Enterprise Solutions & Management Corporation

Decision

DOCUMENT FOR PUBLIC RELEASE
The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release.

Matter of: Enterprise Solutions & Management Corporation

File: B-421776

Date: September 28, 2023

DIGEST

Protest that agency unreasonably assessed a deficiency in the protester’s quotation is denied where protester failed to comply with a solicitation requirement.

Enterprise Solutions & Management Corporation (ESM), a small business of Springfield, Virginia, protests the award of a contract to Agile-Bot II, LLC, a small business of Reston, Virginia, under request for quotations (RFQ) No. 832200002, issued by the Department of Defense (DOD), Defense Information Systems Agency (DISA) for identity assurance support. The protester contends that the agency unreasonably assessed a deficiency in ESM’s quotation under the technical/management approach factor and, based on this error, improperly evaluated the quotation as unacceptable. The protester also challenges various other aspects of the agency’s technical evaluation and award decision.

We deny the protest.

BACKGROUND

On June 9, 2022, the agency issued the solicitation as a small business set‑aside to contract holders under the General Services Administration’s Federal Supply Schedule (FSS) program, in accordance with the ordering procedures under Federal Acquisition Regulation (FAR) subpart 8.4. Contracting Officer Statement and Memorandum of Law (COS/MOL) at 5; Agency Report (AR), Tab 1, RFQ at 1; AR, Tab 1a, Performance Work Statement (PWS) at 1-2.[1] The solicitation sought support services for identity verification and the issuance of credentials for access to DOD‑protected online resources for the Joint Service Provider (JSP).[2] PWS at 2. The RFQ anticipated the award of a fixed-price contract with a 1‑year base period and three 1‑year option periods. RFQ at 2.

The solicitation provided that award would be made to the vendor whose quotation was determined to represent the best overall value to the government using a best‑value tradeoff process considering the factors of technical/management approach and price. Id. at 4‑5. According to the RFQ, the technical/management approach factor was more important than price. Id. at 5. The technical/management approach factor was comprised of five subfactors of equal importance: (1) DISA mobility classified capability secret (DMCC‑S) and Windows data at rest secret (WINDAR-S) certificate issuance support; (2) JSP enterprise certification authority (ECA) support; (3) product evaluation; (4) technical support; and (5) management approach. Id. at 4.

The first two subfactors under the technical/management approach factor were to be assigned adjectival ratings of outstanding, good, acceptable, marginal, or unacceptable, based on the approach and understanding of requirements indicated by the quotation and the evaluated strengths, weaknesses, and deficiencies. Id.; AR, Tab 1f, RFQ Evaluation Tables at 1. As relevant here, a deficiency was defined as a “material failure of a proposal/quotation to meet a Government requirement or a combination of significant weaknesses in a proposal/quotation that increases the risk of unsuccessful contract performance to an unacceptable level.” Tab 1f, RFQ Evaluation Tables at 1. A quotation containing one or more deficiencies would be rated unacceptable and would be ineligible for award. Id. The remaining three subfactors would be evaluated on an acceptable/unacceptable basis. RFQ at 4.

In response to the solicitation, the agency received timely quotations from six vendors, including ESM and Agile‑Bot. COS/MOL at 9. The agency evaluated the quotations of ESM and Agile‑Bot as follows:

	ESM	Agile-Bot
Technical/Management
DMCC-S/WINDAR-S Support	Good	Good
JSP ECA Support	Unacceptable	Good
Product Evaluation	Acceptable	Acceptable
Technical Support	Acceptable	Acceptable
Management Approach	Acceptable	Acceptable
Price	$20,676,332	$20,922,811

 

AR, Tab 3, Selection Recommendation Document (SRD) at 4.

In evaluating ESM’s technical quotation, the evaluators assessed a deficiency under the JSP ECA support subfactor. Id. at 37. Based on this deficiency, the evaluators assigned a rating of unacceptable to ESM’s quotation for this subfactor. Id. Because ESM’s quotation received a rating of unacceptable under a technical subfactor, it was found to be ineligible for award and excluded from further consideration, including the agency’s best‑value tradeoff analysis. COS/MOL at 12; see AR, Tab 3, SRD at 4, 37; Tab 4, Price Negotiation Memorandum at 5‑6.

