The contractor will start work on May 31 and provide services to the agency’s Office of the Chief Information Officer. The contract initially runs until Sept. 30, 2023, and has four option periods that run through Sept. 30, 2030.
The contract, known as CyPrESS, is a cost-plus award fee core and hybrid indefinite-delivery, indefinite-quantity contract. It is the first enterprise cybersecurity and privacy service contract to be struck by the agency, consolidating cybersecurity and privacy work from various center and enterprise IT contracts.
Cybersecurity remains a top priority for executives at NASA, following multiple recent audits from federal security agencies highlighting concerns over IT security.
In March, a watchdog report revealed that NASA management has agreed to conduct a risk assessment of its unclassified systems to determine if its insider threat program should be expanded to include them.
Based on that report, the agency plans to assemble a cross-discipline team with representatives from the offices of Protective Services and the Chief Information Officer, as well as the OIG Cyber Crimes Division by Dec. 1, 2023.