Computer Literacy World, Inc.
Highlights
Computer Literacy World, Inc. (CLW) protests the issuance of a task order to Electronic Data Systems, Inc. (EDS) under request for quotations (RFQ) No. TQ-PLB07-0002, issued by the General Services Administration (GSA) to vendors under its Federal Supply Schedule (FSS) program, to provide contractor-managed services for an "end-to-end" solution meeting government-wide federal identification card requirements. CLW argues that EDS was not eligible for an order because its solution did not meet mandatory solicitation requirements and that GSA improperly evaluated its own solution under the RFQ's technical criteria.
B-299744; B-299744.4, Computer Literacy World, Inc., August 6, 2007
DOCUMENT FOR PUBLIC RELEASE
The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release.
Decision
Matter of: Computer Literacy World, Inc.
Michael A. Gordon, Esq., and Fran Baskin, Esq., Holmes & Gordon, for the protester.
Daniel R. Forman, Esq., Christopher Gagne, Esq., and John E. McCarthy, Jr., Esq., Crowell & Moring LLP, for Electronic Data Systems, Inc., and John S. Pachter, Esq., Jonathan D. Shaffer, Esq., and Mary Pat Gregory, Esq., Smith Pachter McWhorter PLC, for XTec, Inc., intervenors.
Carmody A. Gaba, Esq., Micul E. Thompson, Esq., and Kevin J. Rice, Esq., for the agency.
Edward Goldstein, Esq., and Christine S. Melody, Esq., Office of the General Counsel, GAO, participated in the preparation of the decision.
DIGEST
Protester's interpretation of solicitation issued under the Federal Supply Schedule program for a contractor managed end-to-end solution meeting government-wide federal identification card requirements as requiring all products and services within a vendor's end-to-end solution to be listed on the agency's Approved Products List (APL) at the time technical submissions were due is unreasonable where the agency, in answer to a question regarding when items within a vendor's end-to-end solution had to be on the APL, indicated that they had to be on the APL by Milestone 1 during contract performance.
DECISION
Computer Literacy World, Inc. (CLW) protests the issuance of a task order to Electronic Data Systems, Inc. (EDS) under request for quotations (RFQ) No. TQ-PLB07-0002, issued by the General Services Administration (GSA) to vendors under its Federal Supply Schedule (FSS) program, to provide contractor-managed services for an end-to-end solution meeting government-wide federal identification card requirements. CLW argues that EDS was not eligible for an order because its solution did not meet mandatory solicitation requirements and that GSA improperly evaluated its own solution under the RFQ's technical criteria.
BACKGROUND
Homeland Security Presidential Directive-12
In an effort to enhance security, increase efficiency, reduce identity fraud, protect personal privacy, and deter terrorist threats, the President, on August 27, 2004, issued Homeland Security Presidential Directive-12 (HSPD-12), mandating the establishment of a standard for identification of federal employees and contractors. HSPD-12 requires the use of a common identification card for access to federally-controlled facilities and information systems.[1] RFQ amend. 4, at 6-7.
Under HSPD-12, the National Institute of Standards and Technology (NIST) was tasked with producing a standard for a secure and reliable form of identification. In response, on
In order to achieve this end, and as directed by OMB, GSA has assumed various roles. Specifically, in conjunction with NIST, GSA identified 22 categories of products/services which must comply with specific normative requirements contained in FIPS 201. In May 2006, GSA established a FIPS 201 evaluation program to ensure that commercial products in the 22 identified categories are FIPS 201 compliant. Under this program, laboratories test products and services under the 22 categories to ensure conformance with FIPS 201 standards. When a product/service is determined to be FIPS 201 compliant, GSA issues an approval letter, specifying the supplier, the Approved Products List (APL) category (e.g., PIV smart card), approved product name, and version/part number. Products/services receiving an approval letter under one of the 22 categories are publicly listed on what is known as the FIPS 201 APL. As it relates to this protest, graphical personalization and electronic personalization products and services are within the 22 categories of products and services which must be approved as compliant with the requirements of FIPS 201.[2] Pursuant to OMB guidance, when agencies seek to acquire products or services within the 22 FIPS 201 categories, they can only acquire those products and services which have been approved by GSA--that is, those products and services listed on the APL. Approved products/services for the 22 categories are posted on the idmanagement.gov website.
In addition, GSA has recognized that agencies may require the services of contractors which are outside the scope of the FIPS 201 evaluation program, as they seek to develop and implement their HSPD-12 systems. In this regard, GSA has established an integration services qualification program through GSA's Center for Smartcard Solutions, whereby GSA identifies vendors that are qualified to provide integrated, bundled solutions, and contractor managed solutions. GSA Hearing Exh. 4, at 7. Under this program, GSA established qualification requirements in following five areas: (1) enrollment products and services; (2) systems infrastructure products and services; (3) card production products and services; (4) card finalization products and services; and (5) integration services (which included the following sub-categories pure integration services, turn-key solutions, and contractor-managed services.[3]
As explained by GSA, qualification requirements under the five areas are evaluated under three criteria, functional requirements, experience requirements, and security requirements.
GSA indicates that as a requirement for obtaining the systems integrator qualification certificate, all HSPD-12 systems integrators must expressly commit to delivering systems which incorporate approved products/services, i.e., those products/services listed on the APL. See GSA Hearing Exh. 4, at 13. In this regard, GSA states that the systems integrator qualification and certification process does not examine what GSA refers to as a firm's particular bundled solution to determine whether it is actually comprised of components from the APL. Rather, GSA qualifies integrators based on their commitment to deliver bundled systems comprised only of products from the APL.
In order to further facilitate the ability of federal agencies to acquire FIPS 201 approved products/services and integration services from qualified firms, GSA established special item number (SIN) 132-62, under the GSA Schedule Information Technology (IT) 70, specifically for FIPS 201 compliant products and qualified integrators.[4] Under Schedule 70, SIN 132-62, GSA sought to make available to agencies the various products and types of services that they would need as they endeavored to implement the HSPD-12 mandate.
