$67.6M CMS Information Security and Privacy Support Services Award

Posted (Last updated )

CMS award for Healthcare.gov cybersecurity raises red flags – September 6, 2016, By Jason Miller, Federal News Radio

Just as the Department of Health and Human Services and the Centers for Medicare and Medicaid Services are ramping up for the 2017 open enrollment under the Affordable Care Act, a contract award for cybersecurity services is causing a bit of a stir in the federal community.

Multiple sources confirm that CMS awarded Iron Vine Security a $67.6 million contract to provide information security and privacy support services.

According to the award announcement obtained by Federal News Radio, CMS chose Iron Vine, a small firm in Washington, D.C., from 11 bids for the request for quote under GSA’s Schedule 70 as a small business set-aside.

Sponsored content: Download the latest Expert Edition on Identity Management.

One industry source, who requested anonymity in order to talk about the award that CMS has not yet announced, said they believe the agency is taking a huge risk. The source, whose company didn’t bid on the project, said it appears CMS took a lowest price, technically acceptable (LPTA) approach to a complex cyber environment.

The statement of work says the vendor will provide agencywide program management support for cybersecurity and privacy services as well as its Health Insurance Marketplace Security Operations Center under the ACA across eight task areas...

G2X TAKE: Beating out 10 other bidders, the award of this 5 year cybersecurity and program management contract in support of the CMS CIO and CISO to this small DC based business is catching some attention around town.

While there is naturally going to be some concerns about handing this high profile of a contract to any small business, what is apparent is that some firm, or two, (likely to be bidders who came up on the short end of the stick) managed to raise this as a “red flag” to FederalNewsRadio as a way of rattling the cages at CMS.

Awardee, Iron Vine Security, is by no means a new face to the CMS CISO, having previously supported the implementation and configuration of a wide array of security technologies and their supporting information systems, including support of the CMS Security Operations Center, the Enterprise Information Security Group (EISG) and advanced analytic & response capabilities.

It is hard to say if anything will come of this, but it is always interesting to see the maneuvering that takes place, especially when large contracts are on the line. 

Have something you would like to add? Comment below

Note: You will need to be logged in as a member to see comments and participate in the discussion.