DOT awards $4.1M contract for security assessment support to Ernst & Young LLP

Contract Overview

Contract Amount: $4,130,236 ($4.1M)

Contractor: Ernst & Young LLP

Awarding Agency: Department of Transportation

Start Date: 2023-02-21

End Date: 2026-08-22

Contract Duration: 1,278 days

Daily Burn Rate: $3.2K/day

Competition Type: FULL AND OPEN COMPETITION

Number of Offers Received: 2

Pricing Type: FIRM FIXED PRICE

Sector: IT

Official Description: THIS IS A FIRM-FIXED-PRICE REQUIREMENT TO PROVIDE SECURITY ASSESSMENT SUPPORT FOR FMCSA'S MISSION. PLEASE SEE THE ATTACHED PWS FOR ADDITIONAL DETAILS.

Place of Performance

Location: MCLEAN, FAIRFAX County, VIRGINIA, 22102

State: Virginia Government Spending

Plain-Language Summary

Department of Transportation obligated $4.1 million to ERNST & YOUNG LLP for work described as: THIS IS A FIRM-FIXED-PRICE REQUIREMENT TO PROVIDE SECURITY ASSESSMENT SUPPORT FOR FMCSA'S MISSION. PLEASE SEE THE ATTACHED PWS FOR ADDITIONAL DETAILS. Key points: 1. Contract awarded via a Blanket Purchase Agreement (BPA) Call, indicating a pre-negotiated framework. 2. The contract is a Firm Fixed Price (FFP) type, which shifts cost risk to the contractor. 3. Competition was full and open, suggesting a broad market solicitation. 4. The contract duration is over three years, from February 2023 to August 2026. 5. The North American Industry Classification System (NAICS) code 541519 suggests services related to computer systems design and related services. 6. The awardee, Ernst & Young LLP, is a large, established professional services firm.

Value Assessment

Rating: good

The contract value of $4.13 million over approximately 3.5 years appears reasonable for specialized security assessment support. As a firm-fixed-price contract, the pricing structure is designed to provide cost certainty to the government. Benchmarking against similar contracts for IT security consulting services would provide a more precise value assessment, but the scale and duration suggest a standard market rate for a large professional services firm.

Cost Per Unit: N/A

Competition Analysis

Competition Level: full-and-open

The contract was awarded under full and open competition, indicating that all responsible sources were permitted to submit a bid. The data does not specify the number of bids received, but the 'full and open' designation suggests a competitive process was intended. This approach generally promotes price discovery and allows the government to select the best value offer.

Taxpayer Impact: A full and open competition process is generally favorable for taxpayers as it aims to secure competitive pricing and a wider range of qualified contractors, potentially leading to better value.

Public Impact

The Federal Motor Carrier Safety Administration (FMCSA) will benefit from enhanced security assessment capabilities. Services delivered will support the FMCSA's mission to ensure safety in commercial motor vehicle operations. The contract's geographic impact is likely national, given the FMCSA's regulatory scope. The contract may have implications for the cybersecurity and IT consulting workforce, particularly those with expertise in government security assessments.

Waste & Efficiency Indicators

Waste Risk Score: 50 / 10

Warning Flags

• Potential for scope creep if the PWS is not tightly managed.
• Reliance on a single large contractor for critical security assessments.
• Ensuring continued alignment with evolving cybersecurity threats and best practices.

Positive Signals

• Firm-fixed-price contract shifts cost risk to the contractor.
• Award to a well-established firm with a track record in professional services.
• Full and open competition suggests a robust selection process.

Sector Analysis

This contract falls within the professional services sector, specifically IT and cybersecurity consulting. The market for these services is large and competitive, with many firms offering specialized expertise. The NAICS code 541519 covers a broad range of computer-related services. The contract's value is moderate within this sector, and it represents a typical engagement for a large consulting firm supporting a federal agency's operational needs.

Small Business Impact

The contract data indicates that small business participation (ss: false, sb: false) was not a specific set-aside. Therefore, there are no direct subcontracting implications for small businesses mandated by this award. The primary contractor, Ernst & Young LLP, is a large business, and their subcontracting plans, if any, would be determined by their internal policies and the specific terms of the BPA call.

