What this sample shows
This is a public sample of a ForIntel Federal Spend Pipeline deliverable, published by Foragentis to demonstrate the method. It is a federal-spend read of the civilian zero-trust / cybersecurity services buy, built from the public federal contract record and a public-company disclosure-signal corroboration. There is no private buyer to redact: the agencies in view (DHS, which covers CISA, plus VA and GSA), the prime integrators capturing the spend, and the contract figures are all public information, and they are named and preserved in full. The only confidential element of the source — the client-deliverable footer — has been reframed for public-sample use.
It demonstrates what the Federal Spend Pipeline reads: a contract-record map of where civilian zero-trust dollars land, built from the federal contract record read across three complementary lenses — obligated dollars, current contract-award value, and a recent-window incumbent ranking — plus a demand-side public-company disclosure signal, each carrying an explicit confidence label. The three contract lenses all point at the same conclusion: a concentrated set of prime integrators holds the money. The sample is deliberately explicit about where the picture is solid and where it must not be over-read: the two dollar lenses are kept separate and never summed, the resolved envelope is broader than zero-trust alone, and those boundaries are named rather than glossed.
| Theme | Federal civilian zero-trust / cybersecurity services |
| Buyers in view | DHS (covers CISA) · VA · GSA |
| Window | Obligations 2023–2026 · Jun 2026 snapshot |
| Method | Federal contract-record read across three lenses (obligated dollars, active-award value, recent-incumbent ranking) + public-company disclosure-signal corroboration, with the partial edges labelled |
| Prepared by | ForIntel by Foragentis |
The verdict
Federal civilian zero-trust modernization is procured inside a concentrated IT-services integrator market across GSA, VA and DHS/CISA — the theme is live and intensifying, and the honest edge of the data is named, not hidden.
This is a federal-spend read of the civilian zero-trust / cybersecurity buy, built from the federal contract record and the public-company disclosure signal that corroborates it. The dollars are top-heavy: a small set of prime integrators — Booz Allen Hamilton (~$10.94B in obligations), Oracle Health Government Services, CACI Federal, SAIC, GDIT — hold the largest task-order vehicles, so this is an incumbency-and-teaming market rather than an open field, and the active-award pipeline and the recent incumbent ranking point at the same primes (Booz Allen leads both). By agency, GSA (~$24.99B) and VA (~$23.69B) carry the largest IT-services books, while DHS (~$8.81B) is where the explicit cyber mission — CISA's continuous-diagnostics zero-trust program — actually sits. The demand-side disclosure signal confirms the theme is live and concentrated in the most recent years, a directional confirmation rather than a precise growth rate. The candor that makes this decision-grade: the report keeps two dollar lenses separate (committed obligations vs. total contract-award ceilings, never summed), and the envelope is broader than zero-trust alone — so we present a solid map of where to compete, partner and teach, with the partial edges labelled rather than filled in.
- The obligated dollars concentrate in a handful of large integrators — not a fragmented field. Across the federal IT-services awards at the three civilian agencies in view, the obligations are top-heavy: Booz Allen Hamilton leads at roughly $10.94B across 15 awards, followed by Oracle Health Government Services (~$6.33B), CACI Federal (~$5.22B), SAIC (~$4.09B) and General Dynamics IT (~$3.15B). A buyer entering this market is competing against, or selling alongside, a small set of entrenched prime integrators that hold the largest task-order vehicles — this is an incumbency-and-teaming market, not an open field.
- GSA and VA carry the largest IT-services books; DHS is where the explicit cyber mission sits. Read one agency at a time, so the agency split is reliable, GSA leads (~$24.99B on its top awards), with VA close behind (~$23.69B) and DHS at ~$8.81B. The dollar leaders (GSA, VA) reflect broad government-wide and health-IT modernization vehicles; DHS — which houses CISA — is the agency where the explicit zero-trust mission lives, and the continuous-diagnostics program that operationalizes zero-trust monitoring surfaces directly among its awards. Read the dollar size and the mission fit as two different signals.
