Contractor Representations Regarding Cybersecurity Compliance/Capabilities: An Increasingly Fertile Ground for Bid Protests
Free Article Limit This Month
The importance of accuracy in contractor proposal representations regarding cybersecurity compliance/capabilities, and the increasing number of bid protests based on alleged proposal inaccuracies regarding the same, is demonstrated in Connected Global Solutions, LLC v. United States (Fed. Cl. Apr. 21, 2022).
In Connected Global Solutions, the Department of Defense, U.S. Transportation Command (TRANSCOM) issued a request for proposal (the RFP) seeking moving services to accommodate military members when changing duty stations. The RFP contemplated a contract worth up to $20 billion over a decade if all options were exercised. The RFP included an IT services evaluation factor that required contractors to provide and maintain an accessible, secure, web-based, and mobile-device-compatible IT system able to manage the moving and relocation services.
American Roll-on Roll-off Carrier Group, Inc. (ARC) filed a bid protest with the Government Accountability Office (GAO) alleging, inter alia, that awardee HomeSafe Alliance, LLC's proposal contained a "material misrepresentation about the impact level to which a key component of its approach to meeting the Secure Access requirement has been authorized." Am. Roll-On Roll-Off Carrier Grp., Inc. (Comp. Gen. Mar. 3, 2022). More specifically, ARC alleged that while HomeSafe's proposal represented that it would utilize web-based IT services that were rated FedRAMP level "high," the actual rating of the proposed services was "medium." GAO rejected ARC's argument, finding that information provided by the awardee, and publicly available information from the proposed web-based IT vendor, supported HomeSafe's representation that it could ensure the web-based services proposed would be FedRAMP "high" compliant.
ARC subsequently filed a complaint with the U.S. Court of Federal Claims (COFC), again alleging that HomeSafe misrepresented its FedRAMP compliance as "high," and requested leave to conduct limited discovery focused on the basis for the representations in HomeSafe's proposal regarding FedRAMP status. The COFC noted that when material misrepresentation in the bidding process is alleged, courts do not examine the subjective mindset of the awarding agency, but "‘instead look to whether or not the statement itself constitutes misrepresentation[.]'" Therefore, the court noted it would not consider information that was before the agency, but instead must consider the conduct of and information available to the awardee. As a result, the court ordered HomeSafe to respond to two interrogatories (and a request for admission) surrounding its representations regarding FedRAMP "high" compliance in its proposal. The COFC reasoned that the two interrogatories were "pertinent" and the administrative record might not have all the required information for the court to properly review the misrepresentation allegations.
ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.