TITLE: B-299744.2; B-299744.3, XTec, Inc., August 6, 2007
BNUMBER: B-299744.2; B-299744.3
DATE: August 6, 2007
**************************************************
B-299744.2; B-299744.3, XTec, Inc., August 6, 2007

   DOCUMENT FOR PUBLIC RELEASE
   The decision issued on the date below was subject to a GAO Protective
   Order. This redacted version has been approved for public release.

   Decision

   Matter of: XTec, Inc.

   File: B-299744.2; B-299744.3

   Date: August 6, 2007

   John S. Pachter, Esq., Jonathan D. Shaffer, Esq., and Mary Pat Gregory,
   Esq., Smith Pachter McWhorter PLC, for the protester.

   Daniel R. Forman, Esq., Christopher Gagne, Esq., and John E. McCarthy,
   Jr., Esq., Crowell & Moring LLP, for Electronic Data Systems, Inc., an
   intervenor.

   Micul E. Thompson, Esq., Carmody A. Gaba, Esq., and Kevin J. Rice, Esq.,
   for the agency.

   Edward Goldstein, Esq., and Christine S. Melody, Esq., Office of the
   General Counsel, GAO, participated in the preparation of the decision.

   DIGEST

   Even assuming that protester's interpretation of solicitation issued under
   the Federal Supply Schedule program for a contractor managed "end-to-end"
   solution meeting government-wide federal identification card requirements
   is reasonable and required all products and services within a vendor's
   end-to-end solution to be listed on the agency's Approved Product List at
   the time price submissions were due, protester failed to establish that it
   was prejudiced by the agency's alleged waiver of this requirement where
   the protester's proposal was lower-rated technically and higher priced and
   the protester only generally asserted that had it known of the agency's
   interpretation, it could have substituted products and reduced its price.

   DECISION

   XTec, Inc. protests the issuance of a task order to Electronic Data
   Systems, Inc.

   under request for quotations (RFQ) No. TQ-PLB07-0002, issued by the
   General Services Administration (GSA) to vendors under its Federal Supply
   Schedule (FSS) program, to provide contractor-managed services for an
   "end-to-end" solution meeting government-wide federal identification card
   requirements. XTec argues that EDS was not eligible for an order because
   its solution did not meet mandatory solicitation requirements, GSA
   improperly evaluated EDS's solution under the RFQ's technical criteria,
   and that GSA's selection of EDS as the best value was flawed.

   We deny the protest.

   BACKGROUND

   Homeland Security Presidential Directive-12

   In an effort to enhance security, increase efficiency, reduce identity
   fraud, protect personal privacy, and deter terrorist threats, the
   President, on August 27, 2004, issued Homeland Security Presidential
   Directive-12 (HSPD-12), mandating the establishment of a standard for
   identification of federal employees and contractors. HSPD-12 requires the
   use of a common identification card for access to federally-controlled
   facilities and information systems.[1] RFQ amend. 4, at 6-7.

   Under HSPD-12, the National Institute of Standards and Technology (NIST)
   was tasked with producing a standard for a secure and reliable form of
   identification. In response, on February 25, 2005, NIST issued Federal
   Information Processing Standard Publication 201 (FIPS 201), Personal
   Identity Verification (PIV) of Federal Employees and Contractors. In order
   to assist agencies with implementing the FIPS 201 requirements, the Office
   of Management and Budget (OMB) established GSA as the "executive agency"
   for government-wide acquisition of the products and services necessary to
   implement the HSPD-12 mandate. As the executive agency, GSA is responsible
   for making available products and services that meet all applicable
   federal standards and requirements, to include FIPS 201, for acquisition
   by federal agencies.