- The active-award pipeline and the incumbent ranking point at the same primes — three windows, one map. Beyond the obligation totals, the active / recently-let award pipeline at each agency reads the same way: at DHS the largest current contract-award values sit with SAIC (roughly $586M, border-IT operations and maintenance), CACI (~$469M) and General Dynamics IT (~$297M, the identity-infrastructure work that sits closest to zero-trust). A separate recent-window incumbent ranking across all three agencies puts Booz Allen first again (~$8.25B across nine recent awards), with CACI, Oracle Health and SAIC behind it — the same names that lead the longer-window concentration view, so the concentration read is not a single-window artifact. (These award-value figures are total contract ceilings, a different lens from the obligated dollars above — the two are read side by side, never added together.)
- The public-company disclosure signal confirms the theme is live and recently intensifying — but it is a direction, not a growth rate. Public-company filings that reference federal zero-trust, agency-cyber contracting and CISA are concentrated in the most recent years (the 2024–2026 window carries the clear bulk of the 600 filings reviewed). That independently corroborates a live, intensifying federal-buy theme. It is, however, a partial corroboration: the filing set carries an older tail, some false positives from non-cyber filers, and misses several of the largest prime contractors — so it confirms momentum exists without letting anyone put a precise growth percentage on it.
- A point-in-time snapshot flags a downward value trend at the tightest cyber scope — a caution, not a forecast. A separate point-in-time snapshot at the tightest cyber scope showed a statistically significant downward value trend. Because it rests on a snapshot rather than a true period-by-period series, it is a caution flag, not a forecast — a reason to build a real quarterly trajectory before sizing a pipeline, not evidence the category is shrinking. What is solid is solid; what is partial is labelled partial.
In one line: Federal civilian zero-trust / IT-services spend is concentrated in a few large prime integrators across GSA, VA and DHS/CISA — the obligation totals, the active-award pipeline and the recent incumbent ranking all point at the same names — and the public-company disclosure signal confirms the theme is live and recently intensifying. The envelope is broader than zero-trust alone, so treat this as a solid directional map of where to compete, partner and teach, with the partial edges labelled.
How to read this report. A HIGH confidence label marks a directly observed figure recomputed from the contract record; a MEDIUM label marks a signal that is real but partial — the public-company disclosure corroboration and the cross-agency vendor view both carry stated limitations inline. The report reads two distinct dollar lenses, never mixed: obligated dollars (money actually committed, Sections 01–02) and contract-award value (the total base-plus-options ceiling of an award, Section 03) — a single award can read in the billions because it is a lifetime ceiling, so the two are placed side by side and never added together. The awards sit in a federal IT-services spend envelope that is broader than zero-trust alone — so the dollars size the market within which zero-trust modernization is bought, not a zero-trust-only ledger. Where attribution rests on analyst grouping rather than an official agency-grouped figure, that is stated as a methodology note, not dressed as a finding.
01 · Vendor concentration — who captures the dollars
(Confidence: High.) The first question a federal-spend buyer asks is who already holds the money. On the awards at the three civilian agencies in view — the leading top-obligation awards in their computer-systems-design IT-services books, covering 2023 through 2026 — the answer is a concentrated set of large prime integrators. (Source: a federal contract-obligation read of the top-obligation awards across DHS, VA and GSA, 2023–2026.) Booz Allen Hamilton leads at roughly $10.94B across 15 awards, followed by Oracle Health Government Services (~$6.33B), CACI Federal (~$5.22B), Science Applications International / SAIC (~$4.09B), and General Dynamics Information Technology (~$3.15B), with Salient CRGT and Accenture Federal Services behind them. These are the firms holding the largest task-order vehicles into which zero-trust and cyber-modernization work is bought. One note on the list: it is ranked strictly by obligated dollars, so Dell Federal Systems (~$1.73B) appears at #8 ahead of Deloitte Consulting (~$1.72B) — but Dell's position rests on a single large award rather than the multi-award integrator pattern of the rest of the leaders, which is worth holding in mind when reading the concentration.
