FAA Awards $2.6M for Cybersecurity Remediation on LCSS System to Changeis, Inc

Contract Overview

Contract Amount: $2,616,376 ($2.6M)

Contractor: Changeis, Inc.

Awarding Agency: Department of Transportation

Start Date: 2025-04-23

End Date: 2026-05-12

Contract Duration: 384 days

Daily Burn Rate: $6.8K/day

Competition Type: FULL AND OPEN COMPETITION

Pricing Type: TIME AND MATERIALS

Sector: IT

Official Description: CYBERSECURITY REMEDIATION WORK ON THE LCSS SYSTEM. REDUCE/ELIMINATE JBOSS VULNERABILITIES ASSOCIATED WITH THE CURRENT DLMS INTERFACE

Place of Performance

Location: OKLAHOMA CITY, OKLAHOMA County, OKLAHOMA, 73121

State: Oklahoma Government Spending

Plain-Language Summary

Department of Transportation obligated $2.6 million to CHANGEIS, INC. for work described as: CYBERSECURITY REMEDIATION WORK ON THE LCSS SYSTEM. REDUCE/ELIMINATE JBOSS VULNERABILITIES ASSOCIATED WITH THE CURRENT DLMS INTERFACE Key points: 1. Contract focuses on critical JBoss vulnerability reduction for DLMS interface. 2. Changeis, Inc. secured the award for cybersecurity services. 3. The contract is a delivery order under a larger agreement. 4. Spending is within the 'Other Computer Related Services' NAICS code.

Value Assessment

Rating: good

The contract value of $2.6M for cybersecurity remediation appears reasonable given the scope of addressing system vulnerabilities. Benchmarking against similar cybersecurity service contracts would provide further validation.

Cost Per Unit: N/A

Competition Analysis

Competition Level: full-and-open

The contract was awarded under full and open competition, suggesting a competitive bidding process. This method is expected to yield fair pricing and identify the most capable vendor.

Taxpayer Impact: The investment aims to enhance system security, protecting taxpayer data and critical infrastructure, thereby representing a prudent use of funds.

Public Impact

Enhances the security of the Federal Aviation Administration's Logistics Command and Support System (LCSS). Addresses critical JBoss vulnerabilities, reducing potential cyber threats. Ensures the integrity and reliability of the DLMS interface. Supports the ongoing operational readiness of aviation systems.

Waste & Efficiency Indicators

Waste Risk Score: 50 / 10

Warning Flags

• Potential for scope creep in cybersecurity remediation projects.
• Reliance on a single vendor for critical security updates.

Positive Signals

• Proactive approach to cybersecurity threats.
• Awarded under full and open competition.
• Clear objective to reduce specific system vulnerabilities.

Sector Analysis

This contract falls within the IT services sector, specifically focusing on cybersecurity. Spending benchmarks for IT services vary widely, but cybersecurity remediation is a critical and often high-cost area for government agencies.

Small Business Impact

The data does not indicate whether small businesses were involved in the subcontracting opportunities for this contract. Further analysis would be needed to assess small business participation.

Oversight & Accountability

The contract is a delivery order, implying it is part of a larger, potentially pre-vetted contract. Oversight would focus on the execution of the remediation tasks and adherence to the delivery schedule.

Related Government Programs

• Other Computer Related Services
• Department of Transportation Contracting
• Federal Aviation Administration Programs

Risk Flags

• Potential for unaddressed zero-day vulnerabilities.
• Effectiveness of remediation may require ongoing monitoring.
• Dependency on vendor expertise for critical security functions.
• Risk of cost overruns if remediation is more complex than anticipated.

Tags

other-computer-related-services, department-of-transportation, ok, delivery-order, 1m-plus

Frequently Asked Questions

What is this federal contract paying for?

Department of Transportation awarded $2.6 million to CHANGEIS, INC.. CYBERSECURITY REMEDIATION WORK ON THE LCSS SYSTEM. REDUCE/ELIMINATE JBOSS VULNERABILITIES ASSOCIATED WITH THE CURRENT DLMS INTERFACE

Who is the contractor on this award?

The obligated recipient is CHANGEIS, INC..

Which agency awarded this contract?

Awarding agency: Department of Transportation (Federal Aviation Administration).

What is the total obligated amount?

The obligated amount is $2.6 million.

What is the period of performance?

Start: 2025-04-23. End: 2026-05-12.

What is the specific nature of the JBoss vulnerabilities and their potential impact if not remediated?

