DOT IT System security authorizations and assessments

SOL #: 693JJ320A000019_693JJ323F00301N_P00012JustificationSole Source

Overview

Buyer

Transportation
Federal Highway Administration
IT ACQUISITION CENTER OF EXCELLENCE (ACE)
Washington, DC, 20590, United States

Place of Performance

DC

NAICS

Custom Computer Programming Services (541511)

PSC

Support Services Focused On Supporting Security Policies/Controls, Processes, Measuring Compliance Of Relevant Legal/Compliance Requirements, To Include Section 508, And Responding To Security Breaches. Also Provides Support For It Security Systems Providing Continuous Diagnostics And Mitigation (Cdm) For Real Time Cyber Security And Protection Such As Vulnerability Scanning, Managing Firewalls, Intrusion Prevention Systems, And Security Information And Event Management (Siem). Includes Disaster Recovery (Dr) Services To Support Dr Policy, Process And Means, Dedicated Failover Facilities And Perform Dr Testing. (DJ01)

Set Aside

No set aside specified

Timeline

1
Posted
Jun 11, 2026

Qualification Details

Fit reasons
  • NAICS alignment with historical contract wins in similar service areas.
  • Scope strongly matches core technical capabilities and delivery model.
Risks
  • Past performance thresholds may require one additional teaming partner.
  • Potential clarification needed on staffing minimums before bid/no-bid.
Next steps

Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.

Quick Summary

The Department of Transportation (DOT), specifically the Federal Highway Administration (FHWA) and its IT Acquisition Center of Excellence (ACE), has issued a Justification for Modification P00012 to an existing order (693JJ320A000019_693JJ323F00301N). This modification extends the current contract for IT System security authorizations and assessments by six additional months, through December 14, 2026. The extension is a sole source logical follow-on to the incumbent contractor, Kingfisher (A Crimson Company).

Scope of Work

The services provided include comprehensive technical and professional support for DOT Information System security authorizations and assessments. This encompasses:

  • Ensuring system inventory accuracy.
  • System categorization.
  • Developing and tracking Plans of Action and Milestones (POAM).
  • Compliance tracking and federal reporting.
  • Conducting Security Assessment Plans (SAP) and Security Assessment Reports (SAR).
  • Providing institutional knowledge of security controls and mapping to regulatory frameworks such as NIST and FISMA.

Contract & Timeline

  • Type: Justification for Contract Modification (Sole Source)
  • Original Order: 693JJ320A000019_693JJ323F00301N
  • Modification: P00012
  • Extension Duration: Six (6) months
  • New End Date: December 14, 2026
  • Published Date: June 11, 2026
  • Set-Aside: Not applicable (Sole Source Justification for existing contract)

Rationale for Sole Source

The justification for this sole source extension is based on economy and efficiency, as it is a logical follow-on to a competitively awarded order. The current contractor, Kingfisher/Crimson Phoenix, possesses critical familiarity with the DOT environment and has significantly contributed to improved cybersecurity posture and FISMA performance goals. Continuing their support is deemed essential to avoid significant risk, delays in modernization efforts, and potential non-compliance with mandates for systems requiring Authorization to Operate (ATO) or renewal, while DOT restructures its IT workforce and assesses internal support capabilities.

People

Points of Contact

ajmal khanPRIMARY
ajmal.khan@dot.gov
Kyle GriggsSECONDARY
kyle.griggs@dot.gov

Files

Files

Download

Versions

Version 1Viewing
Justification
Posted: Jun 11, 2026
DOT IT System security authorizations and assessments | GovScope