What is a ForIntel Federal Spend Pipeline?

A Federal Spend Pipeline is a contract-obligation read for operators selling into, or competing inside, a federal buying theme. It reads the public federal-spend record — the awards that resolved across the agencies in view — to answer who already holds the money, which agencies obligate it, and where a specific mission (here, civilian zero-trust) actually concentrates, then corroborates the picture with an independent public-company disclosure signal. Every finding carries an explicit confidence label: a High chip marks a figure directly recomputed from awards that resolved, a Medium chip marks a real but partial signal. Query legs that return empty are named, not back-filled, and the dollars are presented as the leading edge of the resolved book rather than a complete federal census.

What did this sample find about federal civilian zero-trust spending?

On the obligation legs that resolved, civilian zero-trust modernization is bought inside a concentrated IT-services integrator market. The dollars are top-heavy: Booz Allen Hamilton leads at roughly $10.94B across 15 awards, followed by Oracle Health Government Services (~$6.33B), CACI Federal (~$5.22B), SAIC (~$4.09B) and General Dynamics IT (~$3.15B) — an incumbency-and-teaming market, not an open field. By agency, GSA (~$24.99B) and VA (~$23.69B) carry the largest resolved IT-services books, while DHS (~$8.81B) is the smaller book by dollars but the truest fit by mission because it houses CISA, whose continuous-diagnostics-and-mitigation program is the named, in-data zero-trust beachhead. Public-company filings referencing the theme cluster in 2024–2026, confirming the buy is live and intensifying. The honest edge: of ten federal-spend legs, five resolved and five returned empty, the resolved envelope is broader than zero-trust alone, and a downward-value snapshot is carried as a caution flag, not a forecast.

What data sources does a Federal Spend Pipeline use, and what are their limits?

This sample rests on two layers. The first is the public federal contract-obligation record, pulled one agency at a time for DHS, VA and GSA over 2023–2026 plus a cross-agency leg — which makes the per-agency split reliable and the vendor-concentration recompute directly observed (High confidence). The second is the public-company disclosure surface: roughly 600 filings referencing federal zero-trust, agency-cyber contracting and CISA, read by filing year as an independent momentum check (Medium confidence). The stated limits are explicit: half the ten obligation legs returned empty (the active / recently-let award pulls for all three agencies, the recipient-ranking pull and the spend-concentration pull), so the dollars are the leading edge of the resolved book and are never scaled up to fill the empty legs. The resolved envelope is civilian computer-systems-design IT services — broader than zero-trust alone. The disclosure signal carries an older pre-mandate tail, false positives from non-cyber filers and misses several major primes, so it is decision-grade for direction and timing, never for a precise growth rate. On the cross-agency leg, agency grouping was derived analytically rather than from an official agency-grouped figure.

How do I commission a Federal Spend Pipeline?

Contact the ForIntel desk at forintel@foragentis.com or scope an engagement on the ForIntel order page at foragentis.com/forintel#order. The completion engagement recovers the empty legs from this sample — a clean re-pull of the active-solicitation and recipient-ranking legs and the spend-concentration pull — isolates the pure zero-trust slice from the surrounding IT-services envelope with a keyword-and-PSC filtered pull, and builds a true quarter-over-quarter trajectory per agency, so a bid pipeline is sized on a complete picture rather than the resolved half.

Sample ForIntel Federal Spend Pipeline — Where Federal Zero-Trust Dollars Land Inside the IT-Services Book

What this sample shows

This is a public sample of a ForIntel Federal Spend Pipeline deliverable, published by Foragentis to demonstrate the method. It is a federal-spend read of the civilian zero-trust / cybersecurity services buy, built from public federal contract-obligation data and a public-company disclosure-signal corroboration. There is no private buyer to redact: the agencies in view (DHS, which covers CISA, plus VA and GSA), the prime integrators capturing the spend, and the obligation figures are all public information, and they are named and preserved in full. The only confidential element of the source — the client-deliverable footer — has been reframed for public-sample use.

It demonstrates what the Federal Spend Pipeline reads: a contract-obligation map of where civilian zero-trust dollars land, built from three observed layers — vendor concentration on the awards that resolved, the agency envelope versus the cyber mission, and a demand-side public-company disclosure signal — each carrying an explicit confidence label. The sample is deliberately explicit about where the picture is solid and where it is partial: half the federal-spend legs returned empty, the resolved envelope is broader than zero-trust alone, and those boundaries are named rather than filled in.


