NRC Awards $27M for Cybersecurity and Privacy Programs to OASIS SYSTEMS, LLC

Contract Overview

Contract Amount: $27,163,286 ($27.2M)

Contractor: Oasis Systems, LLC

Awarding Agency: Nuclear Regulatory Commission

Start Date: 2022-11-21

End Date: 2027-06-30

Contract Duration: 1,682 days

Daily Burn Rate: $16.1K/day

Competition Type: FULL AND OPEN COMPETITION

Pricing Type: TIME AND MATERIALS

Sector: IT

Official Description: THE CONTRACTOR SHALL ASSIST THE AGENCY IN ESTABLISHING AND MAINTAINING ROBUST CYBERSECURITY AND PRIVACY PROGRAMS. THE CONTRACTOR SHALL ENSURE ALL ACTIVITIES ON THIS CONTRACT ADHERE TO FEDERALLY MANDATED AND NRC DEFINED CYBERSECURITY AND PRIVACY REQ

Place of Performance

Location: ROCKVILLE, MONTGOMERY County, MARYLAND, 20850

State: Maryland Government Spending

Plain-Language Summary

Nuclear Regulatory Commission obligated $27.2 million to OASIS SYSTEMS, LLC for work described as: THE CONTRACTOR SHALL ASSIST THE AGENCY IN ESTABLISHING AND MAINTAINING ROBUST CYBERSECURITY AND PRIVACY PROGRAMS. THE CONTRACTOR SHALL ENSURE ALL ACTIVITIES ON THIS CONTRACT ADHERE TO FEDERALLY MANDATED AND NRC DEFINED CYBERSECURITY AND PRIVACY REQ Key points: 1. Contract focuses on establishing and maintaining robust cybersecurity and privacy programs. 2. OASIS SYSTEMS, LLC is the sole awardee for this specific BPA Call. 3. The contract is structured as Time and Materials, which can pose cost control risks. 4. The sector is IT services, specifically 'Other Computer Related Services'.

Value Assessment

Rating: fair

The Time and Materials pricing structure for this $27M contract raises concerns about cost predictability. Without fixed labor rates or clear task definitions, the final cost could significantly exceed initial estimates, especially over its 5-year duration.

Cost Per Unit: N/A

Competition Analysis

Competition Level: full-and-open

The contract was awarded under full and open competition via a BPA Call. While this ensures a broad search for qualified contractors, the specific nature of the BPA call might limit the number of actual bidders.

Taxpayer Impact: The use of Time and Materials pricing without strong oversight could lead to inflated costs, impacting taxpayer value.

Public Impact

Ensures critical federal agency data is protected through enhanced cybersecurity measures. Supports the Nuclear Regulatory Commission's mission by safeguarding sensitive information. Potential for cost overruns due to Time and Materials contract type could impact public funds.

Waste & Efficiency Indicators

Waste Risk Score: 50 / 10

Warning Flags

• Time and Materials pricing model
• Long contract duration (approx. 5 years)
• Lack of specific performance metrics in provided data

Positive Signals

• Awarded under full and open competition
• Focus on critical cybersecurity and privacy functions

Sector Analysis

This contract falls within the IT services sector, specifically 'Other Computer Related Services'. Spending in this area is substantial across government, with cybersecurity being a high-priority area. Benchmarks for similar cybersecurity support contracts vary widely based on scope and complexity.

Small Business Impact

The provided data indicates this contract was not awarded to a small business (ss: false). There is no information on subcontracting opportunities for small businesses within this award.

Oversight & Accountability

The Time and Materials contract type necessitates robust oversight from the Nuclear Regulatory Commission to manage costs effectively and ensure deliverables meet requirements. The agency must actively monitor hours and rates to prevent overspending.

Related Government Programs

• Other Computer Related Services
• Nuclear Regulatory Commission Contracting
• Nuclear Regulatory Commission Programs

Risk Flags

• Potential for cost overruns due to Time and Materials pricing.
• Lack of defined performance metrics in the provided data.
• Long contract duration may increase risk if requirements evolve.
• Limited visibility into small business participation.

Tags

other-computer-related-services, nuclear-regulatory-commission, md, bpa-call, 10m-plus

Frequently Asked Questions

What is this federal contract paying for?

Nuclear Regulatory Commission awarded $27.2 million to OASIS SYSTEMS, LLC. THE CONTRACTOR SHALL ASSIST THE AGENCY IN ESTABLISHING AND MAINTAINING ROBUST CYBERSECURITY AND PRIVACY PROGRAMS. THE CONTRACTOR SHALL ENSURE ALL ACTIVITIES ON THIS CONTRACT ADHERE TO FEDERALLY MANDATED AND NRC DEFINED CYBERSECURITY AND PRIVACY REQ

Who is the contractor on this award?

