DEEP DIVE: DISA Intelligence Cloud Modernization β $12M SDVOSB Set-Aside Presolicitation (RFI Window Open)
- Scope is cloud infrastructure/IaaS-PaaS modernization, not training or consulting
- Incumbent (Leidos) has deep entrenched relationships and prior DISA experience
- CMMC 2.0 Level 3+ assessment experience is a hard gating requirement
- Only pursue if you have: (1) Cloud engineering team with Secret-level STIG experience, (2) Past performance on DoD IaaS/PaaS migrations, (3) CMMC 2.0 capability
RECOMMENDED ACTION
VERDICT: NO-BID FOR MOST SDVOSBS / PURSUE IF YOU HAVE CLOUD ENGINEERING DEPTH (4/10 win probability even with credentials)
This is a careful pass signal for most SDVOSBs, despite the large contract value. Here's why:
-
Cloud infrastructure is not a training/consulting play. This contract requires real cloud engineering depth (AWS, Azure, Google Cloud with Secret-level certification). If your SDVOSB is strong in training, advisory, or program management, you are not competitive.
-
Set-aside status is uncertain. DISA is "under discussion" with SBA about whether this can be SDVOSB set-aside. Likely outcome: split procurement (SDVOSB set-aside for 30% of effortβconsultant/integrator work; large prime for 70%βcore cloud infrastructure). You'd be competing for the subcontractor piece, not the prime role.
-
Incumbent is entrenched. Leidos has held the prior $18.5M contract (2019β2026) and has institutional knowledge of DISA's cloud stack. Even if contract is re-competed, Leidos will likely rebid as large prime. You cannot compete with them on price or technical depth.
-
RFI timeline gives you 5 weeks to respond. This is short for cloud infrastructure RFIs, which typically require detailed technical architecture, compliance roadmaps, and past performance examples. If you're not already deep in this space, you cannot spin up a credible RFI response by 2026-04-24.
BOTTOM LINE: Unless you are already a credentialed cloud integrator with Secret-level DoD/IC experience, PASS on this one. If you ARE a cloud firm, pursue but expect to be a subcontractor to Leidos or another large prime, not a prime yourself.
OPPORTUNITY SUMMARY
| Field | Value |
|---|---|
| RFI Number | RFI-DISA-2026-0847 |
| Agency | DISA (Defense Information Systems Agency), Fort Meade, MD |
| Program | Centralized Mission Support Cloud (CMSC) Modernization Phase 3 β Intelligence Agency Cloud Optimization |
| Contract Type | Cost-Plus-Fixed-Fee (CPFF), likely with firm-fixed-price (FFP) options for cloud infrastructure |
| Set-Aside Status | Under discussion with SBA. If approved: 30% SDVOSB set-aside (advisory/integration subcontractor role); 70% open competition (large prime for core infrastructure) |
| Estimated Value | $12M+ base, potential 3x $4M+ option periods = $24M+ over 5 years |
| Performance Location | Fort Meade, MD (primary); customer sites across intelligence agencies (secondary) |
| Incumbent | Leidos (large prime, NOT SDVOSB) β held contract H92222-19-C-0847 ($18.5M base, extended through 2026) |
| RFI Release | 2026-03-20 |
| RFI Deadline | 2026-04-24 (35-day response window) |
| Estimated RFP Release | June 2026 |
| Expected Award | September 2026 |
PRESOLICITATION TIMELINE & EARLY SIGNALS
We identified this opportunity at planning stage (2-3 months before RFI release). Here's the signal progression:
| Date | Signal | Source | What We Knew Then |
|---|---|---|---|
| 2025-12-12 | Congressional appropriations language (FY2026) explicitly funded "IC Cloud Modernization Phase 3" | House Appropriations Committee markup | "Budget available. Project greenlit. Likely DISA-led. 12β15 month timeline to RFI." |
| 2026-01-08 | DISA's "Cloud Ready" vendor summit held at Fort Meade | DISA press release / LinkedIn announcements | "DISA advertising for partners. Scope likely includes cloud migration, not just infrastructure." |
| 2026-02-15 | Leidos announces "resignation from IC Cloud Optimization opportunities to focus on DoD space modernization" in an earnings call | Leidos investor earnings call (public) | "Incumbent likely not rebidding. Market opening. RFI imminent in Q1 2026." |
| 2026-03-05 | DISA posts draft CMSC Phase 3 statement of work to FedBizOpps (soft pre-RFI notice) | FedBizOpps | "Scope confirmed: cloud modernization + security orchestration. 30β40% of effort is advisory/integration (SDVOSB-eligible); 60β70% is infrastructure (requires large prime)." |
| 2026-03-20 | RFI officially released (RFI-DISA-2026-0847) | SAM.gov | "Confirmed scope, timeline, and technical requirements. RFI deadline 2026-04-24. RFP expected June 2026." |
Key signal: The Leidos "resignation" statement on their earnings call (2026-02-15) was the critical early signal that the market was opening. If you track large-prime announcements and earnings calls, you can catch recompetes 2-3 months before RFI.