On June 16, 2023, the agency notified ESM of the award decision and provided a brief explanation of the basis for award in accordance with FAR section 8.405‑2(d). COS/MOL at 13; AR, Tab 5a, Unsuccessful Vendor Notification at 1‑3. After receiving the notice, ESM timely filed this protest with our Office.

DISCUSSION

ESM contends that the agency unreasonably assessed a deficiency in its quotation under the JSP ECA support subfactor.[3] Protest at 13-18; Comments at 5‑13. The protester also asserts that the agency overlooked numerous aspects of ESM’s quotation that warranted a finding of additional strengths under the technical/management factor.[4] Protest at 18‑23; Comments at 14‑20. As discussed below, we find that the agency reasonably assessed ESM’s quotation a deficiency under the JSP ECA support subfactor. Because this deficiency renders ESM’s technical quotation unacceptable and ineligible for award, we need not address the protester’s remaining challenges to the agency’s evaluation of ESM’s quotation.

Where, as here, an agency conducts a competition under an RFQ issued to vendors under the FSS provisions of FAR subpart 8.4, we will review the record to ensure that the agency’s evaluation was reasonable and consistent with the terms of the solicitation and applicable procurement laws and regulations. Battelle Mem’l Inst., B-420253 et al., Jan. 12, 2022, 2022 CPD ¶ 31 at 5; CW Government Travel, Inc., B-419193.4 et al., Apr. 15, 2021, 2021 CPD ¶ 188 at 5. The evaluation of quotations is a matter within the discretion of the procuring agency; we will not question the agency’s evaluation absent a showing that the evaluation was unreasonable or inconsistent with the solicitation. Battelle Mem’l Inst., supra; Analytical Innovative Solutions, LLC, B-408727, Nov. 6, 2013, 2013 CPD ¶ 263 at 3. A protester’s disagreement with the agency’s judgment, without more, does not establish that an evaluation was unreasonable. Deloitte Consulting, LLP, B‑416882.4, Jan. 6, 2020, 2020 CPD ¶ 21 at 4.

Deficiency Assessed Under JSP ECA Support Subfactor

ESM first challenges the deficiency assessed in its quotation under the JSP ECA support subfactor of the technical/management approach factor. The protester argues that, in assessing this deficiency, the agency misapplied the evaluation criteria and unreasonably overlooked information that was included in ESM’s quotation. The agency responds that it evaluated ESM’s quotation reasonably and consistent with the stated evaluation criteria.

For the JSP ECA support subfactor, vendors were required to describe their ability to meet or exceed the requirement in PWS section 6.6.3 to provide the technical support needed for JSP ECA support. RFQ at 4. Section 6.6.3 of the PWS, in its entirety, provided as follows:

6.6.3. JSP ECA support:

6.6.3.1. The contractor shall create a plan, submit for approval, and execute: to design, engineer, test, deploy, and integrate additional capabilities for the [Office of the Secretary of Defense] forest. The additional capabilities the contractor shall support include additional 802.1x machine authentication instances; Network Device Enrollment Service (NDES) for Simple Certificate Enrollment Protocol (SCEP) enabled devices, [Assured Compliance Assessment Solution] findings remediation of Remote Desktop Protocol (RDP) findings, Comply to Connect, Zero Trust, and other various network-hardening capabilities.

PWS, § 6.6.3 at 10.

In assessing ESM’s quotation with a deficiency under this subfactor, the evaluators found that ESM “failed to provide adequate (or any) description about how it will support Comply to Connect and Zero Trust.” AR, Tab 3, SRD at 37. Noting that the subfactor requires vendors to support Comply to Connect and Zero Trust, the evaluators found that ESM “doesn’t even mention it within its technical quote.” Id. Based on this finding, the evaluators assessed a deficiency, concluding that this failure constituted a “material failure of a quotation to meet a government requirement that increases the risk of unsuccessful contract performance to an unacceptable level.” Id.