   In order to achieve this end, and as directed by OMB, GSA has assumed
   various roles. Specifically, in conjunction with NIST, GSA identified 22
   categories of products/services which must comply with specific normative
   requirements contained in FIPS 201. In May 2006, GSA established a FIPS
   201 evaluation program to ensure that commercial products in the 22
   identified categories are FIPS 201 compliant. Under this program,
   laboratories test products and services under the 22 categories to ensure
   conformance with FIPS 201 standards. When a product/service is determined
   to be FIPS 201 compliant, GSA issues an approval letter, specifying the
   supplier, the Approved Products List (APL) category (e.g., PIV smart
   card), approved product name, and version/part number. Products/services
   receiving an approval letter under one of the 22 categories are then
   publicly listed on what is known as the FIPS 201 APL. As it relates to
   this protest, "graphical personalization" and "electronic personalization"
   products and services are within the 22 categories of products and
   services which must be approved as compliant with the requirements of FIPS
   201. [2]  Pursuant to OMB guidance, when agencies seek to acquire products
   or services within the 22 FIPS 201 categories, they can only acquire those
   products and services which have been approved by GSA--that is, those
   products and services listed on the APL. Approved products/services for
   the 22 categories are posted on the idmanagement.gov website.

   In addition, GSA has recognized that agencies may require the services of
   contractors which are outside the scope of the FIPS 201 evaluation
   program, as they seek to develop and implement their HSPD-12 systems. In
   this regard, GSA has established an "integration services qualification
   program" through GSA's Center for Smartcard Solutions, whereby GSA
   identifies vendors that are qualified to provide "integrated, bundled
   solutions, and contractor managed solutions." GSA Hearing Exh. 4, at 7.
   Under this program, GSA established qualification requirements in
   following five areas: (1) enrollment products and services; (2) systems
   infrastructure products and services; (3) card production products and
   services; (4) card finalization products and services; and (5) integration
   services (which included the following sub-categories "pure integration"
   services, "turn-key" solutions, [3] and "contractor-managed services." Id.
   at 11.

   As explained by GSA, qualification requirements under the five areas are
   evaluated under three criteria, "functional requirements," "experience
   requirements," and "security requirements." Id. at 12. Those firms meeting
   the qualification requirements receive a certificate specifying in which
   of the five areas the firm is qualified as a systems integrator. Vendors
   certified in all five areas are considered "end-to-end" integrators.

   GSA indicates that as a requirement for obtaining the systems integrator
   qualification certificate, all HSPD-12 systems integrators must expressly
   commit to delivering systems which incorporate approved products/services,
   i.e., those products/services listed on the APL. See GSA Hearing Exh. 4,
   at 13. In this regard, GSA states that the systems integrator
   qualification and certification process does not examine what GSA refers
   to as a firm's particular "bundled" solution to determine whether it is
   actually comprised of components from the APL. Rather, GSA qualifies
   integrators based on their commitment to deliver bundled systems comprised
   only of products from the APL. Id. As with FIPS 201 approved products and
   services, GSA maintains a list of vendors qualified to provide the
   above-described services on the idmanagement.gov website.

   In order to further facilitate the ability of federal agencies to acquire
   FIPS 201 approved products/services and integration services from
   qualified firms, GSA established special item number (SIN) 132-62, under
   the GSA Schedule Information Technology (IT) 70, specifically for FIPS 201
   compliant products and qualified integrators.[4] Under Schedule 70, SIN
   132-62, GSA sought to make available to agencies the various products and
   types of services that they would need as they endeavored to implement the
   HSPD-12 mandate.

   Believing that some agencies may decide to buy FIPS 201 compliant products
   and services on an individual basis and attempt to develop and integrate
   their own HSPD-12 systems, GSA provided for vendors to list their approved
   FIPS 201 compliant products and services under SIN 132-62. As explained by
   GSA, in order for a vendor to list its FIPS 201 product or service under
   SIN 132-62, the item must first be approved and listed on the APL.

   Due to the tight timeline associated with implementing the HSPD-12
   mandate, however, GSA was encouraging agencies not to handle the HSPD-12
   mandate on their own, but rather to have qualified firms provide them with
   contractor-managed services for "end-to-end" systems. Hearing Transcript
   at 35-36. As a consequence, GSA also included the services of qualified
   integrators under SIN 132-62. According to GSA, as a prerequisite for a
   systems integrator to be listed on SIN 132-62, it had to demonstrate that
   it had obtained the applicable GSA systems integrator certification
   awarded by GSA's Center for SmartCard Solutions.

