Federal IT & Cybersecurity Contracts — January 20, 2026

GSA, HHS/CMS, VA, and State Dept awards provide revenue visibility to 2026-27, with $374M obligated across firm-fixed price delivery orders/BPA calls.

$79M Time & Materials obligation for EY includes all options but zero outlays since 2022 award, tempering immediate revenue impact.

Oracle's $72M firm-fixed award without competition signals entrenched positioning in VA OEHRM systems development.

Firm-fixed price structures across 4/5 contracts expose contractors to cost overruns on long-duration (to 2027) IT/cyber projects.

$44M in subawards across 90+ recipients (avg. $490K each) create subcontractor dependencies; zero outlays on 3/5 contracts signal funding delays.

$45M aggregate unexercised options (20% of obligations) across Deloitte ($16M), Accenture ($23M), CGI ($5M), Oracle ($2M).

Recurring focus on legacy modernization (MARX, OEHRM, ILMS, GFIT) positions primes for follow-on work post-2026.

Non-small U.S./foreign-owned consultancies (Deloitte, EY, CGI/Timken, Oracle, Accenture/Novetta) secure 100% of $374M via full/open competition or sole-source.

GSA (32%), HHS/CMS (19%), VA (19%), State (19%) drive spending on cyber-safe, enrollment, migration, security systems.

{"entity"=>"Ernst & Young", "reason"=>"$79M fully obligated but zero outlays since 2022 on 5-year T&M contract.", "trigger"=>"Initial outlays >$5M or contract modification"}

{"entity"=>"Accenture Federal Services", "reason"=>"Highest options upside ($23M) on newest award (2023) for Diplomatic Security ILMS.", "trigger"=>"Options exercise or subaward outlays"}

{"entity"=>"Oracle Health Government Services", "reason"=>"Non-competed $72M VA award with zero outlays and $9M subawards signals execution pivot point.", "trigger"=>"First outlays or OEHRM follow-on award"}