Believing that some agencies may decide to buy FIPS 201 compliant products and services on an individual basis and attempt to develop and integrate their own HSPD-12 systems, GSA provided for vendors to list their approved FIPS 201 compliant products and services under SIN 132-62. As explained by GSA, in order for a vendor to list its FIPS 201 product or service under SIN 132-62, the item must first be approved and listed on the APL.
Due to the tight timeline associated with implementing the HSPD-12 mandate, however, GSA was encouraging agencies not to handle the HSPD-12 mandate on their own, but rather to have qualified firms provide them with contractor-managed services for end-to-end systems. Hearing Transcript at 35-36. As a consequence, GSA also included the services of qualified integrators under SIN 132-62. According to GSA, as a prerequisite for a systems integrator to be listed on SIN 132-62, it had to demonstrate that it had obtained the applicable GSA systems integrator certification awarded by GSA's Center for SmartCard Solutions.
In sum, as explained by GSA, it had established two parallel, yet distinct processes for firms to meet agencies' HSPD-12 needs. One process pertained to individual products/services falling under the 22 categories requiring FIPS 201 approval, which entailed testing the specific products/services for FIPS 201 compliance and listing approved products/services on the APL. As a predicate for vendors to have their products/services listed under SIN 132-62, GSA required vendors to demonstrate that the particular product or service was listed on the APL. GSA also identified a separate process for qualifying HSPD-12 systems integrators seeking to provide integrated HSPD-12 system solutions to federal agencies.
RFQ No. TQ-PLB07-0002
Consistent with its mission to assist federal agencies in their efforts to implement HSPD-12, on January 12, 2007, GSA issued the subject solicitation under IT Schedule 70, SIN 132-62, seeking proposals[5] from vendors for the issuance of a task order to provide a shared service solution for an end-to-end contractor-managed HSPD-12 system, that is, a bundled system capable of meeting the following core HSPD-12 system elements: (1) enrollment, (2) system infrastructure (identity management system, card management system), (3) card production and issuance, and (4) card activation. RFQ amend. 4, at 7. The selected vendor would supply equipment, materials, and services necessary to meet these core services requirements for various federal agencies endeavoring to meet the HSPD-12 mandates.
The RFQ contemplated selection of the vendor whose proposal represented the best value to the government considering price and the following non-price factors (listed in descending order of importance): (1) operational capability demonstration (OCD); (2) understanding of and capability to fully and timely perform technical requirements; (3) project management; and (4) past performance. In regard to the best value determination, the RFQ provided that the non-price factors were collectively more important than price. RFQ amend. 4, at 128.
Under the RFQ, vendors were required to submit a technical and management proposal for the purpose of identify[ing] how the contractor meets the requirements stated in th[e] solicitation. RFQ amend. 4, at 127. The RFQ further advised vendors that proposals must address the requirements, provisions, terms and conditions, and clauses stated in all sections of this solicitation. RFQ amend. 4, at 128. In evaluating vendors' proposals, GSA sought to ensure that the vendor fully understood and was capable of performing the technical requirements contained in the RFQ, that it demonstrated this understanding, and that the proposed solution is technically sound. RFQ amend. 4, at 130. The RFQ also indicated that GSA would evaluate vendors' proposals to ensure a full understanding of all project management requirements contained in the RFQ and evaluate vendors' past performance risk.
The OCD, the most heavily weighted non-price evaluation factor, consisted of a functional capability demonstration of specific HSPD-12 system technical requirements contained in the RFQ. RFQ amend. 4, at 146. The specific functional requirements tested were called use cases, which were individually identified in the RFQ.[6] Under the OCD factor, GSA identified two subfactors: (1) the results of the use case functional requirements demonstration, which were evaluated on a demonstrated/not demonstrated basis for the various use cases identified; and (2) observations regarding expected and desired results, efficiency of data entry, and flow of the system. RFQ amend. 4, at 148. Prior to conducting their demonstrations, each vendor was required to submit a white paper containing its proposed test plan, any assumptions, and documentation containing detailed system architecture, security architecture, and user interface specification. According to the RFQ, the test plan was not to be evaluated, but rather was to be used by GSA to prepare for the OCD evaluation. RFQ amend. 4, at 129.
Vendors were advised that after evaluation of the non-price factors, GSA would request price proposals from those vendors whose non-price proposals were rated highly acceptable technically. RFQ amend. 4, at 130.
At the time GSA issued the RFQ, it had executed agreements with approximately 40 agencies to obtain an end-to-end HSPD-12 solution under the contemplated task order. While these agreements had resulted in a requirement under the task order for the vendor to enroll and issue HSPD-12 compliant credentials to approximately 420,000 federal employees and contractors, GSA informed vendors that it also had an open offer for other agencies to employ the task order to meet their HSPD-12 requirements. RFQ at 7. Given the undefined scope of the ultimate requirement, the RFQ required vendors to price their end-to-end service on the basis of a seat price, which was defined as a single enrollment transaction per enrollee or, as described by the contracting officer, a single, active PIV account. RFQ amend. 4, at 8; Contracting Officer's (CO) Statement of Facts at 3.
Vendors selected to submit price proposals were required to submit fixed prices for two mandatory contract line item numbers (CLIN), CLIN 1 Milestones 1, 2, and 3 Enrollment Seat Price, and CLIN 2, Milestones 1, 2, and 3 Monthly Maintenance Seat Price. RFQ amend. 4, at 132. Under CLIN 1, a vendor was to submit its seat price for its bundled solution for enrolling federal employees and contractors in the PIV program. CLIN 2 required a vendor to submit its seat price for maintaining the established, active identity accounts. In addition, the RFQ included more than 80 additional optional CLINs, some of which were for separately-priced products and services (i.e., PIV activation stations or card sleeves). RFQ amend. 4, at 132. As a general matter, vendors were required to submit fixed prices on a per item basis for these CLINs.