   In sum, as explained by GSA, it had established two parallel, yet distinct
   processes for firms to meet agencies' HSPD-12 needs. One process pertained
   to individual products/services falling under the 22 categories requiring
   FIPS 201 approval, which entailed testing the specific products/services
   for FIPS 201 compliance and listing approved products/services on the APL.
   As a predicate for vendors to have their products/services listed under
   SIN 132-62, GSA required vendors to demonstrate that the particular
   product or service was listed on the APL. GSA also identified a separate
   process for qualifying HSPD-12 systems integrators seeking to provide
   integrated HSPD-12 system solutions to federal agencies.

   RFQ No. TQ-PLB07-0002

   Consistent with its mission to assist federal agencies in their efforts to
   implement HSPD-12, on January 12, 2007, GSA issued the subject
   solicitation under IT Schedule 70, SIN 132-62, seeking proposals[5] from
   vendors for the issuance of a task order to provide a "shared service
   solution for an end-to-end" contractor-managed HSPD-12 system, that is, a
   "bundled" system capable of meeting the following core HSPD-12 system
   elements: (1) enrollment, (2) system infrastructure (identity management
   system, card management system), (3) card production and issuance, and (4)
   card activation. RFQ amend. 4, at 7. The selected vendor would "supply
   equipment, materials, and services" necessary to meet these core services
   requirements for various federal agencies endeavoring to meet the HSPD-12
   mandates. Id. The RFQ contemplated a base period of performance from the
   date of issuance of the task order through September 30, 2007, and four
   1-year option periods. The base period was composed of four "milestone"
   dates. As it relates to the protest, within Milestone 1, System Setup, GSA
   identified three sub-elements, 1A -- Initial Functionality (due 30 days
   after issuance of the task order), 1B -- Updated Functionality (due 45
   days after issuance of the task order) and 1C -- Infrastructure Build Out
   (due 60 days after issuance of the task order). Within Milestone 1A, the
   vendor was required to demonstrate numerous requirements, and deliver "key
   documents." RFQ amend. 4, at 11.

   The RFQ contemplated selection of the vendor whose proposal represented
   the "best value" to the government considering price and the following
   non-price factors (listed in descending order of importance): (1)
   operational capability demonstration (OCD); (2) understanding of and
   capability to fully and timely perform technical requirements; (3) project
   management; and (4) past performance. In regard to the best value
   determination, the RFQ provided that the non-price factors were
   collectively more important than price. RFQ amend. 4, at 128.

   Under the RFQ, vendors were required to submit a technical and management
   proposal for the purpose of "identify[ing] how the contractor meets the
   requirements stated in th[e] solicitation." RFQ amend. 4, at 127. The RFQ
   further advised vendors that proposals "must address the requirements,
   provisions, terms and conditions, and clauses stated in all sections of
   this solicitation." RFQ amend. 4, at 128. In evaluating vendors'
   proposals, GSA sought to ensure that the vendor fully understood and was
   capable of performing the technical requirements contained in the RFQ,
   that it demonstrated this understanding, and that "the proposed solution
   is technically sound." RFQ amend. 4, at 130. The RFQ also indicated that
   GSA would evaluate vendors' proposals to ensure a full understanding of
   all project management requirements contained in the RFQ and would
   evaluate vendors' past performance risk.

   The OCD, the most heavily weighted non-price evaluation factor, consisted
   of a "functional capability demonstration" of specific HSPD-12 system
   technical requirements contained in the RFQ. RFQ amend. 4, at 148. The
   specific functional requirements tested were called "use cases," which
   were individually identified in the RFQ.[6]

   Vendors were advised that after evaluation of the non-price factors, GSA
   would request price proposals from those vendors whose non-price proposals
   were "rated highly acceptable technically." RFQ amend. 4, at 130.

   At the time GSA issued the RFQ, it had executed agreements with
   approximately 40 agencies to obtain an end-to-end HSPD-12 solution under
   the contemplated task order. While these agreements had resulted in a
   requirement under the task order for the vendor to enroll and issue
   HSPD-12 compliant credentials to approximately 420,000 federal employees
   and contractors, GSA informed vendors that it also had an open offer for
   other agencies to employ the task order to meet their HSPD-12
   requirements. RFQ at 7. Given the undefined scope of the ultimate
   requirement, the RFQ required vendors to price their "end-to-end" service
   on the basis of a "seat" price, which was defined as "a single enrollment
   transaction per enrollee" or, as described by the contracting officer, "a
   single, active PIV account." RFQ at 8; Contracting Officer's (CO)
   Statement of Facts at 3.