| Prime integrator | Obligated dollars | Notes |
|---|---|---|
| Booz Allen Hamilton | ~$10.94B | Leads, across 15 awards |
| Oracle Health Government Services | ~$6.33B | Health-IT modernization weight |
| CACI Federal | ~$5.22B | Holds continuous-diagnostics task orders |
| Science Applications International / SAIC | ~$4.09B | Enterprise-IT and network operations |
| General Dynamics Information Technology (GDIT) | ~$3.15B | Government-wide IT vehicles |
| Dell Federal Systems | ~$1.73B | #8 on a single large award, not a multi-award pattern |
| Deloitte Consulting | ~$1.72B | Multi-award integrator vehicles |
| Salient CRGT · Accenture Federal Services | trailing the leaders | Fill out the top of the book |
Figure — Federal IT-services obligations concentrate in a handful of large integrators (top vendors by obligated dollars, the awards that resolved across three civilian agencies). A small group of prime integrators holds the largest obligations — Booz Allen Hamilton leads at ~$10.94B. Ranked strictly by dollars: Dell Federal Systems (~$1.73B) enters at #8 on a single large award, the others on multi-award integrator vehicles. The envelope is federal IT-services (broader than zero-trust alone); zero-trust modernization is bought inside these vehicles. This is the leading edge of the book, not a complete census.
The strategic read for a buyer is direct: this is an incumbency-and-teaming market. New entry rarely comes through head-to-head displacement of a $10B-scale integrator on a flagship vehicle; it comes through subcontracting into those primes, holding a specialized zero-trust capability (identity, continuous monitoring, microsegmentation) the primes need to assemble, or capturing the smaller, mission-specific task orders the large players do not chase. Size the opportunity against the prime structure, not against a fragmented field that does not exist here.
02 · Agency envelope & mission fit — where the dollars sit vs. where the cyber mission sits
(Confidence: High.) The dollars and the mission are not the same agency, and a buyer should hold both in view. (Source: per-agency obligation legs, read one query per agency for DHS, VA and GSA so the agency attribution is reliable rather than inferred.) Reading each agency on its own award leg, GSA carries the largest IT-services book (~$24.99B on its top awards), with VA close behind (~$23.69B) and DHS at ~$8.81B. GSA's scale reflects its role as the government-wide acquisition hub (the vehicles other agencies buy through), and VA's reflects a very large health-IT modernization program. DHS — which houses CISA, the federal agency that owns the zero-trust mandate — is the smaller book by dollars but the truest fit by mission.
| Agency | IT-services obligations (top awards) | Role / mission fit |
|---|---|---|
| GSA | ~$24.99B | Government-wide acquisition hub — the vehicles other agencies buy through |
| VA | ~$23.69B | Very large health-IT modernization program |
| DHS (houses CISA) | ~$8.81B | Smaller book by dollars, truest fit by mission — owns the zero-trust mandate |
Figure — Where the obligations sit — GSA and VA lead, DHS/CISA is the cyber-mission buyer (obligations on the top awards, by agency, agency-scoped legs). GSA and VA carry the largest IT-services books; DHS/CISA carries the explicit zero-trust mission. The continuous-diagnostics program that operationalizes zero-trust monitoring surfaces directly among the DHS-adjacent awards. These are top obligations — reliable by agency, but not a complete census; the active-award pipeline is read separately in Section 03.
Inside this envelope sits the clearest genuine zero-trust signature in the data: the federal continuous-diagnostics-and-mitigation program — the government's standing mechanism for the continuous monitoring and identity controls at the heart of zero-trust — appears directly among the task orders (held by CACI and Booz Allen, among others). That matters because the broader IT-services envelope is wider than zero-trust: it includes large enterprise-IT, health-records and network-operations work that is not zero-trust per se. So the honest framing is layered — the dollar envelope sizes the market in which zero-trust is procured, the DHS/CISA mission map shows where the explicit zero-trust mandate concentrates, and the continuous-diagnostics task orders are the named, in-data zero-trust beachhead a buyer can target specifically.
