DCSADefense Counterintelligence and Security Agency
Part of Department of Defense (DoD)
Annual Spend
$3B+ annually
CMMC Level
Level 2-3
Key Offices
Vetting, CDSE, Industrial Security
Overview
DCSA manages personnel vetting, industrial security, and CMMC assessments for the DoD. With a budget of over $3 billion, DCSA is the agency that oversees contractor facility clearances and will administer the CMMC ecosystem.
Mission Focus & Priorities
DCSA's FY2026 priorities center on four critical modernization initiatives. First, the Personnel Vetting Transformation (PVT) program seeks $400M+ to modernize background investigation processes through continuous vetting and AI-powered analytics. The Industrial Security Transformation initiative aims to digitize facility security assessments and automate contractor compliance monitoring. Second, DCSA is implementing zero-trust architecture across all personnel security systems, with the Information Systems Security Directorate (ISSD) driving $150M in cybersecurity contracts. Third, cloud migration efforts focus on moving legacy personnel security databases to secure cloud environments, particularly supporting the Defense Information Systems Agency's milCloud 2.0 adoption. Fourth, AI/ML integration targets predictive analytics for insider threat detection and automated security clearance adjudication processes. The Center for Development of Security Excellence (CDSE) leads training modernization contracts worth $75M annually. The Personnel Security Directorate generates the highest contract volume at $1.2B annually, followed by Industrial Security at $800M. Emerging technology areas include biometric authentication systems, blockchain for credential verification, and quantum-resistant encryption for classified data handling. CMMC 2.0 directly impacts DCSA operations as they transition from being assessed to becoming assessors. The Industrial Security Field Operations division is establishing Regional CMMC Assessment Centers, creating new contract opportunities for assessment body support services, training development, and compliance automation tools.
Budget & Spending Trends
DCSA's FY2025 budget of $3.1B represents a 12% increase from FY2024's $2.77B, with FY2026 projected at $3.4B. IT services (NAICS 541511/541512) dominate spending at $1.8B annually, showing 18% YoY growth driven by Personnel Vetting Transformation requirements. Professional services (NAICS 541611/541618) account for $650M, up 15% as DCSA expands contractor support for security assessments. Administrative support services (NAICS 561110) declined 8% to $320M due to automation initiatives. The prime-to-subcontract ratio shifted from 65:35 in FY2023 to 58:42 in FY2025, reflecting increased teaming requirements for complex IT modernization projects. Small business set-asides comprise 28% of total obligations ($868M), with 8(a) contracts growing 22% to $245M annually. SDVOSB awards increased 16% to $180M, while HUBZone contracts remained stable at $95M. Geographic concentration centers on the National Capital Region (45% - $1.395B), Huntsville, Alabama (12% - $372M), and Colorado Springs (8% - $248M). The Russell-Knox Building in Quantico drives $420M in local contracting activity. DCSA's transition to performance-based contracting increased outcomes-based awards by 25%, with CPFF contracts declining from 35% to 28% of total obligations as the agency emphasizes measurable deliverables in personnel security and industrial security domains.
How to Win Contracts with DCSA
DCSA heavily utilizes GSA IT Schedule 70 for routine IT services and SEWP V for hardware acquisitions, with 40% of IT contracts flowing through these vehicles. DISA Encore III supports telecommunications and IT infrastructure requirements worth $180M annually. The agency frequently uses OASIS Small Business for professional services contracts exceeding $25M. Key procurement offices include the Procurement Management Office (PMO) at Russell-Knox, handling 60% of major acquisitions, and regional contracting offices in Huntsville and Colorado Springs. Search SAM.gov using NAICS 541511 (Custom Computer Programming), 541512 (Computer Systems Design), and 561110 (Office Administrative Services) combined with PSC codes R425 (IT Support Services) and R408 (IT Software). Filter for small business set-asides, particularly 8(a) and SDVOSB. DCSA requires extensive teaming for large IT modernization contracts, with prime contractors needing demonstrated personnel security domain expertise. Past performance requirements include three contracts within five years exceeding 50% of solicitation value, with specific emphasis on security clearance-related work. RFP cycles typically span 9-12 months for major acquisitions, with technical approach weighted at 40%, past performance at 30%, and price at 30%. This week, BD professionals should: (1) Register for DCSA Industry Days via beta.sam.gov, (2) Identify teaming partners with active Secret+ cleared personnel, (3) Review FedBizOpps for upcoming PVT-related RFIs, (4) Establish relationships with DCSA Small Business Specialist Jennifer Martinez, (5) Prepare capability statements emphasizing personnel vetting technology experience, (6) Monitor Contract Opportunities at russell-knox.army.mil, and (7) Attend DCSA's quarterly vendor outreach sessions in Quantico.
