New $40 Billion Ceiling for CIO-SP4 Health IT Contract: Top 20


By Laura Criste

Bloomberg Government subscribers get the stories like this first. Act now and gain unlimited access to everything you need to know. Learn more.

The recompete of the federal government’s biggest spending health-focused information technology contract will look different in its fourth iteration.

The contract, Chief Information Officer Solutions and Partners 4 (CIO-SP4) is the subject of this week’s Bloomberg Government Top 20 Opportunities.

The National Institutes of Health’s IT Acquisition and Assessment Center (NITAAC) will increase the contract’s ceiling to $40 billion, consolidate it with a separate vehicle for small businesses, and require bidders to self-score in a two-part evaluation process.

NITAAC posted the draft request for proposals for CIO-SP4 on March 27. Responses to the draft solicitation are due by May 15. NITAAC expects to post the final RFP by December, according to an agency announcement.

Like its predecessors, CIO-SP4 will be an indefinite-delivery/indefinite-quantity governmentwide acquisition contract focused on providing IT products and services in the health and biomedical fields. Because IT is increasingly ingrained in programs, the contract can extend to more general IT. The contract will include these 10 task areas, which are similar to those in CIO-SP3:

  • IT services for biomedical research, health sciences, and health care;
  • Chief information officer support;
  • Digital media;
  • Outsourcing;
  • IT operations and maintenance;
  • Integration services;
  • Cybersecurity;
  • Digital government and cloud services;
  • Enterprise resource planning; and
  • Software development.

CIO-SP4 has a 15-year period of performance, comprised of a five-year base period, a five-year option, and any task orders awarded on the last day of the five-year option can be performed for five more years. The follow on will maintain CIO-SP3’s status as a best-in-class contract, making it a preferred contract across agencies.

While there are many similarities to its predecessor, CIO-SP4 will look very different in a few key ways.

The Doubled Ceiling

CIO-SP3 had a ceiling of $20 billion, which was also the amount NITAAC originally had planned for CIO-SP4. The draft RFP doubled the ceiling to $40 billion. While this seems like a substantial increase, it can be attributed to the merge of the small-business vehicle. Instead of recompeting CIO-SP3 Small Business, NITAAC will use CIO-SP4 to take the place of both CIO-SP3 and CIO-SP3 SB.

Both CIO-SP3 and CIO-SP3 SB had $20 billion ceilings, giving them a combined $40 billion, which matches the potential value of the recompete.

NITAAC anticipates 75 to 125 unrestricted awards and 200 to 300 small-business awards, which will include 25 to 75 8(a) awards. The draft RFP strongly encourages that agencies use task order set asides to help them achieve their small business goals.

Agencies have obligated about $14.4 billion on the unrestricted and small-business vehicles since fiscal 2012. The Health and Human Services Department accounts for almost half of the spending at $6.8 billion. The Pentagon has spent $3.3 billion on the contracts and is the only other agency with more than $1 billion in obligations.

While $40 billion may seem like a large ceiling for a contract that hasn’t even hit $20 billion, obligations have increased each year since it was awarded. In recent years, the increases could be partially attributable to its BIC status, which it received in fiscal 2018. If obligations continue to increase annually at the historical rate of about 25%, agencies could spend more than $5 billion on CIO-SP3 and CIO-SP3 SB in fiscal 2021. At that level, agencies could easily hit CIO-SP4’s $40 billion ceiling, possibly even early.

Cyber Certifications

The draft RFP specifies that the Defense Department could have different requirements than civilian agencies and may also require contractors to obtain the department’s Cybersecurity Maturity Model Certification (CMMC).

With the Pentagon obligating about 23% of the funding on the predecessor contracts, this provision could be very important to vendors.

The CMMC is a series of cybersecurity certifications that will be mandatory for all of DOD’s suppliers and contractors by fiscal 2026, but the Pentagon plans to start including the requirements in some contracts starting in June. There are five tiers of certifications, with the fifth being the most stringent, and DOD task orders on CIO-SP4 could be restricted to contractors that have completed a specific certification level.

To learn more about CMMC, join Bloomberg Government’s webinar on April 16 with DOD’s Katie Arrington, chief information security officer for the Assistant Secretary of Defense for Acquisition. Click here to register.

Score Yourself

Proposals will be evaluated in two phases. In the first phase, bidders will be ranked based upon their self-scoring sheet and the highest point values will move to phase two. In phase two, proposals will be evaluated based on best value.

The self-scoring sheet isn’t included in the draft RFP. NITAAC is asking for industry feedback on the scoring sheet as part of vendor responses, which are due on May 15.

The incumbent contract did not include self-scoring, so there isn’t a template for what to expect. It may be helpful for contractors to look at the OASIS self-scoring sheet as an example when providing feedback on what should be included in the CIO-SP4 self-scoring sheet.

Using BGOV

Clients can use BGOV to prepare for responding to the May 15 draft solicitation and the upcoming final RFP.

BGOV’s Contracts Intelligence Tool provides a ranking by obligations of all agencies that have obligated funds on both CIO-SP3 contract vehicles, which can be found here.

The data can also be viewed by contractor. General Dynamics Corp. with $1.6 billion in obligations since fiscal 2012; Deloitte Touche Tohmatsu Ltd with $914 million; and Booz Allen Hamilton Holding Corp. with $851 million are the top vendors on the contracts.

The list of top small businesses is led by ActioNet Inc. with $240 million; TISTA Science & Technology Corp. with $216 million; and Attain LLC with $211 million. A previous BGOV analysis explains more about spending on NITAAC’s GWACs.

The original solicitations and documentation for CIO-SP3 and CIO-SP3 SB can be found here and here. BGOV’s contracts search lists all of the 2,259 task orders on both contracts. For many of the task orders — those with high values and recent or upcoming end dates — BGOV has filed Freedom of Information Act requests to receive the task-order statements of work. Click here to view the 119 task orders with SOWs, valued at a total of $3 billion, that BGOV has received from agencies thus far.

To contact the analyst: Laura Criste in Salt Lake City, Utah at lcriste@bgov.com

To contact the editor responsible: Daniel Snyder at dsnyder@bgov.com

Stay informed with more news like this – from the largest team of reporters on Capitol Hill – subscribe to Bloomberg Government today. Learn more.