TITLE: B-299744.2; B-299744.3, XTec, Inc., August 6, 2007 BNUMBER: B-299744.2; B-299744.3 DATE: August 6, 2007 ************************************************** B-299744.2; B-299744.3, XTec, Inc., August 6, 2007 DOCUMENT FOR PUBLIC RELEASE The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release. Decision Matter of: XTec, Inc. File: B-299744.2; B-299744.3 Date: August 6, 2007 John S. Pachter, Esq., Jonathan D. Shaffer, Esq., and Mary Pat Gregory, Esq., Smith Pachter McWhorter PLC, for the protester. Daniel R. Forman, Esq., Christopher Gagne, Esq., and John E. McCarthy, Jr., Esq., Crowell & Moring LLP, for Electronic Data Systems, Inc., an intervenor. Micul E. Thompson, Esq., Carmody A. Gaba, Esq., and Kevin J. Rice, Esq., for the agency. Edward Goldstein, Esq., and Christine S. Melody, Esq., Office of the General Counsel, GAO, participated in the preparation of the decision. DIGEST Even assuming that protester's interpretation of solicitation issued under the Federal Supply Schedule program for a contractor managed "end-to-end" solution meeting government-wide federal identification card requirements is reasonable and required all products and services within a vendor's end-to-end solution to be listed on the agency's Approved Product List at the time price submissions were due, protester failed to establish that it was prejudiced by the agency's alleged waiver of this requirement where the protester's proposal was lower-rated technically and higher priced and the protester only generally asserted that had it known of the agency's interpretation, it could have substituted products and reduced its price. DECISION XTec, Inc. protests the issuance of a task order to Electronic Data Systems, Inc. under request for quotations (RFQ) No. TQ-PLB07-0002, issued by the General Services Administration (GSA) to vendors under its Federal Supply Schedule (FSS) program, to provide contractor-managed services for an "end-to-end" solution meeting government-wide federal identification card requirements. XTec argues that EDS was not eligible for an order because its solution did not meet mandatory solicitation requirements, GSA improperly evaluated EDS's solution under the RFQ's technical criteria, and that GSA's selection of EDS as the best value was flawed. We deny the protest. BACKGROUND Homeland Security Presidential Directive-12 In an effort to enhance security, increase efficiency, reduce identity fraud, protect personal privacy, and deter terrorist threats, the President, on August 27, 2004, issued Homeland Security Presidential Directive-12 (HSPD-12), mandating the establishment of a standard for identification of federal employees and contractors. HSPD-12 requires the use of a common identification card for access to federally-controlled facilities and information systems.[1] RFQ amend. 4, at 6-7. Under HSPD-12, the National Institute of Standards and Technology (NIST) was tasked with producing a standard for a secure and reliable form of identification. In response, on February 25, 2005, NIST issued Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors. In order to assist agencies with implementing the FIPS 201 requirements, the Office of Management and Budget (OMB) established GSA as the "executive agency" for government-wide acquisition of the products and services necessary to implement the HSPD-12 mandate. As the executive agency, GSA is responsible for making available products and services that meet all applicable federal standards and requirements, to include FIPS 201, for acquisition by federal agencies. In order to achieve this end, and as directed by OMB, GSA has assumed various roles. Specifically, in conjunction with NIST, GSA identified 22 categories of products/services which must comply with specific normative requirements contained in FIPS 201. In May 2006, GSA established a FIPS 201 evaluation program to ensure that commercial products in the 22 identified categories are FIPS 201 compliant. Under this program, laboratories test products and services under the 22 categories to ensure conformance with FIPS 201 standards. When a product/service is determined to be FIPS 201 compliant, GSA issues an approval letter, specifying the supplier, the Approved Products List (APL) category (e.g., PIV smart card), approved product name, and version/part number. Products/services receiving an approval letter under one of the 22 categories are then publicly listed on what is known as the FIPS 201 APL. As it relates to this protest, "graphical personalization" and "electronic personalization" products and services are within the 22 categories of products and services which must be approved as compliant with the requirements of FIPS 201. [2] Pursuant to OMB guidance, when agencies seek to acquire products