DoD's $14.3M Engineering Services Contract Awarded to Deloitte Consulting LLP for Cybersecurity Support

Contract Overview

Contract Amount: $14,264,977 ($14.3M)

Contractor: Deloitte Consulting LLP

Awarding Agency: Department of Defense

Start Date: 2021-03-23

End Date: 2024-03-22

Contract Duration: 1,095 days

Daily Burn Rate: $13.0K/day

Competition Type: FULL AND OPEN COMPETITION

Number of Offers Received: 8

Pricing Type: COST PLUS FIXED FEE

Sector: Defense

Official Description: RISK MANAGEMENT FRAMEWORK (RMF) ASSESSMENT SUPPORT SERVICES FOR THE OFFICE OF THE CHIEF ENGINEER (CHENG), NAVWAR 5.0, IN ITS DESIGNATED ROLE AS THE NAVY SECURITY CONTROLS ASSESSOR (SCA).

Place of Performance

Location: SAN DIEGO, SAN DIEGO County, CALIFORNIA, 92110

State: California Government Spending

Plain-Language Summary

Department of Defense obligated $14.3 million to DELOITTE CONSULTING LLP for work described as: RISK MANAGEMENT FRAMEWORK (RMF) ASSESSMENT SUPPORT SERVICES FOR THE OFFICE OF THE CHIEF ENGINEER (CHENG), NAVWAR 5.0, IN ITS DESIGNATED ROLE AS THE NAVY SECURITY CONTROLS ASSESSOR (SCA). Key points: 1. Contract focuses on critical cybersecurity risk management framework (RMF) assessments for the Navy's Chief Engineer. 2. Awarded via full and open competition, indicating a broad market search. 3. The contract duration of 1095 days suggests a need for sustained support in a complex technical area. 4. The use of a Cost Plus Fixed Fee (CPFF) pricing structure warrants scrutiny for potential cost overruns. 5. The contractor, Deloitte Consulting LLP, is a large, established firm with significant federal contracting experience. 6. This contract supports the Navy's security controls assessment (SCA) role, vital for maintaining operational security. 7. The contract is a delivery order under a larger indefinite-delivery/indefinite-quantity (IDIQ) vehicle, common for ongoing services. 8. The contract value of approximately $14.3 million over three years requires careful performance monitoring.

Value Assessment

Rating: fair

The contract's Cost Plus Fixed Fee (CPFF) structure, while common for R&D and complex services, can present risks of cost escalation if not closely managed. Benchmarking the per-unit cost for RMF assessment services is challenging without more granular data on the specific tasks performed. However, the total value of $14.3 million over three years for specialized engineering and cybersecurity support appears within a reasonable range for a large federal contract of this nature, especially given the contractor's established presence. Further analysis would require comparing specific deliverables and labor hours to similar contracts.

Cost Per Unit: N/A

Competition Analysis

Competition Level: full-and-open

This contract was awarded under full and open competition, suggesting that multiple qualified vendors had the opportunity to bid. The presence of 8 bidders (indicated by 'no': 8) demonstrates a healthy level of competition for this requirement. This broad competition is generally favorable for price discovery and ensuring the government receives competitive offers. The specific details of the bidding process and evaluation criteria would provide further insight into the effectiveness of the competition.

Taxpayer Impact: Full and open competition typically leads to better pricing for taxpayers by encouraging multiple vendors to offer their best terms. It ensures that the government is not limited to a single provider, fostering a more cost-effective outcome.

Public Impact

The primary beneficiaries are the Department of the Navy and the Office of the Chief Engineer (CHENG), receiving essential support for cybersecurity compliance. The services delivered are crucial for assessing and ensuring the security posture of Navy systems through Risk Management Framework (RMF) evaluations. The contract's geographic impact is primarily within the Department of Defense's operational sphere, supporting national security objectives. The contract supports a highly specialized workforce of engineers and cybersecurity professionals, contributing to the federal IT and defense sectors.