ESM first argues that the agency misapplied the solicitation’s evaluation criteria by evaluating technical quotations on “how the [vendors] proposed to do the work,” when the solicitation specifically sought a “description of abilities to do the work.” Protest at 13‑14. Moreover, relying on a set of vendor questions and responses, ESM asserts that Comply to Connect and Zero Trust were among certain “additional capabilities” that the solicitation did not require vendors to address in their quotations. Id. at 14‑15. The agency responds that the solicitation provided for the evaluators to assess vendors’ “approach and understanding” of requirements, which encompassed the evaluation of how the vendors proposed to perform the required work, and expressly included support for Comply to Connect and Zero Trust capabilities. COS/MOL at 15-21.

When a protester and agency disagree over the meaning of solicitation language, we will resolve the matter by reading the solicitation as a whole and in a manner that gives effect to all of its provisions. Futron, Inc., B-420703, July 25, 2022, 2022 CPD ¶ 189 at 6. To be reasonable, and therefore valid, an interpretation must be consistent with the solicitation when read as a whole and in a reasonable manner. Id.; Patronus Systems, Inc., B‑418784, B‑418784.2, Sept. 3, 2020, 2020 CPD ¶ 291 at 5. If the solicitation language is unambiguous, our inquiry ceases. Lamb Informatics, Ltd., B‑418405.5, B‑418405.6, Mar. 5, 2021, 2021 CPD ¶ 116 at 5; Pond Constructors, Inc., B‑418403, Mar. 23, 2020, 2020 CPD ¶ 129 at 6.

Based on the plain language of the solicitation provisions at issue here, we agree with the agency’s interpretation and find the protester’s interpretation to be unreasonable. In this regard, the solicitation advised vendors that the agency would use the stated evaluation factors “to determine a schedule contractor’s relative ability to accomplish the tasks set forth in the PWS.” RFQ at 4. Under the JSP ECA support subfactor, the RFQ instructed vendors to “describe their ability to meet or exceed the PWS 6.6.3 requirements to provide the technical support required to provide JSP [ECA] support.” Id. The RFQ also informed vendors that the agency would use the “standards . . . in the attached Evaluation Tables” in evaluating vendors’ quotations. RFQ at 4. The evaluation tables, in turn, provided that a vendor’s quotation under the JSP ECA support subfactor would be evaluated on the level of “approach and understanding of the requirements” indicated in the quotation. AR, Tab 1f, Evaluation Tables at 1. For example, the rating of outstanding was described as where a quotation “indicates an exceptional approach and understanding of the requirements and contains multiple strengths,” while the rating of marginal was described as where a quotation “has not demonstrated an adequate approach and understanding of the requirements.” Id.

On this record, we find that the solicitation provisions at issue are not ambiguous. When read as a whole, the agency’s interpretation of those provisions--that vendors were to describe, and the agency evaluate, how they would perform the requirements--is the only reasonable interpretation. While the protester tries to draw a distinction between a vendor’s ability to perform a requirement and how it proposes to perform that requirement, the solicitation language does not support this dichotomy. To the contrary, the solicitation instructed vendors to describe their ability to meet or exceed the requirements and, at the same time, expressly provided that the agency would assess the vendors’ demonstrated “approach and understanding of the requirements.” AR, Tab 1f, Evaluation Tables at 1. In this context, use of the term “approach” can mean nothing other than an evaluation of how a vendor proposed to perform the work. Considering the unambiguous solicitation language contemplating the evaluation of each vendor’s approach and understanding of the requirements, ESM’s argument that it was not required to demonstrate how it would perform the requirements is unreasonable and contrary to the terms of the solicitation. Accordingly, we find the agency’s application of the stated evaluation criteria here to be unobjectionable.

In addition, the protester relies on a vendor question and response to assert that ESM was not required to include its approach to providing support for Comply to Connect and Zero Trust. As discussed below, we find this argument to be unreasonable. The relevant vendor question and agency response provided as follows:

[Question] The Government describes ‘additional capabilities’ that will be supported within the JSP ECA support and JSP ECA Onboarding PWS task areas (PWS 6.6.3 and 6.6.4). How many new capability changes are anticipated for these two requirements? Can the Government provide additional data or information to help quantify the support required for these two requirements?

