IRS cybersecurity bolstered with $14.2M delivery order for intrusion detection, enhancing CSIRC capabilities
Contract Overview
Contract Amount: $14,183,391 ($14.2M)
Contractor: FCN, Inc.
Awarding Agency: Department of the Treasury
Start Date: 2024-04-10
End Date: 2026-04-10
Contract Duration: 730 days
Daily Burn Rate: $19.4K/day
Competition Type: FULL AND OPEN COMPETITION AFTER EXCLUSION OF SOURCES
Number of Offers Received: 1
Pricing Type: FIRM FIXED PRICE
Sector: IT
Official Description: THIS IS A DELIVERY ORDER FOR ENTERPRISE INTRUSION DETECTION SOLUTION (HARDWARE WHICH CONTAINS EMBEDDED SOFTWARE) FOR THE INTERNAL REVENUE SERVICE (IRS) CYBERSECURITY OPERATIONS COMPUTER SECURITY INCIDENT RESPONSE CENTER (CSIRC).
Place of Performance
Location: KEARNEYSVILLE, JEFFERSON County, WEST VIRGINIA, 25430
Plain-Language Summary
Department of the Treasury obligated $14.2 million to FCN, INC. for work described as: THIS IS A DELIVERY ORDER FOR ENTERPRISE INTRUSION DETECTION SOLUTION (HARDWARE WHICH CONTAINS EMBEDDED SOFTWARE) FOR THE INTERNAL REVENUE SERVICE (IRS) CYBERSECURITY OPERATIONS COMPUTER SECURITY INCIDENT RESPONSE CENTER (CSIRC). Key points: 1. The contract focuses on essential hardware with embedded software for intrusion detection, a critical component of cybersecurity. 2. Competition was conducted under 'full and open competition after exclusion of sources,' suggesting a potentially complex procurement process. 3. The fixed-price contract type provides cost certainty for the government. 4. The delivery order has a duration of two years, aligning with the need for ongoing cybersecurity support. 5. The awardee, FCN, Inc., will provide services to the Internal Revenue Service (IRS) Cybersecurity Operations Computer Security Incident Response Center (CSIRC). 6. The contract value of $14.2 million represents a significant investment in protecting sensitive IRS data.
Value Assessment
Rating: good
The contract value of $14.2 million for an enterprise intrusion detection solution appears reasonable given the critical nature of cybersecurity for the IRS. Benchmarking against similar large-scale cybersecurity hardware and software deployments for federal agencies suggests this price point is within expected ranges. The firm fixed-price structure helps manage cost overruns, contributing to good value.
Cost Per Unit: N/A
Competition Analysis
Competition Level: full-and-open
The contract was awarded under 'full and open competition after exclusion of sources.' This specific clause indicates that while the competition was intended to be open, certain sources may have been excluded for reasons not detailed in the provided data. The number of bidders is not specified, but the 'full and open' nature generally promotes price discovery and encourages multiple vendors to participate, leading to competitive pricing.
Taxpayer Impact: This procurement method aims to ensure that taxpayers receive the best possible value by allowing a wide range of qualified vendors to compete, potentially driving down costs through market forces.
Public Impact
The primary beneficiaries are the Internal Revenue Service (IRS) and its cybersecurity operations, ensuring the protection of taxpayer data and critical infrastructure. The services delivered include the provision of enterprise intrusion detection hardware with embedded software, crucial for real-time threat monitoring and response. The geographic impact is primarily within the IRS's operational centers, with potential implications for remote access security. Workforce implications may include the need for trained personnel to manage and operate the new intrusion detection systems.
Waste & Efficiency Indicators
Waste Risk Score: 50 / 10
Warning Flags
- The 'exclusion of sources' clause in the competition type warrants further investigation to understand potential limitations on market access.
- Lack of specific details on the number of bidders makes it difficult to fully assess the intensity of competition.
- The reliance on hardware with embedded software introduces potential supply chain risks and vendor lock-in concerns.
Positive Signals
- The use of a firm fixed-price contract provides budget certainty for the government.
- The focus on intrusion detection directly addresses a critical cybersecurity need for a sensitive government agency.
- The award to FCN, Inc. suggests a potentially established relationship or proven capability in providing cybersecurity solutions.
Sector Analysis
The cybersecurity market is a rapidly growing sector within the broader IT industry, driven by increasing digital threats and the need for robust defense mechanisms. Federal agencies, particularly those handling sensitive financial and personal data like the IRS, are significant spenders in this area. This contract for intrusion detection solutions fits within the 'Other Computer Related Services' NAICS code, reflecting the specialized nature of cybersecurity technology and services. Comparable spending benchmarks for enterprise-level cybersecurity solutions can range from millions to tens of millions of dollars annually, depending on the scope and scale of the deployment.
