May 18, 2022

Contractor Representations Regarding Cybersecurity Compliance/Capabilities: An Increasingly Fertile Ground for Bid Protests

You've Reached Your
Free Article Limit This Month
Register for free to get unlimited access to all OnPractice content.
Register Now

The importance of accuracy in contractor proposal representations regarding cybersecurity compliance/capabilities, and the increasing number of bid protests based on alleged proposal inaccuracies regarding the same, is demonstrated in Connected Global Solutions, LLC v. United States (Fed. Cl. Apr. 21, 2022).

In Connected Global Solutions, the Department of Defense, U.S. Transportation Command (TRANSCOM) issued a request for proposal (the RFP) seeking moving services to accommodate military members when changing duty stations. The RFP contemplated a contract worth up to $20 billion over a decade if all options were exercised. The RFP included an IT services evaluation factor that required contractors to provide and maintain an accessible, secure, web-based, and mobile-device-compatible IT system able to manage the moving and relocation services.

American Roll-on Roll-off Carrier Group, Inc. (ARC) filed a bid protest with the Government Accountability Office (GAO) alleging, inter alia, that awardee HomeSafe Alliance, LLC's proposal contained a "material misrepresentation about the impact level to which a key component of its approach to meeting the Secure Access requirement has been authorized." Am. Roll-On Roll-Off Carrier Grp., Inc. (Comp. Gen. Mar. 3, 2022). More specifically, ARC alleged that while HomeSafe's proposal represented that it would utilize web-based IT services that were rated FedRAMP level "high," the actual rating of the proposed services was "medium." GAO rejected ARC's argument, finding that information provided by the awardee, and publicly available information from the proposed web-based IT vendor, supported HomeSafe's representation that it could ensure the web-based services proposed would be FedRAMP "high" compliant.

ARC subsequently filed a complaint with the U.S. Court of Federal Claims (COFC), again alleging that HomeSafe misrepresented its FedRAMP compliance as "high," and requested leave to conduct limited discovery focused on the basis for the representations in HomeSafe's proposal regarding FedRAMP status. The COFC noted that when material misrepresentation in the bidding process is alleged, courts do not examine the subjective mindset of the awarding agency, but "‘instead look to whether or not the statement itself constitutes misrepresentation[.]'" Therefore, the court noted it would not consider information that was before the agency, but instead must consider the conduct of and information available to the awardee. As a result, the court ordered HomeSafe to respond to two interrogatories (and a request for admission) surrounding its representations regarding FedRAMP "high" compliance in its proposal. The COFC reasoned that the two interrogatories were "pertinent" and the administrative record might not have all the required information for the court to properly review the misrepresentation allegations.

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Greenberg Traurig

International Entrepreneur Parole Program: USCIS Issues Policy Guidance

By Linnea Porter Greenberg Traurig March 22 , 2023

On March 10, U.S. Citizenship and Immigration Service (USCIS) issued an announcement with comprehensive guidance on parole for international entrepreneurs.

New UK Sanctions Package Would Target Russia's Arms Exports, Front-Line Resources

By Annabel Thomas Greenberg Traurig March 22 , 2023

The UK announced a further round of sanctions and trade measures on 24 February 2023 to coincide with the first anniversary of Russia’s invasion of Ukraine.

PFAS in Drinking Water: EPA Proposes Historic New Regulation

By Bernadette M. Rappold Greenberg Traurig March 17 , 2023

On March 14, 2023, the U.S. Environmental Protection Agency (EPA) issued a proposed National Primary Drinking Water Regulation (NPDWR) which, if finalized, would set enforceable limits, known as Maximum Contaminant Levels (MCLs), for six Per- and Polyfluoroalkyl Substances (PFAS).

More From Cybersecurity

USCIS Removes Biometrics Requirement for Form I-526E Petitioners

By Diana Prak Greenberg Traurig March 17 , 2023

Effective March 15, 2023, United States Citizenship and Immigration Services (USCIS) is removing the biometrics submission requirement and $85 fee requirement for petitioners filing Form I-526E, Immigrant Petition by Regional Center Investor.

Is a business required to include an 'opt out of targeted advertising' link on its homepage (i.e., a Do Not Share link) if it recognizes opt-out preference signals?

By David A. Zetoony Greenberg Traurig March 13 , 2023

Three modern privacy statutes incorporate the concept that individuals should be able to broadcast a signal from their browser or device that directs an organization to cease providing their personal information to third parties for the purposes of targeted advertising.

Massachusetts Gov. Proposes Reorganization Plan for Housing Development Under Article 87

By Robert C. Ross Greenberg Traurig March 13 , 2023

Massachusetts Gov. Maura Healey recently filed legislation under Article 87 of the Massachusetts Constitution that would make organizational changes to the Commonwealth’s oversight of housing development.

Featured Stories