CMMC Requirements for DCSA Contractors
DCSA requires CMMC Level 2 for all contracts involving Controlled Unclassified Information (CUI), affecting approximately 65% of their contract portfolio valued at $2B+. Level 1 applies primarily to administrative support contracts without CUI access. The agency began including CMMC clauses in new solicitations in Q3 FY2024, with full implementation expected by Q2 FY2025. As the DoD's industrial security oversight agency, DCSA maintains stricter compliance expectations than other defense agencies. Subcontractor flowdown requirements are rigorously enforced, with prime contractors bearing full responsibility for sub-tier CMMC compliance verification. The Industrial Security Field Operations directorate leads CMMC adoption, requiring all facility security officers to complete CMMC training by March 2025. Early adopter offices include the Information Systems Security Directorate and Personnel Security Directorate, which mandate CMMC compliance documentation during proposal evaluation. Cost implications are significant: DCSA estimates CMMC Level 2 compliance adds 8-12% to IT services contracts due to enhanced security controls, monitoring systems, and personnel training requirements. The agency expects contractors to demonstrate CMMC maturity through third-party assessments rather than self-attestation, creating a two-tier evaluation structure. Contracts exceeding $5M require independent CMMC verification, while smaller awards accept certified self-assessments. DCSA's role as both CMMC enforcer and DoD customer creates unique compliance expectations, with evaluation criteria specifically weighting cybersecurity posture at 15% of technical scoring.
Top NAICS Codes
Common Contract Types
Key Procurement Offices
Recent Contract Awards
Total Awards
2
Last 30 Days
1
30-Day Value
$23.5M
Avg Amount
$23.5M
All-Time Value
$629.2M
FPDS
| Contract | Awardee | Amount |
|---|---|---|
| Public Record Data – LexisNexis ProMonitor Alert | LEXISNEXIS SPECIAL SERVICES INC | $23.5M |
| NBIS Strategic Support | N2IA TECHNOLOGIES LLC | $4.3M |
Top Awardees
Top Contractors (FPDS)
| Contractor | Total Obligation |
|---|---|
| CACI, INC. - FEDERAL | $101.6M |
| PERATON RISK DECISION INC. | $67.0M |
| CARAHSOFT TECHNOLOGY CORP | $51.4M |
| VERATO, INC. | $32.7M |
| INTERNATIONAL BUSINESS MACHINES CORPORATION | $19.0M |
| NEXT TIER CONCEPTS INC | $17.2M |
| COUNTERTRADE PRODUCTS, INC. | $14.1M |
| DNI EMERGING TECHNOLOGIES, LLC | $13.3M |
| AFFIGENT, LLC | $11.0M |
| RED RIVER TECHNOLOGY LLC | $10.8M |
Get real-time alerts for DCSA contracts and track opportunities matching your profile.
Get AlertsFrequently Asked Questions
How do I find contracts with DCSA?
Search SAM.gov for active Defense Counterintelligence and Security Agency solicitations. Monitor the DCSA procurement forecast published annually. Register in the System for Award Management (SAM.gov) and set up saved searches for relevant NAICS codes.
Does DCSA require CMMC?
Yes, Defense Counterintelligence and Security Agency requires CMMC certification for contracts involving CUI. Most contracts require Level 2-3. Contractors should begin the certification process well in advance of bidding.
What are the top NAICS codes for DCSA contracts?
The most commonly used NAICS codes for Defense Counterintelligence and Security Agency contracts include 541511, 541512, 561611, 541330, 541519. These codes cover the primary contracting areas for DCSA. Check SAM.gov for specific opportunities under each code.
Related Guides
Free Compliance Tools
Find who's winning DCSA contracts
Use our free Contractor Lookup to see top awardees, NAICS trends, and upcoming opportunities.
Look Up Contractors FreeTrack Defense Counterintelligence and Security Agency contract awards with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days