The Defense Information Systems Agency will outsource most network management, cybersecurity, and technical services functions serving 22 at Defense Department agencies to a single contractor , according to a final request for proposals released on Dec. 8.
Defense Enclave Services, with its massive scope and implications for the future of the Pentagon’s IT acquisition strategy, is the subject of this week’s Top 20 Opportunities. The contract will have a maximum dollar value of $11.7 billion over a possible 10-year lifespan.
DISA officials had planned to release the final RFP in September, but delayed the process to give DOD chief information officer Dana Deasy time to complete a review of the program. The agency intends to evaluate bids throughout the spring and summer of 2021 and make an award decision in the first quarter of fiscal 2022.
Potential bidders have until Feb. 8 to respond to the RFP.
4th Estate Network Modernization
DES will serve as the primary vehicle for the Pentagon’s planned 4th Estate Network Optimization (4ENO) program, referring to the 22 civilian-led agencies, collectively known as the “fourth estate.” They include DISA, the Defense Logistics Agency, Defense Finance and Accounting Service, Defense Threat Reduction Agency, Missile Defense Agency, and more than a dozen others.
The contract will support these agencies’ transitions to the DoDNet network and support a set of “common use IT services” to reduce complexity and duplicative spending. DES will deliver all required transition, infrastructure, network operations and management, engineering and innovation, cybersecurity, and technical refresh support services, according to the RFP.
Key to the program’s goals are consolidating disparate local area network access points to simplify the task of defending the department against cyber intrusions, streamlining incident response functions, and improving DOD user access to help desk and support services. The contract aims to promote innovation and delivery of new technologies through pilot projects on emerging technologies, according to the RFP.
Potential Winners and Losers
If all goes according to plan, DISA’s single-award acquisition strategy may aid the department in consolidating and optimizing its IT resources. But for contractors, it will create an intense, winner-take-all contest to preserve existing revenue and displace the competition. The format gives an significants advantage to large IT systems integrators and poses a challenge to hundreds of small businesses, who will need to identify partners and scramble for subcontracting opportunities.
What will make the DES acquisition interesting is that there is no obvious front runner to win the contract. Since the start of fiscal 2016, fourth-estate agencies have obligated a combined $30 billion on contracts for IT products and services. No single prime contractor has earned more than 10% of that total. Leidos Holdings Inc. has generated the most IT contract obligations of any vendor over that span, about $2.5 billion, with $2 billion of those obligations coming from DISA. Other top fourth-estate IT vendors likely to vye for the contract include Perspecta Inc. ($1.5 billion), General Dynamics Corp. ($1.4 billion), Booz Allen Hamilton Holding Corp. ($933 million), and Raytheon Technologies Corp. ($876 million).
Regardless of who wins DES, hundreds of businesses could see their contracts and task orders shifted to a single managed services provider, either becoming relegated to subcontractor status or losing business entirely. Bloomberg Government has identified close to 5,400 task orders for fourth-estate IT products and services, active as of Oct. 1, 2021, with a combined value to date of $7.3 billion. More than 800 of them are held by small businesses. DISA has not offered a definitive list of what work will be transitioned over to DES, but contractors with business within DES’s scope of work are advised to take note.
How DISA Will Evaluate Bids
DISA plans to use a two-step evaluation process for DES. In stage one, DISA will evaluate bidders staffing and transition plans, network engineering capabilities, small-business planning, and supply chain risk management planning. Only those bidders with all four criteria deemed “acceptable” will progress to stage two. Stage two will employ a best-value trade-off method taking into account technical factors, past performance, and pricing.
The DES RFP requires bidders to submit a detailed document committing to working with small-business subcontractors. Bidders must meet a 25% minimum quantitative requirement (MQR) for small-business participation measured against the entire ceiling value of the contract, or about $2.9 billion. The overall small-business MQR of 25% is up from 20% proposed in a previous draft of the RFP. In addition, bidders must also meet separate MQRs for different socio-economic categories, including thresholds for women-owned small businesses, HUBZone businesses, and service-disabled veteran-owned small businesses.
A previous draft rankled industry by including language requiring bidders to be certified under the Pentagon’s new supply chain cyber risk regime, the Cybersecurity Maturity Model Certification (CMMC), as part of the evaluation process. The final RFP removes the CMMC requirement from the evaluation criteria. However DISA “reserves the right” to mandate CMMC certification at Level 3 — the moderate baseline, roughly equivalent to compliance with all security procedures outlined in NIST 800-171 — at the task order level. Bidders must possess a Top Secret Facilities Clearance to perform work on the contract and at least an interim clearance at the time of bid submission.
The stakes of winning an $11.7 billion contract extremely high, and it’s likely that DES could see one or more pre-award or post-award bid protests. DISA gave itself ample time, about eight months between early February and the first quarter of fiscal 2022, to evaluate bids and award a contract. With DES, DISA will likely try to avoid protracting legal battles which the Pentagon has confronted with recent high-profile DOD acquisitions such as Joint Enterprise Defense Infrastructure and Defense Enterprise Office Solutions, and aim to start work on schedule.
To contact the analyst on this story: Chris Cornillie in Washington at email@example.com
To contact the editors responsible for this story: Daniel Snyder at firstname.lastname@example.org