[Response] The scope of this requirement is ongoing. This environment is still advancing, the offeror must be able to respond to sudden and emerging technical requirements and issues during the contract's lifespan as they relate to paragraphs 6.6.3 and 6.6.4.

AR, Tab 1g, Vendor Questions and Answers at 5. The protester argues that the agency response here notified vendors that they “did not have to create the PWS [section] 6.6.3 plan or detail how they will incorporate additional capabilities at the quotation stage.” Protester’s Comments at 7.

The agency responds that the protester misconstrues the question and response at issue. The agency first notes that the question asks “how many” new capability “changes” are anticipated in order to help the vendors “quantify” the required support. COS/MOL at 17‑19; see AR, Tab 6, Decl. of Technical Evaluation Team (TET) Lead at 5‑6. In this regard, the agency states that the additional capabilities required under PWS section 6.6.3 were left open-ended, with the PWS using the language “and other various network-hardening capabilities.” AR, Tab 6, Decl. of TET Lead at 6. This question therefore asked the agency to quantify how many other capabilities would be required. Id. at 5. The agency, in turn, responded to the question by stating that, while the requirement is an ongoing one, the vendor “must be able to respond to sudden and emerging technical requirements and issues during the contract’s lifespan as they relate to paragraphs 6.6.3 and 6.6.4.” AR, Tab 1g, Vendor Questions & Answers at 5. The agency thus argues that the response did not alter the unambiguous solicitation requirement under the JSP ECA support subfactor for vendors to address the capabilities specifically listed in PWS section 6.6.3. COS/MOL at 17‑19.

We find the agency’s interpretation to be reasonable and consistent with the solicitation. We note that the entire requirement under PWS section 6.6.3 was to “create a plan, submit for approval, and execute: to design, engineer, test, deploy, and integrate additional capabilities,” which included a non-exclusive list of five such additional capabilities, including Comply to Connect and Zero Trust. See PWS, § 6.6.3 at 10 (emphasis added). Reading this solicitation requirement together with the agency’s response to vendor questions, the protester’s interpretation--that vendors were not required to address the additional capabilities listed in PWS section 6.6.3--is inherently unreasonable, as it would render meaningless the vendor instructions and evaluation criteria applicable to the JSP ECA support subfactor. We also note that, contrary to the protester’s position, the agency here did not find ESM’s quotation deficient because it did not “create the PWS [section] 6.6.3 plan . . . at the quotation stage,” but because ESM failed to describe an approach to providing two of the required services enumerated in PWS section 6.6.3. Protester’s Comments at 7; see AR, Tab 3, SRD at 37.

Moreover, we find that the plain language of the question and response does not support the protester’s position. In this regard, the vendor question specifically asked how many new capability changes are anticipated and requested that the agency provide additional data or information to help quantify the required support. AR, Tab 1g, RFQ Questions and Answers at 5. The agency responded that the vendor would need to “respond to sudden and emerging technical requirements and issues” as part of their performance of requirements under PWS sections 6.6.3 and 6.6.4. Id. In other words, neither the question nor the response addressed or changed the stated quotation instructions or evaluation criteria for the JSP ECA support subfactor. Based on this record, we find that the agency’s evaluation under this subfactor reasonably examined how vendors proposed to support the additional capabilities enumerated in PWS section 6.6.3, including Comply to Connect and Zero Trust.

The protester next argues that, even if it was reasonable for the agency to evaluate how vendors proposed to support each of the capabilities enumerated in PWS section 6.6.3, the agency’s assessment of a deficiency was unreasonable because ESM’s quotation contained the required information. Protest at 14‑18. Specifically, the protester cites seven instances where its quotation mentions the term “Zero Trust” and contends that ESM’s quotation described its ability to support Comply to Connect and Zero Trust, but the agency unreasonably ignored this information in its evaluation. Id. at 16‑17 (citing AR, Tab 2, ESM Technical Quotation at 8, 14, 15, 17). The protester also argues that, although its quotation did not specifically mention the term “Comply to Connect,” it addressed various technical elements that comprise Comply to Connect as an essential component of Zero Trust. Id. at 17‑18; Protester’s Comments at 10‑13.