or services within the 22 FIPS 201 categories, they can only acquire those products and services which have been approved by GSA--that is, those products and services listed on the APL. Approved products/services for the 22 categories are posted on the idmanagement.gov website. In addition, GSA has recognized that agencies may require the services of contractors which are outside the scope of the FIPS 201 evaluation program, as they seek to develop and implement their HSPD-12 systems. In this regard, GSA has established an "integration services qualification program" through GSA's Center for Smartcard Solutions, whereby GSA identifies vendors that are qualified to provide "integrated, bundled solutions, and contractor managed solutions." GSA Hearing Exh. 4, at 7. Under this program, GSA established qualification requirements in following five areas: (1) enrollment products and services; (2) systems infrastructure products and services; (3) card production products and services; (4) card finalization products and services; and (5) integration services (which included the following sub-categories "pure integration" services, "turn-key" solutions, [3] and "contractor-managed services." Id. at 11. As explained by GSA, qualification requirements under the five areas are evaluated under three criteria, "functional requirements," "experience requirements," and "security requirements." Id. at 12. Those firms meeting the qualification requirements receive a certificate specifying in which of the five areas the firm is qualified as a systems integrator. Vendors certified in all five areas are considered "end-to-end" integrators. GSA indicates that as a requirement for obtaining the systems integrator qualification certificate, all HSPD-12 systems integrators must expressly commit to delivering systems which incorporate approved products/services, i.e., those products/services listed on the APL. See GSA Hearing Exh. 4, at 13. In this regard, GSA states that the systems integrator qualification and certification process does not examine what GSA refers to as a firm's particular "bundled" solution to determine whether it is actually comprised of components from the APL. Rather, GSA qualifies integrators based on their commitment to deliver bundled systems comprised only of products from the APL. Id. As with FIPS 201 approved products and services, GSA maintains a list of vendors qualified to provide the above-described services on the idmanagement.gov website. In order to further facilitate the ability of federal agencies to acquire FIPS 201 approved products/services and integration services from qualified firms, GSA established special item number (SIN) 132-62, under the GSA Schedule Information Technology (IT) 70, specifically for FIPS 201 compliant products and qualified integrators.[4] Under Schedule 70, SIN 132-62, GSA sought to make available to agencies the various products and types of services that they would need as they endeavored to implement the HSPD-12 mandate. Believing that some agencies may decide to buy FIPS 201 compliant products and services on an individual basis and attempt to develop and integrate their own HSPD-12 systems, GSA provided for vendors to list their approved FIPS 201 compliant products and services under SIN 132-62. As explained by GSA, in order for a vendor to list its FIPS 201 product or service under SIN 132-62, the item must first be approved and listed on the APL. Due to the tight timeline associated with implementing the HSPD-12 mandate, however, GSA was encouraging agencies not to handle the HSPD-12 mandate on their own, but rather to have qualified firms provide them with contractor-managed services for "end-to-end" systems. Hearing Transcript at 35-36. As a consequence, GSA also included the services of qualified integrators under SIN 132-62. According to GSA, as a prerequisite for a systems integrator to be listed on SIN 132-62, it had to demonstrate that it had obtained the applicable GSA systems integrator certification awarded by GSA's Center for SmartCard Solutions. In sum, as explained by GSA, it had established two parallel, yet distinct processes for firms to meet agencies' HSPD-12 needs. One process pertained to individual products/services falling under the 22 categories requiring FIPS 201 approval, which entailed testing the specific products/services for FIPS 201 compliance and listing approved products/services on the APL. As a predicate for vendors to have their products/services listed under SIN 132-62, GSA required vendors to demonstrate that the particular product or service was listed on the APL. GSA also identified a separate process for qualifying HSPD-12 systems integrators seeking to provide integrated HSPD-12 system solutions to federal agencies. RFQ No. TQ-PLB07-0002 Consistent with its mission to assist federal agencies in their efforts to implement HSPD-12, on January 12, 2007, GSA issued the subject solicitation under IT Schedule 70, SIN 132-62, seeking proposals[5] from vendors for the issuance of a task order to provide a "shared service solution for an end-to-end" contractor-managed HSPD-12 system, that is, a "bundled" system capable of meeting the following core HSPD-12 system elements: (1) enrollment, (2) system infrastructure (identity management system, card management system), (3) card production and issuance, and (4) card activation. RFQ amend. 