Notice ID: 47QACA26C0006
Department/Ind. Agency: GENERAL SERVICES ADMINISTRATION | FEDERAL ACQUISITION SERVICE
Original Set Aside: 8(a) Sole Source (FAR 19.8)
This is a special notice of a sole source 8(a) direct award to Chenega Systems for a Enterprise Cybersecurity Services bridge contract.
This justification is prepared by the U.S. General Services Administration (GSA), Federal Acquisition Service (FAS), Office of Centralized Acquisition Service (OCAS) on behalf of the U.S. Small Business Administration (SBA), Office of the Chief Information Officer (OCIO), Information Security Division (ISD). The proposed acquisition will be executed by GSA under the authority of FAR 6.302-5(b)(4), Authorized or Required by Statute, in support of SBA’s mission-critical cybersecurity and information protection requirements. In addition to this contract action being authorized by statute, the circumstances surrounding the requirement are critical to the entire enterprise IT infrastructure security; and, therefore, the need to have no lapse in contract coverage also represents an unusual and compelling urgency
GSA intends to award a firm-fixed-price contract on a sole source basis to Chenega Systems, LLC (Chenega), an Alaska Native Corporation (ANC) and SBA-certified 8(a) participant, for Enterprise Cybersecurity, Privacy, Controlled Unclassified Information (CUI), and Records Management Support Services.
The estimated value of this one-year effort is $12,152,654.53. The period of performance will not exceed one (1) year, inclusive of any options.
This action constitutes an 8(a) direct award authorized by statute and implemented under 13 CFR 124.506(b) and FAR 19.805-1(b)(2), permitting direct awards to eligible ANC-owned firms regardless of contract value. In addition, the circumstances surrounding this requirement are critical to SBA that it also represents an unusual and compelling urgency in accordance with FAR 6.302-2(a)(2).
The U.S. Small Business Administration (SBA) provides value-added services to the small business community. The SBA Office of the Chief Information Officer (OCIO), Information Security Division (ISD), supports this mission by delivering cybersecurity, privacy, CUI, and records management services throughout the enterprise.
At a high level, SBA’s information technology (IT) ecosystem consists of a 20,000-node Multi-Protocol Label Switched (MPLS) infrastructure, two on-premises data centers, approximately seventy field offices, and multiple cloud environments. The SBA also consumes computer resources from Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) providers, and leverages approximately forty Software as a Service (SaaS) products. The environment includes significant presences in Microsoft (O365, M365, D365), Amazon Web Services (AWS), and Salesforce.
The ISD seeks an innovative and flexible partner to provide enterprise-level support for the following integrated services:
Program Management
Cybersecurity Policy and Compliance
Cybersecurity Operations
Cybersecurity Architecture and Engineering
Privacy Program Management
Controlled Unclassified Information (CUI) Program
Records Management Services
This contract will support SBA’s enterprise IT general support systems, encompassing more than 10,000 end users, six major operating centers, seventy regional offices, one major call center, and multiple cloud-based environments. The services described herein are consistent in scope between the current contract SBA is operating under and this sole source bridge contract for which we are requesting approval. No changes have been made to the work required under current contract and this bridge contract.
The services will ensure the SBA can meet and sustain compliance with the President’s Management Agenda (PMA) Cross Agency Priority (CAP) Goals, Office of Management and Budget (OMB) metrics, and Council of the Inspectors General on Integrity and Efficiency (CIGIE) standards. These services will be provided in a consistent, measurable, and cost-effective manner aligned with SBA’s enterprise security strategy.
This requirement is currently in the process of being competed using full and open competition under Federal Supply Schedules. The market research report for that procurement is attached to this justification and the contract file. Pursuant to FAR 6.302-5(b)(4) and 13 CFR 124.506(b), the SBA will formally offer the requirement to the 8(a) program for acceptance and award to Chenega as an ANC-owned 8(a) participant.
Market research confirmed that multiple qualified vendors provide similar cybersecurity services; however, this statutory authority allows the Government to meet urgent mission needs while directly supporting the socioeconomic objectives of the 8(a) program and the economic Docusign Envelope ID: 5BB399A0-BA38-4315-941E-E047B9F7D49B
self-sufficiency of ANCs. There is not sufficient time to compete this requirement. This acquisition serves to fulfill the urgent and critical cybersecurity requirements while the competitive procurement that’s underway is allowed to finish. Delay in award to the incumbent contractor would result in serious injury to SBA.
The GSA, in coordination with SBA, intends to utilize this one-year bridge period to finalize a comprehensive, competitive acquisition strategy for future enterprise cybersecurity requirements. The follow-on acquisition, to the current contract, is being competed as a full and open procurement, a multiple-award schedule award to ensure broader industry participation.
Awardee Name: CHENEGA SYSTEMS, LLC
Total Contract Value: $6,073,404.54
Action Obligation: $2,271,150.00
Department Name: SMALL BUSINESS ADMINISTRATION | OFC CHIEF INFORMATION OFFICER
Number of Bidders: 1
Award ID: 47QACA26C0006
RFP ID: 47QACA26R0001
Start Date: 2025-11-10
Ultimate Completion Date: 2026-05-09