Oversight & Accountability

Oversight for this contract would typically be managed by the contracting officer and the program office within the Federal Motor Carrier Safety Administration (FMCSA). As a firm-fixed-price contract, oversight will focus on performance delivery and adherence to the Performance Work Statement (PWS). Transparency is facilitated through contract award databases, and any specific Inspector General (IG) jurisdiction would depend on the nature of any potential issues arising from the contract's execution.

Related Government Programs

• Federal Information Security Modernization Act (FISMA) Compliance Support
• IT Security Consulting Services
• Cybersecurity Risk Assessment Contracts
• Department of Transportation IT Services

Risk Flags

• Potential for contractor performance issues
• Risk of inadequate scope definition
• Dependency on contractor expertise

Tags

it-services, cybersecurity, security-assessment, professional-services, firm-fixed-price, full-and-open-competition, blanket-purchase-agreement, department-of-transportation, federal-motor-carrier-safety-administration, ernst-young-llp, naics-541519, virginia

Frequently Asked Questions

What is this federal contract paying for?

Department of Transportation awarded $4.1 million to ERNST & YOUNG LLP. THIS IS A FIRM-FIXED-PRICE REQUIREMENT TO PROVIDE SECURITY ASSESSMENT SUPPORT FOR FMCSA'S MISSION. PLEASE SEE THE ATTACHED PWS FOR ADDITIONAL DETAILS.

Who is the contractor on this award?

The obligated recipient is ERNST & YOUNG LLP.

Which agency awarded this contract?

Awarding agency: Department of Transportation (Federal Motor Carrier Safety Administration).

What is the total obligated amount?

The obligated amount is $4.1 million.

What is the period of performance?

Start: 2023-02-21. End: 2026-08-22.

What is the track record of Ernst & Young LLP in performing similar security assessment services for federal agencies?

Ernst & Young LLP (EY) is a global leader in professional services, including a significant practice in cybersecurity and IT advisory. They have a substantial history of contracting with U.S. federal agencies, providing a wide array of services such as risk assessments, compliance audits, and strategic security planning. While specific details of past performance on identical contracts are not provided here, EY's extensive experience with government clients suggests a strong capability to deliver on security assessment support. Their involvement in numerous large-scale federal IT projects indicates familiarity with government procurement processes, security standards (like NIST), and reporting requirements. Agencies often leverage firms like EY for their broad expertise and ability to mobilize resources quickly for complex engagements.

How does the $4.13 million contract value compare to similar security assessment support contracts awarded by the federal government?

The $4.13 million contract value for security assessment support over approximately 3.5 years is within a moderate range for services provided by large professional services firms to federal agencies. Contracts for similar IT security consulting, risk management, and compliance support can vary significantly based on scope, duration, and the specific expertise required. For instance, comprehensive cybersecurity program development or large-scale penetration testing contracts could easily exceed this value. Conversely, smaller, more focused assessments might be awarded for less. Given that this is a firm-fixed-price BPA call to Ernst & Young LLP, the pricing is likely based on pre-negotiated rates within the BPA framework, aiming for efficiency and predictability. A direct comparison would ideally involve analyzing contracts with similar NAICS codes (like 541519 or 541611 - Administrative Management and General Management Consulting Services) and similar service descriptions.

What are the primary risks associated with this contract, and how are they being mitigated?

Primary risks for this contract include potential scope creep, where the requirements may expand beyond the initial PWS, leading to cost overruns or delays if not managed tightly. Another risk is the contractor's performance quality; if Ernst & Young LLP fails to deliver adequate security assessments, the FMCSA's security posture could be compromised. Reliance on a single large contractor for critical functions also presents a risk. Mitigation strategies likely include a clearly defined PWS, robust project management by the FMCSA, regular performance reviews, and the firm-fixed-price nature of the contract, which places cost control responsibility on the contractor. The government's ability to monitor performance and enforce contract terms is crucial for mitigating these risks.