As noted above, the TET described the assessed deficiency as follows:

ESM failed to provide adequate (or any) description about how it will support Comply to Connect and Zero Trust. Subfactor 2/PWS 6.6.3.1 requires offerors to support to Comply to Connect and Zero Trust. However, offeror doesn’t even mention it within its technical quote. This is a material failure of a quotation to meet a government requirement that increases the risk of unsuccessful contract performance to an unacceptable level.

AR, Tab 3, SRD at 37. In response to this protest, the TET lead further explained that “while ESM mention[s] Zero Trust within its technical quotation . . ., ESM did not discuss Zero Trust in the context of Subfactor 2 evaluation criteria [and instead] chose to rely on general statements that contained ESM’s experience and irrelevant information.” AR, Tab 6, Decl. of TET Lead at 12.

Indeed, the agency notes that ESM failed to describe how it proposes to support the agency’s Zero Trust capability, despite using the term “Zero Trust” seven times in its quotation. COS/MOL at 21‑26; see AR, Tab 6, Decl. of TET Lead at 8‑12. For example, in several instances, ESM’s quotation used the term to describe its experience. AR, Tab 6, Decl. of TET Lead at 8‑12; see e.g., AR, Tab 2, ESM Technical Quotation at 8 (“decades of experience in [DELETED] a Zero Trust Model,” “[DELETED] years of combined experience in [DELETED] and Zero Trust Architecture”); 14 (“Decades of operational experience [DELETED] Zero Trust model.”); 17 (“[DELETED] years Zero Trust [DELETED]”). In another instance, ESM referred to Zero Trust as an example in a general statement about its capability. Id. at 11; see AR, Tab 2, ESM Technical Quotation at 15 (“[DELETED] provides capabilities for future initiatives [DELETED] (e.g., Zero Trust Architecture).”). The agency also found that the remaining two times where the term Zero Trust is mentioned--in reference to the use of NDES (another capability listed in PWS section 6.6.3.1) and in the context of DISA’s Thunderdome--likewise failed to provide a discernable approach to meeting the requirement. AR, Tab 6, Decl. of TET Lead at 11‑12.

With respect to Comply to Connect, the agency disputes the protester’s premise that Comply to Connect is merely a component of Zero Trust, noting, among other things, that PWS section 6.6.3 specifically listed Comply to Connect as a requirement separate and distinct from Zero Trust. COS/MOL at 26‑29; see AR, Tab 6, Decl. of TET Lead at 12‑15 (citing PWS at § 6.6.3.1). The agency also contends that it was not required to infer ESM’s approach and understanding of the requirement to support Comply to Connect from a quotation that never mentions the term and instead merely discusses various characteristics of Comply to Connect. AR, Tab 6, Decl. of TET Lead at 16.

On this record, we find no basis to object to the agency’s evaluation. It is a vendor’s responsibility to submit a well‑written quotation, with adequately detailed information that clearly demonstrates compliance with the solicitation requirements and allows a meaningful review by the procuring agency. See Engility Corp., B-413120.3 et al., Feb. 14, 2017, 2017 CPD ¶ 70 at 16; International Med. Corps, B-403688, Dec. 6, 2010, 2010 CPD ¶ 292 at 8. Agencies are not required to infer information from an inadequately detailed quotation, or to supply information that the vendor elected not to provide. Engility Corp., supra; see Optimization Consulting, Inc., B-407377, B‑407377.2, Dec. 28, 2012, 2013 CPD ¶ 16 at 9 n.17. Here, the agency considered all of the information in ESM’s quotation and reasonably concluded that the quotation failed to provide an adequate description of how ESM would provide the required support for Comply to Connect and Zero Trust capabilities. While ESM may disagree with the agency’s assessment, such disagreement with the agency’s evaluative judgment, without more, does not provide a basis on which to sustain the protest. See Creoal Consulting, LLC, B-419460; B-419460.2, Mar. 4, 2021, 2021 CPD ¶ 148 at 8.

