VA awards $43.6M contract for information security risk management support to MAVERIS LLC

Contract Overview

Contract Amount: $43,596,698 ($43.6M)

Contractor: Maveris LLC

Awarding Agency: Department of Veterans Affairs

Start Date: 2022-09-29

End Date: 2026-07-28

Contract Duration: 1,398 days

Daily Burn Rate: $31.2K/day

Competition Type: FULL AND OPEN COMPETITION AFTER EXCLUSION OF SOURCES

Number of Offers Received: 7

Pricing Type: FIRM FIXED PRICE

Sector: IT

Official Description: INFORMATION SECURITY RISK MANAGEMENT 3554 PERIODIC ASSESSMENT OF RISK SUPPORT

Place of Performance

Location: MARTINSBURG, BERKELEY County, WEST VIRGINIA, 25401

State: West Virginia Government Spending

Plain-Language Summary

Department of Veterans Affairs obligated $43.6 million to MAVERIS LLC for work described as: INFORMATION SECURITY RISK MANAGEMENT 3554 PERIODIC ASSESSMENT OF RISK SUPPORT Key points: 1. Contract provides essential cybersecurity risk assessment services for the VA. 2. The contract was awarded under full and open competition. 3. Performance period spans over three years, indicating a need for sustained support. 4. The fixed-price contract type suggests predictable costs for the government. 5. The award is a delivery order against a larger contract vehicle. 6. The geographic location of performance is West Virginia.

Value Assessment

Rating: good

The contract value of $43.6 million over approximately three years appears reasonable for specialized information security risk management services. Benchmarking against similar contracts for IT security support within federal agencies suggests this is within the expected range. The firm-fixed-price structure helps control costs, but detailed analysis of the specific services rendered and their efficiency would be needed for a more precise value assessment. Without specific performance metrics or comparison to industry benchmarks for similar services, a definitive value-for-money judgment is challenging.

Cost Per Unit: N/A

Competition Analysis

Competition Level: full-and-open

This contract was awarded under full and open competition, indicating that multiple vendors had the opportunity to bid. The fact that there were 7 bids received suggests a healthy level of competition for this type of service. A competitive process generally leads to better pricing and service offerings for the government, as vendors strive to win the contract by providing the most attractive proposal.

Taxpayer Impact: The full and open competition ensures that taxpayer dollars are used efficiently by driving down prices and encouraging innovation among bidders.

Public Impact

The Department of Veterans Affairs benefits from enhanced information security and risk management. Veterans' sensitive data is better protected through improved cybersecurity posture. The services delivered are critical for maintaining the operational integrity of VA systems. The contract supports IT security professionals and analysts, potentially creating or sustaining jobs in this field. Performance is located in West Virginia, potentially benefiting the local economy.

Waste & Efficiency Indicators

Waste Risk Score: 50 / 10

Warning Flags

• Potential for scope creep if not managed tightly.
• Reliance on a single contractor for critical security functions.
• Ensuring continuous alignment with evolving cybersecurity threats and VA policies.

Positive Signals

• Awarded through full and open competition, indicating market responsiveness.
• Firm-fixed-price contract provides cost certainty.
• Long-term nature of the contract suggests a stable and valued service provider.
• Delivery order against a potentially larger, pre-vetted contract vehicle.

Sector Analysis

The federal IT services market, particularly cybersecurity, is a rapidly growing sector driven by increasing digital threats and the need to protect sensitive government data. This contract for information security risk management support falls within the Computer Systems Design Services category. The VA, like other large federal agencies, invests significantly in IT security to safeguard its vast network and data. Comparable spending benchmarks for cybersecurity services within federal agencies often range from tens to hundreds of millions of dollars annually, depending on the scope and complexity.

Small Business Impact

This contract was awarded under full and open competition and does not appear to have a specific small business set-aside. While the prime contractor is MAVERIS LLC, the extent of small business subcontracting is not detailed in the provided data. Federal regulations encourage prime contractors to utilize small businesses for subcontracting opportunities, and the impact on the small business ecosystem would depend on whether MAVERIS actively seeks out and engages small businesses for specialized tasks within this contract.

