SHARE

May 18, 2022

Contractor Representations Regarding Cybersecurity Compliance/Capabilities: An Increasingly Fertile Ground for Bid Protests

You've Reached Your
Free Article Limit This Month
Register for free to get unlimited access to all Law.com OnPractice content.
Register Now

The importance of accuracy in contractor proposal representations regarding cybersecurity compliance/capabilities, and the increasing number of bid protests based on alleged proposal inaccuracies regarding the same, is demonstrated in Connected Global Solutions, LLC v. United States (Fed. Cl. Apr. 21, 2022).

In Connected Global Solutions, the Department of Defense, U.S. Transportation Command (TRANSCOM) issued a request for proposal (the RFP) seeking moving services to accommodate military members when changing duty stations. The RFP contemplated a contract worth up to $20 billion over a decade if all options were exercised. The RFP included an IT services evaluation factor that required contractors to provide and maintain an accessible, secure, web-based, and mobile-device-compatible IT system able to manage the moving and relocation services.

American Roll-on Roll-off Carrier Group, Inc. (ARC) filed a bid protest with the Government Accountability Office (GAO) alleging, inter alia, that awardee HomeSafe Alliance, LLC's proposal contained a "material misrepresentation about the impact level to which a key component of its approach to meeting the Secure Access requirement has been authorized." Am. Roll-On Roll-Off Carrier Grp., Inc. (Comp. Gen. Mar. 3, 2022). More specifically, ARC alleged that while HomeSafe's proposal represented that it would utilize web-based IT services that were rated FedRAMP level "high," the actual rating of the proposed services was "medium." GAO rejected ARC's argument, finding that information provided by the awardee, and publicly available information from the proposed web-based IT vendor, supported HomeSafe's representation that it could ensure the web-based services proposed would be FedRAMP "high" compliant.

ARC subsequently filed a complaint with the U.S. Court of Federal Claims (COFC), again alleging that HomeSafe misrepresented its FedRAMP compliance as "high," and requested leave to conduct limited discovery focused on the basis for the representations in HomeSafe's proposal regarding FedRAMP status. The COFC noted that when material misrepresentation in the bidding process is alleged, courts do not examine the subjective mindset of the awarding agency, but "‘instead look to whether or not the statement itself constitutes misrepresentation[.]'" Therefore, the court noted it would not consider information that was before the agency, but instead must consider the conduct of and information available to the awardee. As a result, the court ordered HomeSafe to respond to two interrogatories (and a request for admission) surrounding its representations regarding FedRAMP "high" compliance in its proposal. The COFC reasoned that the two interrogatories were "pertinent" and the administrative record might not have all the required information for the court to properly review the misrepresentation allegations.

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Greenberg Traurig

CO2 Costs for Heating: Starting 1 January 2023, Landlords in Germany Required to Pay a Share

By Dr. Martin Hamer Greenberg Traurig December 02 , 2022

On 25 November 2022, the parliamentary chamber of the German federal states (Bundesrat) cleared the way for the Carbon Dioxide Cost Sharing Act (Kohlendioxidkostenaufteilungsgesetz, CO2KostAufG), which the federal parliament (Bundestag) passed on 10 November 2022.

Deadline: 'Old' Standard Contractual Clauses (SCCs) Expire Dec. 27, 2022

By Dr. Viola Bensinger Greenberg Traurig December 02 , 2022

After an extended sunset period, time to replace the “old” SCCs runs out on Dec. 27, 2022. After that date, the old SCCs will no longer legalize data transfers to countries outside the European Economic Area (EEA).

Illinois Workers' Rights Amendment Provides Employees Fundamental Right to Organize

By Kerry Lin Davidson Greenberg Traurig December 02 , 2022

Heralded as a victory by unions and employee worker’s rights groups even before votes were confirmed, on Nov. 15, 2022, a majority of Illinois voters ushered in the Illinois Workers’ Right Amendment (IWRA).

More From Cybersecurity

Deadline: 'Old' Standard Contractual Clauses (SCCs) Expire Dec. 27, 2022

By Dr. Viola Bensinger Greenberg Traurig December 02 , 2022

After an extended sunset period, time to replace the “old” SCCs runs out on Dec. 27, 2022. After that date, the old SCCs will no longer legalize data transfers to countries outside the European Economic Area (EEA).

EU Criminalizes Violations of EU Sanctions, With a Focus on Russia

By Erik de Bie Greenberg Traurig December 01 , 2022

On Nov. 28, 2022, the Council of the European Union (Council) adopted a decision (Decision) to add the violation of restrictive measures to the list of so-called “EU crimes” set out in the Treaty on the Functioning of the European Union (TFEU).

Can a business require a consumer to submit a declaration under penalty of perjury in order to prove their identity?

By David A. Zetoony Greenberg Traurig November 22 , 2022

The regulations implementing the CCPA require that a business verify the identity of a consumer that submits a specific-information access request to a “reasonably high degree of certainty.”

Featured Stories
Closeclose
Search
Menu

Working...