RMF BPA
NIH Office of the Chief Information Officer Risk Management Framework (RMF) BPA
NIH IDIQ Expired - Obligated to date
- $58.4M
- Task orders
- 29
- Companies awarded
- 6
- Ceiling
- $86M
Vehicle overview
The NIH Office of the Chief Information Officer (OCIO) Risk Management Framework (RMF) BPA is a multiple-award contract vehicle managed by the National Institutes of Health. It is used to procure cybersecurity risk management and Authority to Operate (ATO) services to support the agency's information security and compliance requirements. The vehicle has a total ceiling value of $86.1 million and was awarded to a pool of contractors following a competitive process involving 41 bidders.
Eligible users include NIH institutes and centers. Covered work includes security assessments, ATO support, and continuous monitoring.
Vehicle details
- Ordering period
-
5 years
- Ceiling
-
$86M
RMF BPA contract holders
| Contractor | Obligated | Task orders |
|---|---|---|
| COMPASS FEDERAL CONSULTING LIMITED LIABILITY COMPANY | $20.3M | 12 |
| BOOZ ALLEN HAMILTON INC | $20.2M | 5 |
| VERIS GROUP, LLC | $13.6M | 10 |
| IRON VINE SECURITY LLC | $4.3M | 2 |
| CUSTOMER VALUE PARTNERS, LLC | $0 | 0 |
| GENERAL DYNAMICS INFORMATION TECHNOLOGY, INC. | $0 | 0 |
NAICS coverage
Frequently asked questions
- What is RMF BPA?
- The NIH Office of the Chief Information Officer (OCIO) Risk Management Framework (RMF) BPA is a multiple-award contract vehicle managed by the National Institutes of Health. It is used to procure cybersecurity risk management and Authority to Operate (ATO) services to support the agency's information security and compliance requirements. The vehicle has a total ceiling value of $86.1 million and was awarded to a pool of contractors following a competitive process involving 41 bidders.
- Which agency manages RMF BPA?
- NIH Office of the Chief Information Officer Risk Management Framework (RMF) BPA is a IDIQ managed by National Institutes of Health.
- What can agencies acquire through RMF BPA?
- Eligible users include NIH institutes and centers. Covered work includes security assessments, ATO support, and continuous monitoring.
- How much has been obligated through RMF BPA?
- $58.4M has been obligated across 29 task orders.
- How many contractors hold RMF BPA?
- 6 contractors hold a position on RMF BPA.
- What is the contract ceiling of RMF BPA?
- RMF BPA has a program ceiling of $86M.
- Is RMF BPA active?
- No, RMF BPA is not currently active — its status is expired (ordering period: 5 years).
Track the contracts behind RMF BPA
Sweetspot helps capture teams monitor awards, incumbents, recompetes, and agency demand across federal contract vehicles.
Schedule a Demo