B-310611, Merlin International, Inc., January 2, 2008
Case: B-310611
Agency:
Protester: B
Date: 2008-01-02
Denied
B-310611
Jan 02, 2008
Jump To
VIEW DECISION
DOWNLOADS
RELATED PAGES
GAO CONTACTS
Highlights
Merlin International, Inc. protests the Department of the Army's issuance of a purchase order to MTM Technologies, Inc. under Federal Supply Schedule (FSS) blanket purchase agreement (BPA) No. FA8771-07-A-0301, for encryption software. Merlin alleges that MTM's software does not meet the agency's requirements, and that the agency improperly failed to permit Merlin to compete for the requirement, instead issuing the purchase order to MTM on a sole-source basis.
We deny the protest.
View Decision
B-310611, Merlin International, Inc., January 2, 2008
DOCUMENT FOR PUBLIC RELEASE
The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release.
Decision
Matter of: Merlin International, Inc.
File: B-310611
Date: January 2, 2008
Richard B. Oliver, Esq., McKenna Long & Aldridge, for the protester.
Allison V. Feierabend, Esq., and Joseph P. Hornyak, Esq. Holland & Knight, for MTM Technologies, Inc., an intervenor.
Capt. Joshua Drewitz, Department of the Army, for the agency.
Mary G. Curcio, Esq., and John M. Melody, Esq., Office of the General Counsel, GAO, participated in the preparation of the decision.
DIGEST
Protest that successful vendor's encryption software does not meet agency's requirement for compatibility with specified operating systems is denied where vendor's blanket purchase agreement included required vendor certification of compatibility, which satisfied requirement.
DECISION
Merlin International, Inc. protests the Department of the Army's issuance of a purchase order to MTM Technologies, Inc. under Federal Supply Schedule (FSS) blanket purchase agreement (BPA) No. FA8771-07-A-0301, for encryption software. Merlin alleges that MTM's software does not meet the agency's requirements, and that the agency improperly failed to permit Merlin to compete for the requirement, instead issuing the purchase order to MTM on a sole-source basis.
We deny the protest.
The Army reports that the Office of Management and the Budget has directed all federal agencies to encrypt personal identifiable information and agency sensitive but unclassified information on all mobile devices. Agency Report (AR) at 2. Here, pursuant to this directive, the Army sought to procure commercial-off-the-shelf data at rest encryption (DAR) software through the issuance of multiple purchase orders against the Department of Defense (DOD) Enterprise Software Initiative/General Services Administration (GSA) Smart Buy DAR FSS BPA. The Army determined that, in addition to being listed on the Smart Buy BPA, the software must meet six requirements. Justification and Approval, Sept. 28, 2007, at 4-5. As relevant here, the software was required to be listed on the Army's Information Assurance Approved Product List (IAAPL) and to have a Federal Information Processing Standards (FIPS) 140-2 validation certificate for the MAC OS X, WIN Mobile 5.0, and WIN Mobile 6.0 operating systems, or, if the certificate is not available, a vendor statement that its product will operate with these operating systems without modification. Id. at 4-5.
From July through September 2007, the agency reviewed vendors' BPAs for encryption software products, and determined that MTM was the only current BPA holder with a product that met all of its requirements. Contracting Officer's Statement at 1. The Army issued the purchase order to MTM on September 30.
Merlin asserts that the issuance of the purchase order was improper because MTM's encryption software does not meet several of the Army's requirements. This argument is without merit. The agency's requirement was for FIPS 140-2 certification for the operating system or, if the certification was unavailable, a vendor statement attesting that its product operates with the identified operating systems without modification. MTM's BPA includes this vendor statement: Although not tested and validated within them, this product or module is also installed without any modifications in the following operating systems . . . and thus the cryptography will operate correctly with MAC OS X . . . . (underline in original). Certification of FIPS Validation, MTM's BPA, at 589. This vendor statement expressly satisfies the agency's requirement.
Merlin asserts that MTM's software is not compatible with the MAC OS X operating system. In this regard, it cites a statement in MTM's BPA that [MTM's software does not] currently provide support for the Mac OS X. Support can be easily added . . . . The parties dispute the meaning of the reference in this statement to support. Merlin asserts that the reference indicated that MTM's product does not operate with the MAC OS X system, contrary to the agency's requirement.
Full decision text continues on ProtestIntel...