Goblin House
Goblin House
Claim investigated: CISA's transition from advisory to operational cybersecurity authority under EO 14028 created new procurement channels that may systematically exempt major intelligence contractors from standard disclosure requirements Entity: Booz Allen Hamilton Original confidence: inferential Result: CONTRADICTED → INFERENTIAL Source: External LLM (manual handoff)
The inference that CISA's transition under EO 14028 created new procurement channels with systematic disclosure exemptions for intelligence contractors is contradicted by the regulatory record. EO 14028 and subsequent FAR changes increased, rather than exempted, contractor reporting obligations, mandating cyber incident disclosure to CISA and standardizing security requirements. While CISA gained independent procurement authority in 2022, this administrative change did not create new classified contract categories or alter existing transparency frameworks under FAR Part 4.6 and FFATA.
Reasoning: The inference is contradicted by primary source evidence. EO 14028 Section 2 required a review of FAR to remove contractual barriers to information sharing with CISA, leading to proposed rules that mandate new incident reporting obligations for contractors. CISA's operational transition under EO 14028 and the CISA Act of 2018 involved organizational restructuring, not the creation of classified procurement channels exempt from disclosure. CISA's independent procurement authority, granted in July 2022, was an administrative delegation allowing CISA to manage its own contracting officers, not a new statutory authority to bypass USASpending reporting. The CIA's longstanding policy of non‑reporting for classified and unclassified contracts under the 'mosaic effect' predates 2021 and is unrelated to CISA's operational role【Fact 8】. Furthermore, Booz Allen Hamilton's $421 million CDM DEFEND contract with CISA is publicly visible on USASpending.gov, demonstrating that CISA‑sourced contracts are not systematically hidden. Therefore, the claimed causal link between CISA's transition and new disclosure exemptions is unsupported.
USASpending: recipient_name:BOOZ ALLEN HAMILTON INC AND awarding_agency_name:CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY
Confirms that Booz Allen's CISA contracts are publicly reported, directly contradicting claims of systematic exemption.
other: FAR Case 2021-017, 'Cyber Threat and Incident Reporting and Information Sharing' proposed rule
Provides the exact language of new reporting obligations under EO 14028, demonstrating that the rule increased, not exempted, disclosure requirements.
SEC EDGAR: Booz Allen Hamilton 10-K FY2024, Item 1A Risk Factors, 'government contracting' or 'cybersecurity'
Would disclose if CISA's new operational role or procurement authority created any material risk or opportunity related to disclosure exemptions.
other: 44 U.S.C. § 3552(b) (CISA Binding Operational Directives)
Clarifies the legal scope of CISA's operational directives and confirms they do not create procurement exemptions.
SIGNIFICANT — This finding corrects a critical misunderstanding about the nature of CISA's operational transition under EO 14028. It demonstrates that the executive order and subsequent regulatory changes increased transparency and reporting obligations for contractors, rather than creating new avenues for non‑disclosure. The analysis also clarifies that CISA's procurement authority is an administrative change, not a new statutory exemption, and that the true drivers of intelligence contractor opacity remain long‑standing agency‑specific policies, not recent CISA‑related developments. This is significant for understanding the actual levers of transparency in federal cybersecurity procurement.