Oversight & Accountability

Oversight for this contract would primarily reside with the Department of Veterans Affairs contracting officers and program managers. They are responsible for monitoring contractor performance, ensuring compliance with contract terms, and approving deliverables. The contract's firm-fixed-price nature simplifies some aspects of financial oversight. Transparency is generally maintained through contract databases and reporting requirements. Inspector General jurisdiction would apply if any fraud, waste, or abuse is suspected.

Related Government Programs

• Information Security Services
• Cybersecurity Support
• IT Risk Management
• Computer Systems Design Services
• Federal IT Contracts
• Department of Veterans Affairs IT Spending

Risk Flags

• Contract Duration
• Scope of Services
• Performance Metrics
• Small Business Subcontracting Plan

Tags

it-services, cybersecurity, risk-management, veterans-affairs, department-of-veterans-affairs, west-virginia, firm-fixed-price, full-and-open-competition, delivery-order, computer-systems-design-services, information-security

Frequently Asked Questions

What is this federal contract paying for?

Department of Veterans Affairs awarded $43.6 million to MAVERIS LLC. INFORMATION SECURITY RISK MANAGEMENT 3554 PERIODIC ASSESSMENT OF RISK SUPPORT

Who is the contractor on this award?

The obligated recipient is MAVERIS LLC.

Which agency awarded this contract?

Awarding agency: Department of Veterans Affairs (Department of Veterans Affairs).

What is the total obligated amount?

The obligated amount is $43.6 million.

What is the period of performance?

Start: 2022-09-29. End: 2026-07-28.

What is the track record of MAVERIS LLC in performing similar information security risk management services for the federal government?

MAVERIS LLC has a track record of providing IT and cybersecurity services to various federal agencies. While specific details on past performance for 'information security risk management' are not fully elaborated in this summary, their presence as a prime contractor suggests they have met pre-qualification requirements. A deeper dive into their contract history, past performance reviews (e.g., CPARS), and any awards or penalties would provide a clearer picture of their reliability and expertise in this specific domain. Their ability to win this competitive bid indicates a level of confidence from the VA in their capabilities.

How does the awarded amount of $43.6 million compare to similar cybersecurity risk management contracts awarded by the VA or other agencies?

The $43.6 million contract value for information security risk management support over approximately three years is within a common range for large federal IT service contracts. Similar contracts for cybersecurity, risk assessment, and IT security consulting awarded by agencies like the Department of Defense or HHS can range from several million to tens of millions of dollars annually. The VA's significant digital footprint and the critical nature of veteran data necessitate substantial investment in security. This amount suggests a comprehensive scope of services is being procured, aligning with the agency's security needs.

What are the key performance indicators (KPIs) used to measure the success of this contract, and how is performance being monitored?

Specific Key Performance Indicators (KPIs) for this contract are not detailed in the provided summary. However, typical KPIs for information security risk management services include metrics related to the accuracy and timeliness of risk assessments, the identification and reporting of vulnerabilities, the effectiveness of mitigation recommendations, and adherence to security protocols and standards (e.g., NIST frameworks). Performance monitoring is typically conducted by the VA's Contracting Officer's Representative (COR) through regular progress reports, reviews of deliverables, and potentially site visits. The firm-fixed-price nature implies that meeting defined service levels and deliverables is paramount.

What is the potential impact of this contract on the VA's overall cybersecurity posture and its ability to protect veteran data?

This contract is crucial for enhancing the VA's overall cybersecurity posture by providing specialized expertise in identifying, assessing, and managing information security risks. By ensuring periodic assessments of risks, the VA can proactively address vulnerabilities before they are exploited by malicious actors. This directly contributes to the protection of sensitive veteran data, maintaining trust and compliance with privacy regulations. The sustained support over several years suggests a commitment to ongoing security improvement, which is vital in the face of evolving cyber threats.