4, at 7. The selected vendor would "supply equipment, materials, and services" necessary to meet these core services requirements for various federal agencies endeavoring to meet the HSPD-12 mandates. Id. The RFQ contemplated a base period of performance from the date of issuance of the task order through September 30, 2007, and four 1-year option periods. The base period was composed of four "milestone" dates. As it relates to the protest, within Milestone 1, System Setup, GSA identified three sub-elements, 1A -- Initial Functionality (due 30 days after issuance of the task order), 1B -- Updated Functionality (due 45 days after issuance of the task order) and 1C -- Infrastructure Build Out (due 60 days after issuance of the task order). Within Milestone 1A, the vendor was required to demonstrate numerous requirements, and deliver "key documents." RFQ amend. 4, at 11. The RFQ contemplated selection of the vendor whose proposal represented the "best value" to the government considering price and the following non-price factors (listed in descending order of importance): (1) operational capability demonstration (OCD); (2) understanding of and capability to fully and timely perform technical requirements; (3) project management; and (4) past performance. In regard to the best value determination, the RFQ provided that the non-price factors were collectively more important than price. RFQ amend. 4, at 128. Under the RFQ, vendors were required to submit a technical and management proposal for the purpose of "identify[ing] how the contractor meets the requirements stated in th[e] solicitation." RFQ amend. 4, at 127. The RFQ further advised vendors that proposals "must address the requirements, provisions, terms and conditions, and clauses stated in all sections of this solicitation." RFQ amend. 4, at 128. In evaluating vendors' proposals, GSA sought to ensure that the vendor fully understood and was capable of performing the technical requirements contained in the RFQ, that it demonstrated this understanding, and that "the proposed solution is technically sound." RFQ amend. 4, at 130. The RFQ also indicated that GSA would evaluate vendors' proposals to ensure a full understanding of all project management requirements contained in the RFQ and would evaluate vendors' past performance risk. The OCD, the most heavily weighted non-price evaluation factor, consisted of a "functional capability demonstration" of specific HSPD-12 system technical requirements contained in the RFQ. RFQ amend. 4, at 148. The specific functional requirements tested were called "use cases," which were individually identified in the RFQ.[6] Vendors were advised that after evaluation of the non-price factors, GSA would request price proposals from those vendors whose non-price proposals were "rated highly acceptable technically." RFQ amend. 4, at 130. At the time GSA issued the RFQ, it had executed agreements with approximately 40 agencies to obtain an end-to-end HSPD-12 solution under the contemplated task order. While these agreements had resulted in a requirement under the task order for the vendor to enroll and issue HSPD-12 compliant credentials to approximately 420,000 federal employees and contractors, GSA informed vendors that it also had an open offer for other agencies to employ the task order to meet their HSPD-12 requirements. RFQ at 7. Given the undefined scope of the ultimate requirement, the RFQ required vendors to price their "end-to-end" service on the basis of a "seat" price, which was defined as "a single enrollment transaction per enrollee" or, as described by the contracting officer, "a single, active PIV account." RFQ at 8; Contracting Officer's (CO) Statement of Facts at 3. Vendors selected to submit price proposals were required to submit fixed prices for two "mandatory" contract line item numbers (CLIN), CLIN 1, "Milestones 1, 2, and 3 Enrollment Seat Price," and CLIN 2, "Milestones 1, 2, and 3 Monthly Maintenance Seat Price." RFQ amend. 