NASA extends incumbent on troubled ACES contract

Placeholder image for FCW article template

It looks like NASA is going to go the full 10 years on its agencywide $2.5 billion IT services contract ACES, despite early hiccups.

The Agency Consolidated End-User Services contact was awarded to HP Enterprise Services in 2011. The contract was a four-year term with two three-year extensions. The goal of the contract was to unify wildly varying IT hardware acquisition and support across NASA's 10 field centers and other sites under the CIO.

According to a notice on FedBizOpps posted Oct. 16, NASA is extending the ACES contract on a sole-source basis to Enterprise Services -- the new name for HPE. "Awarding to any other source would result in unacceptable delays in fulfilling the agency's requirement," the notice reads.

It's not explicitly stated in the Oct. 16 notice that the sole-source award is the three-year option period allowed under the initial ACES contract. However, the previous three-year option period on ACES ends Oct. 31.

A spokesperson for NASA did not return an email from FCW seeking clarification.

Major problems with ACES started to emerge before the base period was over. In 2014, NASA's inspector general issued a report critical of the agency's internal IT governance and HP's performance on the contract.

NASA opted to extend for the first three-year option in January 2016, even as security problems were evident. In July 2016, NASA's CIO declined to renew expiring authority to operate (ATO) certification on two key ACES systems, citing serious security vulnerabilities, including a lack of a hardware inventory, inconsistent baseline security settings, no system in place to prevent unauthorized software from running, elevated user privileges and unpatched software bugs.

An ACES ATO was signed in July 2017, after a series of 90-day temporary certifications kept the system up and running. But even after that, NASA's IG reported in Oct. 2017 that despite progress, ACES security deficiencies continue to challenge the OCIO's credibility."

A subsequent IG audit of NASA's Security Operations Center published this May suggested that some of ACES's problems were in the rear-view mirror. "During this review," auditors wrote, "NASA officials reiterated the value of an enterprise-wide approach to IT security similar to its Agency-wide approach for other IT services such as ACES that provides computer and communications services to NASA employees and contractors."

NASA's Office of Inspector General did not return an email seeking clarification on whether there remained unfulfilled oversight recommendations on the ACES contract.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected