Information Technology Strategies, Inc.
Highlights
Information Technology Strategies, Inc. (IT-Strat), of Sterling, Virginia, protests the terms of request for quotations (RFQ) No. SP4709-26-Q-2003, issued by the Defense Logistics Agency (DLA) to contractors holding J6 Enterprise Technology Services (JETS) 2.0 indefinite-delivery, indefinite-quantity (IDIQ) contracts; the solicitation seeks quotations to provide support services for the ongoing modernization of the budget, finance, and accounting systems that support Department of Defense (DOD) agencies. IT-Strat asserts that the solicitation's experience requirements for key personnel are "unreasonable, unnecessary, and unjustified." Protest at 12.
DOCUMENT FOR PUBLIC RELEASE
The decision issued on the date below was subject to a GAO Protective Order. The entire decision has now been approved for public release.
Decision
Matter of: Information Technology Strategies, Inc.
File: B-424134
Date: March 10, 2026
Carla J. Weiss, Esq., and Logan Kemp, Esq., Nichols Law, LLP, for the protester.
Robert K. Tompkins, Esq., Hillary J. Freund, Esq., and Richard J. Ariel, Esq., Holland & Knight, LLP, for CACI, Inc.-Federal, the intervenor.
Jack D. Myers, Esq., Defense Logistics Agency, for the agency.
Glenn G. Wolcott, Esq., and April Y. Shields, Esq., Office of the General Counsel, GAO, participated in the preparation of the decision.
DIGEST
1. Protest that solicitation's experience requirements for key personnel are overly restrictive is denied where agency has provided a rational explanation for the requirements and demonstrated that they reasonably relate to the agency's needs.
2. Protester is not an interested party to challenge additional aspects of the procurement where the firm acknowledges that it submitted a noncompliant quotation.
DECISION
Information Technology Strategies, Inc. (IT-Strat), of Sterling, Virginia, protests the terms of request for quotations (RFQ) No. SP4709-26-Q-2003, issued by the Defense Logistics Agency (DLA) to contractors holding J6 Enterprise Technology Services (JETS) 2.0 indefinite-delivery, indefinite-quantity (IDIQ) contracts; the solicitation seeks quotations to provide support services for the ongoing modernization of the budget, finance, and accounting systems that support Department of Defense (DOD) agencies. IT-Strat asserts that the solicitation's experience requirements for key personnel are “unreasonable, unnecessary, and unjustified.” Protest at 12.[1]
We deny the protest in part and dismiss it in part.
BACKGROUND
On October 22, 2025, pursuant to the “fair opportunity” provisions of Federal Acquisition Regulation (FAR) subpart 16.5, the agency published the solicitation at issue here.[2] The solicitation seeks quotations to provide support for the software application of DOD's Defense Agencies Initiative (DAI), and explains that the DAI program was established by the 2008 National Defense Authorization Act “to solve Defense Agency/Service financial management problems through standard end-to-end business processes delivered by Oracle EBS [E-Business Suite] R12.2.x.”[3] Agency Report (AR), Exh. 4, RFQ amend. 02 at 27;[4] see National Defense Authorization Act for Fiscal Year 2008, Pub. L. No. 110‑181, 122 Stat. 3, 301-303.
The solicitation contemplates the issuance of a task order for a 1-year base period and four option periods, and provides for source selection based on a best-value tradeoff between price and the following non-price evaluation factors: (1) level of effort/labor mix; (2) key personnel; (3) technical approach; (4) past performance; and (5) oral presentation.[5] RFQ at 142. Of relevance here, the solicitation identifies seven key personnel positions/labor categories (along with estimated labor hours for each)[6] and requires vendors to identify and submit a resume for each individual proposed to fill these positions. In this context, the solicitation identifies various educational and experience requirements for each position--including either 5 or 10 years of experience “supporting DOD or Federal Oracle shared service providers on an Oracle EBS R12.2 platform or higher”--and provides for evaluation of the key personnel factor on an acceptable/unacceptable basis.[7] RFQ at 104-08, 141. The solicitation established a November 24 closing date for submission of quotations.