   Vendors selected to submit price proposals were required to submit fixed
   prices for two "mandatory" contract line item numbers (CLIN), CLIN 1,
   "Milestones 1, 2, and 3 Enrollment Seat Price," and CLIN 2, "Milestones 1,
   2, and 3 Monthly Maintenance Seat Price." RFQ amend. 4, at 132. Under CLIN
   1, a vendor was to submit its "seat price" for its bundled solution for
   enrolling federal employees and contractors in the PIV program. CLIN 2
   required a vendor to submit its "seat price" for maintaining the
   established, active identity accounts. In addition, the RFQ included more
   than 80 "additional optional CLINs," some of which were for
   separately-priced products and services (i.e., PIV activation stations or
   card sleeves). RFQ amend. 4, at 132. As a general matter, vendors were
   required to submit fixed prices on a per item basis for these CLINs.

   Regarding the mandatory CLINs, while the total number of seats that a
   vendor would have to provide was not defined, the RFQ specified that the
   minimum number of seats to be ordered under the task order would be
   10,000, and that the maximum number of seats that could be ordered over
   the life of the task order was limited to 1.5 million. RFQ amend. 4, at
   124. For the purpose of determining their seat prices, however, vendors
   were instructed to assume an order quantity of 420,000 seats. RFQ amend.
   4, at 8.

   Since this was an acquisition under the FSS program, the RFQ advised
   vendors as follows:

   All products and services must be available on SIN 132-62 and/or Schedule
   70. If a product, service or labor category is not required to be on SIN
   132-62, then it must be on Schedule 70. No other Schedules may be offered
   and open market items may not be proposed. All products and services must
   be on Schedules by the time Price Proposals are submitted. It is the
   responsibility of each contractor or team to ensure that all required
   HSPD-12 contract line items that constitute an end-to-end solution are
   priced on their Schedule 70 SIN 132-62. There will be no open market items
   permitted under this task order.

   RFQ amend. 4, at 131.

   In addition, GSA addressed numerous questions raised by vendors regarding
   the RFQ. As it relates to the protest, several questions concerned which
   products or services had to be listed on GSA's APL and when they had to be
   on the APL.

   On February 8, GSA issued RFQ Modification 5, incorporating the vendors'
   questions and GSA's answers under the RFQ.[7] Modification 5 also
   established an RFQ closing date of February 16, 2007, and provided that
   "all proposal submissions must be sent through the GSA Advantage e-Buy web
   site using its established systems procedures."[8] RFQ mod. 5.

   GSA's Evaluation of Vendors' Proposals

   On February 16, GSA received six proposals in response to the RFQ,
   including proposals from EDS and XTec. Thereafter, GSA completed its
   evaluation of vendors' proposals under the technical factors and ranked
   them as follows:

   +------------------------------------------------------------------------+
   |Vendor|Factor 1 -| Factor 2 -  |Factor 3 --| Factor 4 - Past | Overall  |
   |      |   OCD    |Understanding| Project.  |   Performance   |  Rating  |
   |      |          |             |   Mgmt.   |                 |          |
   |------+----------+-------------+-----------+-----------------+----------|
   | EDS  |Excellent/|Good/Low Risk|Excellent/ |      Good       |Excellent/|
   |      | Low Risk |             | Low Risk  |                 | Low Risk |
   |------+----------+-------------+-----------+-----------------+----------|
   | XTec |Excellent/|Good/Low Risk| Good/Low  |      Good       |Good/ Low |
   |      | Low Risk |             |   Risk    |                 |   Risk   |
   |------+----------+-------------+-----------+-----------------+----------|
   |  A   | Good/Low |Good/Low Risk| Good/Low  |      Good       | Good/Low |
   |      |   Risk   |             |   Risk    |                 |   Risk   |
   |------+----------+-------------+-----------+-----------------+----------|
   |  B   | Average/ |Average/ Mod.| Good/Low  |      Good       | Average/ |
   |      |Mod. Risk |    Risk     |   Risk    |                 |Mod. Risk |
   |------+----------+-------------+-----------+-----------------+----------|
   |  C   | Average/ | Average/Low | Good/Low  |     Average     | Average/ |
   |      |Mod. Risk |    Risk     |   Risk    |                 |Mod. Risk |
   |------+----------+-------------+-----------+-----------------+----------|
   |  D   |Poor/High |Average/High | Average/  |     Average     | Average/ |
   |      |   Risk   |    Risk     | Mod. Risk |                 |High Risk |
   +------------------------------------------------------------------------+

