Accuracy Importance in Contractor Proposals for Cybersecurity

Accuracy Importance in Contractor Proposals for Cybersecurity


The importance of accuracy in the representations of contractors’ proposals in terms of compliance / cybersecurity capabilities, and the growing number of bid protests based on alleged inaccuracies of the proposals with respect to them, is demonstrated in Connected Global Solutions, LLC v. United States (Fed. Cl. 21 Apr. 2022).

In Connected global solutions, the U.S. Department of Defense, Transportation Command (TRANSCOM) issued a request for a proposal (RFP) to request removal services to accommodate members of the military when they change office locations. The RFP envisaged a contract worth up to $ 20 billion over a decade if all options were exercised. The RFP included an evaluation factor for IT services that required contractors to provide and maintain an accessible, secure, web-based, and mobile-compatible computer system capable of managing relocation and relocation services.

American Roll-on Roll-off Carrier Group, Inc. (ARC) filed a protest with the Government Accountability Office (GAO) alleging: Among othersthe award-winning HomeSafe Alliance, LLC proposal contained a “material misrepresentation of the level of impact to which a key component of its approach has been authorized to meet the secure access requirement.” Am. Roll-On Roll-Off Carrier Grp., Inc. (Comp. Gen. March 3, 2022). More specifically, ARC alleged that while HomeSafe’s proposal represented that it would use web-based IT services that had a “high” FedRAMP level rating, the actual rating of the proposed services was “average.” GAO rejected the ARC’s argument, finding that the information provided by the awardee and the publicly available information from the proposed web-based IT provider supported HomeSafe’s representation that it could ensure that the services based on proposed websites would be “high” compatible with FedRAMP.

ARC subsequently filed a complaint with the U.S. Federal Court of Appeals (COFC), again alleging that HomeSafe misrepresented its compliance with FedRAMP as “high” and sought permission to conduct a limited-focused discovery. on the basis of the representations of the HomeSafe proposal on the status of FedRAMP. The COFC noted that when material misrepresentation is alleged in the bidding process, the courts do not examine the subjective mindset of the contracting agency, but rather “‘whether the statement itself constitutes a misrepresentation or not.[.]Therefore, the court noted that it would not take into account the information before the agency, but should take into account the conduct and information available to the successful bidder. As a result, the court ordered HomeSafe to respond to two interrogations (and an application for admission) around its representations about FedRAMP’s “high” compliance with its proposal. The COFC reasoned that the two interrogations were “relevant” and that the administrative record may not have all the information necessary for the court to properly review the allegations of misrepresentation.

Key points

While allegations of misrepresentation of proposals are not new, allegations of misrepresentation of a contractor’s compliance and cybersecurity capabilities represent fertile ground for bid protests. As cybersecurity requirements for federal procurement increase in number and complexity, so may protests from bids that challenge a bidder’s representations regarding compliance with them.

Connected global solutions it also emphasizes the importance of documenting and maintaining evidence of the basis for material representations of proposals regarding the contractor’s compliance / cybersecurity capabilities. Contractors should consider carefully verifying the accuracy of the proposal information and using internal controls for the review and submission of proposals. Even with these protocols in place, bid protests over contractor compliance / cybersecurity capabilities can still occur and can have costly consequences.

© 2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XII, Number 138



Source link

Related post

EDUCAUSE 2022: How Data Collection Can Improve Student and Faculty IT Support

EDUCAUSE 2022: How Data Collection Can Improve Student and…

At Indiana University, Gladdin said, to make life easier for students and faculty, they implemented a course template for the Canvas…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…

Leave a Reply

Your email address will not be published.