What must contractors know to bid on the Fort Bliss and Dugway data center public-private partnerships in 2026?

According to GSA guidelines, contractors must align proposals with installation-specific enhanced-use lease terms, FedRAMP authorization timelines, and Army site requirements while demonstrating finance and operations capability. This means bidders need documented site-control plans, capital structure, sustainability and energy plans, and cybersecurity posture. The Army’s announcement identifies Fort Bliss (TX) and Dugway Proving Ground (UT) as two targeted sites in the Army’s conditional agreement for hyperscaled data centers, and GSA-led acquisition guidance will govern the solicitation format and evaluation criteria. Contractors should expect evaluation factors for technical solution, lease and utility terms, security, and past performance. Small business programs and set-aside considerations (8(a), HUBZone, SDVOSB) will be administered per FAR, and teaming strategies are essential to meet both financial and technical thresholds. Early engagement with installation public affairs, legal counsel for enhanced-use lease terms, and a FedRAMP plan will shorten proposal cycle time and reduce disqualification risk.

Per FAR 19.502, small businesses can form joint ventures or team with larger primes to pursue complex infrastructure leases and construction-related awards while preserving small business status for set‑aside credit. For the Fort Bliss and Dugway P3s, teams should document joint venture agreements, performance and payment bonds, and small business certifications in SAM and SBA profiles. Teaming agreements must specify responsibility for security controls, data handling, and CMMC responsibilities when DoD components or DoD standards are invoked. Per FAR, primes must disclose subcontracting to protect small business eligibility and satisfy evaluation criteria if the acquisition includes small business goals. Contractors should plan to register and validate small business certifications at least 90 days before proposal submission to allow SBA or contracting officer verifications and to include those confirmations in the proposal.

The SBA reports that 78% of small federal contractors pursue teaming as their primary path to win complex IT infrastructure work; for Fort Bliss and Dugway, teaming accelerates access to capital, operational experience, and required cybersecurity capabilities. Small firms (8(a), HUBZone, WOSB, SDVOSB) should identify primes with hyperscale operations, negotiate clear roles for FedRAMP and CMMC responsibilities, and secure memorandum of understanding (MOU) text that reflects proposal evaluation criteria. SBA counseling and procurement technical assistance centers (PTACs) can help craft teaming agreements and review compliance with small business regulations. Use SBA’s Certified HUBZone and 8(a) search tools to find partners and document socioeconomic credit claims prior to proposal submission.

Under OMB M-25-21, agencies will prioritize secure cloud adoption and authorizations, which directly shapes how the Army and GSA structure data center P3 solicitations and FedRAMP timelines. The Army’s conditional agreement and related press coverage outline an intent to leverage private capital and industry best practices to host mission workloads on bases, while ensuring security and continuity. The OMB guidance requires agencies to consider enterprise cloud strategies and risk-based authorization paths; for bidders that means aligning solution architectures with agency cloud-first and FedRAMP requirements, preparing an Authority to Operate (ATO) plan, and budgeting for third-party authorization time and assessments. Because these are base-hosted facilities with enhanced-use lease structures, proposals must also map to installation master plans, utility interconnect requirements, and environmental and construction permitting timelines. Coordinate early with base real property and GSA contracting officers to reconcile site access, MILCON or non‑MILCON boundaries, and tenant terms.

DoD's CMMC framework requires documented cybersecurity practices and third‑party assessment where applicable, and while these Army P3s are not traditional prime DoD contracts, contractors should assume CMMC Level 2 controls for controlled unclassified information and higher for mission datasets. The Army and GSA will evaluate security posture, incident response plans, and continuous monitoring commitments. FedRAMP authorization (at least Moderate) for cloud services is typically required when DoD or joint mission systems are involved, so contractors should include a FedRAMP timeline with milestones for package submission, ATO reciprocity path, and CA/ATO target dates. Include staffing plans for a dedicated security operations center (SOC), SIEM integration timelines, and supply chain risk management (SCRM) controls consistent with DFARS and DoD expectations even if the prime is not a DoD component.

According to GSA guidelines, contractors must present a full enhanced‑use lease proposal that includes lease terms, utility and interconnection plans, environmental compliance, and a financial model demonstrating private capital and operations funding. The proposal should show startup capex, O&M forecasts, and tenant utility rate structures compatible with the installation’s requirements. Include a risk share model, performance guarantees, and an exit/transfer plan aligned with the Army’s long‑term mission needs. Because these projects host sensitive mission workloads, include a clear staffing plan for base liaison, physical security, and cybersecurity operations tied to FedRAMP timelines. Proposals should also supply past performance examples of hyperscale or mission-critical data center operations, documented SLAs, and proof of financing commitments or letters of credit to satisfy evaluation panels.

DoD's CMMC framework requires mapping practices to NIST SP 800-171 controls for CUI and establishing continuous monitoring; proposals must include a CMMC maturity roadmap with milestones, gap remediation budgets, and vendor/subcontractor flow‑down language. Under OMB M-25-21, agencies will expect cloud migration and authorization plans, so attach a FedRAMP authorization roadmap and identify whether you will pursue a Joint Authorization (JAB) path or an agency ATO. Include a supply chain risk management plan covering subcontractors, hardware vendors, and software providers to minimize SCRM exposure. Finally, include a schedule of key milestones that aligns construction/permitting timelines with FedRAMP and CMMC deliverables to avoid schedule conflicts that could void the proposal evaluation.

Per FAR 19.502 and related acquisition statutes, every small business pursuing Fort Bliss or Dugway should document their teaming strategy, JV agreements, and subcontracting plan with explicit responsibilities for FedRAMP and CMMC tasks. Contact SBA PTACs and visit SAM.gov to confirm your NAICS codes and socioeconomic certifications; engage a C3PAO and FedRAMP advisor to produce a remediation budget and timeline. Coordinate early with GSA and installation contracting officers to clarify enhanced-use lease specifics and site-control exhibits. Securing financing commitments and drafting clear tenant‑utility and SLA language will be decisive in technical and past performance evaluations. Finally, monitor solicitation postings on SAM.gov and the GSA eBuy/GSA schedules and set calendar reminders for all pre-proposal conferences and amendment windows to ensure proposal compliance.