Regarding the mandatory CLINs, while the total number of seats that a vendor would have to provide was not defined, the RFQ specified that the minimum number of seats to be ordered under the task order would be 10,000, and that the maximum number of seats that could be ordered over the life of the task order was limited to 1.5 million. RFQ amend. 4, at 124. For the purpose of determining their seat prices, however, vendors were instructed to assume an order quantity of 420,000 seats. RFQ amend. 4, at 8.
Since this was an acquisition under the FSS program, the RFQ advised vendors as follows:
All products and services must be available on SIN 132-62 and/or Schedule 70. If a product, service or labor category is not required to be on SIN 132-62, then it must be on Schedule 70. No other Schedules may be offered and open market items may not be proposed. All products and services must be on Schedules by the time Price Proposals are submitted. It is the responsibility of each contractor or team to ensure that all required HSPD-12 contract line items that constitute an end-to-end solution are priced on their Schedule 70 SIN 132-62. There will be no open market items permitted under this task order.
RFQ amend. 4, at 131.
In addition, GSA addressed numerous questions raised by vendors regarding the RFQ. As it relates to the protest, several questions concerned which products or services had to be listed on GSA's APL and when they had to be on the APL. In this regard, questions 45-47, which reference RFQ section 6.1, HSPD-12 General Requirements, are particularly relevant. RFQ section 6.1 read as follows:
The system shall be designed with [commercial off-the-shelf (COTS)] products with a demonstrated track record wherever possible. Any COTS product shall be proven in at least 2 production deployments. For product categories requiring GSA approval, only products/services on the GSA FIPS 201 Approved Product List may be offered.
RFQ amend. 4, at 19-20.
Regarding section 6.1, vendor question number 45 raised the following question:
Considering that several categories in the APL are abstract, that is, not specifically related to any specific equipment, such as Electronic Personalization, exactly what products used in the solution does GSA expect to be on the FIPS 201 APL? Do all products need to be on the APL at the time of proposal submission or may some products be undergoing the evaluation?
RFQ mod. 4, at 6.
Vendor question number 46 asked:
The GSA APL continues to publish Updates to the Approval Procedures . . . . Will GSA consider and accept products that have been submitted and are in the process of approval?
GSA answered both questions with the following statement:
GSA does not agree that categories on the APL are abstract. Electronic Personalization products/services represent core functionality for Card Management System (CMS) products/services. Products approved on the APL for this category are exclusively CMS products/services. GSA anticipates that the configuration of products for the end-to-end solution required by the solicitation will be provided at the OCD and, therefore, also at the time of proposal submission. All products in that configuration must be on the APL at the time of system certification and accreditation document submission in Milestone 1A. Items offered as CLINs must be available on SIN 132-62 and/or Schedule 70 at time of RFQ Price Submission. Items requiring GSA approval must be approved on the GSA Approved Products List (APL) by that time.
Also referencing section 6.1, vendor question 47 raised the following concerns:
GSA approved companies as End-to-End solution providers to allow a migration path for solution providers while products are added to the list. To this date, there are still categories on the APL with no products listed. Additionally, many of the categories have only one or two products. It was stated last summer that if the vendor owned the equipment, the APL requirements did not apply. GSA states in this RFP that the vendor will own all the equipment. In light of this fact and that products are in the pipeline or still emerging on the APL, will GSA consider and accept products that have applications to the APL submitted prior to proposal submission? To meet the objective, GSA could still require those products to be listed on the APL prior to award. This would allow for the most robust and efficient solution to be provided for this important program.
GSA responded as follows:
GSA's requirements are that system integrators offering contractor managed services do not need to have all products/services in their bundled solutions on the APL in order to be qualified as a managed service contractor. However, GSA clearly articulated that the system solution must be comprised of only GSA-approved products/services from the APL at time of delivery. This requirement was also provided in writing in the contractor managed service qualification requirements. In addition, see responses to questions 45 and 46.
On February 8, GSA issued RFQ Modification 5, incorporating the vendors' questions and GSA's answers under the RFQ.[7] Modification 5 also established an RFQ closing date of
Proposal Submission
On February 16, GSA received six proposals in response to the RFQ, including proposals from EDS and CLW, a small business which teamed with other firms and submitted a proposal as the American Sentinel Alliance PIV team. At the time CLW submitted its proposal, CLW did not hold a Schedule 70 contract. While CLW was in the final stages of receiving its Schedule 70 contract award, GSA did not award CLW its Schedule 70 contract until February 21, 5 days after proposals were due. Agency Report (AR), Tab Q, CLW Schedule 70 Contract Form 1449.