The obligated recipient is OASIS SYSTEMS, LLC.

Which agency awarded this contract?

Awarding agency: Nuclear Regulatory Commission (Nuclear Regulatory Commission).

What is the total obligated amount?

The obligated amount is $27.2 million.

What is the period of performance?

Start: 2022-11-21. End: 2027-06-30.

What specific cybersecurity and privacy frameworks or standards will the contractor be required to adhere to, and how will compliance be measured?

The contract mandates adherence to federally mandated and NRC-defined cybersecurity and privacy requirements. Compliance measurement would typically involve regular audits, penetration testing, vulnerability assessments, and reporting on security incidents. Specific metrics and reporting frequencies should be detailed in the contract's Statement of Work (SOW) to ensure accountability and effective program maintenance.

Given the Time and Materials structure, what mechanisms are in place to control costs and ensure the agency receives value for its investment?

Effective cost control for Time and Materials contracts relies heavily on stringent oversight. This includes detailed tracking of labor hours, verification of hourly rates against pre-negotiated ceilings, and regular reviews of work performed. The agency should implement clear task orders with estimated effort, conduct performance reviews, and potentially incorporate cost-saving incentives or penalties.

How will the success of the contractor's assistance in establishing and maintaining robust cybersecurity and privacy programs be evaluated?

Success evaluation should be tied to measurable outcomes and adherence to established cybersecurity and privacy frameworks. Key performance indicators (KPIs) could include reduction in identified vulnerabilities, successful completion of security audits, timely patching of systems, and improved incident response times. The agency should define these KPIs clearly in the SOW and conduct regular performance assessments.

Industry Classification

NAICS: Professional, Scientific, and Technical Services › Computer Systems Design and Related Services › Other Computer Related Services

Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS › IT AND TELECOM - SECURITY AND COMPLIANCE

Competition & Pricing

Extent Competed: FULL AND OPEN COMPETITION

Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY

Solicitation ID: 31310022Q0003

Pricing Type: TIME AND MATERIALS (Y)

Evaluated Preference: NONE

Contractor Details

Address: 200 SUMMIT DR STE 510, BURLINGTON, MA, 01803

Business Categories: Category Business, Limited Liability Corporation, Not Designated a Small Business, Special Designations, U.S.-Owned Business

Financial Breakdown

Contract Ceiling: $79,756,973

Exercised Options: $40,297,579

Current Obligation: $27,163,286

Actual Outlays: $23,314,881

Subaward Activity

Number of Subawards: 15

Total Subaward Amount: $2,037,382

Contract Characteristics

Commercial Item: COMMERCIAL PRODUCTS/SERVICES

Parent Contract

Parent Award PIID: 31310022A0003

IDV Type: BPA

Timeline

Start Date: 2022-11-21

Current End Date: 2027-06-30

Potential End Date: 2031-06-30 00:00:00

Last Modified: 2026-03-18

More Contracts from Oasis Systems, LLC

• Technical Management & Advisory Services (tmas 2) 96TH CTG — $349.0M (Department of Defense)
• ,Ct::igf Procurement of Engineering, Professional, and Adminisntrative Support Services (epas — $242.0M (Department of Defense)
• Advisory and Assistance Services (A&AS) — $233.5M (Department of Defense)
• Scat 1 Engineering Professional and Administrative Support Services (epass) for AIR Force Life Cycle Management Center Fighters and Advanced Aircraft Directorate F15 Division (aflcmc/Waq) — $223.7M (Department of Defense)
• FOR Acquisition of Engineering, Professional & Administrative Support Services (epass) in Support of HB Directorate — $182.9M (Department of Defense)

View all Oasis Systems, LLC federal contracts →

Other Nuclear Regulatory Commission Contracts

• (information Technology Infrastructure Support Services (itiss)) — $208.2M (NTT Data Services Federal Government, LLC)
• Infrastructure Services and Support Contract — $157.8M (CACI NSS, LLC)
• Glinda Sncc BPA Call — $128.2M (Teksynap Corporation)
• Information Technology Infrastructure Support Services (itiss) — $100.7M (NTT Data Services Federal Government, LLC)
• Integrated Source Management Portfolio — $82.3M (Leidos, Inc.)

View all Nuclear Regulatory Commission contracts →

Explore Related Government Spending