What is the expected effectiveness of these security assessment services in improving the FMCSA's overall security posture?

The effectiveness of these security assessment services hinges on the quality of the assessments conducted by Ernst & Young LLP and the FMCSA's subsequent actions based on the findings. If the assessments are thorough, identify critical vulnerabilities, and provide actionable recommendations, they can significantly improve the FMCSA's security posture. This includes better protection against cyber threats, enhanced data integrity, and improved compliance with federal security mandates. The contract's success will be measured by the actionable insights provided and the FMCSA's ability to implement corrective measures, thereby strengthening its defenses and ensuring the continuity of its safety-focused mission.

How does historical spending on similar security assessment services by the Department of Transportation compare to this award?

Analyzing historical spending patterns for security assessment services within the Department of Transportation (DOT) provides context for this $4.13 million award. The DOT, like other large federal agencies, invests significantly in cybersecurity and IT infrastructure protection. Spending in this area can fluctuate based on evolving threat landscapes, new regulatory requirements, and specific agency initiatives. Without access to granular historical DOT spending data on security assessments, a precise comparison is difficult. However, this contract's value appears consistent with the scale of support typically required by major operating administrations within the DOT for specialized IT and security functions over a multi-year period. It suggests a sustained commitment to maintaining and enhancing the agency's cybersecurity resilience.

Industry Classification

NAICS: Professional, Scientific, and Technical Services › Computer Systems Design and Related Services › Other Computer Related Services

Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS › IT AND TELECOM - APLLICATIONS

Competition & Pricing

Extent Competed: FULL AND OPEN COMPETITION

Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY

Offers Received: 2

Pricing Type: FIRM FIXED PRICE (J)

Evaluated Preference: NONE

Contractor Details

Address: 1 MANHATTAN WEST, NEW YORK, NY, 10001

Business Categories: Category Business, Not Designated a Small Business, Partnership or Limited Liability Partnership, Special Designations, U.S.-Owned Business

Financial Breakdown

Contract Ceiling: $4,130,236

Exercised Options: $4,130,236

Current Obligation: $4,130,236

Actual Outlays: $3,422,452

Contract Characteristics

Commercial Item: COMMERCIAL PRODUCTS/SERVICES PROCEDURES NOT USED

Parent Contract

Parent Award PIID: 693JJ320A000018

IDV Type: BPA

Timeline

Start Date: 2023-02-21

Current End Date: 2026-08-22

Potential End Date: 2026-08-22 00:00:00

Last Modified: 2026-01-29

More Contracts from Ernst & Young LLP

• Base Award - FY18-20 Army General Fund Audit Support — $812.6M (Department of Defense)
• THE Department of the Navy and the United States Marine Corps Financial Statement Audits for Fiscal Years 2021-2025 — $338.6M (Department of Defense)
• United States AIR Force Audit Fiscal Years 2022-2026 — $192.6M (Department of Defense)
• Financial Mangement Internal Controls — $150.3M (General Services Administration)
• Audit of the Department of the AIR Force General Fund and Working Capital Fund Financial Statements and an Examination of the Statement on Standards for Attestation Engagements, NO. 18 (ssae18) of the Defense Enterprise Accounting and Management System (deams) — $122.2M (Department of Defense)

View all Ernst & Young LLP federal contracts →

Other Department of Transportation Contracts

• Dafis UDO Reconstruct W/O Advance — $3.8B (Lockheed Martin Services, LLC)
• THE Purpose of This Delivery Order Award IS to ADD Funding for FTI Telecommunications Services — $1.9B (Harris Corporation)
• Provide Funding for Clin 302 for Pre-Flight and In-Flight Services. Contract Number Dtfawa-05-C-00031, Lockheed Martin. POP 01/16/08-03/31/08 — $1.9B (Leidos, Inc.)
• Center for Advanced Aviation Development (caasd) Ffrdc Mitre — $1.7B (THE Mitre Corporation)
• Dafis UDO Reconstruct W/O Advance — $1.5B (Harris Corporation)

View all Department of Transportation contracts →

Explore Related Government Spending