Small Business Impact
The provided data indicates that this contract was not set aside for small businesses (ss: false, sb: false). Therefore, there are no direct subcontracting implications or specific impacts on the small business ecosystem stemming from a small business set-aside. The prime contractor, FCN, Inc., may engage small businesses as subcontractors, but this is not mandated by the contract terms as presented.
Oversight & Accountability
Oversight for this contract would typically fall under the purview of the Department of the Treasury's Inspector General, given the IRS's affiliation. Accountability measures are inherent in the firm fixed-price contract type, which obligates the contractor to deliver specified goods and services within the agreed-upon price. Transparency is facilitated through contract award databases, though specific performance metrics and detailed oversight reports may not always be publicly accessible.
Related Government Programs
- IRS Cybersecurity Modernization Initiatives
- Federal Cybersecurity Operations Support
- Network Intrusion Detection Systems Procurement
- Computer Security Incident Response Center (CSIRC) Enhancements
- Department of the Treasury IT Infrastructure Investments
Risk Flags
- Potential limited competition due to 'exclusion of sources'
- Supply chain risks associated with embedded software
- Vendor lock-in potential
- Need for ongoing software updates and maintenance
Tags
it, cybersecurity, intrusion-detection, irs, department-of-the-treasury, delivery-order, firm-fixed-price, full-and-open-competition, fcn-inc, hardware-with-embedded-software, computer-security-incident-response-center, west-virginia
Frequently Asked Questions
What is this federal contract paying for?
Department of the Treasury awarded $14.2 million to FCN, INC.. THIS IS A DELIVERY ORDER FOR ENTERPRISE INTRUSION DETECTION SOLUTION (HARDWARE WHICH CONTAINS EMBEDDED SOFTWARE) FOR THE INTERNAL REVENUE SERVICE (IRS) CYBERSECURITY OPERATIONS COMPUTER SECURITY INCIDENT RESPONSE CENTER (CSIRC).
Who is the contractor on this award?
The obligated recipient is FCN, INC..
Which agency awarded this contract?
Awarding agency: Department of the Treasury (Internal Revenue Service).
What is the total obligated amount?
The obligated amount is $14.2 million.
What is the period of performance?
Start: 2024-04-10. End: 2026-04-10.
What is the specific nature of the 'exclusion of sources' in the 'full and open competition after exclusion of sources' award type, and how might it have impacted the competitive landscape?
The 'full and open competition after exclusion of sources' award type is a less common procurement method. It implies that the agency initially intended a broad competition but subsequently excluded specific sources based on predefined criteria, which could include factors like security clearances, specific technical capabilities, or prior performance issues. While the competition was 'full and open' among the remaining eligible sources, the exclusion of certain vendors might have limited the overall pool of potential bidders. This could potentially reduce the intensity of competition and may have influenced the final pricing. Without knowing which sources were excluded and why, it's difficult to definitively assess the impact on price discovery and overall value for taxpayers. Further investigation into the justification for source exclusion would be necessary for a complete analysis.
How does the $14.2 million contract value compare to similar enterprise intrusion detection solutions procured by other federal agencies?
The $14.2 million contract value for an enterprise intrusion detection solution over a two-year period appears to be within a reasonable range for large-scale federal cybersecurity procurements. Similar contracts for comprehensive network security hardware and software, including intrusion detection and prevention systems, often fall within the multi-million dollar bracket, especially for agencies with extensive networks and sensitive data like the IRS. Factors influencing cost include the number of endpoints protected, the sophistication of the threat intelligence feeds, the level of integration with existing security infrastructure, and the vendor's support and maintenance packages. While specific comparable contract values fluctuate based on market conditions and agency-specific requirements, this award suggests a significant investment commensurate with the critical need for robust cybersecurity at the IRS.
What are the potential risks associated with procuring hardware that contains embedded software for cybersecurity operations?
Procuring hardware with embedded software for cybersecurity operations presents several potential risks. Firstly, there's the risk of supply chain vulnerabilities, where the hardware or its embedded software could be compromised during manufacturing or distribution, introducing backdoors or malware. Secondly, vendor lock-in is a significant concern; reliance on proprietary embedded software can make it difficult and costly to switch vendors or integrate with other systems in the future. Thirdly, the security of the embedded software itself is paramount. If not rigorously developed, tested, and updated, it can become a vector for cyberattacks. Finally, managing firmware and software updates for embedded systems can be complex, and delays or failures in patching vulnerabilities can leave the system exposed to threats. Continuous monitoring and robust vendor management are crucial to mitigate these risks.