   Agency Report, Tab H, Contracting Officer's Decision to Invite Price
   Proposals, at H0011.

   On April 5, the contracting officer invited the three most highly rated
   vendors (including EDS and XTec) to submit price proposals. In addition,
   the contracting officer provided these vendors with "clarification
   questions" regarding their technical proposals. Price proposals and
   responses to the clarification questions were due April 11. One of the
   three then withdrew from the competition, leaving only EDS and XTec. In
   evaluating their technical proposals, GSA gave further consideration to
   EDS's and XTec's responses to the clarification questions, however, their
   technical ratings did not change. After receiving price proposals from EDS
   and XTec, seeking further clarification regarding their price proposals,
   and receiving final price proposal submissions, GSA calculated a total
   evaluated price for EDS of $66,379,641 and a total evaluated price for
   XTec of $80,854,631, a difference of more than $14 million. GSA decided to
   issue the task order to EDS, the highest-rated and lowest-priced vendor.
   After receiving a "post-award briefing" in which GSA detailed XTec's
   evaluated strengths and weaknesses under each of the non-price evaluation
   factors, XTec filed the subject protest with our Office.[9]

   DISCUSSION

   XTec argues that EDS was not eligible for an order because in
   contravention of the RFQ, at the time price proposals were due, its
   end-to-end solution under CLINs 1 and 2 was not composed of approved
   products and services--that is, products and services listed on the APL.
   In this regard, XTec focuses on EDS's failure to include in its end-to-end
   solution graphical personalization and electronic personalization products
   and services that are listed on the APL. XTec further argues that GSA
   failed to consider, as part of its technical evaluation, the status of a
   vendor's compliance with the APL listing requirement and the risks
   associated with a vendor's capability to meet APL requirements. XTec also
   contends that GSA allowed EDS to demonstrate one solution at the OCD and
   subsequently to price a different solution, and that in evaluating EDS's
   technical proposal it waived the requirement that vendors address all
   requirements in their technical proposal.[10]

   APL Compliance

   In challenging GSA's issuance of a task order to EDS, XTec maintains that
   EDS failed to comply with the RFQ requirements by incorporating in its
   technical proposal graphical personalization and electronic
   personalization services that were not listed on GSA's APL by the time
   price proposals were submitted.

   The crux of XTec's argument revolves around its interpretation of the RFQ
   as requiring vendors to have the component products and services in their
   end-to-end solutions listed on the APL by the time price proposals were
   due, "unless the delay was due to actions of GSA."[11] XTec Comments and
   Supplemental Protest at 5, n.1. In support of this interpretation, XTec
   relies on statements in the RFQ providing that "[a]ll products and
   services must be on Schedules [including Schedule 70, SIN 132-62] by the
   time Price Proposals are submitted," as well as its understanding that in
   order for a vendor to list its end-to-end solution on Schedule 70, SIN
   132-62, the vendor had to demonstrate that the component products and
   services of its end-to-end solution were on the APL. RFQ amend. 4, at 131.
   This latter understanding, according to XTec, was based on express
   guidance from the contracting officer in a March 7 letter allegedly
   informing vendors that all component products and services under their
   end-to-end solutions had to be on the APL in order to have the end-to-end
   solution listed on Schedule 70, SIN 132-62.[12]

   GSA, however, articulates a different interpretation of the RFQ. According
   to GSA, the RFQ established that FIPS 201 categories of services and
   products, which were necessarily part of a vendor's end-to-end solution
   (under CLINs 1 and 2) did not have to be on the APL at the time technical
   proposals were due; rather, they had to be on the APL by Milestone 1, with
   compliance being a matter ultimately of contract administration. This was
   in contrast to FIPS 201 category products or services identified as
   stand-alone items under an individual CLIN (i.e., not part of a vendor's
   end-to-end solution), which had to be on the APL at the time price
   proposals were due. Since graphical personalization and electronic
   personalization products and services were solely included within vendors'
   bundled end-to-end solutions under CLINs 1 and 2, these products and
   services only had to be listed on the APL by Milestone 1. As a
   consequence, GSA maintains that EDS's failure, and for that matter the
   failure of XTec, to have all their products and services under their
   end-to-end solution on the APL at the time price proposals were due, did
   not render them technically unacceptable.