The fact that CLW was not awarded a Schedule 70 contract until after the due date for proposals significantly affected CLW's ability to submit a proposal in response to the RFQ. Without a Schedule 70 contract, CLW was unable to access GSA's e-Buy system and without access to this system, CLW was unable to obtain modifications to the RFQ, which were posted exclusively through the e-Buy system. Moreover, CLW was unable to submit its proposal through e-Buy as mandated by the RFQ. As a consequence, when CLW submitted its proposal, it was not based on the final version of the RFQ and CLW did not use the e-Buy system; rather, CLW submitted its proposal directly to the contracting officer via e-mail as the RFQ had required prior to being amended. Notwithstanding CLW's failure to submit its proposal through the e-Buy system, the contracting officer determined that because CLW had been working with the GSA Schedules [contracting officer] to get their company posted on the Schedules web site before the close of the RFQ, this company should be allowed [to] submit their offering and be evaluated. AR, Tab T, CO Statement of Facts Regarding Late Submission of Proposals,
GSA's Evaluation of Vendors' Proposals
After receipt of proposals, GSA scheduled the OCD with each vendor. EDS conducted its OCD on February 26. CLW attempted to conduct its OCD on March 9, but due to system difficulties, it was permitted a one-time 24-hour reset in accordance with the ground rules of the OCD as established under the RFQ. CLW then completed its OCD the next day. Thereafter, GSA completed its evaluation of vendors' proposals under the technical factors and ranked them as follows:
| Vendor | Factor 1 - OCD | Factor 2 - Understanding | Factor 3 -- Project. Mgmt. | Factor 4 - Past Performance | Overall Rating |
| EDS | Excellent/ Low Risk | Good/Low Risk | Excellent/ Low Risk | Good | Excellent/ Low Risk |
| A | Excellent/ Low Risk | Good/Low Risk | Good/Low Risk | Good | Good/ Low Risk |
| B | Good/Low Risk | Good/Low Risk | Good/Low Risk | Good | Good/Low Risk |
| C | Average/ Mod. Risk | Average/ Mod. Risk | Good/Low Risk | Good | Average/ Mod. Risk |
| D | Average/ Mod. Risk | Average/Low Risk | Good/Low Risk | Average | Average/ Mod. Risk |
| CLW | Poor/High Risk | Average/High Risk | Average/ Mod. Risk | Average | Average/ High Risk |
AR, Tab H, CO Decision to Invite Price Proposals, at H0011.
On April 5, the contracting officer decided to invite the three most highly rated vendors to submit price proposals. The contracting officer notified CLW that same day that it was not being considered further for selection. GSA ultimately issued the task order to EDS, the highest technically rated vendor, with the lowest evaluated price of $66,379,641. After learning of GSA's decision, CLW requested a debriefing. GSA provided CLW with a post-award briefing in which it detailed CLW's evaluated strengths and weaknesses under each of the non-price evaluation factors.[9] Thereafter, CLW filed this protest with our Office.
DISCUSSION
CLW raises two principal issues. First, CLW argues that EDS was not eligible for selection because its solution did not meet mandatory solicitation requirements. In this regard, CLW contends that when vendors submitted their technical solutions on February 16, the RFQ required that a vendor's end-to-end solution (CLINs 1 and 2) had to be composed of only approved products and services--that is, products and services listed on the APL. According to CLW, it was the only vendor with a system composed entirely of APL products and services. In support of this contention, CLW indicates that it was the only vendor utilizing Gemalto graphical personalization and electronic personalization products and services, which were the only such products and services listed on the APL. Second, CLW contends that GSA improperly evaluated its proposal under the solicitation's technical criteria. CLW takes issue with GSA's findings regarding its performance during the OCD, and concerns that CLW did not address other requirements in its proposal. Closely tied to this issue is CLW's contention that, because it did not have access to the e-Buy system, it did not obtain critical RFQ modifications, notwithstanding the fact that the contracting officer promised to provide CLW with the amendments and updates to the RFQ. Protest at 6 n.1.
As an initial matter, GSA argues that CLW is not an interested party for the purpose of filing its protest.[10] Under our Bid Protest Regulations, a party will not be deemed to have the necessary economic interest to maintain a protest if it would not be in line for selection if its protest were sustained. See 4 C.F.R. sect. 21.0(a) (2007). GSA argues that the procurement was limited to Schedule 70, SIN 132-62 contract holders, that CLW did not hold a Schedule 70 contract as of February 16, the date technical proposals were due, and thus that CLW was not eligible to participate in the procurement.[11]
In analyzing this issue, the record clearly reflects that CLW was not a Schedule 70 contract holder until after the date vendors were required to submit their technical proposals and, as a consequence, CLW was unable to submit its proposal through the e-Buy system as required by the RFQ. The record further reflects that while CLW did not use the e-Buy system to submit its technical proposal, GSA did in fact consider and evaluate CLW's submission.[12]
We find implicit support for the agency's argument that CLW was not an interested by virtue of the fact that GSA required use of the e-Buy system, which was limited to schedule contract holders, for the purpose of soliciting and obtaining vendors' proposals. On the other hand, GSA's position is not supported by the express terms of the RFQ. In this regard, no version of the RFQ specified that a vendor had to be a Schedule 70 contract holder at the time set for submission of technical proposals for the purpose of participating in the procurement. Rather, the final version of the RFQ simply stated that the Contractor must be a schedule 70 contract holder, without any indication of the time at which the vendor had to be a Schedule 70 contract holder. RFQ amend. 4, at 116. Moreover, statements in the RFQ indicating that no open market items (items not on Schedule 70, SIN 132-62) would be allowed on the task order do not establish that a vendor had to be a Schedule 70 contract holder in order to submit a technical proposal. RFQ amend. 4, at 132. GSA's argument in this regard is undermined by the fact that express language in the RFQ stated that vendors did not have to have any of their products and services on the schedule until Price Proposals are submitted, which was after technical proposals were due.
Given the conflicting indications on the record--i.e., the agency's use of the e-Buy system, contrasted with the absence of explicit language establishing the time at which a vendor had to be a Schedule 70 contract holder--we view the issue of CLW's interested party status as a close question. We need not resolve the issue, however, because, even assuming CLW is an interested party, we find that the underlying bases of protest are without merit.
APL Compliance
In challenging GSA's issuance of a task order to EDS, CLW maintains that EDS and other vendors in the competition failed to comply with the RFQ requirements by incorporating in their technical proposals graphical personalization and electronic personalization services that were not on GSA's APL at the time they submitted their technical proposals. More specifically, CLW maintains that at the time technical proposals were due, only one firm, Gemalto, had been approved by GSA and listed on the APL for the purpose of providing graphical personalization and electronic personalization services, and that none of the vendors (other than CLW) incorporated the Gemalto services as part of their bundled solutions.