What historical spending trends does this contract represent for the VA in the area of information security and risk management?

This $43.6 million contract represents a significant, multi-year investment by the VA in information security risk management. It indicates a sustained focus and potentially increasing reliance on external expertise for cybersecurity functions. Historical spending data would reveal if this is a new level of investment or a continuation of previous spending patterns. Given the general trend of rising cybersecurity threats and budgets across federal agencies, it is likely that this contract aligns with or reflects an increase in the VA's commitment to securing its digital infrastructure and sensitive data.

Are there any specific cybersecurity frameworks or standards (e.g., NIST) that MAVERIS LLC is required to adhere to under this contract?

While not explicitly stated in the summary data, federal contracts for information security services, especially those involving risk management, almost invariably require adherence to established cybersecurity frameworks and standards. The National Institute of Standards and Technology (NIST) frameworks, such as NIST SP 800-53 (Security and Privacy Controls) and NIST SP 800-30 (Risk Management), are commonly mandated. The contract likely specifies which versions and particular controls are applicable. MAVERIS LLC would be expected to conduct assessments and provide recommendations aligned with these government-mandated standards to ensure a consistent and robust security posture.

Industry Classification

NAICS: Professional, Scientific, and Technical Services › Computer Systems Design and Related Services › Computer Systems Design Services

Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS › IT AND TELECOM - SECURITY AND COMPLIANCE

Competition & Pricing

Extent Competed: FULL AND OPEN COMPETITION AFTER EXCLUSION OF SOURCES

Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY

Offers Received: 7

Pricing Type: FIRM FIXED PRICE (J)

Evaluated Preference: NONE

Contractor Details

Address: 126 E BURKE ST STE 19, MARTINSBURG, WV, 25401

Business Categories: Category Business, Corporate Entity Not Tax Exempt, Limited Liability Corporation, Service Disabled Veteran Owned Business, Small Business, Special Designations, U.S.-Owned Business, Veteran Owned Business

Financial Breakdown

Contract Ceiling: $71,006,461

Exercised Options: $43,596,698

Current Obligation: $43,596,698

Actual Outlays: $30,873,103

Subaward Activity

Number of Subawards: 27

Total Subaward Amount: $26,298,843

Contract Characteristics

Commercial Item: COMMERCIAL PRODUCTS/SERVICES PROCEDURES NOT USED

Cost or Pricing Data: NO

Parent Contract

Parent Award PIID: 36C10B21D1037

IDV Type: IDC

Timeline

Start Date: 2022-09-29

Current End Date: 2026-07-28

Potential End Date: 2027-07-28 00:00:00

Last Modified: 2025-07-21

More Contracts from Maveris LLC

• VA Cybersecurity Operations Center Next Generation II (csoc NG II) Support — $163.1M (Department of Veterans Affairs)
• Technical Evaluation Security Testing (test) — $31.9M (Department of Veterans Affairs)
• Project Management, and Technical Services to Augment the Current VA Enterprise DLP Program in Accordance With Existing VA Enterprise Security Directives and Standards — $21.3M (Department of Veterans Affairs)
• Enterprise Security Architecture (ESA) Support Base Period + Optional Tasks ONE and TWO — $13.2M (Department of Veterans Affairs)

View all Maveris LLC federal contracts →

Other Department of Veterans Affairs Contracts

• CCN Region 3 Express Report — $5.2B (Optum Public Sector Solutions, Inc.)
• Express Report for FY22 Region 2 — $5.1B (Optum Public Sector Solutions, Inc.)
• Fiscal Year 2022 Express Report for Region 1 — $4.2B (Optum Public Sector Solutions, Inc.)
• Express Report for the Patient Centered Community Care (PC3) Contract — $3.3B (Triwest Healthcare Alliance Corp)
• CCN Region Three FY21 Express Report — $3.1B (Optum Public Sector Solutions, Inc.)

View all Department of Veterans Affairs contracts →

Explore Related Government Spending