4, at 132. Under CLIN 1, a vendor was to submit its "seat price" for its bundled solution for enrolling federal employees and contractors in the PIV program. CLIN 2 required a vendor to submit its "seat price" for maintaining the established, active identity accounts. In addition, the RFQ included more than 80 "additional optional CLINs," some of which were for separately-priced products and services (i.e., PIV activation stations or card sleeves). RFQ amend. 4, at 132. As a general matter, vendors were required to submit fixed prices on a per item basis for these CLINs. Regarding the mandatory CLINs, while the total number of seats that a vendor would have to provide was not defined, the RFQ specified that the minimum number of seats to be ordered under the task order would be 10,000, and that the maximum number of seats that could be ordered over the life of the task order was limited to 1.5 million. RFQ amend. 4, at 124. For the purpose of determining their seat prices, however, vendors were instructed to assume an order quantity of 420,000 seats. RFQ amend. 4, at 8. Since this was an acquisition under the FSS program, the RFQ advised vendors as follows: All products and services must be available on SIN 132-62 and/or Schedule 70. If a product, service or labor category is not required to be on SIN 132-62, then it must be on Schedule 70. No other Schedules may be offered and open market items may not be proposed. All products and services must be on Schedules by the time Price Proposals are submitted. It is the responsibility of each contractor or team to ensure that all required HSPD-12 contract line items that constitute an end-to-end solution are priced on their Schedule 70 SIN 132-62. There will be no open market items permitted under this task order. RFQ amend. 4, at 131. In addition, GSA addressed numerous questions raised by vendors regarding the RFQ. As it relates to the protest, several questions concerned which products or services had to be listed on GSA's APL and when they had to be on the APL. On February 8, GSA issued RFQ Modification 5, incorporating the vendors' questions and GSA's answers under the RFQ.[7] Modification 5 also established an RFQ closing date of February 16, 2007, and provided that "all proposal submissions must be sent through the GSA Advantage e-Buy web site using its established systems procedures."[8] RFQ mod. 5. GSA's Evaluation of Vendors' Proposals On February 16, GSA received six proposals in response to the RFQ, including proposals from EDS and XTec. Thereafter, GSA completed its evaluation of vendors' proposals under the technical factors and ranked them as follows: +------------------------------------------------------------------------+ |Vendor|Factor 1 -| Factor 2 - |Factor 3 --| Factor 4 - Past | Overall | | | OCD |Understanding| Project. | Performance | Rating | | | | | Mgmt. | | | |------+----------+-------------+-----------+-----------------+----------| | EDS |Excellent/|Good/Low Risk|Excellent/ | Good |Excellent/| | | Low Risk | | Low Risk | | Low Risk | |------+----------+-------------+-----------+-----------------+----------| | XTec |Excellent/|Good/Low Risk| Good/Low | Good |Good/ Low | | | Low Risk | | Risk | | Risk | |------+----------+-------------+-----------+-----------------+----------| | A | Good/Low |Good/Low Risk| Good/Low | Good | Good/Low | | | Risk | | Risk | | Risk | |------+----------+-------------+-----------+-----------------+----------| | B | Average/ |Average/ Mod.| Good/Low | Good | Average/ | | |Mod. Risk | Risk | Risk | |Mod. Risk | |------+----------+-------------+-----------+-----------------+----------| | C | Average/ | Average/Low | Good/Low | Average | Average/ | | |Mod. Risk | Risk | Risk | |Mod. Risk | |------+----------+-------------+-----------+-----------------+----------| | D |Poor/High |Average/High | Average/ | Average | Average/ | | | Risk | Risk | Mod. Risk | |High Risk | +------------------------------------------------------------------------+ Agency Report, Tab H, Contracting Officer's Decision to Invite Price Proposals, at H0011. On April 5, the contracting officer invited the three most highly rated vendors (including EDS and XTec) to submit price proposals. In addition, the contracting officer provided these vendors with "clarification questions" regarding their technical proposals. Price proposals and responses to the clarification questions were due April 11. One of the three then withdrew from the competition, leaving only EDS and XTec. In evaluating their technical proposals, GSA gave further consideration to EDS's and XTec's responses to the clarification questions, however, their technical ratings did not change. After receiving price proposals from EDS and XTec, seeking further clarification regarding their price proposals, and receiving final price proposal submissions, GSA calculated a total evaluated price for EDS of $66,379,641 and a total evaluated price for XTec of $80,854,631, a difference of more than $14 million. GSA decided to issue the task order to EDS, the highest-rated and lowest-priced vendor. After receiving a "post-award briefing" in which GSA detailed XTec's evaluated strengths and weaknesses under each of the non-price evaluation factors, XTec filed the subject protest with our Office.