The crux of CLW's argument revolves around its interpretation of the RFQ as requiring vendors to incorporate in their end-to-end solutions, at the time technical proposals were due, only FIPS 201 approved graphical personalization and electronic personalization products and services--those listed on the APL. In support of this interpretation, CLW principally relies on section 6 of the RFQ, stating that only products/services on the GSA FIPS 201 Approved Product List may be offered as well as the statement in the RFQ that [o]nly Graphical Personalization, Electronic Personalization (product), and/or Electronic Personalization (services), as appropriate, as approved on the GSA FIPS-201 Approved Product List (APL) may be offered. RFQ amend. 4, at 20, 32.
GSA, however, articulates a different interpretation of the RFQ. According to GSA, the RFQ established that FIPS 201 categories of services and products, which were necessarily part of a vendor's end-to-end solution (under CLINs 1 and 2) did not have to be on the APL at the time technical proposals were due; rather, they had to be on the APL by Milestone 1. This was in contrast to FIPS 201 category products or services identified as stand-alone items under an individual CLIN (not part of a vendor's end-to-end solution), which had to be on the APL at the time price proposals were due. Since graphical personalization and electronic personalization products and services were solely included within vendors' bundled end-to-end solutions under CLINs 1 and 2, these products and services only had to be listed on the APL by Milestone 1. As a consequence, failure to propose Gemalto for these products and services did not render EDS, or other vendors', proposals technically unacceptable.
When an agency conducts a formal competition under the FSS program, we will review the agency's evaluation of vendor submissions to ensure that the evaluation was reasonable and consistent with the terms of the solicitation. SI Int'l, SEIT, Inc., B-297381.5; B-297381.6,
Here, we conclude that CLW does not advance a reasonable interpretation of the solicitation. As noted above, CLW's interpretation of the RFQ is derived from section 6 of the RFQ providing that only products/services on the GSA FIPS 201 Approved Product List [to include graphical personalization and electronic personalization] may be offered. RFQ amend. 4, at 20, 32. In analyzing this issue, we note that these statements, standing alone, may have introduced some ambiguity in the RFQ regarding the timing of APL compliance;[13] CLW's interpretation of the APL compliance requirement, however, does not withstand scrutiny when one reviews questions and answers 45-47, which subsequently were incorporated in the RFQ through modification 5, and directly speak to the question of the timing of APL compliance in an effort to clarify vendor confusion regarding this issue.[14]
Specifically, in response to vendor question 45, which asked whether all products needed to be on the APL at the time of proposal submission or whether products could still be undergoing evaluation for the purpose of being listed on the APL, GSA explained that all products in a vendor's end-to-end solution must be on the APL at the time of system certification and accreditation document submission in Milestone 1A, which was well after the time for the submission of technical proposals.[15] RFQ, Mod. 4, at 6. GSA referenced this answer in responding to question 46, which expressly asked whether GSA would consider and accept products that were not on the APL but were in the process of undergoing the FIPS 201 evaluation and obtaining approval. Furthermore, consistent with its statement that the products and services incorporated in vendors' end-to-end solutions had to be on the APL at Milestone 1, in its answer to question 47, GSA explained that a vendor's bundled system solution must be comprised of only GSA-approved products/services from the APL at the time of delivery.
Throughout this case there has been much discussion of whether GSA's interpretation of the solicitation is reasonable. Based on the record, we find that GSA's interpretation of the timing for APL compliance, as reflected in the questions and answers incorporated in the RFQ through modification 5, is reasonable in light of the underlying objectives and acquisition scheme GSA established as the executive agency for the government-wide acquisition of the products and services necessary to implement HSPD-12.
As explained above, in implementing the HSPD-12 acquisition program, GSA developed a bifurcated approval process, differentiating between the approval of individual products and services falling within the 22 categories of products and services requiring FIPS 201 compliance, and the acquisition of contractor-managed services for bundled, integrated HSPD-12 solutions, which entailed a qualification process. These separate processes resulted in GSA's listing of individual products and services that were FIPS 201 compliant on the APL, as well as a separate listing of firms which were qualified to provide integration services. Depending on their approach to meeting the mandate, agencies could use either of these lists to aid in their efforts to obtain the products and services they needed to meet the HSPD-12 mandates.
GSA then took the next step of establishing Schedule 70, SIN 132 in order to further facilitate the ability of agencies to acquire the various products and types of services needed to implement the HSPD-12 mandate. In establishing Schedule 70, SIN 132, GSA incorporated the bifurcated process in its procedures for listing products on Schedule 70, SIN 132-62. In this regard, there is no dispute that when a vendor sought to obtain a schedule contract for a product or service that required FIPS 201 compliance, the vendor had to demonstrate that its product or service was on the APL. As more fully discussed below, the record also reflects that when a vendor sought to list its services as a contractor-managed service provider of bundled HSPD-12 solutions, a vendor could be awarded a schedule contract, notwithstanding the fact that the components of its underlying bundled solution were not yet then on the APL.
This bifurcated process is consistent with GSA's interpretation of the RFQ's requirements for the timing of APL compliance. In this regard, the RFQ contained CLINs for separately-priced products and services requiring FIPS 201 compliance, as well as CLINs for end-to-end integrated services—i.e., bundled solutions (principally CLINs 1 and 2). In addition, the RFQ also required vendors to have all their CLINs on Schedule 70, SIN 132-62 by the time price proposals were due. As explained above, in order for a vendor to list its FIPS 201 products and services on the schedule, they had to be on the APL. Not so, however, for bundled solutions, which merely required a vendor to obtain a certificate approving its solution; as also noted above, this process did not look behind the solution to determine whether it was comprised of component products and services from the APL. Rather, GSA relied on the vendor's commitment under its certification and under its schedule contract to only utilize APL products and services in its solution--thereby making APL listing for the vendor providing integrator services a matter of contract performance.