Theme	Federal civilian zero-trust / cybersecurity services
Buyers in view	DHS (covers CISA) · VA · GSA
Window	Obligations 2023–2026 · Jun 2026 snapshot
Method	Federal contract-obligation read on the awards that resolved + public-company disclosure-signal corroboration, with the empty legs disclosed and never extrapolated
Prepared by	ForIntel by Foragentis

The verdict

Federal civilian zero-trust modernization is procured inside a concentrated IT-services integrator market across GSA, VA and DHS/CISA — the theme is live and intensifying, and the honest edge of the data is named, not hidden.

This is a federal-spend read of the civilian zero-trust / cybersecurity buy, built only from the obligation legs that resolved and the public-company disclosure signal that corroborates them. On the awards that came back, the dollars are top-heavy: a small set of prime integrators — Booz Allen Hamilton (~$10.94B), Oracle Health Government Services, CACI Federal, SAIC, GDIT — hold the largest task-order vehicles, so this is an incumbency-and-teaming market rather than an open field. By agency, GSA (~$24.99B) and VA (~$23.69B) carry the largest resolved IT-services books, while DHS (~$8.81B) is where the explicit cyber mission — CISA's continuous-diagnostics zero-trust program — actually sits. The demand-side disclosure signal confirms the theme is live and concentrated in the most recent years, a directional confirmation rather than a precise growth rate. The candor that makes this decision-grade: half the federal-spend legs returned empty (the active-award, recipient-ranking and concentration pulls), and the resolved envelope is broader than zero-trust alone — so we present a solid map of where to compete, partner and teach, with the partial edges labelled rather than filled in.

The dollars that resolved concentrate in a handful of large integrators — not a fragmented field. Across the federal IT-services awards that resolved at the three civilian agencies in view, the obligations are top-heavy: Booz Allen Hamilton leads at roughly $10.94B across 15 awards, followed by Oracle Health Government Services (~$6.33B), CACI Federal (~$5.22B), SAIC (~$4.09B) and General Dynamics IT (~$3.15B). A buyer entering this market is competing against, or selling alongside, a small set of entrenched prime integrators that hold the largest task-order vehicles — this is an incumbency-and-teaming market, not an open field.
GSA and VA carry the largest resolved IT-services books; DHS is where the explicit cyber mission sits. On the awards that resolved — pulled one agency at a time, so the agency split is reliable — GSA leads (~$24.99B on its top awards), with VA close behind (~$23.69B) and DHS at ~$8.81B. The dollar leaders (GSA, VA) reflect broad government-wide and health-IT modernization vehicles; DHS — which houses CISA — is the agency where the explicit zero-trust mission lives, and the continuous-diagnostics program that operationalizes zero-trust monitoring surfaces directly among its awards. Read the dollar size and the mission fit as two different signals.
The public-company disclosure signal confirms the theme is live and recently intensifying — but it is a direction, not a growth rate. Public-company filings that reference federal zero-trust, agency-cyber contracting and CISA are concentrated in the most recent years (the 2024–2026 window carries the clear bulk of the 600 filings reviewed). That independently corroborates a live, intensifying federal-buy theme. It is, however, a partial corroboration: the filing set carries an older tail, some false positives from non-cyber filers, and misses several of the largest prime contractors — so it confirms momentum exists without letting anyone put a precise growth percentage on it.
Half the federal-spend picture did not resolve — and we say so rather than fill the gap. Of the ten federal-spend query legs run for this brief, five returned data and five returned empty: the active / recently-let award pulls for all three agencies, the recipient-ranking pull, and the spend-concentration pull all came back with no records. The findings above rest only on the legs that resolved and are not extrapolated to the empty ones. A separate point-in-time snapshot showed a statistically significant downward value trend at the tightest cyber scope — but on a snapshot, not a true period-by-period series, so it is a caution flag, not a forecast. What is solid is solid; what is partial is labelled partial.

In one line: On the federal dollars that resolved, civilian zero-trust / IT-services spend is concentrated in a few large prime integrators across GSA, VA and DHS/CISA, and the public-company disclosure signal confirms the theme is live and recently intensifying — but half the spend legs returned empty and the resolved envelope is broader than zero-trust alone, so treat this as a solid directional map of where to compete and teach, not a complete spend census.