On November 21, IT-Strat filed an agency-level protest asserting that the Oracle R12.2 experience requirements for key personnel are overly restrictive. AR, Exh. 6, Agency-Level Protest. In this regard, IT-Strat did not question the necessity of relying on the Oracle EBS R12.2 platform but, rather, asserted that experience with this specific platform was unnecessary for successful performance of any of the seven key personnel positions. In this context, IT-Strat asserted that “the responsibilities for several of these positions are outcome-focused and largely system-agnostic,” and maintained that the solicitation's experience requirement should be expanded to include “equivalent” experience. Id. at 2-3.
On or before the November 24 closing date, quotations were submitted by IT‑Strat and CACI. IT-Strat acknowledges that its quotation “was non-compliant because it did not submit candidates for the EDI/XML SME[-senior] and Cybersecurity SME[-lead] key personnel positions who met the Oracle EBS R12.2 experience requirements.” Protest at 9.
On November 24, the agency issued a decision denying IT-Strat's agency-level protest. In that decision, the agency provided explanations and justifications for the R12.2 experience requirements, discussing the bases for that requirement as it applied to each of the seven key personnel positions. AR, Exh. 7, Denial of Agency-Level Protest at 3-5.
For example, in discussing the R12.2 experience requirement for the EDI/XML SME‑senior position, the agency first noted that personnel filling this position will be responsible for “troubleshooting, impact analysis, defect triage, and user support.”[8] AR, Exh. 7, Denial of Agency-Level Protest at 3. Next, the agency explained that the “behavior” of various modules within the R12.2 platform have “changed significantly [from previous versions]” due to “database, workflow, and integration updates.”[9] Id. Accordingly, the agency concluded that personnel filling this position “must understand R12.2-specific logic to properly resolve production issues or support new capabilities.” Id. at 3-4.
Similarly, in discussing the experience requirement for the cybersecurity SME-lead position,[10] the agency noted that personnel filling this position “serve[] as the technical authority, guiding teams and leadership on . . . ensuring compliance with stringent security frameworks” and are responsible for “integrat[ing] advanced cybersecurity principles, policies, and practices into [EBS R12.2] environments.” Accordingly, the agency concluded that “prevent[ing] financial disruptions and ensuring operational readiness . . . cannot be guaranteed without the required experience in an Oracle EBS [R]12.2 platform” for this position. AR, Exh. 7, Denial of Agency-Level Protest at 4.
On December 4, IT-Strat filed this protest with our Office.[11]
DISCUSSION
In its protest to our Office, IT-Strat again expresses its opinion that experience with the R12.2 platform is “not necessary for any of the seven key personnel roles,” and asserts that this requirement creates “an unjustified barrier to competition that arbitrarily favors the incumbent offeror.” Protest at 3, 10. IT -Strat further asserts that, because the R12.2 platform was first released in 2013, there is a limited pool of personnel that can meet the experience requirement, rendering the requirement unreasonable. Id. at 9-11. Finally, IT-Strat complains that, in previous “versions” of this procurement, there were no platform-specific experience requirements; accordingly, IT-Strat maintains that the agency should “revert to the status quo from prior competitions.” Id.
In response, the agency has, again, provided explanations and justifications for the experience requirements, comprehensively addressing each of the seven key personnel positions. COS/MOL at 8-12; AR, Exh. 8, Justification for Key Personnel. Of relevance here, with regard to the key personnel position, EDI/XML SME-senior (one of the positions that IT-Strat acknowledges renders the quotation it submitted “noncompliant”), the agency states that personnel filling this position perform “a highly specialized function critical to the daily operation and stability of the DLA's Oracle environment,” further noting that the responsibilities for this position include “troubleshooting, impact analysis, defect triage, fit-gap analysis, and regression testing.” COS/MOL at 9‑10; see AR, Exh. 8, Justification for Key Personnel at 1-2. The agency further notes that “transition to the Oracle EBS R12.2 platform introduced substantial changes to the behavior of several essential modules due to significant database, workflows, and integrations shifts.” COS/MOL at 9. Accordingly, the agency maintains that the required tasks cannot be learned “on the job” without introducing significant risk and “demand a deep, pre-existing knowledge of R12.2‑specific logic.” Id. at 10. Finally, the agency concludes that “[h]ands-on experience [for this position] is critical to ensure accurate issue resolution, reduce risk of prolonged system outages . . . and [to] avoid[] functional defects or configuration errors.” Id.