   When an agency conducts a formal competition under the FSS program, we
   will review the agency's evaluation of vendor submissions to ensure that
   the evaluation was reasonable and consistent with the terms of the
   solicitation. SI Int'l, SEIT, Inc., B-297381.5; B-297381.6, July 19, 2006,
   2006 para. CPD 114 at 11; COMARK Fed. Sys., B-278343; B-278343.2, Jan. 20,
   1998, 98-1 CPD para. 34 at 4-5. Where a protester and agency disagree over
   the meaning of solicitation language, we will resolve the matter by
   reading the solicitation as a whole and in a manner that reasonably gives
   effect to all its provisions. Solec Corp., B-299266, Mar. 5, 2007, 2007
   CPD para. 42 at 2. We will not read a provision restrictively where it is
   not clear from the solicitation that such a restrictive interpretation was
   intended by the agency. Id.

   Here, even assuming that XTec's interpretation of the solicitation is
   reasonable and that GSA in effect waived the requirement that vendors have
   the component products and services of their end-to-end solutions listed
   on the APL by the time price proposals were due, XTec has failed to
   establish that it was prejudiced by the alleged waiver.[13] In this
   regard, our Office will only sustain a protest that an agency has waived
   or relaxed its requirements for the awardee where the protester
   establishes a reasonable possibility that it was prejudiced by the
   agency's actions; that is, had it known of the changed requirements, it
   would have altered its proposal to its competitive advantage. Datastream
   Sys., Inc., B-291653, Jan. 24, 2003, 2003 CPD para. 30 at 6.

   XTec generally asserts that had it known GSA did not require the products
   and services within its end-to-end solution to be on the APL by the time
   price proposals were due, it "could have reduced its price and substituted
   other products." XTec's Comments and Supplemental Protest, at 9. As the
   sole support for this assertion, XTec submitted a declaration from its
   controller, stating generally that "[e]nsuring compliance with the APL
   requirement was costly in terms of both time and expense" and that if it
   had known that "the requirements were going to be relaxed, it could have
   reduced its price accordingly." Declaration of XTec Controller, June 11,
   2007, at 3. Given XTec's substantially higher price and its lower
   technical rating as compared to EDS, we find XTec's unsupported general
   statement that it could have substituted products and reduced its price,
   to be insufficient to demonstrate that it was competitively prejudiced as
   a result of any alleged waiver of the APL requirement. XTec does not
   provide any indication of the product substitutions that it could have
   utilized which would have resulted in substantial cost savings sufficient
   to bridge the substantial price gap between its price and EDS'; nor does
   XTec attempt to quantify the costs it incurred in its unsuccessful attempt
   to comply with the APL requirement. Moreover, the record reflects that the
   alleged waiver could not have caused XTec any prejudice with respect to
   GSA's evaluation of its technical proposal since the few weakness
   identified by GSA in this regard did not stem from the particular products
   employed by XTec. As a consequence, there is no basis for sustaining
   XTec's protest in this regard. Datastream Sys., Inc., supra.

   XTec further asserts that, setting aside the question of when APL
   compliance was required under the RFQ, GSA improperly failed to consider a
   vendor's capability to meet APL requirements as part of its technical
   evaluation. According to XTec, GSA's "evaluation and risk analysis should
   have considered the status of the offerors' APL compliance." XTec's
   Comments and Supplemental Protest, at 2. In support of this contention,
   XTec argues that APL compliance was an important element of a vendor's
   solution and that GSA was required by the RFQ to evaluate a vendor's
   capability to provide all services required under the solicitation.