How to read this report. A HIGH confidence label marks a directly observed figure recomputed from the awards that resolved; a MEDIUM label marks a signal that is real but partial — the public-company disclosure corroboration and the cross-agency vendor view both carry stated limitations inline. Every dollar figure here is drawn only from the obligation legs that returned data; the legs that returned empty are named in the closing section and are never back-filled with an estimate. The resolved awards sit in a federal IT-services spend envelope that is broader than zero-trust alone — so the dollars size the market within which zero-trust modernization is bought, not a zero-trust-only ledger. Where attribution rests on analyst grouping rather than an official agency-grouped figure, that is stated as a methodology note, not dressed as a finding. The point of this report is to be honest about the difference between what resolved solid and what came back partial.

01 · Vendor concentration — who captures the dollars that resolved

(Confidence: High.) The first question a federal-spend buyer asks is who already holds the money. On the awards that resolved at the three civilian agencies in view — the leading top-obligation awards in their computer-systems-design IT-services books, covering 2023 through 2026 — the answer is a concentrated set of large prime integrators. (Source: a federal contract-obligation read of the top-obligation awards that resolved across DHS, VA and GSA, 2023–2026.) Booz Allen Hamilton leads at roughly $10.94B across 15 of the resolved awards, followed by Oracle Health Government Services (~$6.33B), CACI Federal (~$5.22B), Science Applications International / SAIC (~$4.09B), and General Dynamics Information Technology (~$3.15B), with Salient CRGT, Accenture Federal Services and Deloitte Consulting filling out the leaders. These are the firms holding the largest task-order vehicles into which zero-trust and cyber-modernization work is bought.

Prime integrator	Obligated dollars (resolved awards)	Notes
Booz Allen Hamilton	~$10.94B	Leads, across 15 of the resolved awards
Oracle Health Government Services	~$6.33B	Health-IT modernization weight
CACI Federal	~$5.22B	Holds continuous-diagnostics task orders
Science Applications International / SAIC	~$4.09B	Enterprise-IT and network operations
General Dynamics Information Technology (GDIT)	~$3.15B	Government-wide IT vehicles
Salient CRGT · Accenture Federal Services · Deloitte Consulting	trailing the leaders	Fill out the top of the resolved book

Figure — Federal IT-services obligations concentrate in a handful of large integrators (top vendors by obligated dollars, on the awards that resolved across three civilian agencies). On the awards that resolved, a small group of prime integrators holds the largest obligations — Booz Allen Hamilton leads at ~$10.94B. The envelope is federal IT-services (broader than zero-trust alone); zero-trust modernization is bought inside these vehicles. This is the leading edge of the book on the legs that resolved, not a complete census.

The strategic read for a buyer is direct: this is an incumbency-and-teaming market. New entry rarely comes through head-to-head displacement of a $10B-scale integrator on a flagship vehicle; it comes through subcontracting into those primes, holding a specialized zero-trust capability (identity, continuous monitoring, microsegmentation) the primes need to assemble, or capturing the smaller, mission-specific task orders the large players do not chase. Size the opportunity against the prime structure, not against a fragmented field that does not exist here.

02 · Agency envelope & mission fit — where the dollars sit vs. where the cyber mission sits

(Confidence: High.) The dollars and the mission are not the same agency, and a buyer should hold both in view. (Source: per-agency obligation legs, read one query per agency for DHS, VA and GSA so the agency attribution is reliable rather than inferred.) Reading each agency on its own resolved-award leg, GSA carries the largest resolved IT-services book (~$24.99B on its top awards), with VA close behind (~$23.69B) and DHS at ~$8.81B. GSA's scale reflects its role as the government-wide acquisition hub (the vehicles other agencies buy through), and VA's reflects a very large health-IT modernization program. DHS — which houses CISA, the federal agency that owns the zero-trust mandate — is the smaller book by dollars but the truest fit by mission.

Agency	Resolved IT-services obligations (top awards)	Role / mission fit
GSA	~$24.99B	Government-wide acquisition hub — the vehicles other agencies buy through
VA	~$23.69B	Very large health-IT modernization program
DHS (houses CISA)	~$8.81B	Smaller book by dollars, truest fit by mission — owns the zero-trust mandate

Figure — Where the resolved obligations sit (obligations on the top awards that resolved, by agency, agency-scoped legs). GSA and VA carry the largest resolved IT-services books; DHS/CISA carries the explicit zero-trust mission. The continuous-diagnostics program that operationalizes zero-trust monitoring surfaces directly among the resolved DHS-adjacent awards. These are top obligations on the legs that resolved — reliable by agency, but not a complete census.