Similarly, with regard to the key personnel position of cybersecurity SME-lead (the second position that IT‑Strat acknowledges renders its quotation “noncompliant”), the agency states that successful performance in this position “is directly linked” to the security and operational stability of the DAI program. COS/MOL at 10; see AR, Exh. 8, Justification of Key Personnel at 4. More specifically, the agency explains that the role involves “integrating advanced cybersecurity principles and policies into the unique architecture of the [Oracle EBS R12.2,]” noting that “[t]his platform has specific vulnerabilities, configurations, and compliance requirements.” COS/MOL at 10. The agency adds that this position “serves as technical authority responsible for guiding both technical teams and leadership” and “necessitates a pre-existing understanding of the platform to provide credible, accurate, and effective guidance” as well as prevent unauthorized access to sensitive data. Id.; see AR, Exh. 8, Justification for Key Personnel at 4. Accordingly, the agency concludes that requiring personnel in this position to have specific experience with the R12.2 platform is “critical to prevent financial disruptions and ensure[] operational readiness.” COS/MOL at 10.
When a solicitation requirement is challenged as unduly restrictive, the procuring agency has the responsibility to establish that the requirement is reasonably necessary to meet the agency's needs. Nexagen Networks, Inc., B-411209.7, June 20, 2016, at 4. However, in conducting a procurement under the provisions of FAR subpart 16.5, an agency is not required to construct procurements in a manner that will neutralize the competitive advantages possessed by some vendors, including the natural advantages flowing from incumbency. WILLCOR Inc., B-422358, May 22, 2024, at 4; see also LOGMET LLC, B-421838, Oct. 5, 2023, at 6; Flight Support, Inc., B-417637.2, Oct. 3, 2019, at 3. Rather, a contracting agency has the discretion to determine what its needs are, and the best methods of accommodating them. See, e.g., Remote Diagnostic Techs., LLC, B‑413375.4, B‑413375.5, Feb. 28, 2017, at 3-4. In this context, we examine an agency's justification for a challenged provision to ensure that it is rational and can withstand logical scrutiny. WILLCOR Inc., supra.; AAR Mfg. Inc., d/b/a AAR Mobility Sys., B-418339, Mar. 17, 2020, at 13. A protester's disagreement with an agency's judgment regarding how it will best meet its needs does not establish that the agency's judgment is unreasonable. Emax Fin. & Real Estate Advisory Servs., LLC, B‑408260, July 25, 2013, at 4.
Here, based on our review of the entire record, including the agency's detailed explanations supporting the experience requirements, see AR, Exh. 8, Justification for Key Personnel, we find no basis to question the reasonableness of the agency's determination regarding the experience requirements for key personnel. We have specifically considered the agency's explanations regarding the two positions that IT‑Strat acknowledges render its quotation noncompliant. In our view, the agency has reasonably identified specific functions that each position will be responsible for performing that are critical to successful performance of the task order and that reasonably require, or are reasonably enhanced by, having experience with the R12.2 platform. Among other things, the agency notes that there have been updates and changes that affect the manner in which some of the platform modules operate, making specific experience with the R12.2 platform critical to reducing performance risks. Similarly, the record reflects the agency's consideration of unique cybersecurity vulnerabilities associated with the R12.2 platform, making experience with the platform critical for protecting against unauthorized access. Accordingly, we specifically reject IT-Strat's assertions that the R12.2 experience requirements for the EDI/XML SME-senior and cybersecurity SME-lead positions are unreasonable, and its protest allegations in that regard are denied.
Further, as noted above, the solicitation provided for evaluation of the key personnel factor on an acceptable/unacceptable basis. RFQ at 141. Since IT-Strat acknowledges that its failure to meet the solicitation requirement for these two key personnel positions renders its quotation noncompliant, IT‑Strat lacks the requisite legal interest to further challenge this procurement, including its complaints regarding the other five key personnel positions. Under our Bid Protest Regulations, a protester must be an actual or prospective bidder or offeror whose direct economic interest would be affected by the award of a contract or by the failure to award a contract. 4 C.F.R. § 21.0(a)(1). Since there is no dispute that IT-Strat's quotation is ineligible for award, we decline to further consider any of IT‑Strat's additional complaints regarding this procurement, as the protester is not an interested party to maintain them. Accordingly, the protester's remaining allegations are dismissed. See, e.g., Remote Diagnostic Techs., LLC, supra at 5.