As explained by GSA, the bifurcated scheme established under the schedule was reflected in the RFQ. For CLINs comprising a vendor's end-to-end solution, GSA did not look behind the solution to determine whether it was composed of products from the APL, but rather considered it to be a matter to be addressed during contract performance. This is consistent with GSA's responses to vendor questions 45-46 which stated that GSA anticipates that the configuration of products for the end-to-end solution . . . must be on the APL . . . in Milestone 1A. RFQ, Mod. 4, at 6. Moreover, in response to question 47, GSA clearly indicated that a vendor's end-to-end solution must be comprised of only GSA-approved products/services from the APL at the time of delivery.
CLW argues that GSA's position is based on a false factual premise--that a vendor did not have to have the components of its end-to-end solution on the APL in order to receive an integrator services contract under SIN 132-62. According to CLW, in order to be listed on the schedule a vendor had to demonstrate that its bundled solution was composed entirely of products and services from the APL. Because APL compliance was a predicate for being listed on Schedule 70, SIN 132, and because the RFQ required vendors to have all their CLINs on schedule 70, SIN 132 prior to the submission of price proposals, CLW argues that the agency's interpretation of the RFQ as requiring APL compliance at Milestone 1 is inconsistent with the underlying structure of the Schedule 70 acquisition process and merely a post-hoc rationalization.[16] CLW maintains that this conclusion is confirmed by two letters (dated March 7 and March 15) it received from GSA, which required CLW to demonstrate that its end-to-end solution was composed entirely of products and services from the APL. We find that CLW's factual arguments in this regard are not supported by the record.
First, testimony from GSA witnesses directly supports GSA's position that components of bundled solutions were not examined for APL compliance as part of the process of listing a certified integrator's contractor-managed bundled solution on Schedule 70, SIN 132. In this regard, GSA's director of Identity Policy and Management for the Office of Government-wide Policy testified as follows:
GAO ATTORNEY: . . . [F]or a contractor to have a product listed under SIN 132-62, that product . . . would have to be an approved product before it is listed?
THE WITNESS: Yes.
GAO ATTORNEY: For sale under SIN 132-62?
THE WITNESS: Correct.
GAO ATTORNEY: Now, for an integrator under the integrator category to be listed on SIN 132-62, the integrator would have to meet qualification requirements?
THE WITNESS: Correct.
GAO ATTORNEY: And those requirements don't look at . . . the actual products that they would be using, necessarily?
THE WITNESS: That's correct. We required as a qualification requirement that the integrators must commit to use approved product list products in their systems that are delivered in the qualification requirements which were published in June 2006. . . .
GAO ATTORNEY: An integrator may be qualified, notwithstanding the fact that there might not be any products for them to use in providing integrated services to the government because . . . there are no products at that time on the APL?
THE WITNESS: Right. So we were approving integrators as of that time based on their commitment to use only approved products on the approved products list for the systems that they deliver.
Hearing Transcript, at 29-32.
In support of this understanding, a GSA Schedule 70 contracting officer also testified that before she would award individually priced products under SIN 132-62, the vendor was required to confirm that the specific item was on the APL. The process for awarding integration services or bundled solutions, however, was different. We do not look at each individual [component] because we are not the technical experts. . . . We would require a letter . . . indicating that they are qualified to provide . . . integration services, then that letter . . . will be sufficient for us . . . to place [the vendor's services] on Schedule 70 [SIN 132-62]. Hearing Transcript at 38-39. Moreover, GSA's Director of the Center for Smartcard Solutions submitted a declaration confirming that when he and his staff reviewed vendors' SIN 132-62 bundled solutions for the purpose of providing vendors and the Schedule 70 contracting office with the necessary Certificate of Bundled Services Approval, the [p]roducts and services incorporated in the bundled offerings were not required to be on the Approved Products List in order to be approved, nor did the review process include verifying whether the aforementioned products and services were on the Approved Products List. GSA's Post Hearing Comments, Exh. 1, Declaration of Director of the Center for Smartcard Solutions,
In addition, GSA's position is consistent with its answer to a question posted on its FIPS 201 evaluation program website in which GSA explained that delivery is the critical time for APL compliance with respect to integrator provided end-to-end solutions. Specifically, the question asked, If my offering is on the SINs, do I need to be on the NIST or GSA approved lists? and GSA answered, If you are offering products, the answer is yes. If you are offering integrated solutions, you must be qualified by GSA and you must commit to delivering only products which have been approved and appear on the Approved product List. EDS Hearing Exh., at 4.
Second, CLW is misplaced in its reliance on the March 7 and March 15 letters as definitive proof of GSA's requirement that vendors' end-to-end solutions had to be composed entirely of APL products and services before proposals were due. Setting aside the fact that neither letter was part of the RFQ or purported to alter the RFQ, the March 7 letter appears to merely serve as a reminder that under the RFQ, vendors' CLIN offerings must also be listed on their Schedule 70, SIN 132-62 contracts by the time price proposals were due. To the extent the letter also required vendors to submit GSA Approval Letter[s] associated with each product/ service that support the offeror's proposed CLIN structure, this statement is ambiguous and can be reasonably read to require approval letters solely for those CLINs for individual items by the time price proposals were due, as opposed to CLINs comprising a vendor's end-to-end solution--consistent with GSA's interpretation of the RFQ. AR, Tab O, CLW Approval Letters, at O0037.
Moreover, the March 15 letter does not appear to support CLW's contentions. Rather, this letter supports GSA's explanation of the distinction between the process for listing individual products and services on SIN 132-62, and the process for listing contractor-managed services, or bundled solutions. In the letter, GSA explains that in order for CLW to have its individual products and services listed on SIN 132, CLW had to demonstrate that they were on the APL. In addition, the letter explained that for bundled solutions, CLW had to submit its certificate of approval from GSA's Center for Smartcard Solutions. Of significance, GSA did not, through this letter, require CLW to provide APL letters for each of the components comprising its bundled solution.
