July 2, 2022

Volume XII, Number 183

Advertisement
Advertisement

July 01, 2022

Subscribe to Latest Legal News and Analysis

June 30, 2022

Subscribe to Latest Legal News and Analysis

Contractor Representations Regarding Cybersecurity Compliance/Capabilities: An Increasingly Fertile Ground for Bid Protests

The importance of accuracy in contractor proposal representations regarding cybersecurity compliance/capabilities, and the increasing number of bid protests based on alleged proposal inaccuracies regarding the same, is demonstrated in Connected Global Solutions, LLC v. United States (Fed. Cl. Apr. 21, 2022).

In Connected Global Solutions, the Department of Defense, U.S. Transportation Command (TRANSCOM) issued a request for proposal (the RFP) seeking moving services to accommodate military members when changing duty stations. The RFP contemplated a contract worth up to $20 billion over a decade if all options were exercised. The RFP included an IT services evaluation factor that required contractors to provide and maintain an accessible, secure, web-based, and mobile-device-compatible IT system able to manage the moving and relocation services.

American Roll-on Roll-off Carrier Group, Inc. (ARC) filed a bid protest with the Government Accountability Office (GAO) alleging, inter alia, that awardee HomeSafe Alliance, LLC’s proposal contained a “material misrepresentation about the impact level to which a key component of its approach to meeting the Secure Access requirement has been authorized.” Am. Roll-On Roll-Off Carrier Grp., Inc. (Comp. Gen. Mar. 3, 2022). More specifically, ARC alleged that while HomeSafe’s proposal represented that it would utilize web-based IT services that were rated FedRAMP level “high,” the actual rating of the proposed services was “medium.” GAO rejected ARC’s argument, finding that information provided by the awardee, and publicly available information from the proposed web-based IT vendor, supported HomeSafe’s representation that it could ensure the web-based services proposed would be FedRAMP “high” compliant.

ARC subsequently filed a complaint with the U.S. Court of Federal Claims (COFC), again alleging that HomeSafe misrepresented its FedRAMP compliance as “high,” and requested leave to conduct limited discovery focused on the basis for the representations in HomeSafe’s proposal regarding FedRAMP status. The COFC noted that when material misrepresentation in the bidding process is alleged, courts do not examine the subjective mindset of the awarding agency, but “‘instead look to whether or not the statement itself constitutes misrepresentation[.]’” Therefore, the court noted it would not consider information that was before the agency, but instead must consider the conduct of and information available to the awardee. As a result, the court ordered HomeSafe to respond to two interrogatories (and a request for admission) surrounding its representations regarding FedRAMP “high” compliance in its proposal. The COFC reasoned that the two interrogatories were “pertinent” and the administrative record might not have all the required information for the court to properly review the misrepresentation allegations.

Key Takeaways

While accusations of proposal misrepresentations are not new, allegations of misrepresentations regarding a contractor’s cybersecurity compliance and capabilities represent a fertile ground for bid protests. As cybersecurity requirements applicable to federal procurements increase in number and complexity, bid protests challenging an offeror’s representations regarding compliance with the same may well also increase.

Connected Global Solutions also underscores the importance of documenting and maintaining evidence of the bases for material proposal representations regarding contractor cybersecurity compliance/capabilities. Contractors should consider carefully checking the accuracy of proposal information and utilizing internal controls for proposal review and submission. Even with such protocols in place, bid protests surrounding contractor cybersecurity compliance/capabilities can still occur, and can lead to costly consequences. 

©2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XII, Number 138
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Scott A. Schipma Government Contracts Attorney Greenberg Traurig Washington, DC
Shareholder

Scott A. Schipma focuses his practice on government contracts, public and private construction disputes, and related insurance matters. He counsels and represents clients on a wide range of publicly-funded contract issues, including award decisions, subcontracting, regulatory compliance, data rights, cybersecurity, cooperative agreements, contract terminations, mergers and acquisitions, lender financing, and the preparation and litigation of complex claims related to contract changes. Scott represents clients in bid protests before various state and federal agencies, boards, and forums,...

202.331.3141
Aaron Levin Govt Contracts Attorney Greenberg Traurig Law Firm
Associate

Aaron M. Levin focuses his practice on government contracts litigation before the Government Accountability Office (GAO), U.S. Court of Federal Claims, Armed Services Board of Contract Appeals, and Small Business Administration. Bringing a wide range of experience working for government agencies, he advises companies on all stages of federal acquisitions and government procurements, from solicitation to contract administration, to claims and litigation.

Serving as Assistant General Counsel in the Contracts Group of the Office of General Counsel for the United States Department of...

202.533.2316
Advertisement
Advertisement
Advertisement