03 · Active-award pipeline & incumbent ranking — the current contract pipeline and who is winning it
(Confidence: High.) The obligation totals say who has been paid; the active / recently-let award pipeline says what is moving now. (Source: the leading current awards at each agency by total contract-award value, plus a cross-agency recent-window incumbent ranking by obligated dollars.) Reading the leading current awards at each agency by total contract-award value — the base-plus-options ceiling of each award, a different lens from the obligated dollars in Sections 01–02 and never added to them — the picture is consistent with the concentration read. At DHS, the largest current awards sit with Science Applications International / SAIC (roughly $586M, border-IT targeting and analysis operations and maintenance), CACI Federal (~$469M, border-enforcement applications) and General Dynamics IT (~$297M) — the last of which operates the identity-infrastructure that sits closest to the zero-trust mission. GSA's current active-award book is comparatively thin and small-dollar, consistent with its role as the acquisition hub other agencies order through rather than a large direct buyer, and VA's largest current awards are community-care health-plan vehicles (Optum, TriWest) rather than IT or zero-trust work — the clearest single illustration that the IT-services envelope is broader than zero-trust and must be read with that filter in mind.
| Lens | Leaders | Read |
|---|---|---|
| DHS active awards (contract-award value) | SAIC ~$586M · CACI ~$469M · GDIT ~$297M | Current pipeline; GDIT's identity-infrastructure work sits closest to zero-trust |
| GSA active awards | Thin, small-dollar | Acquisition hub other agencies order through, not a large direct buyer |
| VA active awards | Community-care health-plan vehicles (Optum, TriWest) | Broader-than-zero-trust envelope at its clearest |
| Recent-window incumbent ranking (obligated dollars) | Booz Allen ~$8.25B / 9 awards · then CACI, Oracle Health, SAIC | Same names as the longer-window concentration view |
Figure — The same primes lead the recent-window incumbent ranking (top incumbents by obligated dollars across the three civilian agencies, trailing 12 months). The recent-window incumbent ranking puts Booz Allen first again (~$8.25B across nine awards), with CACI, Oracle Health and SAIC behind — the same names that lead the longer-window concentration view in Section 01. Three windows, one map: the concentration read is not a single-window artifact. Obligated-dollar view (distinct from the contract-award ceilings).
The pipelines reinforce a single strategic conclusion. Whether measured by long-run obligations, by current contract-award ceilings, or by the most recent incumbent ranking, the leaderboard is the same handful of primes — Booz Allen first, with CACI, Oracle Health and SAIC consistently close. For a buyer that confirms the entry geometry from Section 01 holds across every lens we can read: the realistic path is to team into or specialize beneath these incumbents, and to target the genuine cyber work (the DHS identity and continuous-diagnostics awards) specifically, rather than the health-plan and enterprise-IT ceilings that inflate the raw award-value totals.
04 · Demand-side disclosure signal — what public-company filings say about momentum
(Confidence: Medium.) To corroborate the spend picture from a fully independent source, we read the public-company disclosure surface — filings in which listed companies reference federal zero-trust work, agency-cybersecurity contracting and CISA. (Source: a public-company disclosure-signal read of roughly 600 filings referencing the theme, profiled by filing year.) Across roughly 600 such filings, the volume is concentrated in the most recent years: the 2024–2026 window carries the clear bulk, building on a 2021–2022 step-up. Read directionally, that is a live and intensifying federal-buy theme — the disclosure cadence rises exactly when the federal zero-trust mandate moved from policy to procurement. Recognizable cyber and federal-IT names appear in the set (identity, monitoring and federal-services specialists alongside the large integrators), which is the corroboration a buyer wants: the spend envelope and the public-market narrative point the same direction.
