Can a Small Business Take Over DISA’s Multimillion Perimeter Security Contract?


The defense agency issued two RFIs asking small and disadvantaged businesses whether they can support the Gateway Security program.

The Defense Information Systems Agency’s perimeter cybersecurity has been managed by a large contractor for almost 10 years and now the agency wants to know if a small or underutilized business can take over.

The agency released two requests for information June 20 for its Gateway Security Engineering program: one looking for responses from small businesses, including 8(a), service-disabled veteran-owned and women-owned; and another soliciting information from vendors in historically underutilized business zones, or HUBZones.

The Gateway Security program manages security at the intersection of the Defense Department’s non-classified network, known as NIPRNet, and the public internet. “It provides support by developing, testing, implementing, and maintaining secure interoperable solutions at the Gateways,” according to the RFIs.

DISA awarded the current $20 million contract to Booz Allen Hamilton in 2008 using the agency’s Encore II vehicle. As that contract is ending, DISA wants to know if a small or HUBZone business can step in.

Specifically, DISA is looking for a vendor to “provide general systems engineering, risk management framework, certification and accreditation, [information systems security office] expertise and program management/administrative support closely integrated with cutting-edge research and development capabilities.”

The winning vendor will work across four programs under Gateway Security:

Web Content Filtering: Web filtering at the gateways between the Defense Information System Network and the internet to block inappropriate outbound web requests and malicious inbound web content.

Enterprise Email Security Gateway: Protecting all DISN customers from malicious internet-sourced emails; providing protection from spam, malware, viruses and prohibited content.

Distributed Denial-of-Service: Providing network monitoring and detection of incoming DDoS attacks.

Filter List Manager: Providing management of internet access protocol router control list and deployment of the filter to the router.

Prospective contractors must be able to secure a top secret sensitive security clearance for all personnel by the time of award. The new contract is expected to run from June 2019 through May 2024.

DISA contracting officers said they need to receive responses from at least two qualified small businesses and HUBZone vendors in order to determine set-aside options for the future solicitation. Responses are due by 4 p.m. July 5.

Editor’s note: The headline and article have been updated to correct the value of the Gateway Engineering Support contract. DISA officials said the ceiling is $20 million and declined to give an estimated value for the pending next-generation contract.