Ernst & Young LLP awarded $3.6M for cybersecurity support to DOT's Federal Highway Administration

Contract Overview

Contract Amount: $3,625,337 ($3.6M)

Contractor: Ernst & Young LLP

Awarding Agency: Department of Transportation

Start Date: 2024-08-30

End Date: 2026-08-29

Contract Duration: 729 days

Daily Burn Rate: $5.0K/day

Competition Type: FULL AND OPEN COMPETITION

Number of Offers Received: 1

Pricing Type: LABOR HOURS

Sector: Other

Official Description: THIS BPA CALL ORDER PROCURES INFORMATION ASSURANCE SUPPORT UNDER BPA NO 693JJ320A000006 FOR CYBER SECURITY INFORMATION PROTECTION PROGRAM SUPPORT (CSIPS) TASK AREA 1 AS A RESULT OF TOPR CSIPS-1-OST-24-0001. THIS WILL BE A BASE TWELVE MONTHS PLUS TWO

Place of Performance

Location: WASHINGTON, DISTRICT OF COLUMBIA County, DISTRICT OF COLUMBIA, 20590

State: District of Columbia Government Spending

Plain-Language Summary

Department of Transportation obligated $3.6 million to ERNST & YOUNG LLP for work described as: THIS BPA CALL ORDER PROCURES INFORMATION ASSURANCE SUPPORT UNDER BPA NO 693JJ320A000006 FOR CYBER SECURITY INFORMATION PROTECTION PROGRAM SUPPORT (CSIPS) TASK AREA 1 AS A RESULT OF TOPR CSIPS-1-OST-24-0001. THIS WILL BE A BASE TWELVE MONTHS PLUS TWO Key points: 1. Contract provides essential information assurance and cybersecurity support for critical programs. 2. The contract was awarded under full and open competition, suggesting a competitive bidding process. 3. The duration of the contract is approximately two years, indicating a medium-term need. 4. The service category, 'Other Computer Related Services,' is broad and encompasses various IT support functions. 5. The award is a BPA Call, indicating it's a task order against a pre-existing Blanket Purchase Agreement.

Value Assessment

Rating: good

The total award amount of $3.6 million over two years for cybersecurity information protection support appears reasonable given the scope and duration. Benchmarking against similar IT support contracts for federal agencies suggests this pricing is within expected ranges. The use of labor hours provides flexibility but requires careful monitoring to ensure efficient resource utilization and prevent cost overruns.

Cost Per Unit: N/A

Competition Analysis

Competition Level: full-and-open

This contract was awarded under full and open competition, meaning all responsible sources were permitted to submit a bid. The specific number of bidders is not provided, but this procurement method generally fosters a competitive environment, which can lead to better pricing and service quality for the government. The agency likely sought multiple proposals to identify the most capable and cost-effective solution.

Taxpayer Impact: Full and open competition is beneficial for taxpayers as it increases the likelihood of obtaining services at competitive market rates, thereby maximizing the value of federal dollars spent.

Public Impact

The Federal Highway Administration (FHWA) benefits from enhanced cybersecurity to protect its information systems and data. Services delivered include information assurance and cybersecurity support, crucial for maintaining operational integrity. The contract's impact is primarily within the District of Columbia, where the agency is located. The contract supports specialized IT roles, potentially impacting the cybersecurity workforce.

Waste & Efficiency Indicators

Waste Risk Score: 50 / 10

Warning Flags

• Potential for scope creep if the definition of 'information assurance' is not tightly managed.
• Reliance on a single BPA call order could limit flexibility if needs change significantly.
• Ensuring consistent quality of service delivery over the contract's two-year term.

Positive Signals

• Awarded under full and open competition, indicating a robust selection process.
• Clear task area (Task Area 1) within the broader CSIPS program provides focus.
• The contract supports a critical function (cybersecurity) for a major federal agency.

Sector Analysis

The cybersecurity services market is a significant and growing sector within the broader IT services industry. Federal agencies are increasingly investing in cybersecurity to protect sensitive data and critical infrastructure. This contract fits within the 'Other Computer Related Services' NAICS code, which includes a wide range of IT support. Comparable spending benchmarks for cybersecurity support services vary widely based on scope, but federal IT spending overall is in the hundreds of billions annually.