Inside this envelope sits the clearest genuine zero-trust signature in the resolved data: the federal continuous-diagnostics-and-mitigation program — the government's standing mechanism for the continuous monitoring and identity controls at the heart of zero-trust — appears directly among the resolved task orders (held by CACI and Booz Allen, among others). That matters because the broader IT-services envelope is wider than zero-trust: it includes large enterprise-IT, health-records and network-operations work that is not zero-trust per se. So the honest framing is layered — the dollar envelope sizes the market in which zero-trust is procured, the DHS/CISA mission map shows where the explicit zero-trust mandate concentrates, and the continuous-diagnostics task orders are the named, in-data zero-trust beachhead a buyer can target specifically.

03 · Demand-side disclosure signal — what public-company filings say about momentum

(Confidence: Medium.) To corroborate the spend picture from a fully independent source, we read the public-company disclosure surface — filings in which listed companies reference federal zero-trust work, agency-cybersecurity contracting and CISA. (Source: a public-company disclosure-signal read of roughly 600 filings referencing the theme, profiled by filing year.) Across roughly 600 such filings, the volume is concentrated in the most recent years: the 2024–2026 window carries the clear bulk, building on a 2021–2022 step-up. Read directionally, that is a live and intensifying federal-buy theme — the disclosure cadence rises exactly when the federal zero-trust mandate moved from policy to procurement. Recognizable cyber and federal-IT names appear in the set (identity, monitoring and federal-services specialists alongside the large integrators), which is the corroboration a buyer wants: the spend envelope and the public-market narrative point the same direction.

Filing window	Share of the ~600 theme filings	Read
2024–2026	Clear bulk	The recent intensification — mandate moved from policy to procurement
2021–2022	Step-up	The cadence began rising here
Pre-2021 tail	Older minority	Pre-mandate tail; carries some non-cyber false positives

Figure — Public-company disclosure of the federal zero-trust theme is concentrated in the most recent years (public-company filings referencing the theme, by filing year). Filings referencing the theme cluster in 2024–2026 — a directional confirmation the federal zero-trust theme is live and intensifying. It is a partial signal: it carries an older tail, some false positives from non-cyber filers, and misses several major primes, so it confirms momentum without putting a precise growth rate on it.

The honest caveat travels with this layer, stated rather than buried. This is a partial corroboration, carried at medium confidence. The filing set includes an older pre-mandate tail, a number of false positives (filers whose business is not cybersecurity at all but whose documents happen to match the language), and it does not surface several of the largest prime contractors who carry the biggest dollar obligations in Section 01. So the signal is reliable for one conclusion — the theme is live and the disclosure cadence is rising in the recent window — and explicitly not reliable for a precise growth percentage or a complete public-vendor roster. Used that way, it is a genuine independent check on the spend read; pushed further, it would over-claim.

04 · What this means for you — the go-to-market read, in priority order

Plan to team with the prime integrators, not to displace them. The resolved dollars concentrate in a handful of large primes (Booz Allen ~$10.94B, then Oracle Health Government Services, CACI, SAIC, GDIT). Unless you are one of them, the realistic paths to revenue are subcontracting a specialized zero-trust capability into their flagship vehicles, or capturing the smaller mission-specific task orders they do not chase. Build the capture plan around the prime structure that actually holds the money.
Target the continuous-diagnostics / CISA zero-trust beachhead specifically. The clearest genuine zero-trust signature in the resolved data is the federal continuous-diagnostics-and-mitigation program at DHS/CISA — the standing mechanism for the monitoring and identity controls zero-trust requires. That is the named, in-data place to concentrate a zero-trust pitch, distinct from the broader IT-services envelope that surrounds it.
Read GSA and VA as the dollar pools, DHS/CISA as the mission authority. GSA and VA carry the largest resolved IT-services books, but much of that is enterprise-IT and health-records modernization rather than zero-trust per se. Pursue GSA vehicles as the acquisition path and VA as a scale opportunity, while anchoring the zero-trust value proposition to the CISA mandate that defines the requirement.
Use the rising disclosure cadence as timing evidence — but do not price a growth rate off it. The public-company disclosure signal confirms the theme is live and intensifying in 2024–2026, which supports acting now rather than waiting. Because that signal is partial (dated tail, false positives, missing major primes), treat it as timing and direction, not as a quantified market-growth input to a model.
Commission the completion pull before sizing a full bid pipeline. Half the federal-spend legs returned empty (active / recently-let awards, recipient ranking, spend concentration), and one snapshot flagged a downward value trend that a true period-by-period series would either confirm or dispel. The natural next step (closing section) is a clean re-pull that recovers the active-solicitation and recipient-ranking legs and builds a real quarterly trajectory, so the pipeline is sized on a complete picture rather than the resolved half.