| Filing window | Share of the ~600 theme filings | Read |
|---|---|---|
| 2024–2026 | Clear bulk | The recent intensification — mandate moved from policy to procurement |
| 2021–2022 | Step-up | The cadence began rising here |
| Pre-2021 tail | Older minority | Pre-mandate tail; carries some non-cyber false positives |
Figure — Public-company disclosure of the federal zero-trust theme is concentrated in the most recent years (public-company filings referencing the theme, by filing year). Filings referencing the theme cluster in 2024–2026 — a directional confirmation the federal zero-trust theme is live and intensifying. It is a partial signal: it carries an older tail, some false positives from non-cyber filers, and misses several major primes, so it confirms momentum without putting a precise growth rate on it.
The honest caveat travels with this layer, stated rather than buried. This is a partial corroboration, carried at medium confidence. The filing set includes an older pre-mandate tail, a number of false positives (filers whose business is not cybersecurity at all but whose documents happen to match the language), and it does not surface several of the largest prime contractors who carry the biggest dollar obligations in Section 01. So the signal is reliable for one conclusion — the theme is live and the disclosure cadence is rising in the recent window — and explicitly not reliable for a precise growth percentage or a complete public-vendor roster. Used that way, it is a genuine independent check on the spend read; pushed further, it would over-claim.
05 · What this means for you — the go-to-market read, in priority order
- Plan to team with the prime integrators, not to displace them. Every lens points the same way — long-run obligations (Booz Allen ~$10.94B, then Oracle Health Government Services, CACI, SAIC, GDIT), the current active-award pipeline, and the recent incumbent ranking all put the same primes on top. Unless you are one of them, the realistic paths to revenue are subcontracting a specialized zero-trust capability into their flagship vehicles, or capturing the smaller mission-specific task orders they do not chase. Build the capture plan around the prime structure that actually holds the money.
- Target the continuous-diagnostics / CISA zero-trust beachhead specifically. The clearest genuine zero-trust signature in the data is the federal continuous-diagnostics-and-mitigation program at DHS/CISA — the standing mechanism for the monitoring and identity controls zero-trust requires — and the DHS active-award pipeline confirms it (the identity-infrastructure award held by GDIT, the CBP IT operations work held by SAIC and CACI). That is the named, in-data place to concentrate a zero-trust pitch, distinct from the broader IT-services envelope that surrounds it.
- Read GSA and VA as the dollar pools, DHS/CISA as the mission authority — and filter VA carefully. GSA and VA carry the largest IT-services books, but much of VA's current award value is community-care health-plan work, not IT or zero-trust at all, and GSA buys mostly flow through vehicles other agencies order against. Pursue GSA vehicles as the acquisition path and VA's genuine health-IT modernization as a scale opportunity, while anchoring the zero-trust value proposition to the CISA mandate that defines the requirement.
- Use the rising disclosure cadence as timing evidence — but do not price a growth rate off it. The public-company disclosure signal confirms the theme is live and intensifying in 2024–2026, which supports acting now rather than waiting. Because that signal is partial (dated tail, false positives, missing major primes), treat it as timing and direction, not as a quantified market-growth input to a model.
- Build a true quarterly trajectory before forecasting demand. One point-in-time snapshot at the tightest cyber scope flagged a downward value trend that a real period-by-period series would either confirm or dispel. Before sizing a multi-year bid pipeline, commission a genuine quarter-over-quarter aggregation per agency, and isolate the pure zero-trust slice from the surrounding IT-services envelope, so the forecast rests on a trajectory rather than a single snapshot.
Scope, confidence & what this read does not cover
This Federal Spend Pipeline sample reads the federal contract record across three complementary lenses — obligated dollars, current contract-award value, and a recent incumbent ranking — plus an independent public-company disclosure signal. The vendor-concentration, agency-envelope and active-award layers are directly observed and recomputed from the contract record; the disclosure layer is a real but partial corroboration. The following are the boundaries, each named with the specific reason and the work that closes it. They are coverage boundaries, not findings, and are never presented as such.