The protest is denied in part and dismissed in part.
Edda Emmanuelli Perez
General Counsel
[1] The page numbers referenced in this decision are the Adobe PDF page numbers in the documents submitted.
[2] Previously, the agency had attempted to compete similar requirements under solicitation No. SP4709-25-Q-7002. Following protests filed by CACI, Inc.-Federal (the incumbent contractor) and IT-Strat (docketed as B‑423565, B‑423565.2, B‑423565.3), the agency canceled that prior solicitation and stated that “[after] reevaluat[ing] the underlying requirement . . . [a] new solicitation will be issued.” Agency Req. for Dismissal, B-423565.2, B-423565.3, Aug. 18, 2025, at 1.
[3] The agency further explains that “[t]he DAI Software Application is an Enterprise Resource Planning (ERP) platform based on Oracle EBS R12.2, a Commercial Off-the-Shelf software product . . . [which is] a collection of . . . applications bundled into a single software suite . . . [that] collect, store, and interpret data from many business activities in order to coordinate resources across an enterprise.” Contracting Officer's Statement and Memorandum of Law (COS/MOL) at 2. The protester echoes the agency's description of the R12.2 platform, stating: “[t]his software is used to help an organization run core operations in one integrated system--typically things like finance/accounting, procurement, inventory/supply chain, manufacturing, and HR/payroll--so data flows across departments instead of living in separate silos.” Protest at 10.
[4] Unless otherwise noted, citations to the RFQ refer to amendment 02.
[5] The solicitation provides for a two-phase evaluation. In phase one, quotations will be evaluated under the first four evaluation factors; only quotations that receive ratings of acceptable or higher under the phase one evaluation will be permitted to proceed to phase two, participate in oral presentations, and be eligible for award. RFQ at 141-42.
[6] The positions/labor categories are: (1) task order project manager; (2) cybersecurity subject matter expert (SME)-lead; (3) data scientist; (4) operations research analyst; (5) EDI/XML (electronic data interchange/extensible markup language) SME-senior; (6) systems engineer; and (7) technical infrastructure architect. Id. at 103.
[7] As initially issued, the solicitation required 10 years of Oracle R12.2 experience for most of the key personnel positions. See AR, Exh. 1, Initial RFQ at 85-90. In response to offerors' questions, the agency revised the solicitation to require only five years of Oracle R12.2 experience for the following positions: EDI/XML SME-senior, cybersecurity SME-lead, data scientist, and operations research analyst. RFQ at 11, 12, 16.
[8] The solicitation contains the following description of the EDI/XML SME-senior position: Oversees all aspects of the contractor's support of all tasks within this PWS [performance work statement], including planning, organizing, staffing, directing, integrating, and controlling activities necessary for all tasks to meet schedule, and performance requirements. Manages all day-to-day operations including administrative functions, assessing risks, identifying assumptions, and resolving interpersonal conflicts. Responsible for the duties, tasks, and activities required to make the program/project successful. Actively participates in the management decision-making process. RFQ at 104.
[9] Specifically, the agency referred to the changed behavior of “modules such as OTL [Oracle time and labor], B2R [budget to report], P2P [procure to pay], and O2C [order to cash].” AR, Exh. 7, Denial of Agency‑Level Protest at 3.
[10] The solicitation's description of the cybersecurity SME-lead position includes the following: Serves as technical expert to the Cybersecurity Assessment Program providing technical direction, interpretation, and alternatives to complex problems. . . . Contributes to the development of new principles, concepts, and methodologies. Works on unusually complex technical problems and provides highly innovative and ingenious solutions. Recommends cybersecurity software tools and assists in the development of software tool requirements and selection criteria. . . . RFQ at 105.
[11] The anticipated value of this procurement exceeds $35 million. Accordingly, this procurement is within our jurisdiction to hear protests related to the issuance of a task order under multiple-award IDIQ contracts awarded under the authority of title 10 of the United States Code. 10 U.S.C. § 3406(f)(1)(B).