B-299131.1; B-299131.2, Operational Research Consultants, Inc., February 16, 2007

Case: B-299131.1 Agency: Date: 2007-02-16 Denied
View full decision with AI analysis on ProtestIntel →
B-299131.1; B-299131.2, Operational Research Consultants, Inc., February 16, 2007 TITLE: B-299131.1; B-299131.2, Operational Research Consultants, Inc., February 16, 2007 BNUMBER: B-299131.1; B-299131.2 DATE: February 16, 2007 ********************************************************************************* B-299131.1; B-299131.2, Operational Research Consultants, Inc., February 16, 2007 DOCUMENT FOR PUBLIC RELEASE The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release. Decision Matter of: Operational Research Consultants, Inc. File: B-299131.1; B-299131.2 Date: February 16, 2007 John S. Pachter, Esq., Jonathan D. Shaffer, Esq., Mary Pat Gregory, Esq., and Stephanie D. Capps, Esq., Smith Pachter McWhorter, PLC, for the protester. Daniel S. Koch, Esq., and Hillary E. Clark, Esq., Paley Rothman Goldstein Rosenberg Eig & Cooper, for Enspier Technologies, Inc., an intervenor. John E. Cornell, Esq., General Services Administration, for the agency. Jonathan L. Kang, Esq., and Glenn G. Wolcott, Esq., Office of the General Counsel, GAO, participated in the preparation of the decision. DIGEST 1. Protest that award was tainted by organizational conflicts of interest is denied where the record does not support allegations that the awardee participated in the drafting of the statement of work or had access to non-public information that would have provided a competitive advantage. 2. Protest challenging agency's evaluation of vendor's technical and price quotations is denied where the record supports the reasonableness of the agency's evaluations, and does not support the protester's allegations regarding inadequate discussions. DECISION Operational Research Consultants, Inc. (ORC) protests the award of a task order to Enspier Technologies, Inc. under request for quotations (RFQ) No. TQ-PLB-06-0001, issued by the General Services Administration (GSA) for operations and maintenance services for the Federal Public Key Infrastructure Architecture (FPKIA). The protester argues that the award to Enspier was tainted by organizational conflicts of interest (OCIs), and challenges the agency's evaluation of vendors' price and technical quotations, the adequacy of discussions, and the reasonableness of the agency's source selection decision. We deny the protest. BACKGROUND Generally, a public key infrastructure (PKI) is a system that allows parties to exchange information electronically and verify the identity of the sender and recipient and determine whether the contents of the information have been altered. A PKI relies on cryptography methods to establish a framework whereby parties use codes called "keys"; each party keeps a secret "private key" and publishes a "public key" that any other party can access. A sender uses the intended recipient's public key to encrypt the message, and the sender's own private key to encrypt his signature. The recipient uses his private key to de-encrypt the message that was encrypted with his own public key and can verify that it was not altered; the recipient can also use the public key of the sender to verify the identity of that sender. The E-Government Act of 2002 requires GSA to establish a "framework to allow efficient interoperability among Executive agencies when using electronic signatures, including processing digital signatures." Pub. L. 107-347 sect. 203. Use of digital signatures authenticated through a PKI framework allows government agencies to have confidence in electronic messages by verifying the identity of the sender and the integrity of the message. GSA established the E-Authentication Initiative to implement the E-Government Act and provide a structure for differing levels of security for digital signatures. The E-Authentication Initiative contains four levels of "assurance" regarding the ability to validate the identity of the individual presenting a digital signature. The two lower levels of assurance allow individuals to validate their identity through "credentials" such as passwords or personal identification numbers, whereas the two higher levels of assurance require more sophisticated PKI-based credentials. The FPKIA governs the requirements for the two higher-level PKI assurances, and administers the systems used to validate messages and digital signatures using PKI credentials.

Full decision text continues on ProtestIntel...