[9] DISCUSSION XTec argues that EDS was not eligible for an order because in contravention of the RFQ, at the time price proposals were due, its end-to-end solution under CLINs 1 and 2 was not composed of approved products and services--that is, products and services listed on the APL. In this regard, XTec focuses on EDS's failure to include in its end-to-end solution graphical personalization and electronic personalization products and services that are listed on the APL. XTec further argues that GSA failed to consider, as part of its technical evaluation, the status of a vendor's compliance with the APL listing requirement and the risks associated with a vendor's capability to meet APL requirements. XTec also contends that GSA allowed EDS to demonstrate one solution at the OCD and subsequently to price a different solution, and that in evaluating EDS's technical proposal it waived the requirement that vendors address all requirements in their technical proposal.[10] APL Compliance In challenging GSA's issuance of a task order to EDS, XTec maintains that EDS failed to comply with the RFQ requirements by incorporating in its technical proposal graphical personalization and electronic personalization services that were not listed on GSA's APL by the time price proposals were submitted. The crux of XTec's argument revolves around its interpretation of the RFQ as requiring vendors to have the component products and services in their end-to-end solutions listed on the APL by the time price proposals were due, "unless the delay was due to actions of GSA."[11] XTec Comments and Supplemental Protest at 5, n.1. In support of this interpretation, XTec relies on statements in the RFQ providing that "[a]ll products and services must be on Schedules [including Schedule 70, SIN 132-62] by the time Price Proposals are submitted," as well as its understanding that in order for a vendor to list its end-to-end solution on Schedule 70, SIN 132-62, the vendor had to demonstrate that the component products and services of its end-to-end solution were on the APL. RFQ amend. 4, at 131. This latter understanding, according to XTec, was based on express guidance from the contracting officer in a March 7 letter allegedly informing vendors that all component products and services under their end-to-end solutions had to be on the APL in order to have the end-to-end solution listed on Schedule 70, SIN 132-62.[12] GSA, however, articulates a different interpretation of the RFQ. According to GSA, the RFQ established that FIPS 201 categories of services and products, which were necessarily part of a vendor's end-to-end solution (under CLINs 1 and 2) did not have to be on the APL at the time technical proposals were due; rather, they had to be on the APL by Milestone 1, with compliance being a matter ultimately of contract administration. This was in contrast to FIPS 201 category products or services identified as stand-alone items under an individual CLIN (i.e., not part of a vendor's end-to-end solution), which had to be on the APL at the time price proposals were due. Since graphical personalization and electronic personalization products and services were solely included within vendors' bundled end-to-end solutions under CLINs 1 and 2, these products and services only had to be listed on the APL by Milestone 1. As a consequence, GSA maintains that EDS's failure, and for that matter the failure of XTec, to have all their products and services under their end-to-end solution on the APL at the time price proposals were due, did not render them technically unacceptable. When an agency conducts a formal competition under the FSS program, we will review the agency's evaluation of vendor submissions to ensure that the evaluation was reasonable and consistent with the terms of the solicitation. SI Int'l, SEIT, Inc., B-297381.5; B-297381.6, July 19, 2006, 2006 para. CPD 114 at 11; COMARK Fed. Sys., B-278343; B-278343.2, Jan. 20, 1998, 98-1 CPD para. 34 at 4-5. Where a protester and agency disagree over the meaning of solicitation language, we will resolve the matter by reading the solicitation as a whole and in a manner that reasonably gives effect to all its provisions. Solec Corp., B-299266, Mar. 5, 2007, 2007 CPD para. 42 at 2. We will not read a provision restrictively where it is not clear from the solicitation that such a restrictive interpretation was intended by the agency. Id. Here, even assuming that XTec's interpretation of the solicitation is reasonable and that GSA in effect waived the requirement that vendors have the component products and services of their end-to-end solutions listed on the APL by the time price proposals were due, XTec has failed to establish that it was prejudiced by the alleged waiver.