Department of Homeland Security (DHS), Department-Wide Cloud (Cumulus)
Overview
Buyer
Place of Performance
NAICS
PSC
Set Aside
Original Source
Timeline
Qualification Details
Fit reasons
- NAICS alignment with historical contract wins in similar service areas.
- Scope strongly matches core technical capabilities and delivery model.
Risks
- Past performance thresholds may require one additional teaming partner.
- Potential clarification needed on staffing minimums before bid/no-bid.
Next steps
Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.
Quick Summary
The Department of Homeland Security (DHS) has issued a Justification and Approval for Other Than Full and Open Competition for its Department-Wide Cloud (Cumulus) initiative. This notice supports the anticipated non-competitively awarded Indefinite-Delivery, Indefinite-Quantity (IDIQ) vehicles for commercial cloud solutions. The Cumulus program aims to establish multiple, single-award IDIQ vehicles to procure enterprise-wide Cloud Service Provider (CSP) services, including Anything as a Service (XaaS), professional services, marketplace solutions, and training. This approach is justified by unique requirements met only by specific brand-name CSPs, with a competitive multiple-award IDIQ solicitation planned for later.
Scope of Work
The Cumulus program encompasses commercially available XaaS, covering Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), Function as a Service (FaaS), Database as a Service (DBaaS), and Container as a Service (CaaS). It also includes professional services, marketplace solutions, and training services. Key requirements include:
- Access: Services must be accessible via web GUI, APIs, CLI, or SDK for rapid provisioning and de-provisioning.
- Compliance: Services must meet FedRAMP Marketplace approved environment standards at "High, Moderate, and Low" ratings within the continental United States.
- Specific CSP Services: The justification details critical services required from AWS, Microsoft Azure, Google Cloud, and Oracle Cloud Infrastructure (OCI) that are not met by other providers.
Contract Details
- Contract Type: Multiple, single-award IDIQ vehicles for initial awards, followed by a competitive multiple-award IDIQ solicitation.
- Period of Performance: Individual IDIQ vehicles are anticipated to have a Base period plus four option years.
- Estimated Value: The total estimated ceiling amount for all single-award IDIQ vehicles is substantial, with detailed cost estimates in the Cumulus IGCE.
Submission & Evaluation
- Strategy: The strategy involves initial awards to brand-name CSPs on a rolling schedule, justified by "other than full and open competition" based on unique requirements. This will be followed by a competitive multiple-award IDIQ solicitation.
- Evaluation: The justification cites 41 U.S.C. 3304(a)(1) and RFO FAR Subpart 6.103-1 for the non-competitive approach for initial awards.
Eligibility / Set-Aside
This procurement is based on an "other than full and open competition" approach for initial awards, citing brand-name descriptions and specific statutory authority.
Key Deadlines
- Justification Posting: FY26-Q2 (posted April 21, 2026).
- Estimated Single-Award IDIQ Awards: FY26-Q2 to FY26-Q4.
Additional Notes
The justification highlights significant anticipated cost savings (estimated at $142M in the first year) and operational efficiencies. Migration risks and existing skillset gaps are cited as reasons for avoiding a full and open competition approach for these initial awards. Market research for this effort has been ongoing for nearly three years. The point of contact is Gregory Blaszko (gregory.blaszko@hq.dhs.gov).