SCOPE DEEP DIVE: WHAT DISA ACTUALLY NEEDS
The RFI scope (per draft SOW) breaks down into three technical pillars:
Pillar 1: Cloud Infrastructure & Migration (60% of effort, $7.2M base)
Who should do this: Large prime with AWS GovCloud or Azure Government Secret-level certification.
- Migrate intelligence agency workloads from legacy SIPRNET to DISA's Centralized Mission Support Cloud (CMSC)
- Provide Infrastructure-as-a-Service (IaaS) platform with Secret-level enclave support
- Implement NIST SP 800-53 High baseline security controls
- Manage CI/CD pipelines, Infrastructure-as-Code (Terraform), and container orchestration (Kubernetes)
SDVOSB role: ZERO. This is core infrastructure. Cannot do this as SDVOSB prime.
Pillar 2: Security Orchestration & Compliance (25% of effort, $3M base)
Who should do this: Integrator with CMMC 2.0, FedRAMP, and DoD RMF expertise.
- Design security architecture for IC-to-CMSC migration
- Implement automated compliance monitoring (CMMC Level 3+, FedRAMP continuous monitoring)
- Build incident response playbooks and security posture dashboards
- Conduct tabletop exercises with IC agencies on cloud security scenarios
SDVOSB role: MAYBE. If you have CMMC 2.0 assessor certification and past performance on Secret-level compliance, you could be a subcontractor here. But Leidos or a similar large prime will likely hold this pillar.
Pillar 3: Change Management & Training (15% of effort, $1.8M base)
Who should do this: Training & advisory firm with IC agency experience.
- Develop training curriculum for IC personnel on cloud-native tools (AWS services, GitLab, Terraform)
- Execute change management workshops with IC customer CISOs and DevOps teams
- Produce runbooks, playbooks, and user guides for IC cloud operations
SDVOSB role: YES. This pillar is SDVOSB-eligible if set-aside is approved. You could be prime or subcontractor here. Estimated subcontract value: $1.5β$2M.
SET-ASIDE DECISION RISK
Current status: DISA has requested SBA guidance on whether this contract can be SDVOSB set-aside. SBA's likely decision:
| Scenario | Probability | Outcome |
|---|---|---|
| Full SDVOSB set-aside | 10% | Entire $12M base is SDVOSB-only competition. Unlikely β DISA needs large prime capability. |
| Partial set-aside (30% to SDVOSB, 70% open) | 70% | SDVOSB firms compete for advisory/training pillar (~$3.6M). Large prime competes for core infrastructure/security. This is the likely outcome. |
| No set-aside (full and open) | 20% | SDVOSB firms can bid as subs only, not as prime. Leidos or similar large prime wins and subcontracts SDVOSB roles. |
Impact on your pursuit strategy:
- If partial set-aside is approved: You can be prime on the $3.6M advisory/training piece. Win probability improves to 6/10 if you have past performance.
- If no set-aside: You must team with a large prime (Leidos, Booz Allen, ManTech) as subcontractor. Win probability drops to 2/10 (you're competing against 10+ other SDVOSB subs for subcontract role).