Small Business Impact

The data indicates this contract was not set aside for small businesses (ss: false, sb: false). Therefore, small businesses are unlikely to be direct recipients of this award. However, Ernst & Young LLP, as a large prime contractor, may engage small businesses as subcontractors, depending on their subcontracting plans and the specific needs of the task order. The absence of a small business set-aside means the primary competition was likely among larger, established firms.

Oversight & Accountability

Oversight for this BPA call order would typically fall under the Federal Highway Administration's contracting officers and program managers. The Blanket Purchase Agreement (BPA) itself likely has established oversight mechanisms. Transparency is facilitated by public contract databases, though detailed performance metrics are often internal. Inspector General jurisdiction would apply if any fraud, waste, or abuse is suspected.

Related Government Programs

• Cyber Security Information Protection Program Support (CSIPS)
• Information Assurance Support
• IT Services for Federal Agencies
• Department of Transportation IT Contracts
• Federal Highway Administration IT Procurement

Risk Flags

• Potential for vendor lock-in due to reliance on a single BPA Call Order.
• Scope definition clarity needed to manage 'Information Assurance Support' effectively.
• Performance monitoring is crucial given the use of labor hours.

Tags

cybersecurity, information-assurance, it-services, department-of-transportation, federal-highway-administration, bpa-call, full-and-open-competition, ernst-young-llp, district-of-columbia, computer-related-services, medium-value, two-year-contract

Frequently Asked Questions

What is this federal contract paying for?

Department of Transportation awarded $3.6 million to ERNST & YOUNG LLP. THIS BPA CALL ORDER PROCURES INFORMATION ASSURANCE SUPPORT UNDER BPA NO 693JJ320A000006 FOR CYBER SECURITY INFORMATION PROTECTION PROGRAM SUPPORT (CSIPS) TASK AREA 1 AS A RESULT OF TOPR CSIPS-1-OST-24-0001. THIS WILL BE A BASE TWELVE MONTHS PLUS TWO

Who is the contractor on this award?

The obligated recipient is ERNST & YOUNG LLP.

Which agency awarded this contract?

Awarding agency: Department of Transportation (Federal Highway Administration).

What is the total obligated amount?

The obligated amount is $3.6 million.

What is the period of performance?

Start: 2024-08-30. End: 2026-08-29.

What is the specific nature of the 'Information Assurance Support' required under this BPA Call?

The 'Information Assurance Support' under this BPA Call, specifically for Task Area 1 of the CSIPS program, likely encompasses a range of services aimed at protecting the confidentiality, integrity, and availability of the Federal Highway Administration's (FHWA) information systems and data. This could include activities such as risk assessments, vulnerability management, security policy development and implementation, incident response planning, security awareness training, and ensuring compliance with federal cybersecurity mandates like FISMA (Federal Information Security Modernization Act). The exact deliverables would be detailed in the BPA Call Order document and the associated Task Order Request (TOPR CSIPS-1-OST-24-0001).

How does the $3.6 million award compare to similar cybersecurity support contracts within the Department of Transportation?

Benchmarking this $3.6 million award requires comparing it to similar cybersecurity support contracts within the Department of Transportation (DOT) or other large federal agencies with comparable IT infrastructures. While specific figures for direct comparisons are not publicly available without deeper analysis of contract databases, the amount appears moderate for a two-year engagement covering information assurance. Larger agencies often award multi-million dollar contracts for comprehensive cybersecurity solutions. The 'Other Computer Related Services' NAICS code (541519) is broad, so comparing against contracts with more specific cybersecurity service descriptions would yield a more precise benchmark. Factors like the number of systems supported, sensitivity of data, and specific services required heavily influence cost.

What are the key performance indicators (KPIs) used to evaluate Ernst & Young LLP's performance on this contract?

Key Performance Indicators (KPIs) for this contract would be defined in the Performance Work Statement (PWS) or Statement of Work (SOW) associated with the BPA Call Order. Typical KPIs for information assurance and cybersecurity support might include: timeliness of vulnerability remediation, effectiveness of security incident detection and response (e.g., mean time to detect/respond), compliance rates with security policies and regulations, successful completion of security audits and assessments, and user satisfaction with security services. The government would monitor these KPIs to ensure Ernst & Young LLP is meeting the contract's objectives and delivering value.