CLW also argues that GSA's interpretation is contrary to OMB policy prohibiting agencies from acquiring products and services that are not on the APL since it results in a system whereby agencies can place orders for contractor-managed end-to-end solutions which are composed of products and services that are not FIPS 201 compliant. See OMB Memorandum, Implementation of Homeland Security Presidential Directive (HSPD) 12 -- Policy for a Common Identification Standard for Federal Employees and Contractors, M-05-24,
In conclusion, we find that CLW's interpretation of the RFQ as requiring APL compliance of all products and services comprising vendors' end-to-end solutions at time of proposal submission is not reasonably supported when the RFQ is read as whole and that GSA's less restrictive interpretation--that APL compliance for end-to-end components was a matter to determined during Milestone 1 of the task order--is reasonable.
CLW's Technical Evaluation
When an agency issues a solicitation under the FSS program, we will review the agency's evaluation of vendor submissions to ensure that the evaluation was reasonable and consistent with the terms of the solicitation. SI Int'l, SEIT, Inc., supra; COMARK Fed. Sys., supra. In this regard, a protester's mere disagreement with the agency's judgment or its belief that its quotation deserved a higher technical rating alone is not sufficient to establish that the agency acted unreasonably. Worldwide Language Res., Inc., B-297210 et al.,
CLW challenges GSA's evaluation of its proposal under each of the technical evaluation factors. We conclude that these challenges are unsupported and amount to little more than disagreement with GSA's evaluation. As an initial matter, we note that of the six vendors in the competition, CLW was ranked last. Under factor 1, the OCD, GSA rated CLW as poor and high risk, finding that CLW failed to demonstrate 11 sub-use cases required under the OCD. CLW asserts that it did in fact demonstrate 9 of the 11 sub-use cases, however, in its protest, it specifically addresses its demonstration of only three of the sub-use cases at issue and merely states it is certain that the other sub uses were demonstrated. Supplemental Protest at 2. Moreover, to the extent CLW challenges GSA's additional findings that [i]t was difficult to discern if all processes worked as single business process, its demonstration seemed disconnected at times making it difficult to determine if the expected and desired results were met, the RFQ requires . . . largely automated processes but [CLW's] solution required continuous manual intervention, and the overall pervasiveness of problems throughout the demonstrations was indicative to the government that [CLW's] solution would require significant government oversight in order to meet the RFQ requirements, AR, Tab N, CLW Evaluation, at N0001-N0002, its arguments are simply unsupported or present little more than CLW's disagreement with the agency's evaluation. For example, CLW bases its challenge to GSA's determination that it did not demonstrate a single business process on the unsupported assertion that this conclusion was due to an apparent misperception by an evaluator based on CLW's use of [DELETED]. Supplemental Protest at 2. As a consequence, we find that CLW's challenge to its evaluation in this regard does not provide a basis for sustaining its protest.
CLW also challenges its evaluation under factor 2, understanding of and capability to perform technical requirements; factor 3, project management; and factor 4, past performance. In evaluating CLW's proposal under factor 2, GSA found no strengths and numerous weaknesses and rated CLW as poor under 3 of the 10 elements considered. Specifically, GSA rated CLW poor with regard to its Understanding or Requirements and Use Cases, Quality of Training Approach, and Understanding of Help Desk Requirements and Ability to meet them. AR, Tab N, CLW Evaluation, at N0004. Specifically, GSA noted that CLW did not demonstrate an overall understanding of the technical requirements, finding that CLW failed to state that a PKI SSP [Public Key Infrastructure Shared Service Provider] is a component of their solution as required by the RFQ, its detailed descriptions of the functions and capabilities required for each component 'station' are not in compliance with either the RFQ or FIPS 201, and its detailed descriptions of the roles and responsibilities are not in compliance with either the RFQ or FIPS 201.
Under the third factor, project management, GSA rated CLW's proposal as average with moderate risk, noting one strength, and two principal weaknesses, specifically, that there was no work breakdown structure or description of how it planned to meet all the milestones and that CLW's project manager did not appear to have experience related to projects of similar size and scope. AR, Tab N, CLW Evaluation, at N0007. In addition, GSA noted that because CLW's project manager had a current commitment to the
In challenging its evaluation under the above factors, CLW addresses only a handful of the weaknesses assessed by GSA, and with regard to those few issues, its challenges are conclusory in nature and reflect mere disagreement with GSA's evaluation. By way of example, in challenging its past performance evaluation, CLW states that it disagrees with the characterization and ratings assigned in the Past Performance area and that its projects are highly relevant and entitled CLW to a higher rating. Supplemental Protest at 3. We conclude that the record reasonably supports GSA's evaluation, and that CLW's allegations regarding GSA's evaluation do not provide a basis for sustaining CLW's protest.
CLW further argues that many of the weaknesses attributed to its proposal under these factors were the direct result of its failure to receive Amendment 4 to the RFQ. For example, CLW indicates that its failure to address certain help desk support requirements was due to the fact that they were incorporated in Amendment 4 and GSA did not provide CLW with the amendment as the contracting officer had promised he would do. The record reflects, however, that the reason CLW did not obtain Amendment 4 was entirely due to CLW's inability to access the e-Buy system, which was not the fault of GSA, but rather simply due to the fact that CLW was not a Schedule 70 vendor at the time Amendment 4 was issued.[17] Nor is there any support for CLW's assertion that the contracting officer promised to provide CLW with any changes or updates to the RFQ on an ongoing basis. Rather, the record reflects that in response to a request from CLW's subcontractor that it be included on the distribution list for solicitation materials, the contracting officer informed CLW's subcontractor that solicitation material would only be published through e-Buy, but agreed to provide copies of then-current solicitation documents. AR, Tab S, E-mail from Contracting Officer to CLW Subcontractor,
The protest is denied.