- The spend envelope is federal IT-services — broader than zero-trust alone. The obligations and awards are scoped to civilian computer-systems-design IT services, which includes large enterprise-IT, health-records and (at VA) community-care health-plan work that is not zero-trust, or even IT, per se — the VA active-award list, dominated by health-plan ceilings, is the clearest illustration. The dollars therefore size the market within which zero-trust is procured, not a zero-trust-only ledger. The genuine zero-trust signatures inside it (the continuous-diagnostics / CISA program, the DHS identity-infrastructure work) are called out specifically in Sections 02–03. Closing it: a zero-trust-specific keyword-and-PSC filtered pull to isolate the pure zero-trust slice from the surrounding IT-services envelope.
- Two dollar lenses, kept separate. The report reads obligated dollars (money committed) in Sections 01–02 and contract-award value (the total base-plus-options / lifetime-ceiling of an award) in Section 03. A single award can read in the billions because it is a lifetime ceiling, so the two figures are placed side by side and never summed or compared dollar-for-dollar. This is a reading discipline, not a data gap, but it is stated here so no figure is mistaken for the other.
- The disclosure-signal corroboration is partial — a direction, not a growth rate. The public-company filing signal confirms the theme is live and concentrated in the most recent years, but it carries an older pre-mandate tail, a number of false positives from non-cyber filers, and it misses several of the largest prime contractors. It is decision-grade for momentum and direction, never for a precise growth percentage or a complete public-vendor roster. Closing it: a time-filtered, prime-contractor-targeted disclosure pull to convert the directional signal into a clean recent-period cohort.
- The downward-trend snapshot is a caution flag, not a forecast. A point-in-time snapshot of awards at the tightest cyber scope showed a statistically significant decreasing value trend. Because it rests on a snapshot rather than a true period-by-period series, it is carried as a directional caution — a reason to build a real quarterly trajectory before forecasting — not as a finding that the category is shrinking. Closing it: a genuine quarter-over-quarter aggregation per agency.
- Attribution & entity-resolution methodology note. On the cross-agency leg, agency-level grouping was derived analytically rather than from an official agency-grouped figure; the reliable per-agency split in Section 02 comes from the agency-scoped legs, which is why those carry the agency claims. Vendor and program names are reported as they appear in the contract records. Where attribution rests on analyst grouping it is stated as such, consistent with the methodology discipline applied across these briefs.
This is a public sample of a federal-spend read at the Federal Spend Pipeline tier, reading the contract record across three lenses that all point the same way. The natural next step is a deepening engagement that isolates the pure zero-trust slice from the surrounding IT-services envelope, builds a clean quarter-over-quarter trajectory per agency, and converts the disclosure signal into a recent-period prime-contractor cohort so the bid pipeline is sized with full confidence. To commission it, reach the ForIntel desk directly at forintel@foragentis.com or scope an engagement at foragentis.com/forintel#order.
This is a public sample of a ForIntel Federal Spend Pipeline deliverable, published by Foragentis to demonstrate the method. It is a federal-spend read of the civilian zero-trust / cybersecurity buy, built from the federal contract record (per-agency obligation pulls for DHS, VA and GSA, the active-award pipeline per agency, and a cross-agency incumbent ranking) and a public-company disclosure-signal corroboration. There is no private buyer to redact: the agencies, integrators and contract figures are public and are preserved in full. The report reads two distinct dollar lenses kept separate — committed obligations and total contract-award value (lifetime ceilings) — which are never summed or compared dollar-for-dollar. The contract record sits in a federal IT-services envelope that is broader than zero-trust alone (and, at VA, includes community-care health-plan work), so the dollars size the market within which zero-trust is procured, not a zero-trust-only ledger. The disclosure signal is a directional, partial corroboration, not a quantified growth rate; a point-in-time snapshot showed a downward value trend that is a caution flag, not a forecast.