   While the record reflects that GSA did not in fact consider issues such as
   the status of a vendor's APL compliance, or the risk attendant to a
   vendor's ability to achieve APL compliance, as part of its technical
   evaluation, nothing in the RFQ expressly provided that GSA would evaluate
   such issues. Rather, as noted above, the RFQ, consistent with the intent
   to acquire integrator services, described the focus of the evaluation in
   general terms, stating that GSA sought to ensure that vendors fully
   understood and were capable of performing the technical requirements in
   the RFQ, and that their proposed solutions were "technically sound."
   Consistent with this approach, GSA evaluated vendors' quotations with
   respect to all of the functional requirements established in the RFQ.
   Given the absence of a specific reference to APL compliance in the
   otherwise broadly written RFQ provisions, we cannot conclude that GSA
   acted unreasonably or in a manner inconsistent with the RFQ by not
   considering these issues as part of its technical evaluation.

   As a final matter, XTec also challenges GSA's evaluation of EDS's
   technical proposal, arguing that it allowed EDS to price a solution which
   differed from that demonstrated by EDS at the ODC. Specifically, XTec
   alleges that during the OCD, EDS demonstrated its "public key
   infrastructure (PKI)"[14] solution based on a product from the firm
   Exostar, but that EDS ultimately proposed and priced a PKI solution based
   on a product from the firm Entrust. According to XTec, this was in
   contravention of an "inherent requirement" of the RFQ that GSA would
   evaluate vendor's prices in relation to the solution demonstrated at the
   OCD. XTec's Comments and Supplemental Protest, at 12. In support of this
   "inherent requirement," XTec principally cites the sections of the RFQ
   stating that "[p]rices shall be evaluated to determine whether an
   offeror's proposed price is fair and reasonable and complete in relation
   to the solicitation, the OCD, [and] the offeror's overall proposal," and
   that "offerors shall be required to demonstrate an understanding of all
   requirements and a capability to provide all services required by this
   solicitation." RFQ amend. 4, at 127-28.

   The record reflects that during the OCD, EDS expressly informed GSA that
   it would demonstrate PKI using the Exostar product, but that its final
   solution would incorporate the Entrust product, and that EDS did in fact
   ultimately propose and price its end-to-end solution based on the Entrust
   PKI product. In challenging this substitution, XTec has failed to indicate
   how it had any material effect on GSA's evaluation of EDS's proposal.
   Given that EDS expressly informed GSA of the planned substitution at the
   time of its OCD, as well as the fact that there is nothing in the record
   to suggest that the contemplated substitution would have had any negative
   effect on, or introduced any material risk to EDS's solution as priced and
   proposed--in fact, XTec itself incorporated the Entrust PKI product in its
   own solution (see, XTec's Technical Proposal, at 6)--we find that the
   agency's failure to downgrade EDS's proposal based on the substitution was
   neither unreasonable nor inconsistent with the terms of the
   solicitation.[15]

   The protest is denied.

   Gary L. Kepplinger

   General Counsel

   ------------------------

   [1] As it has developed, one feature of the contemplated common
   identification card is the inclusion of a biometric verification element,
   specifically, the incorporation of fingerprint verification.

   [2] These 22 categories relate to the following areas: PIV smart cards,
   smart card readers, fingerprint scanners, fingerprint capture stations,
   fingerprint template generation and matching equipment, facial image
   capture stations, card printing stations, and graphical and electronic
   personalization products and services.

   [3] A "turn-key" solution is characterized as one where the contractor
   transfers ownership of an integrated system to the government and the
   government operates the system. In contrast, under a contractor-managed
   system, the contractor retains ownership of all equipment and manages
   operation of the system for the government.

   [4] While OMB has established GSA as the HSPD-12 executive agency and
   other agencies are encouraged to acquire their HSPD-12 requirements
   through GSA, they are not required to do so. Thus, IT Schedule 70 SIN
   132-62 is not a mandatory source for agencies.

   [5] Although the solicitation is identified on its cover page as an RFQ,
   the term "proposal," as opposed to "quotation," repeatedly appears in,
   among other places, the solicitation's descriptions of the evaluation
   factors and selection scheme, as well as the parties' submissions. Given
   this, we refer to the firms' submissions as proposals for the sake of
   consistency, notwithstanding the fact that they are more properly referred
   to as quotations.

