ODOS IV Solicitation Preview: USCIS DevSecOps Contract Insight

ODOS IV Solicitation Preview: Key Insights and Eligibility Guide

The Department of Homeland Security (DHS), through U.S. Citizenship and Immigration Services (USCIS), is preparing to launch the Outcome-Based Delivery and DevOps Services IV (ODOS IV) contract. This major recompete initiative, building on the ODOS III framework, represents a multi-year investment in digital modernization that leverages DevSecOps best practices and high-performing agile teams. With an estimated value exceeding $100 million and a forecasted solicitation release in Q1 2025, this contract is pivotal for small businesses in the federal technology services sector.

To view the official USCIS forecast and details, visit the Acquisition Planning Forecast System (APFS) listing.

What Is ODOS IV?

The ODOS IV Solicitation Preview outlines DHS/USCIS’s vision for scaling outcome-driven DevSecOps support across its core immigration systems: ELIS (Electronic Immigration System), Global, and transitioning components from CLAIMS 3 and Benefits Hub. The overarching goal is to integrate and streamline case management services for immigration, asylum, and refugee operations.

ODOS IV comprises two major task areas:

DevSecOps and UXD/IxD Services: To deliver rapid and secure development of user-centered features in ELIS and Global.
Infrastructure and Integration Services: To ensure stable, secure, and efficient CI/CD pipeline operations, system reliability, and cloud infrastructure management.

Together, these tasks support USCIS’ transformation objectives: increased automation, reduced cycle times, zero-defect code deployment, and enhanced user experience across mission-critical systems.

Why This Opportunity Matters

The ODOS IV contract builds upon the lessons and capabilities of ODOS III, which involved 45 DevSecOps teams across four task orders. The upcoming version introduces structural refinements, including splitting the infrastructure task area into a separate award and sharpening the performance expectations around security, scalability, and team agility.

The combined value of the incumbent contracts under ODOS III exceeds $410 million, and the ODOS IV acquisition is expected to maintain or surpass this investment level. With its high visibility and strategic role in USCIS’s digital operations, ODOS IV represents a significant opportunity for vendors with mature agile delivery practices and cloud-native expertise.

Key Technical and Operational Requirements

From the draft Performance Work Statement (PWS) and industry Q&A, USCIS has emphasized several high-priority expectations:

Daily Code Deployment Cadence: DevSecOps teams must deliver secure, production-ready code daily, following CI/CD best practices on the AWS EKS platform.
Shift-Left Security: Embedded security and automated compliance throughout the development pipeline.
Microservices Architecture: Redesign legacy monolithic apps into modular, containerized microservices.
Zero-Defect Deliverables: Focus on quality, user-centric design, and proactive monitoring to eliminate production defects.
Cloud Optimization and Cost Management: Contractors must contribute to FinOps practices and reduce operational overhead in AWS.
Site Reliability Engineering (SRE): Teams should adhere to modern SRE principles to ensure uptime, latency, and resiliency benchmarks.

These capabilities must be executed with a collaborative mindset, as USCIS expects close coordination across multi-vendor environments and between government and industry teams.

Eligibility and Team Composition

The ODOS IV Solicitation Preview confirms that this contract will be 100% set aside for small businesses under NAICS Code 541512 (Computer Systems Design Services). It will be released via GSA MAS Schedule, meaning only holders of a valid GSA contract will be eligible to compete.

Each contractor may be awarded up to 20 DevSecOps teams, each composed of 9 Full-Time Equivalents (FTEs):

5 FTEs with labor categories defined by USCIS (e.g., Senior Application Developer, Lead Business Analyst, UX Lead).
4 FTEs chosen by the vendor, limited to priced labor categories on their GSA Schedule.

Additional optional CLINs may be awarded or terminated based on performance metrics, which include delivery timeliness, team stability, and quality outcomes.

Notably, at least four Infrastructure and Integration team members must hold AWS certifications, and all personnel must demonstrate working knowledge of the USCIS technical landscape.

Transition and Knowledge Transfer

A structured 3-month transition-in period is planned for all awardees. During this time, vendors are expected to onboard staff, establish technical environments, and complete government-led knowledge transfer from incumbents. Prompt and efficient transition is seen as critical to maintaining delivery cadence and service continuity.

Security and Compliance Standards

Security expectations are grounded in the CISA Zero Trust Maturity Model. Vendors must:

Implement Zero Trust across identity, devices, data, networks, and workloads.
Adhere to DHS FISMA guidance and NIST Risk Management Framework.
Incorporate vulnerability management, secure coding practices, and automated scanning tools like Checkmarx.

System availability, incident response, and Mean Time To Respond (MTTR) will be tracked and scored during contract performance.

Tools and Technologies in Use

ODOS IV contractors must align with the technologies listed in the technical landscape:

Languages/Frameworks: Java, Ruby on Rails, C#, .NET
CI/CD Toolchains: Jenkins, Docker, AWS CodePipeline, Terraform
Cloud Infrastructure: AWS EKS, Lambda, API Gateway, RDS
Monitoring/Observability: CloudWatch, Datadog, New Relic
Security Tools: Checkmarx, SonarQube, Veracode
UX/IX Tools: Figma, Sketch, Adobe XD

Any suggested alternative tools must be pre-approved and justified for business value.

Role of UXD/IxD in ODOS IV

User experience is not an afterthought. ODOS IV establishes dedicated UXD/IxD resources embedded within each DevSecOps team to:

Conduct user research and usability testing
Create wireframes, style guides, and design prototypes
Align design practices with accessibility and Section 508 compliance

Vendors must maintain updated UX deliverables and participate in continuous product refinement cycles.

Performance-Based Expectations

This is not a time-and-materials contract with loose oversight. ODOS IV reinforces an outcome-focused culture:

Teams must demonstrate performance through delivered functionality, not hours logged.
Frequent turnover or slow replacement of key personnel will negatively affect contractor scores.
Automated quality assurance, test-driven development, and shared monitoring dashboards are required to ensure transparency and accountability.

Timeline and Award Structure

According to the Acquisition Planning Forecast System:

Estimated RFP Release: January 30, 2025
Anticipated Award: Q4 FY2025
Contract Duration: 5 years (through September 24, 2030)

The award will be divided into multiple task orders under two major tracks:

DevSecOps and UXD/IxD Services (primary)
Infrastructure and Integration Services (separate award)

Final Thoughts

The ODOS IV Solicitation Preview is more than a procurement. It signals USCIS’ commitment to a fast, secure, user-focused digital future. Contractors must not only have the technical proficiency but also the maturity to thrive in a mission-first, performance-based delivery culture.

For small businesses with the right GSA schedule and the ability to field agile, security-minded teams at scale, this is a rare and strategic opportunity to be part of the federal government’s digital transformation journey.

About the Author: David Ford

David Ford is a member of the GDIC National Capture and Sourcing Team. He enjoys using his more than 15 years of experience in working with federal solicitations to capture, select and analyse new opportunities in the federal space and provide the information to governement contractors.