Waste & Efficiency Indicators

Waste Risk Score: 50 / 10

Warning Flags

Cost Plus Fixed Fee (CPFF) pricing can lead to cost overruns if not rigorously managed and monitored.
The complexity of RMF assessments requires specialized expertise, and any lapse in contractor performance could impact Navy cybersecurity.
Reliance on a single delivery order under a potentially broad IDIQ vehicle might limit flexibility if requirements change significantly.

Positive Signals

Awarded through full and open competition, ensuring a competitive bidding process.
The contractor, Deloitte Consulting LLP, is a well-established firm with extensive experience in federal contracting and cybersecurity.
The contract duration of three years suggests a stable, long-term need for these critical services.
The contract directly supports the Navy's security controls assessment (SCA) role, a vital function for national security.

Sector Analysis

This contract falls within the Engineering Services sector (NAICS 541330), specifically supporting the Department of Defense's cybersecurity and risk management initiatives. The market for cybersecurity assessment and compliance services is substantial and growing, driven by increasing cyber threats and regulatory requirements. Comparable spending benchmarks for RMF assessment support services can vary widely based on scope, duration, and specific system complexities. However, contracts of this magnitude for specialized engineering support are common within large federal agencies like the Department of the Navy.

Small Business Impact

The data indicates this contract was not set aside for small businesses (ss: false, sb: false). Given the large contract value and specialized nature of engineering and cybersecurity services, it is likely that large businesses like Deloitte Consulting LLP are the primary providers. There is no explicit information on subcontracting plans for small businesses within this specific delivery order, which could be a missed opportunity to engage the small business ecosystem.

Oversight & Accountability

Oversight for this contract would typically reside with the contracting officer and program managers within the Department of the Navy's Chief Engineer's office. The Cost Plus Fixed Fee (CPFF) structure necessitates robust financial oversight to ensure costs are reasonable and allocable. Transparency is facilitated through contract reporting mechanisms, and while specific Inspector General (IG) jurisdiction isn't detailed here, the DoD IG would have oversight authority over potential fraud, waste, or abuse.

Related Government Programs

Navy Cybersecurity Programs
Department of Defense Risk Management Framework (RMF)
Engineering Services Contracts
Information Assurance Support
Naval Warfare Systems Command (NAVWAR) Contracts

Risk Flags

Cost Overrun Risk (CPFF)
Performance Monitoring Required
Cybersecurity Expertise Dependency
Potential for Scope Creep

Frequently Asked Questions

What is this federal contract paying for?

Department of Defense awarded $14.3 million to DELOITTE CONSULTING LLP. RISK MANAGEMENT FRAMEWORK (RMF) ASSESSMENT SUPPORT SERVICES FOR THE OFFICE OF THE CHIEF ENGINEER (CHENG), NAVWAR 5.0, IN ITS DESIGNATED ROLE AS THE NAVY SECURITY CONTROLS ASSESSOR (SCA).

Who is the contractor on this award?

The obligated recipient is DELOITTE CONSULTING LLP.

Which agency awarded this contract?

Awarding agency: Department of Defense (Department of the Navy).

What is the total obligated amount?

The obligated amount is $14.3 million.

What is the period of performance?

Start: 2021-03-23. End: 2024-03-22.

What is Deloitte Consulting LLP's track record with similar Risk Management Framework (RMF) assessment contracts within the Department of Defense?

Deloitte Consulting LLP has a significant track record in providing a wide range of professional services to the Department of Defense, including cybersecurity, IT modernization, and risk management. While specific details on their RMF assessment contracts are not provided in this data snippet, their extensive experience as a large federal contractor suggests they possess the necessary qualifications and past performance. Publicly available contract databases and federal procurement reports would likely detail their involvement in numerous cybersecurity-related task orders and contracts across various DoD components, including the Navy. Their ability to win this $14.3 million contract further implies a positive assessment of their past performance in similar complex service areas.

How does the $14.3 million contract value compare to other RMF assessment support services contracts awarded by the Navy or DoD?