   [6] By way of example, one of the use cases identified for testing
   involved the "enrollment" function and specifically the ability of the
   vendor's system to support new enrollment and re-enrollment activities.

   [7] GSA issued Modification 5 as Amendment 4 to the RFQ.

   [8] Federal Acquisition Regulation (FAR) sect. 8.402(d) states that
   "'e-Buy,' GSA's electronic Request for Quotation (RFQ) system, is a part
   of a suite of on-line tools which complement GSA Advantage!. E-Buy allows
   ordering activities to post requirements, obtain quotes, and issue orders
   electronically."

   [9] GSA informed XTec that because the procurement was conducted under the
   procedures established by FAR Part 8.4 it was only required to provide
   XTec with "a brief explanation of the basis for the award decision." See
   FAR sect. 8.405-2(d).

   [10] During the development of the protest our Office dismissed XTec's
   allegation that GSA failed to conduct meaningful discussions as failing to
   state a valid basis of protest given that XTec failed to identify any
   specific evaluated weaknesses or deficiencies that were required to be the
   topic of discussions. In addition, XTec expressly withdrew the following
   protest grounds: (1) GSA improperly evaluated XTec's proposal under the
   technical understanding and project management factors; (2) GSA improperly
   evaluated price; and (3) GSA improperly evaluated past performance.
   Moreover, we consider XTec to have abandoned its argument that EDS was not
   eligible for an order since its electronic personalization product had not
   passed required testing, see Protest at 21, since GSA addressed this issue
   in its report and XTec did not rebut the agency's response in its
   comments. Citrus College; KEI Pearson, Inc., B-293543 et al., Apr. 9,
   2004, 2004 CPD para. 104 at 8 n.4.

   [11] The record reflects that XTec, like EDS, did not have all of its
   products and services within its end-to-end solution on the APL by the
   time price proposals were due. XTec, however, maintains that this was due
   to the failure of GSA to properly and timely test its various product
   submissions.

   [12] We find XTec's reliance on the March 7 letter to be misplaced.
   Setting aside the fact that the March 7 letter was not part of the RFQ and
   did not purport to alter the RFQ, it appears to merely serve as a reminder
   that under the RFQ, vendors' CLIN offerings had to be listed on their
   Schedule 70, SIN 132-62 contracts by the time price proposals were due. To
   the extent the letter also required vendors to submit "GSA Approval
   Letter[s] associated with each product/service" that "support the
   offeror's proposed CLIN structure," this statement is ambiguous and can be
   reasonably read to require approval letters solely for those CLINs for
   individual items by the time price proposals were due, as opposed to CLINs
   comprising a vendor's end-to-end solution--consistent with GSA's
   interpretation of the RFQ, as explained below. AR, Tab R, XTec Approval
   Letters, at R0001-0002.

   [13] With respect to the parties' differing interpretations of the RFQ,
   our decision in a related protest regarding this procurement, Computer
   Literacy World, Inc., B-299744, B-299744.4, discusses at length our view
   that GSA's interpretation in fact is reasonable in light of the underlying
   objectives and acquisition scheme GSA established as the executive agency
   for the government-wide acquisition of the products and services necessary
   to implement HSPD-12. Given our finding that XTec has not established
   prejudice flowing from its own interpretation of the solicitation, we need
   not resolve the question of whether XTec's interpretation was also
   reasonable, thereby potentially introducing at most an ambiguity in the
   RFQ.

   [14] PKI is a system for verifying and authenticating the identity of
   parties to an internet transaction. See
   http://www.webopedia.com/TERM/PKI.html.

   [15] XTec also argues that GSA waived the requirement that vendors address
   all technical requirements in their technical proposal by not requiring
   EDS to include in its technical proposal information related to the
   products it demonstrated during the OCD. The short answer is that the type
   of information XTec insists should have been part of EDS's technical
   proposal was not required by the RFQ. Because we conclude that XTec's
   allegations regarding GSA's evaluation of EDS's proposal are without merit
   or otherwise not for consideration, XTec's objection to the best value
   decision--based solely on these alleged improprieties--likewise provides
   no basis to sustain the protest.