The specific JBoss vulnerabilities are not detailed in the provided data. However, JBoss vulnerabilities can range from remote code execution to denial-of-service attacks, potentially compromising system integrity, data confidentiality, and availability. For the LCSS system and DLMS interface, unaddressed vulnerabilities could lead to disruptions in aviation logistics, data breaches, or unauthorized access, impacting operational efficiency and national security.

How does the $2.6M cost compare to industry standards for similar cybersecurity remediation efforts on complex government systems?

Benchmarking this $2.6M cost requires detailed comparison with similar cybersecurity remediation projects on comparable government systems. Factors like system complexity, the number and severity of vulnerabilities, and the specific remediation techniques employed significantly influence pricing. Without specific details on the scope and complexity of the LCSS system and the identified JBoss vulnerabilities, a precise comparison to industry standards is challenging, but the amount suggests a significant undertaking.

What measures are in place to ensure the effectiveness of the cybersecurity remediation performed by Changeis, Inc.?

Effectiveness is typically ensured through rigorous testing, validation, and verification processes post-remediation. This includes penetration testing, vulnerability scanning, and independent security audits. The contract likely includes performance metrics and acceptance criteria that Changeis, Inc. must meet. The FAA's contracting officers and technical representatives would oversee these processes to confirm that the JBoss vulnerabilities are indeed reduced or eliminated as specified.

Industry Classification

NAICS: Professional, Scientific, and Technical Services › Computer Systems Design and Related Services › Other Computer Related Services

Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS › IT AND TELECOM - DELIVERY

Competition & Pricing

Extent Competed: FULL AND OPEN COMPETITION

Solicitation Procedures: NEGOTIATED PROPOSAL/QUOTE

Pricing Type: TIME AND MATERIALS (Y)

Evaluated Preference: NONE

Contractor Details

Address: 1530 WILSON BLVD 700, ARLINGTON, VA, 22209

Business Categories: 8(a) Program Participant, Category Business, Corporate Entity Not Tax Exempt, Economically Disadvantaged Women Owned Small Business, Minority Owned Business, Self-Certified Small Disadvantaged Business, Small Business, Special Designations, Subchapter S Corporation, Indian (Subcontinent) American Owned Business, U.S.-Owned Business, Woman Owned Business, Women Owned Small Business

Financial Breakdown

Contract Ceiling: $2,616,376

Exercised Options: $2,616,376

Current Obligation: $2,616,376

Actual Outlays: $1,241,061

Contract Characteristics

Commercial Item: COMMERCIAL PRODUCTS/SERVICES

Cost or Pricing Data: NO

Parent Contract

Parent Award PIID: 6973GH22D00063

IDV Type: IDC

Timeline

Start Date: 2025-04-23

Current End Date: 2026-05-12

Potential End Date: 2026-05-12 00:00:00

Last Modified: 2026-03-05

More Contracts from Changeis, Inc.

• Student and Exchange Visitor Program (sevp) Information Technology (IT) and Program Management Office (PMO) Support Services — $35.3M (Department of Homeland Security)
• THE Business and Financial Management (bafm-3) Services Efast Master Ordering Agreement (MOA) Blanket Purchase Agreement BPA Call Will Obtain Specialized, Senior-Level Business and Financial Management Services That Will AID Senior Management Within the Faas Communications, Information, and Network Programs (cinp) Group — $16.2M (Department of Transportation)
• Efast PA 24-003-C8 ATO Technical Analysis and Program Support II (ataps II) — $9.6M (Department of Transportation)
• Unified Registration System (URS) — $9.4M (Department of Transportation)
• Efast PA 22-015-C8 Research & Development Management Support Services — $6.5M (Department of Transportation)

View all Changeis, Inc. federal contracts →

Other Department of Transportation Contracts

• Dafis UDO Reconstruct W/O Advance — $3.8B (Lockheed Martin Services, LLC)
• THE Purpose of This Delivery Order Award IS to ADD Funding for FTI Telecommunications Services — $1.9B (Harris Corporation)
• Provide Funding for Clin 302 for Pre-Flight and In-Flight Services. Contract Number Dtfawa-05-C-00031, Lockheed Martin. POP 01/16/08-03/31/08 — $1.9B (Leidos, Inc.)
• Center for Advanced Aviation Development (caasd) Ffrdc Mitre — $1.7B (THE Mitre Corporation)
• Dafis UDO Reconstruct W/O Advance — $1.5B (Harris Corporation)

View all Department of Transportation contracts →

Explore Related Government Spending