ITegrity Inc. (1305M2-23-Q-NAAA0226)

Case: B-422694 Agency: Department of Commerce : National Oceanic and Atmospheric Administration Protester: ITegrity Inc. Date: 2024-09-26 Denied
View full decision with AI analysis on ProtestIntel →
B-422694,B-422694.2 Sep 26, 2024 Jump To VIEW DECISION DOWNLOADS RELATED PAGES GAO CONTACTS Highlights ITegrity Inc., of Silver Spring, Maryland, protests the establishment of a blanket purchase agreement (BPA) with AttainX, LLC, of Herndon, Virginia, under request for quotations (RFQ) No. 1305M2-23-Q-NAAA0226, issued by the Department of Commerce, National Oceanic and Atmospheric Administration (NOAA), for Federal Information Security Management Act (FISMA) assessment and authorization (A&A) support services. The protester contends that the agency unreasonably and unequally evaluated quotations and performed a flawed best-value tradeoff analysis. We deny the protest. View Decision DOCUMENT FOR PUBLIC RELEASE The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release. Decision Matter of: ITegrity Inc. File: B-422694; B-422694.2 Date: September 26, 2024 Elizabeth Jochum, Esq., and Amanda DeLaPerriere, Esq., Blank Rome LLP, for the protester. Daniel Strouse, Esq., Pablo Nichols, Esq., John O’Brien, Esq., and Jason W. Moy, Esq., Cordatis LLP, for AttainX, LLC, the intervenor. Florence Nancy Bridges, Esq., and Celia Crabbe, Esq., Department of Commerce, for the agency. Christine Milne, Esq., and Tania Calhoun, Esq., Office of the General Counsel, GAO, participated in the preparation of the decision. DIGEST Protest that the agency unreasonably and unequally evaluated quotations and performed a flawed best-value tradeoff analysis is denied where the record shows the agency evaluated quotations in accordance with the solicitation’s terms and on an equal basis. DECISION ITegrity Inc., of Silver Spring, Maryland, protests the establishment of a blanket purchase agreement (BPA) with AttainX, LLC, of Herndon, Virginia, under request for quotations (RFQ) No. 1305M2-23-Q-NAAA0226, issued by the Department of Commerce, National Oceanic and Atmospheric Administration (NOAA), for Federal Information Security Management Act (FISMA) assessment and authorization (A&A) support services. The protester contends that the agency unreasonably and unequally evaluated quotations and performed a flawed best-value tradeoff analysis. We deny the protest. BACKGROUND The RFQ was issued on September 21, 2023, via the General Services Administration (GSA) eBUY website pursuant to Federal Acquisition Regulation (FAR) subpart 8.4 to vendors holding contracts under GSA multiple award schedule special item number (SIN) 54151S information technology (IT) professional services and SIN 54151 highly adaptive cybersecurity services. Agency Report (AR), Exh. 2(b)(ii), RFQ, amend. 0001, Terms and Conditions at 2; AR, Exh. 2(b)(iv), RFQ amend. 0001, attach. A, Performance Work Statement (PWS) at ¶¶ 1-2. The agency issued the RFQ to obtain IT services, specifically A&A support services as they relate to FISMA and its objectives. The FISMA objectives generally include tasks relating to the operation, maintenance, testing, and reporting of the security of IT systems. PWS at ¶ 1. The A&A services included performing prompt, reliable, repeatable, and high-quality annual security assessments of all National Weather Service (NWS) systems to support NWS’s risk management framework. PWS at ¶ 2. While ITegrity is the incumbent contractor, the current RFQ requirements expand the scope of the incumbent A&A contract by also requiring A&A services for systems other than NOAA’s NWS systems. Memorandum of Law (MOL) at 3; PWS at ¶ 2. The BPA was to be performed over a 1-year base period and four 1-year option periods and would be established with the vendor offering the best value to the government considering price and two non-price factors: technical approach and past performance. AR, Exh. 2(b)(ii), RFP amend. 0001, Terms and Conditions at 27; AR, Exh. 2(e)(ii), RFQ amend. 0004, Instructions and Evaluation Criteria at 12. Under the technical factor, vendors were to demonstrate an approach that met the requirements of the PWS. AR, Exh. 2(e)(ii), RFQ amend. 0004, Instructions and Evaluation Criteria at 13. As relevant here, the PWS required such tasks as penetration testing, compliance reviews, preparing final assessment packages and related reports, and familiarity with parent/child organization models.[1] PWS ¶¶ 4.1.4, 4.3, 4.4, 4.5. Quotations would be assigned a rating of either acceptable or unacceptable under the technical factor. Under the past performance factor, vendors were to provide up to three past performance references that were both performed within the last five years from the date the solicitation was issued and similar to the current solicitation in size, scope, and complexity. AR, Exh. 2(e)(ii), RFQ amend. 0004, Instructions and Evaluation Criteria at 9. The agency would also consider the quality of performance of each reference. Id. at 13.

Full decision text continues on ProtestIntel...