What is the track record of FCN, Inc. in delivering cybersecurity solutions to federal agencies, particularly the IRS?
FCN, Inc. is a federal IT solutions provider that has a history of winning contracts across various government agencies, including the Department of the Treasury and the IRS. Their contract portfolio often includes IT infrastructure, cybersecurity services, and technology modernization projects. While specific details on their performance for this particular type of intrusion detection solution are not provided in the summary data, their sustained presence and success in securing federal contracts suggest a level of capability and reliability. Agencies typically award contracts based on past performance evaluations, so FCN's ability to secure this delivery order implies they have met the necessary performance standards in previous engagements. A deeper dive into their contract history and performance reviews would provide more granular insights.
How does the duration of the contract (730 days) align with the typical lifecycle of cybersecurity hardware and software solutions?
A contract duration of 730 days (two years) for enterprise intrusion detection hardware with embedded software is a reasonable timeframe, reflecting the dynamic nature of cybersecurity threats and technology. While the hardware itself might have a longer physical lifespan, the embedded software and threat intelligence capabilities require continuous updates and potential upgrades to remain effective against evolving threats. A two-year period allows the IRS to leverage the solution while providing opportunities to reassess technology needs and market offerings before committing to longer-term investments or replacements. It strikes a balance between providing sufficient operational time and maintaining flexibility in a rapidly changing technological landscape. This duration is typical for delivery orders or task orders within larger indefinite-delivery/indefinite-quantity (IDIQ) contracts.
Industry Classification
NAICS: Professional, Scientific, and Technical Services › Computer Systems Design and Related Services › Other Computer Related Services
Product/Service Code: IT AND TELECOM - COMPUTE
Competition & Pricing
Extent Competed: FULL AND OPEN COMPETITION AFTER EXCLUSION OF SOURCES
Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY
Offers Received: 1
Pricing Type: FIRM FIXED PRICE (J)
Evaluated Preference: NONE
Contractor Details
Address: 2600 TOWER OAKS BLVD STE 575, ROCKVILLE, MD, 20852
Business Categories: Category Business, Corporate Entity Not Tax Exempt, Small Business, Special Designations, U.S.-Owned Business, Woman Owned Business, Women Owned Small Business
Financial Breakdown
Contract Ceiling: $29,578,087
Exercised Options: $14,183,391
Current Obligation: $14,183,391
Actual Outlays: $14,183,391
Contract Characteristics
Commercial Item: COMMERCIAL PRODUCTS/SERVICES
Parent Contract
Parent Award PIID: NNG15SC71B
IDV Type: GWAC
Timeline
Start Date: 2024-04-10
Current End Date: 2026-04-10
Potential End Date: 2029-04-09 06:52:13
Last Modified: 2026-01-08
More Contracts from FCN, Inc.
- Broadcom Software License and Maint — $240.3M (Department of the Treasury)
- Base Award for IRS Cisco Catalog. Base Year 12 Months With Four 12-Month Option Periods — $233.1M (Department of the Treasury)
- Cisco Combined Services for the Internal Revenue Service User and Networks Service Organization (UNS) That Requires Consistent and Reliable Maintenance of the IRS Telecommunications Infrastructure — $129.2M (Department of the Treasury)
- Mcafee Software and Support Services — $82.2M (Department of Veterans Affairs)
- EA Bundle — $78.1M (Department of Defense)
Other Department of the Treasury Contracts
- Advertising Services — $636.5M (True North Communications Inc)
- Cade 2 Ltis3 Covid-19 — $383.8M (Deloitte Consulting LLP)
- Establish a Broad Networking and Telecommunications Service Environment to Meet ITS Network Services (wide Area and Local Area Network), Voice Telecommunications Services, Audio/Video/Web Conferencing, and Cyber Requirements — $320.2M (AT&T Enterprises, LLC)
- THE Internal Revenue Service (IRS), Office of Information Technology Office, Issues This Order Under GSA Alliant 2 (unrestricted). Enterprise Case Management (ECM) Solution Integration Services — $305.5M (Booz Allen Hamilton Inc)
- THE Tfcceis Task Order IS to Transition the Existing Tfcc Services From the Networx Contract Onto the EIS Contract Vehicle in a Manner That Will Enable Continuity of an Enterprise Network of Toll Free Services for the IRS — $264.6M (Verizon Business Network Services LLC)