Gary L. Kepplinger
General Counsel
[1] As it has developed, one feature of the contemplated common identification card is the inclusion of a biometric verification element, specifically, the incorporation of fingerprint verification.
[2] These 22 categories relate to the following areas: PIV smart cards, smart card readers, fingerprint scanners, fingerprint capture stations, fingerprint template generation and matching equipment, facial image capture stations, card printing stations, and graphical and electronic personalization products and services.
[3] A turn-key solution is characterized as one where the contractor transfers ownership of an integrated system to the government and the government operates the system. In contrast, under a contractor-managed system, the contractor retains ownership of all equipment and manages operation of the system for the government.
[4] While OMB has established GSA as the HSPD-12 executive agency and other agencies are encouraged to acquire their HSPD-12 requirements through GSA, they are not required to do so. Thus, IT Schedule 70 SIN 132-62 is not a mandatory source for agencies.
[5] Although the solicitation is identified on its cover page as an RFQ, the term proposal, as opposed to quotation, repeatedly appears in, among other places, the solicitation's descriptions of the evaluation factors and selection scheme, as well as the parties' submissions. Given this, we refer to the firms' submissions as proposals in several instances for the sake of consistency, notwithstanding the fact that they are more properly referred to as quotations.
[6] By way of example, one of the use cases identified for testing involved the enrollment function and specifically the ability of the vendor's system to support new enrollment and re-enrollment activities.
[7] GSA issued Modification 5 as Amendment 4 to the RFQ.
[8] Federal Acquisition Regulation (FAR) sect. 8.402(d) states that 'e-Buy,' GSA's electronic Request for Quotation (RFQ) system, is a part of a suite of on-line tools which complement GSA Advantage!. E-Buy allows ordering activities to post requirements, obtain quotes, and issue orders electronically.
[9] While CLW had requested a debriefing, GSA informed CLW that because the procurement was conducted under the procedures established by FAR Part 8.4 as opposed to those under FAR Part 15, it was not required to provide CLW with a formal debriefing as described under FAR sections 15.505 and 15.506. Rather, GSA was only required to provide CLW with a brief explanation of the basis for the award decision. FAR sect. 8.405-2(d)
[10] GSA also argued that CLW's protest challenging EDS's proposal as non-compliant is untimely since it should have raised this issue when it was eliminated from the competition. According to GSA, CLW should have known at that time that it was the only vendor with an end-to-end solution composed entirely of FIPS 201 products and services from the APL. We disagree, notwithstanding the existence of press reports indicating that EDS had been invited to submit its price proposal, GSA did not officially announce the names of the firms from which price proposals were requested. Moreover, according to CLW it only learned that EDS did not offer Gemalto products after GSA announced its selection. As a consequence, in our view, CLW did not have a sufficient basis of information to file its protest until it learned of GSA's selection of EDS.
[11] GSA also argued that because CLW had the lowest ratings of all six vendors under the non-price factors it does not have a reasonable prospect of selection and therefore is not an interested party. This argument is without merit. In its protest CLW argues that it was the only vendor to submit an acceptable technical proposal. In addition, CLW challenges the results of GSA's underlying technical evaluation. If our Office were to sustain either aspect of CLW's protest, at a minimum, reopening the competition or reevaluating vendors' proposals would be appropriate. Since CLW would be in a position to either submit a revised proposal or possibly receive higher technical ratings, it has a sufficient economic interest to qualify as an interested party eligible to maintain a protest challenging the issuance of a task order to EDS.
[12] GSA maintains that the contracting officer only considered CLW's technical proposal as a consequence of misleading statements made by CLW, which led the contracting officer to believe that CLW had an existing Schedule 70 contract at the time it submitted its technical proposal. CLW argues that the contracting officer knew its status when it submitted its technical proposal. Because, as discussed below, we need not resolve the question of CLW's interested party status, we likewise need not resolve this issue.
[13] Implicit in CLW's reading of the cited RFQ provisions is its assumption that use of the term offer was coextensive with a vendor's submission of its technical proposal and that a vendor's technical proposal was its offer to the government. As an initial matter, we note that use of the term offer in the RFQ was inherently ambiguous since a vendor's submission in response to an RFQ is not technically an offer since it is not a submission for acceptance by the government to form a binding contract; rather, vendor submissions are purely informational. Computer Assocs. Int'l, Inc.--Recon., B-292077.6,
[14] It is understandable that CLW based its interpretation of the RFQ solely on the language initially incorporated in the RFQ since, at the time CLW submitted its technical proposal, CLW was not aware of the questions and answers issued under modification 4 and later incorporated through modification 5. As previously explained, CLW did not have access to the e-Buy system and therefore never obtained modifications 4 or 5 to the RFQ and thus did not have the benefit of the questions and answers for the purpose of preparing and submitting its proposal.
[15] While CLW argues that GSA's statement merely confirms the prohibition in Section 6.1 that a contractor cannot substitute products in its written response after award, CLW's contention is not reasonable given the context of the answer, which was in response to a question regarding the timing of APL compliance, not product substitutions during performance of the task order. CLW's Post-hearing Comments at 8.
[16] We also note that CLW's argument in this regard does not support its underlying interpretation of the RFQ as requiring APL compliance at the time technical proposals were due. Following CLW's logic, APL compliance was due by price proposal submission since the RFQ only required vendors to have their products and services on Schedule 70, SIN 132 by the time price proposals were due.
[17] To the extent CLW asserts that its inability to access e-Buy was due to GSA's failure to award its Schedule 70 in a timely manner, its contentions are not supported by the record. The record demonstrates that the delay in awarding CLW's underlying schedule contract was the result of CLW's failure to provide the Schedule 70 contracting officer with requested information in a timely manner.