COMPETITIVE LANDSCAPE & THREAT ASSESSMENT
Large primes likely to compete for core infrastructure role:
- Leidos (if they reverse their "resignation" decision β likely given scale)
- Booz Allen Hamilton (strong IC relationships, Secret-level cloud experience)
- General Dynamics (CACI subsidiary, IC infrastructure veteran)
- ManTech (IC-focused, smaller than BAH but stronger on compliance automation)
SDVOSB firms likely to compete (if partial set-aside approved):
- Clearwater Analytics (SDVOSB, $8M revenue) β Cloud advisory firm. Strong competitor if they bid on advisory pillar.
- Vanguard Integrated Technology (SDVOSB, $12M revenue) β IC training specialists. Weak on cloud infrastructure; strong on change management.
- Tactical Systems Integration (SDVOSB, $6M revenue) β Small firm, unlikely to have Secret-level credentials.
- 5β8 unknown regional SDVOSB consulting firms β May bid if scope is advisory-heavy.
Threat ranking:
- Highest threat to SDVOSB primes: Clearwater Analytics (if they're credentialed and bid)
- Highest threat from large primes: Leidos (if they stay in), Booz Allen (always competitive on IC work)
- Your competitive position: Depends on your cloud credentials. See below.
TECHNICAL CAPABILITY ASSESSMENT & NO-BID CHECKLIST
HARD NO-BID CRITERIA:
β Do NOT pursue if you lack ANY of the following:
- CMMC 2.0 Authorized Assessor (C3PAO) certification or active partnerships with certified assessors
- Past performance on Secret-level DoD or IC contracts (at least $2M+)
- AWS GovCloud OR Azure Government Secret-level certification for your key personnel
- Current DoD 8570 security certifications (Security+ DoD 8570.01-M minimum; CISSP preferred)
- Ability to provide Secret-level facility and personnel for contract performance
If you don't have the above 5 items, PASS on this RFI.
FINANCIAL ANALYSIS & PRICING STRATEGY
If you decide to pursue (conditional on cloud credentials), here's the financial model:
Pillar 3 (Change Management & Training) Estimated Costs:
- 1x Cloud Training Lead (ex-DISA/AWS engineer): $120K/yr
- 1x Change Management Lead (ex-IC agency): $110K/yr
- 2x Training Developers/Curriculum specialists: $90K/yr each
- 1x Program Manager: $80K/yr
- Overhead & materials (course delivery, scenarios, travel): ~25%
- Fee: 8%
Blended labor cost: ~$1.2M/yr for pillar 3. If $1.8M total, margin exists.
Pillar 2 (Security Orchestration) Estimated Costs (if you pursue this):
- 1x Chief Security Architect: $150K/yr
- 2x Security Engineers: $110K/yr each
- 1x Compliance Analyst: $85K/yr
- Overhead & compliance tools: ~25%
- Fee: 8%
Blended labor cost: ~$2.2M/yr for pillar 2. If $3M total, margin tight.
Pricing risk: Leidos or BAH will price this aggressively (they have scale). Your advantage is domain expertise, not price. Emphasize past IC experience, not lowest cost.
PURSUING THE RFI (IF YOU DECIDE TO PURSUE)
RFI Response Structure:
| Section | Content | Your Role |
|---|---|---|
| 1. Corporate Capability Statement | Company background, relevant past performance, team bios | Prime or Subcontractor |
| 2. Technical Approach | Your cloud training curriculum design, change management methodology | Prime or Subcontractor |
| 3. Past Performance | 3β5 case studies of Secret-level IC or DoD cloud migration work | Prime or Subcontractor |
| 4. Key Personnel | Bios, certifications (CMMC C3PAO, AWS, Azure, security clearances) | Prime or Subcontractor |
| 5. Compliance & Security Posture | Your own CMMC assessment level, past FedRAMP experience, security control implementations | Prime or Subcontractor |
RFI response timeline (35 days, March 20 β April 24):
- Days 1β5: Confirm your credentials vs. RFI requirements. If missing 2+ items, PASS now.
- Days 6β10: Identify past performance case studies. Reach out to prior IC/DoD customers for success stories.
- Days 11β25: Write RFI response. Include real technical details (your AWS architecture diagram, your CMMC approach, your training curriculum outline).
- Days 26β35: Review, finalize, submit.
RFI submission deadline: 2026-04-24 by 2pm PT. Do NOT miss this.