What is the historical spending pattern for cybersecurity services by the Federal Highway Administration?

Analyzing historical spending patterns for cybersecurity services by the Federal Highway Administration (FHWA) requires accessing and reviewing past contract awards. Without direct access to this historical data, it's difficult to provide specific figures. However, it is generally understood that federal agencies, including the FHWA, have been steadily increasing their cybersecurity budgets over the past decade due to evolving threats and regulatory requirements. This $3.6 million BPA Call Order represents a portion of the FHWA's overall IT and cybersecurity expenditure. Trends likely show a shift towards more proactive and comprehensive security solutions, moving beyond basic network protection.

What is the potential risk associated with relying on a single BPA Call Order for critical cybersecurity functions?

Relying on a single BPA Call Order for critical cybersecurity functions carries several potential risks. Firstly, it concentrates the delivery of these essential services with one vendor, potentially limiting the government's options if performance issues arise or if the vendor's capabilities become outdated. Secondly, the scope defined within the BPA Call Order might not fully adapt to rapidly evolving cyber threats or changing agency needs, potentially leading to gaps in coverage. While the BPA structure allows for task orders, significant shifts in requirements might necessitate a new competitive procurement. Finally, vendor lock-in is a concern, making it harder and potentially more costly to switch providers in the future.

Industry Classification

NAICS: Professional, Scientific, and Technical Services › Computer Systems Design and Related Services › Other Computer Related Services

Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS › IT AND TELECOM - SECURITY AND COMPLIANCE

Competition & Pricing

Extent Competed: FULL AND OPEN COMPETITION

Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY

Offers Received: 1

Pricing Type: LABOR HOURS (Z)

Evaluated Preference: NONE

Contractor Details

Address: 1 MANHATTAN WEST, NEW YORK, NY, 10001

Business Categories: Category Business, Not Designated a Small Business, Partnership or Limited Liability Partnership, Special Designations, U.S.-Owned Business

Financial Breakdown

Contract Ceiling: $7,466,566

Exercised Options: $3,625,337

Current Obligation: $3,625,337

Actual Outlays: $2,156,242

Contract Characteristics

Commercial Item: COMMERCIAL PRODUCTS/SERVICES PROCEDURES NOT USED

Parent Contract

Parent Award PIID: 693JJ320A000006

IDV Type: BPA

Timeline

Start Date: 2024-08-30

Current End Date: 2026-08-29

Potential End Date: 2027-08-29 00:00:00

Last Modified: 2026-03-06

More Contracts from Ernst & Young LLP

• Base Award - FY18-20 Army General Fund Audit Support — $812.6M (Department of Defense)
• THE Department of the Navy and the United States Marine Corps Financial Statement Audits for Fiscal Years 2021-2025 — $338.6M (Department of Defense)
• United States AIR Force Audit Fiscal Years 2022-2026 — $192.6M (Department of Defense)
• Financial Mangement Internal Controls — $150.3M (General Services Administration)
• Audit of the Department of the AIR Force General Fund and Working Capital Fund Financial Statements and an Examination of the Statement on Standards for Attestation Engagements, NO. 18 (ssae18) of the Defense Enterprise Accounting and Management System (deams) — $122.2M (Department of Defense)

View all Ernst & Young LLP federal contracts →

Other Department of Transportation Contracts

• Dafis UDO Reconstruct W/O Advance — $3.8B (Lockheed Martin Services, LLC)
• THE Purpose of This Delivery Order Award IS to ADD Funding for FTI Telecommunications Services — $1.9B (Harris Corporation)
• Provide Funding for Clin 302 for Pre-Flight and In-Flight Services. Contract Number Dtfawa-05-C-00031, Lockheed Martin. POP 01/16/08-03/31/08 — $1.9B (Leidos, Inc.)
• Center for Advanced Aviation Development (caasd) Ffrdc Mitre — $1.7B (THE Mitre Corporation)
• Dafis UDO Reconstruct W/O Advance — $1.5B (Harris Corporation)

View all Department of Transportation contracts →

Explore Related Government Spending