Correction: An earlier version of this story misspelled the first name of the program manager who is leading the National Background Investigation System. His name is Raju Shah, not Rajiv Shah.
The Defense Information Systems Agency disclosed on Monday that it made a $49 million award last month to overhaul the technology backbone involved in processing security clearances for government employees, part of a two-year-old effort to replace aging systems run by the Office of Personnel Management.
The work involves building a case management solution, the core of the National Background Investigation System (NBIS) that DISA has been tasked to build as a replacement for the OPM systems that foreign hackers breached in a pair of catastrophic 2015 cyber attacks.
Insight by Chainalysis: Law enforcement and national security officials tell a story as to why they need to have the tools and data to understand, stop and apprehend those using cryptocurrency to carry out illegal activities in this exclusive executive briefing.
But the deal’s precise scope remains unclear, because DISA elected to handle the procurement as an Other Transaction Agreement (OTA) instead of a traditional federal contract or task order. Under that approach, the agency’s call for white papers and other solicitation documents were only made available to members of the OTA consortium DISA used: An Army procurement vehicle called “C5.”
The agency initially said the OTA was awarded to “Enterprise, LLC” of Herndon, Virginia, but no such firm exists. A spokesman clarified on Tuesday that the actual recipient was Enterprise Services, LLC.
And that fact could be seen as at odds with the purposes Congress had in mind when it created and then later expanded DoD’s authority to use OTAs: namely, gaining rapid access to technologies produced by innovative, nontraditional firms.
The company, initially created in 1994 as a subsidiary of HP, was spun-off as part of a merger agreement in June to form a new publicly-traded concern called Perspecta, which focuses its business almost entirely on government contracts. Together with Vencore and Keypoint Government Solutions, the other merger partners that formed Perspecta, the combined company had more than $2 billion in revenue each year between 2015 and March of this year, according to filings with the Securities and Exchange Commission.
DISA said it awarded the OTA on June 22, and officials did not immediately explain the more than two-week delay in announcing the award. Although OTAs are not subject to the Federal Acquisition Regulation, the FAR requires government agencies to publicize contract actions worth $4 million or more on the same day. And the Pentagon ordinarily posts all awards of $7 million or more on its website each day by 5 p.m., Washington time.
The agency said the contractor had partnered with several other companies to build the case management system: Pegasystems, Inc., Accenture Federal Services, Torch Research and Next Tier Concepts.
DISA first announced its intent to use an OTA for the case management component of NBIS last November and has been reviewing the white papers it received from members of the C5 consortium for at least six months.
In explaining its decision to use other transaction authority instead of a more traditional and transparent procurement vehicle, the agency has said the approach made sense because many of the key components that will eventually make up NBIS already exist within the IT infrastructure already being run by the Defense Manpower Data Center and other DoD organizations.
“It will only have [the OTA] as a contract action. The rest of it will be existing contracts, it’s not a major new development” Tony Montemarano, DISA’s executive deputy director said at an AFCEA DC event in January. “We are looking at operational releases starting in late spring or early summer that will provide meaningful capabilities.”
In a statement on Monday, Raju Shah, DISA’s NBIS program manager, said the decision to use an OTA was based on the need for “speed and flexibility.”
“We’re building a first-of-its-kind enterprise system that brings together the complex integration of a number of disparate systems on an unprecedented scale,” he said. “We needed to hear from as wide a selection of vendors as possible to understand what was possible and be able to narrow to what’s probable.”
DISA inherited the responsibility to build a new governmentwide IT backbone for background investigations in 2016, in the aftermath of two massive data breaches at the Office of Personnel Management that exposed extremely sensitive information on millions of federal employees, contractors, retirees and their family members.
Since then, Congress and the Trump administration have made further moves to eliminate OPM’s role in security clearance processing and other functions it performs today.
The 2018 Defense authorization bill gave DoD the responsibility to handle all of its own background investigations. The Trump Administration later decided to place the responsibility for all federal employees under the Pentagon’s control, effectively subsuming the role of the National Background Investigations Bureau, the nascent OPM entity the Obama administration established in the wake of the 2015 data breaches.
In its 2019 budget proposal, DoD said it intended the new National Background Investigation System to reach initial operating capability by this September, and to reach full operational capability (FOC) a year later. DISA plans to use the “prototype” it’s procuring from Prospecta to reach the IOC milestone, but has not publicly revealed its contracting plans to bring the system to FOC.
And considering its new, governmentwide responsibilities, spending on NBIS is projected to grow. Compared to the $50 million DoD requested this year, the department asked Congress for three times that amount in 2019.
“DoD will continue to enhance and improve the capability … by adding automation pulls from various data source, providing capability for insider threat analysis, development and deployment of continuous evaluation capabilities and tailoring to non DoD systems,” officials wrote. “The FOC system will continue to defend against cyber attacks and improve defensibility. This FOC system will provide the full suite of background investigation services to the whole federal government, not just DoD.”