HUBZone Certified Small Business - STARS II 8(a) Prime Contractor
Bureau for Management
Office of the Chief Information Officer
Information Assurance Division

Key Contract Information


Overall BPA Ceiling:

$45 million

Number of Holders:

Two small business-led consortia

Contract Period:

July 18, 2018 to July 17, 2023. Activities for Purchase Orders issued in that period may extend up to one (1) year after the expiration of the BPA.

Agency Notice:

Oct 22, 2018, 201810221036 (1).pdf
( view?usp=drive_web)


The purpose of the Information System Security Officer (ISSO) Blanket Purchase Agreement (BPA) is to support the United States Agency for International Development (USAID) in providing a source for repetitive information System Security Officer (ISSO), Cyber Risk Management (CRM), and Penetration Testing services for USAID information systems in the different stages of the SDLC and NIST RMF processes.

ISSO BPA Task Areas

The ISSO BPA is designed to provide ISSO support for USAID information systems in different stages of the SDLC. The ISSO BPA can assist missions, bureaus and offices by providing a source for Information System Security Officer (ISSO), Cyber Risk Management (CRM), and Penetration Testing services for USAID information systems. The ISSO BPA can also support USAID to build capacity and learn from experiences in implementing CRM. The ISSO BPA is a worldwide support mechanism; it is designed to support any USAID bureau, mission or office.

The main tasks under the mechanism are:

ISSO Services for Missions and Bureaus: Providing in-person and remote facilitation and technical assistance to USAID field missions and pillar and regional bureaus by performing/supporting the activities defined in the NIST RMF to obtain and maintain FISMA compliance, providing ISSO support in the different stages of the SDLC and continuous monitoring support.

Cyber Risk Management (CRM) Consulting Services: Providing CRM services per Office of Management and Budget (OMB) Circular A-130, Appendix III, Security of Federal Automated Information Resources, NIST Special Publication 800-37 rev. 1, Guide for Applying the Risk Management Framework to Federal Information Systems, and USAID Automated Directives System (ADS) 545 by being a trusted advisor to SO/ISSO, reviewing the appropriate Federal guidance, performing research, and verifying and updating maturity of any documents prepared by the project teams.

Penetration Testing: Providing Penetration Testing services for evaluating risks associated with operating USAID information systems that is consistent with U.S. Department of Homeland Security (DHS) services documented in the Rules of Engagement Agreement. This service will test the adequacy and effectiveness of security control measures in place to protect the security and integrity of sensitive IT systems and data.

How to Access ISSO BPA Services

The activities under the BPA are undertaken as specified Task Orders (TOs). The BPA includes two consortia. TOs issued under the BPA will be one of the following: firm fixed-price (FFP), or time-and-materials (T&M).

To access ISSO BPA services, Missions, Bureaus, and independent Offices should work with their counterpart in M/OAA to procure these services by:

  1. Developing a Statement of Work, Independent Government Cost Estimate, and Evaluation Criteria. Documents available to use:
    • General information on the process for the SO’s and introduction to both contract holders.
    • BPA brochure, BPA statement of capabilities,
    • Sample Task Order Template (with scoping data calls) with defined , and
    • Sample Price sheet.
    • The SOW based on the scoping template by TO CO/COR/SO
    • Choose the services to procure,
  2. Working with M/OAA to submit these documents to both BPA vendors
    • Feed-back (question, clarification, & comments) from MPG & TTC
  3. Evaluating the bids once they are received by TO CO/COR

  4. Notify Dmitriy Radchenko in M/CIO ( of your intent to procure ISSO services under this BPA, and after award to the successful vendor.

Contact Information


Please, direct inquiries to Dmitriy Radchenko (BPA COR) and Sharon Byrd (alternate BPA COR).

BPA COR: Dmitriy Radchenko

Alternate BPA COR: Sharon Byrd

BPA CO: Joe Lentini




(Desk) 703-666-5411



(Cell) 571-438-0871


ISSO BPA Prime Contractor and Consortia Information

TTC, Inc.,                                                                                 BPA No. 72MC1018A00002

Elevate Technology Solutions:


TTC POC: Sheri Robinson, (o) 757-303-0381, (email)

        Ray Turner, (o) 321-446-6765, (email)