning Flags
- Recurring FISCAM audit findings indicate persistent system deficiencies.
- Contract duration and value may not align with demonstrated security improvements.
- Potential for scope creep or inadequate performance management.
Positive Signals
- Awarded through full and open competition, promoting market-based pricing.
- Addresses critical federal information system security controls.
- Contract supports essential operational infrastructure for the VA.
Sector Analysis
This contract falls within the IT services sector, specifically focusing on computer systems design and security protection. Spending in this area is crucial for government agencies to maintain cybersecurity postures, especially given the increasing threat landscape. Benchmarks for similar services vary widely based on scope and complexity.
Small Business Impact
The provided data does not indicate whether small businesses were involved in this contract, either as prime contractors or subcontractors. Further analysis would be needed to determine the extent of small business participation.
Oversight & Accountability
The contract's effectiveness is called into question by the repeated identification of system deficiencies in FISCAM audit reports. Oversight should focus on whether the contractor's services are adequately addressing these identified vulnerabilities and if performance metrics are being met.
Related Government Programs
- Computer Systems Design Services
- Department of Veterans Affairs Contracting
- Department of Veterans Affairs Programs
Risk Flags
- Persistent system deficiencies despite contract execution.
- Recurring negative audit findings (FISCAM).
- Potential misalignment between contract value/duration and security outcomes.
- Lack of clear evidence of improved security posture.
- Questions about the effectiveness of oversight and performance management.
Tags
computer-systems-design-services, department-of-veterans-affairs, va, delivery-order, 10m-plus
Frequently Asked Questions
What is this federal contract paying for?
Department of Veterans Affairs awarded $25.3 million to ASM RESEARCH, LLC. IGF::CT::IGF THE DEPARTMENT OF VETERANS AFFAIRS (VA), CONTINUOUS READINESS IN INFORMATION SECURITY PROTECTION (CRISP) PROGRAM HAS A REQUIREMENT FOR OPERATIONAL INFRASTRUCTURE AND SECURITY PROTECTION SUPPORT SERVICES NEEDED TO SUPPORT VA IN ADDRESSING SYSTEM SECURITY VULNERABILITIES COMPONENTS, ENSURING INFORMATION SECURITY RISK CONTROLS ARE IMPLEMENTED AND MONITORED, AND IN RESPONSE TO FEDERAL INFORMATION SYSTEMS CONTROLS AUDIT MANUAL (FISCAM) AUDIT REPORTING, WHICH HAS CONTINUALLY IDENTIFIED VA
Who is the contractor on this award?
The obligated recipient is ASM RESEARCH, LLC.
Which agency awarded this contract?
Awarding agency: Department of Veterans Affairs (Department of Veterans Affairs).
What is the total obligated amount?
The obligated amount is $25.3 million.
What is the period of performance?
Start: 2014-06-19. End: 2016-06-29.
What specific metrics were used to evaluate the contractor's success in addressing system security vulnerabilities and FISCAM audit findings?
The provided data does not specify the performance metrics used to evaluate the contractor's success. A thorough review of the contract's performance work statement and any associated deliverables would be necessary to identify these metrics. Understanding these metrics is crucial for assessing whether the $25.2M investment yielded the intended security improvements.
How has the VA's approach to information security evolved in response to the persistent deficiencies identified over the contract period?
The data suggests a concerning lack of evolution, as FISCAM audits have continually identified VA systems as deficient despite this contract's focus on security protection. This implies that either the contract's scope was insufficient, the contractor's performance was inadequate, or the VA's internal processes for managing security are fundamentally flawed and require more than just external support services.
Could the contract's firm-fixed-price structure have inadvertently incentivized minimal compliance rather than proactive security enhancement, given the recurring audit findings?
A firm-fixed-price contract can sometimes lead to contractors focusing on meeting minimum requirements to avoid penalties, rather than exceeding them or proactively addressing emerging threats. If the contract's scope and performance standards were not robust enough to drive continuous improvement, this pricing structure might have contributed to the persistence of security deficiencies despite ongoing service provision.
Industry Classification
NAICS: Professional, Scientific, and Technical Services › Computer Systems Design and Related Services › Computer Systems Design Services
Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS › ADP AND TELECOMMUNICATIONS
Competition & Pricing
Extent Competed: FULL AND OPEN COMPETITION
Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY
Offers Received: 11
Pricing Type: FIRM FIXED PRICE (J)
Evaluated Preference: NONE
Contractor Details
Parent Company: Accenture Public Limited Company (UEI: 985015354)
Address: 4050 LEGATO RD STE 1100, FAIRFAX, VA, 22033
Business Categories: Category Business, Corporate Entity Not Tax Exempt, Not Designated a Small Business, Special Designations, U.S.-Owned Business
Financial Breakdown
Contract Ceiling: $25,265,832
Exercised Options: $25,261,608
Current Obligation: $25,261,608
Contract Characteristics
Commercial Item: COMMERCIAL ITEM PROCEDURES NOT USED
Cost or Pricing Data: NO
Parent Contract
Parent Award PIID: VA11811D1011
IDV Type: IDC
Timeline
Start Date: 2014-06-19
Current End Date: 2016-06-29
Potential End Date: 2016-06-29 00:00:00
Last Modified: 2016-06-30
More Contracts from ASM Research, LLC
- NEW Task Order for Crisp Support Services — $317.5M (Department of Veterans Affairs)
- Vista Clinical Application and Enterprise Core Services - Software Development Support - Igf::ot::igf — $159.8M (Department of Veterans Affairs)
- Medical Electronic Data Care Health and Readiness Tracking (medchart) System — $115.4M (Department of the Interior)
- National Service Desk Help Desk Igf::ot::igf — $110.2M (Department of Veterans Affairs)
- Medical Electronic Data Care Health and Readiness Tracking (medchart) System — $84.5M (Department of the Interior)
Other Department of Veterans Affairs Contracts
- CCN Region 3 Express Report — $5.2B (Optum Public Sector Solutions, Inc.)
- Express Report for FY22 Region 2 — $5.1B (Optum Public Sector Solutions, Inc.)
- Fiscal Year 2022 Express Report for Region 1 — $4.2B (Optum Public Sector Solutions, Inc.)
- Express Report for the Patient Centered Community Care (PC3) Contract — $3.3B (Triwest Healthcare Alliance Corp)
- CCN Region Three FY21 Express Report — $3.1B (Optum Public Sector Solutions, Inc.)