B-402239, Ricoh America's Corporation, February 22, 2010
In a commercial-item acquisition conducted using two-step sealed bid procedures, a protest that awardee's multi-functional devices (MFD), commonly referred to as copiers, are technically unacceptable and were not on the firm's General Services Administration (GSA) schedule contract is denied, where the record confirms that the awardee's MFDs met all of the requirements of the solicitation and are, in fact, on the firm's GSA schedule contract.
Ricoh America's Corporation of West Caldwell, New Jersey, protests the award of a contract to Konica Minolta Business Solutions USA, Inc., issued by the Department of the Army under request for quotations (RFQ) No. W911S7-09-T-0053 for multi-functional devices (MFD), commonly referred to as copiers, for Fort Leonard Wood in Missouri.
The solicitation contemplated the award of a fixed-price contract for "cost per copy" MFDs for a base year, with four 1-year options. RFQ at 7. These MFDs were to include six different "volume band copiers" for both black and white, and color copies. Id. at 6. The acquisition was to be conducted using the commercial item acquisition procedures of Federal Acquisition Regulation (FAR) Part 12 along with the two-step sealed bid procedures of FAR Part 14. "Step one" of the evaluation involved assessing "technical proposals" for acceptability without considering price, and "step two" involved the submission of "sealed priced bids" by those vendors who submitted technically acceptable proposals in "step one." The solicitation anticipated award to the vendor with the lowest-priced, technically-acceptable proposal. Id. at 3-5; FAR sect. 14.5. According to the RFQ, to be eligible for award, each vendor had to hold a current "Mission & Installation Contract Command--McPherson Digital Copier Services Blanket Purchase Agreement" (BPA) and a current General Services Administration (GSA) schedule contract. In addition, the MFDs identified by each vendor had to be "currently manufactured [and] actively marketed on the [vendor's] GSA contract." RFQ at 6, 8.
The solicitation required that vendors' MFDs be "Common Access Card (CAC) ready." RFQ at 5. In this regard, CAC technology provides identification, authentication, and encryption capability for network access. The solicitation required that vendors' CAC technology meet the requirements of paragraph C.1.3.5 of the solicitation's performance work statement, which required that all MFDs connected to the Fort Leonard Wood network "support CAC identification, to include controlled release of the device for walk-up printing or scanning." Id. at 10. The solicitation further required vendors to "[u]se CAC as the primary access credential" and to "[i]mplement two-factor authentication techniques as the access control mechanisms in lieu of passwords," pursuant to "Army Regulation 25.2," which prescribes Army policies and procedures for information assurance. Id. at 10. As explained by the agency, "two‑factor identification" is an authentication method that involves the use of a CAC card and a personal identification number, or "pin," for that card to gain access to the network. Declaration of Army Chief of Information Technology Systems Support at 6.
As part of the technical acceptability determination, the solicitation required the agency to assess the acceptability of vendor's CAC software. For software that had not been previously approved by the "Army Networthiness Office," this assessment was to include performing a "Vulnerability Test" on the software. Id. at 3, 10. The solicitation stated that only those firms whose CAC software met the requirements of the RFQ and passed the vulnerability test (if required to be performed) would be further considered for award. Id.
Four vendors submitted technical proposals during step one of the evaluation. As relevant here, Konica's proposal was based on a "bizhub 361 copier with embedded Actividentity ActivClient as its CAC solution," which passed vulnerability testing. Contracting Officer's Statement at 2. Ricoh's proposal was based on a copier with separate CAC "E‑copy" software, which had been previously tested and approved by Fort Leonard Wood personnel and therefore did not require vulnerability testing. Id. The agency held discussions with all four vendors, and at the conclusion of discussions, determined that all four proposals were technically acceptable.
When the agency requested prices, the record shows that Konica submitted the lowest price of $786,686.50 (including base and option years) and Ricoh submitted the third lowest price. Agency Report, Tab 19, Unsuccessful Offeror Notification to Ricoh, at 1. Based on its low price, the agency selected Konica for award.
Upon receiving notice of the intended award, Ricoh timely filed a protest with our Office. Ricoh contends that Konica's MFDs do not meet certain requirements of the RFQ.
In reviewing protests of agency evaluations, we review the record to ensure that the evaluation and source selection decision were reasonable and consistent with the terms of the solicitation and applicable procurement statutes and regulations. CSI GmbH, B-400434, Oct. 22, 2008, 2008 CPD para. 194 at 2.
Ricoh contends that Konica's MFDs were not on the firm's GSA schedule contract or BPA at the time it submitted its proposal. However, the record confirms that Konica possessed both the required GSA schedule contract and BPA, and that Konica's MFDs with the embedded CAC technology are listed on its GSA schedule contract, and were listed at the time it submitted its proposal. Contracting Officer's Statement at 3-4.
Ricoh also contends that Konica's MFDs were technically unacceptable because they do not "encrypt scan to e-mail files at a 256 bit level." Protest at 4. However, the solicitation did not require that MFDs be capable of 256‑bit encryption; rather, the solicitation required "two-factor authentication" (i.e., an authentication method that involves a CAC card and a pin) and the agency confirms that Konica's MFDs met this requirement. Declaration of Army Chief of Information Technology Systems Support at 6. Although Ricoh complains that certain agency responses to vendor questions and statements led it to believe that 256-bit encryption for the MFDs was required, our review of the record leads us to conclude that these agency statements did not modify the clear requirements of the RFQ, and cannot reasonably be construed to have misled Ricoh.
Finally, Ricoh contends that the agency did not comply with the solicitation in determining technical acceptability. However, the record shows that the agency evaluated technical proposals in accordance with the evaluation process set forth in the solicitation and reasonably determined that Konica's MFDs, which passed the vulnerability tests, met the requirements of the RFQ and were technically acceptable. To the extent that the protester complains that the vulnerability testing was flawed, or not in accordance with the solicitation, the record does not support its contention.
The protest is denied.
Lynn H. Gibson
Acting General Counsel
 The evaluation factors considered in step one included, in descending order of importance, common access card technology, equipment offered, maintenance and support service, past performance, and phase-in and phase-out plan. RFQ at 7.
 Ricoh also submitted an alternative price based on technology that was not identified in its technical proposal submitted during step one of the evaluation. The agency informed Ricoh that it would not consider its alternative price since it was not evaluated during step one of the evaluation. Contracting Officer's Statement at 2.
 Ricoh's alternative price was second low, as opposed to third low; as a result--and because at the outset of this protest, Ricoh's second-low price for its alternative clouded the question of Ricoh's interested party status--we developed this protest on the merits. We also viewed Ricoh's protest as challenging the technical acceptability of the intervening offeror.
 In its comments, Ricoh complains that the agency failed to comply with provisions of "Army Regulation 25-2" that were required because "the regulation was referenced in total in the [RFQ]." Comments at 2. However, the entire "Army Regulation 25.2" was not incorporated by reference into the solicitation. The only provisions incorporated into the solicitation were those requiring "two-factor authentication," which Ricoh does not challenge. RFQ at 10.