Finally, the protester argues that the agency failed to adequately document its finding that “ESM does not mention Comply to Connect and Zero Trust within its technical quote.” Protest at 16 (citing AR, Tab 5a, Unsuccessful Vendor Notification at 2). ESM further contends that the agency’s post-protest declarations should be disregarded as post‑hoc rationalizations. Protest at 15‑16; Protester’s Comments at 9‑11, 13. The agency responds that the contemporaneous evaluation clearly documents the reason for the assessed deficiency, and the agency’s post-protest explanation is consistent with that evaluation. COS/MOL at 21.

While we accord greater weight to contemporaneous materials as opposed to judgments made in response to a protest, post-protest explanations that provide a detailed rationale for contemporaneous conclusions, and simply fill in previously unrecorded details, will generally be considered in our review of the rationality of selection decisions--so long as those explanations are credible and consistent with the contemporaneous record. FreeAlliance.com, LLC, B‑420000.3, et al., June 28, 2022, 2022 CPD ¶ 165 at 7. Moreover, for procurements that are conducted under FAR subpart 8.4 and require a statement of work, such as this one, FAR section 8.405-2(e) designates limited documentation requirements, requiring only that the agency’s evaluation judgments be documented in sufficient detail to show they are reasonable. Arrington Dixon & Assocs., Inc., B‑409981, B-409981.2, Oct. 3, 2014, 2014 CPD ¶ 284 at 8.

Here, the contemporaneous evaluation record clearly states the rationale behind the agency’s assessment of a deficiency: the evaluators found that “ESM failed to provide adequate (or any) description about how it will support Comply to Connect and Zero Trust.” AR, Tab 3, SRD at 37. While the TET goes on to state that ESM “doesn’t even mention it within its technical quote,” the word “it” in the context of the whole paragraph could refer to any number of things, including the required support for Comply to Connect and Zero Trust or even just Comply to Connect.[5] Id.

Moreover, we find that the TET lead’s post-protest explanation provides additional detail supporting the assessment of the deficiency that is consistent with the agency’s contemporaneous evaluation conclusion. As noted above, the TET lead explained that while ESM mentioned Zero Trust within its technical quotation, its quotation did not adequately describe ESM’s proposed approach and instead chose to rely on general statements. AR, Tab 6, Decl. of TET Lead at 12. This explanation is consistent with the contemporaneous conclusion of the agency’s evaluators that ESM failed to provide an adequate description about how it will support these capabilities.

On this record, we find no basis to object to the agency’s determination that ESM’s failure to address its approach to supporting Comply to Connect and Zero Trust constituted a material failure to meet the solicitation requirement under the JSP ECA support subfactor. To the extent the protester disagrees with the agency’s evaluation in this regard, such disagreement, without more, fails to establish that the evaluation was unreasonable. RIVA Solutions, Inc., B‑417858.2, B‑417858.10, Oct. 29, 2020, 2020 CPD ¶ 358 at 8‑9. Accordingly, we find nothing unreasonable in the agency’s assessment of a deficiency in ESM’s quotation under the JSP ECA support subfactor.

Remaining Challenges

The protester also challenges the agency’s failure to assess additional strengths in ESM’s technical quotation. Protest at 18-23. Competitive prejudice is an essential element of a viable protest, and we will sustain a protest only where the protester demonstrates that, but for the agency’s improper actions it would have had a substantial chance of receiving the award. Davis Defense Group, Inc., supra at 6; Booz Allen Hamilton, Inc., B‑417418, et al., July 3, 2019, 2019 CPD ¶ 246 at 4. Here, the solicitation stated that a quotation containing one or more deficiencies would be rated unacceptable and thus would be ineligible for award. AR, Tab 1f, RFQ Evaluation Tables at 1; RFQ at 4.

Because the agency reasonably assessed ESM’s quotation with a deficiency, thereby rendering it ineligible for award, we find that the protester would not be prejudiced even if the remainder of the agency’s evaluation of ESM’s quotation was unreasonable. See Davis Defense Group, Inc., supra (where the agency reasonably concluded that the protester’s quotation was technically unacceptable, the protester was not prejudiced by any errors in the remaining evaluation).

The protest is denied.

Edda Emmanuelli Perez
General Counsel

 

---