The $14.3 million contract value for three years of RMF assessment support services is substantial but falls within a common range for specialized engineering and cybersecurity support within the Department of Defense. Contracts for similar services can range from a few million dollars for smaller, targeted assessments to tens or even hundreds of millions for large-scale, multi-year programs supporting entire defense networks or weapon systems. Factors influencing cost include the number and complexity of systems assessed, the level of security required, the duration of support, and the specific deliverables. Given that this is for the Office of the Chief Engineer and involves the Navy Security Controls Assessor role, the value reflects the critical nature and scope of the support provided.

What are the primary risks associated with a Cost Plus Fixed Fee (CPFF) contract for cybersecurity assessment services?

The primary risk with a Cost Plus Fixed Fee (CPFF) contract, like this one, is the potential for cost overruns. While the 'fixed fee' provides the contractor with a defined profit margin, the 'cost plus' portion means the government reimburses the contractor's allowable costs. If the contractor's costs exceed initial estimates due to inefficiencies, scope creep not properly managed, or unforeseen technical challenges, the total contract price can increase significantly. For cybersecurity assessment services, risks include the difficulty in precisely estimating the effort required for complex system evaluations, potential delays in obtaining necessary access or information, and the need for specialized, potentially expensive, expertise. Robust government oversight, clear performance metrics, and diligent cost tracking are essential to mitigate these risks.

How effective is full and open competition in ensuring value for money for RMF assessment services?

Full and open competition is generally considered the most effective method for ensuring value for money in federal contracting, including for RMF assessment services. By allowing all responsible sources to submit bids, the government maximizes the pool of potential offerors, fostering a competitive environment. This competition drives down prices as contractors strive to offer the most attractive terms to win the contract. Furthermore, it allows the government to select the offer that provides the best overall value, considering not just price but also technical approach, past performance, and other evaluation factors. The fact that 8 bidders participated in this contract suggests that competition was robust, increasing the likelihood that the selected offer represents good value for the taxpayer.

What are the implications of this contract being a delivery order under a larger IDIQ vehicle?

This contract being a delivery order (DO) under an indefinite-delivery/indefinite-quantity (IDIQ) vehicle means it represents a specific task or set of tasks ordered against a pre-established contract that allows for a range of services over a period. The implications are several: 1) The underlying IDIQ contract likely underwent a competitive process itself, establishing terms and conditions. 2) This DO allows the agency (Navy) to procure specific services (RMF assessment support) as needed, providing flexibility. 3) The total value of all DOs against the IDIQ cannot exceed its ceiling. 4) Competition for individual DOs can vary; some may be competed among IDIQ holders, while others might be sole-sourced if the IDIQ allows. This structure is common for ongoing, evolving service needs, allowing for agility but requiring careful management of the overall IDIQ program.

Industry Classification

NAICS: Professional, Scientific, and Technical Services › Architectural, Engineering, and Related Services › Engineering Services

Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS › IT AND TELECOM - SECURITY AND COMPLIANCE

Competition & Pricing

Extent Competed: FULL AND OPEN COMPETITION

Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY

Solicitation ID: N0003920R3000

Offers Received: 8

Pricing Type: COST PLUS FIXED FEE (U)

Evaluated Preference: NONE

Contractor Details

Parent Company: Deloitte Financial Advisory Services LLP

Address: 1919 N LYNN ST, ARLINGTON, VA, 22209

Business Categories: Category Business, Corporate Entity Not Tax Exempt, Minority Owned Business, Not Designated a Small Business, Self-Certified Small Disadvantaged Business, Service Disabled Veteran Owned Business, Small Business, Special Designations, Subchapter S Corporation, Indian (Subcontinent) American Owned Business, U.S.-Owned Business, Veteran Owned Business

Financial Breakdown

Contract Ceiling: $36,301,010

Exercised Options: $21,173,612

Current Obligation: $14,264,977

Actual Outlays: $1,807,185

Subaward Activity

Number of Subawards: 1

Total Subaward Amount: $157,557

Contract Characteristics

Commercial Item: COMMERCIAL PRODUCTS/SERVICES PROCEDURES NOT USED

Cost or Pricing Data: NO

Parent Contract

Parent Award PIID: N0017819D8497

IDV Type: IDC

Timeline