Scope, confidence & what this read does not cover

This Federal Spend Pipeline sample is authored to a partial substrate and says so plainly. The vendor-concentration and agency-envelope layers are directly observed and recomputed from the obligation legs that resolved; the demand-side disclosure layer is a real but partial corroboration. The following are the boundaries, each named with the specific reason and the work that closes it. They are coverage boundaries, not findings, and are never presented as such — and crucially, nothing in the findings above is extrapolated across them.

Half the federal-spend legs returned empty — the brief rests only on the legs that resolved. Ten federal-obligation query legs were run; five returned data and five returned empty. The empty ones are the active / recently-let award pulls for all three agencies, the recipient-ranking pull, and the spend-concentration pull. As a result, this brief reports the resolved per-agency top-obligation envelope and the vendor concentration on those resolved awards — and it does not report a complete active-solicitation list, an official agency-grouped total, or a clean recipient ranking, because those legs did not return. The dollar figures are therefore the leading edge of the resolved book, not a complete federal census, and they are not scaled up to estimate the missing legs. Closing it: a clean re-pull of the active-award, recipient-ranking and concentration legs.
The resolved envelope is federal IT-services — broader than zero-trust alone. The resolved obligations are scoped to civilian computer-systems-design IT services, which includes large enterprise-IT, health-records and network-operations work that is not zero-trust per se. The dollars therefore size the market within which zero-trust is procured, not a zero-trust-only ledger. The genuine zero-trust signatures inside it (the continuous-diagnostics / CISA program, identity and monitoring task orders) are called out specifically in Section 02. Closing it: a zero-trust-specific keyword-and-PSC filtered pull to isolate the pure zero-trust slice from the surrounding IT-services envelope.
The disclosure-signal corroboration is partial — a direction, not a growth rate. The public-company filing signal confirms the theme is live and concentrated in the most recent years, but it carries an older pre-mandate tail, a number of false positives from non-cyber filers, and it misses several of the largest prime contractors. It is decision-grade for momentum and direction, never for a precise growth percentage or a complete public-vendor roster. Closing it: a time-filtered, prime-contractor-targeted disclosure pull to convert the directional signal into a clean recent-period cohort.
The downward-trend snapshot is a caution flag, not a forecast. A point-in-time snapshot of awards at the tightest cyber scope showed a statistically significant decreasing value trend. Because it rests on a snapshot rather than a true period-by-period series, it is carried as a directional caution — a reason to build a real quarterly trajectory before forecasting — not as a finding that the category is shrinking. Closing it: a genuine quarter-over-quarter aggregation per agency.
Attribution & entity-resolution methodology note. On the cross-agency leg, agency-level grouping was derived analytically rather than from an official agency-grouped figure; the reliable per-agency split in Section 02 comes from the agency-scoped legs, which is why those carry the agency claims. Vendor and program names are reported as they appear in the resolved records. Where attribution rests on analyst grouping it is stated as such, consistent with the methodology discipline applied across these briefs.

This is a public sample of a federal-spend read at the Federal Spend Pipeline tier, authored to the half of the pipeline that resolved. The natural next step is a completion engagement that recovers the active-solicitation and recipient-ranking legs, isolates the pure zero-trust slice from the surrounding IT-services envelope, and builds a clean quarter-over-quarter trajectory so the bid pipeline is sized on a complete picture. To commission it, reach the ForIntel desk directly at forintel@foragentis.com or scope an engagement at foragentis.com/forintel#order.

This is a public sample of a ForIntel Federal Spend Pipeline deliverable, published by Foragentis to demonstrate the method. It is a federal-spend read of the civilian zero-trust / cybersecurity buy, built only from the contract-obligation legs that resolved (the per-agency top-obligation pulls for DHS, VA and GSA, plus a cross-agency leg) and a public-company disclosure-signal corroboration. There is no private buyer to redact: the agencies, integrators and obligation figures are public and are preserved in full. Half the federal-spend legs returned empty (active-award, recipient-ranking and concentration pulls); the findings rest only on the resolved legs and are not extrapolated to the empty ones. The resolved obligations sit in a federal IT-services envelope that is broader than zero-trust alone, so the dollars size the market within which zero-trust is procured, not a zero-trust-only ledger. The disclosure signal is a directional, partial corroboration, not a quantified growth rate; a point-in-time snapshot showed a downward value trend that is a caution flag, not a forecast. Dollar figures are the leading edge of the resolved awards, not a complete federal census.