DoD's opinion is sound
Less cooks in the kitchen working on the same pudding. Especially in the upper management tiers.
It is only unsound, if there happens to be a catastrophic vulnerability which cannot be monitored for and cannot be mitigated, which is very rare these days.
Not to mention, it's a lot easier to monitor one set of products, instead of many; where, when there is a problem--everyone points blame on everyone else. In the case of one vendor, the buck/responsibility is easily attributed to... and quickly rectified.
The DoD has been the InfoSec model for the USGov't. InfoSec w/n the DoD began to lock down things in 2007 (DIACAP) with increased responsibility laid on IASE/DISA and then more in 2014. After the 2016 elections, the rest of the Gov't was made to come on board with the additions to the CSA.
While most of the US Govt has been a laughing stock for InfoSec, the DoD--with some exceptions--has been doing it right for a while. Not to mention, the requirements the DoD laid out over the past 15 years when bidding out contracts, has arguably been the biggest drivers to InfoSec infrastructure development covering the entire stack. Especially in high speed, low frequency wireless security.
Oracle, careful what you ask for. Ask Cisco what happened when they began to demand and attempt to pin the DoD into a corner. Suddenly, they were losing contracts (and good engineers) they sat on for years to minority, female veteran owned companies.
Don't ever think you're the only game in town, especially with DoD contracts. The blue collar personnel working on them, just move to the company who wins the contract, and business goes on as normal...well, except for your stock holders.