Vendors of cybersecurity offerings are finding that the U.S. government is serious about improving the protection of federal IT assets. A steady stream of data protection contracts has been flowing to providers, including some notable high-value transactions during the last half of 2016.
One example is a Department of Homeland Security contract, with a potential value of US$395 million, for various cybersecurity protection services designed to prevent, detect, contain and eradicate cyberthreats. While DHS went through the process of selecting a vendor last year, a final award is pending due to a legal challenge. Still, the magnitude of the DHS project indicates the significant level of potential federal investments in cybersecurity.
Federal contracting is never easy, of course, and the providers who have received cybersecurity contracts have had to meet all the requirements of doing business with the government. While those requirements remain in force, federal agencies, especially the General Services Administration, are trying to improve the processing of cyberprotection acquisitions through expansions or enhancements to various federal procurement vehicles.
GSA’s recently selected Adobe as a provider of data protection capabilities for federal agencies. The administration last month revealed it had engaged Adobe for a “new, government-wide enterprise software acquisition agreement for best-in-class, data-centric security and electronic signature solutions.”
The agreement will help agencies “comply with current information security and electronic government policy recommendations and requirements,” including the Cybersecurity National Action Plan, the Cybersecurity Strategy and Implementation Plan, the Cybersecurity Act of 2015, the Government Paperwork Elimination Act, and the E-Sign Act of 2000, according to GSA.
Contract Vehicle Available to All Agencies
As part of a government-wide initiative, all federal agencies will be able to use the GSA vehicle to acquire the various cyberprotection capabilities offered by Adobe. GSA did not conduct a request for proposals to set up the acquisition. Instead, the administration used its existing IT contracting capability, known as “Schedule 70.”
The agreement “came as a result of vendor engagement and market research conducted by our IT software category, with the goal of identifying software publishers that would be interested in a GSA IT Schedule 70 modification of this nature,” said John Radziszewski, GSA IT software category manager.
“Adobe was identified at that time as a publisher who was interested in participating,” he told the E-Commerce Times. The transaction was facilitated through Carahsoft, an existing Schedule 70 provider and designated reseller of Adobe offerings.
The agreement covers two basic Adobe products. One is an Enterprise Digital Rights Management Product Grouping, which allows only agency personnel with specific credentials to apply persistent protection to sensitive documents and information.
That level of protection allows agencies to revoke or change document permissions regardless of location, GSA noted, which is helpful in guarding against fraud. In addition, agencies can add certificate-based digital signatures to PDF documents used with Acrobat.
A second capability is the Adobe Document Cloud for Enterprise — Premium eSign Services solution. It is a cloud-based, enterprise-class e-signature service that lets agencies replace paper and ink processes with fully automated electronic signature workflows, GSA said.
GSA’s ‘Win-Win’ Program
The Adobe agreement also provides other benefits, according to GSA, such as assisting federal agencies in modernizing IT acquisitions and generally improving operational efficiency.
In addition, the negotiated offer with Adobe will provide government agencies with “significant savings over previous pricing,” said Mary Davie, assistant commissioner for information technology in GSA’s Federal Acquisition Service. GSA estimates the value of the potential savings at $350 million.
The pricing element is a significant benefit, observed David Wennergren, executive vice president at the Professional Services Council.
“This is an enterprise software agreement, which always is with a single company. These agreements are designed to provide an easy mechanism for agencies to get a good price on software licenses by leveraging the government’s buying power,” he told the E-Commerce Times.
“Enterprise software agreements can be win-wins. For the government, they aggregate demand and buying power to get the best price for buying software, and then make that good rate available for multiple agencies. For companies, they reduce the administrative burdens of negotiating and managing a plethora of licensing agreements and may help drive demand for their software and other products and services,” Wennergren explained.
“There are enterprise licensing agreements in place with a number of software companies through GSA’s SmartBuy program, the Defense Department’s Enterprise Software Initiative, and other programs,” he noted. The agreement with Adobe is just one of multiple initiatives and adds one more tool to federal acquisition capabilities, especially in the cybersecurity area.
Yet agencies will have alternatives to consider.
“There are … similar types of products being provided by other software providers on IT Schedule 70,” GSA’s Radziszewski said.
Recent contract awards demonstrate the federal effort to utilize a variety of acquisition vehicles to pursue that goal. They include the following:
- ManTech: GSA last summer awarded two contracts with a potential total value of $110 million to ManTech International on behalf of DHS. Tasks will include continuous diagnostic monitoring for cybersecurity purposes and protecting cloud operations.
The transaction vehicle was a government-wide acquisition contract through GSA’s Alliant program. Mantech last fall received a contract from the National Geospatial-Intelligence Agency, which carried a potential value of $322 million over five years. The award included the provision of IT enterprise management services and enterprise cybersecurity services to NGA.
- Iron Vale: The Center for Medicare and Medicaid Services last year awarded a contract to Iron Vale for providing a comprehensive cybersecurity support.
CMS used a competitive GSA schedule program procurement that simplifies the process of obtaining commercial supplies and services, the agency said. CMS used GSA’s e-Buy website to post the opportunity.
The contract combined two existing agreements into a single entity and provided a one-year base period with four additional option years. Its total potential value is $67.6 million.
- Advanced Concepts and Technologies International: The company last month received a contract to provide cyberacquisition support services to the DHS National Protection and Programs Directorate, Office of Cybersecurity and Communications, over a period of four years. Valued at $21 million, the contract was facilitated through the GSA OASIS Small Business Pool.
Defense Department Activities
In addition to civilian agencies, the Defense Department has remained active in the cybertechnology market. For example, Engility Holdings will provide cyber-research, security assessments, and analysis for the U.S. Air Force under a $31 million contract awarded last month.
The contract was facilitated through the Defense Technical Information Center, a centralized agency within the Defense Department. The DTIC has a coordinating arrangement with the Air Force Life Cycle Management Center. Among other tasks, the Air Force unit tracks life cycle performance of weapons systems.
Also, the U.S. Army engaged Booz Allen Hamilton for cyber security enterprise support through a $13.2 million firm-fixed-price contract with options. The award was issued last year for a five-year period. It was facilitated through a conventional acquisition by the Army Contracting Command.
Whether through conventional acquisition vehicles or enhanced procurement procedures, it appears that federal agencies will continue to seek significant assistance to bolster their cybersecurity capabilities.