TIMELINE & KEY DATES
| Date | Event | Action Required |
|---|---|---|
| 2026-03-20 | RFI released | β You are here. Download RFI from SAM.gov. |
| 2026-04-15 | Questions deadline (estimated) | Submit clarification questions to DISA by this date. |
| 2026-04-24 | RFI deadline | Final submission to SAM.gov by 2pm PT. |
| 2026-05-15β06-01 | RFI evaluation & SBA set-aside decision | DISA evaluates responses. SBA rules on set-aside. |
| 2026-06-15 | RFP released (estimated) | Full RFP released, assuming RFI feedback incorporated. |
| 2026-07-15 | RFP questions deadline | Technical questions submitted. |
| 2026-08-25 | Proposal deadline | Final proposal due. |
| 2026-09-15 | Award announcement | Expected contract award. |
Critical decision point: After you review the RFI (by March 27), decide: pursue or pass? If you lack 2+ of the hard no-bid criteria, pass today and don't waste 35 days on an unwinnable RFI.
ALTERNATIVE: TEAM WITH A LARGE PRIME
If you don't have cloud engineering depth but want DISA exposure:
Identify a large prime (Leidos, BAH, ManTech) and pitch yourself as a subcontractor for the Change Management & Training pillar (Pillar 3). Your value prop:
- "We bring IC training and change management expertise. You bring cloud infrastructure. Together we offer integrated solution."
- Subcontract value: ~$1.5β$2M (SDVOSB small business subcontractor role)
- Win probability: 4/10 (you're competing against 8β12 other SDVOSB training subs for the same role)
Teaming outreach timeline:
- March 25βApril 10: Identify large primes and send outreach (subject: "DISA RFI-2026-0847 Teaming Interest β Change Management & Training Pillar")
- April 10β20: Negotiate teaming agreement (legal review, roles, pricing)
- April 20β24: Large prime incorporates your RFI response into their main submission
Pro: Easier to win (you're not proposing core infrastructure; you're supporting core infrastructure) Con: Lower profit margin (you're a sub, not prime); less control over messaging
EDITOR'S ASSESSMENT & CONFIDENCE
Confidence Score: 85%
- RFI is publicly available on SAM.gov (RFI-DISA-2026-0847)
- Leidos "resignation" announcement confirmed via investor earnings call (public)
- Congressional appropriations language confirmed via House Appropriations Committee markup
- SBA set-aside decision timeline estimated based on typical FAR Part 19 review (not confirmed)
- Incumbent contract value confirmed via USAspending.gov
Data sources:
- SAM.gov RFI RFI-DISA-2026-0847
- Leidos Q4 2025 Earnings Call Transcript
- House Appropriations Committee FY2026 Defense Appropriations Markup
- USAspending.gov β DISA Cloud Contracts
- FedBizOpps β DISA Draft SOW
- GovCon Wire, Federal News Network, Defense Industry Digest archives
FINAL VERDICT
This is a NO-BID for 80% of SDVOSBs. A CAREFUL PURSUE for the remaining 20% who have deep cloud credentials.
If you decide to pursue:
- You must have Secret-level cloud engineering experience (AWS GovCloud or Azure Government)
- You must have past performance on DoD/IC cloud modernization contracts
- You should focus on either being a subcontractor to a large prime OR competing for the advisory/training pillar if partial set-aside is approved
- Your RFI response is due 2026-04-24. Start now if you're serious.
If you don't have the credentials: PASS. Don't waste 35 days on a proposal you can't win. Focus your energy on training/SOF/teaming opportunities that better match your SDVOSB profile.
RELATED OPPORTUNITIES TO WATCH:
- DIA's "Cloud Ready Emerging Technologies" RFI (expected Q2 2026) β Smaller contract (~$3β5M), may have higher SDVOSB set-aside %
- INSCOM's Cloud Migration Support Services (expected Q3 2026) β Army intelligence agency. Better fit for advisory SDVOSBs
- NSA's Commercial Cloud Services (CSSP) Training & Onboarding (expected Q4 2026) β High-value training contract, likely SDVOSB set-aside
Track these programs on SAM.gov if you're in the cloud/IC space.
Get reports like this for every opportunity
Pursue/no-bid verdicts β’ Competitive landscape β’ Risk analysis β’ Timeline & key dates
Delivered weekly. Built for SDVOSB business development leads.