[13] In this regard, our Office will only sustain a protest that an agency has waived or relaxed its requirements for the awardee where the protester establishes a reasonable possibility that it was prejudiced by the agency's actions; that is, had it known of the changed requirements, it would have altered its proposal to its competitive advantage. Datastream Sys., Inc., B-291653, Jan. 24, 2003, 2003 CPD para. 30 at 6. XTec generally asserts that had it known GSA did not require the products and services within its end-to-end solution to be on the APL by the time price proposals were due, it "could have reduced its price and substituted other products." XTec's Comments and Supplemental Protest, at 9. As the sole support for this assertion, XTec submitted a declaration from its controller, stating generally that "[e]nsuring compliance with the APL requirement was costly in terms of both time and expense" and that if it had known that "the requirements were going to be relaxed, it could have reduced its price accordingly." Declaration of XTec Controller, June 11, 2007, at 3. Given XTec's substantially higher price and its lower technical rating as compared to EDS, we find XTec's unsupported general statement that it could have substituted products and reduced its price, to be insufficient to demonstrate that it was competitively prejudiced as a result of any alleged waiver of the APL requirement. XTec does not provide any indication of the product substitutions that it could have utilized which would have resulted in substantial cost savings sufficient to bridge the substantial price gap between its price and EDS'; nor does XTec attempt to quantify the costs it incurred in its unsuccessful attempt to comply with the APL requirement. Moreover, the record reflects that the alleged waiver could not have caused XTec any prejudice with respect to GSA's evaluation of its technical proposal since the few weakness identified by GSA in this regard did not stem from the particular products employed by XTec. As a consequence, there is no basis for sustaining XTec's protest in this regard. Datastream Sys., Inc., supra. XTec further asserts that, setting aside the question of when APL compliance was required under the RFQ, GSA improperly failed to consider a vendor's capability to meet APL requirements as part of its technical evaluation. According to XTec, GSA's "evaluation and risk analysis should have considered the status of the offerors' APL compliance." XTec's Comments and Supplemental Protest, at 2. In support of this contention, XTec argues that APL compliance was an important element of a vendor's solution and that GSA was required by the RFQ to evaluate a vendor's capability to provide all services required under the solicitation. While the record reflects that GSA did not in fact consider issues such as the status of a vendor's APL compliance, or the risk attendant to a vendor's ability to achieve APL compliance, as part of its technical evaluation, nothing in the RFQ expressly provided that GSA would evaluate such issues. Rather, as noted above, the RFQ, consistent with the intent to acquire integrator services, described the focus of the evaluation in general terms, stating that GSA sought to ensure that vendors fully understood and were capable of performing the technical requirements in the RFQ, and that their proposed solutions were "technically sound." Consistent with this approach, GSA evaluated vendors' quotations with respect to all of the functional requirements established in the RFQ. Given the absence of a specific reference to APL compliance in the otherwise broadly written RFQ provisions, we cannot conclude that GSA acted unreasonably or in a manner inconsistent with the RFQ by not considering these issues as part of its technical evaluation. As a final matter, XTec also challenges GSA's evaluation of EDS's technical proposal, arguing that it allowed EDS to price a solution which differed from that demonstrated by EDS at the ODC. Specifically, XTec alleges that during the OCD, EDS demonstrated its "public key infrastructure (PKI)"[14] solution based on a product from the firm Exostar, but that EDS ultimately proposed and priced a PKI solution based on a product from the firm Entrust. According to XTec, this was in contravention of an "inherent requirement" of the RFQ that GSA would evaluate vendor's prices in relation to the solution demonstrated at the OCD. XTec's Comments and Supplemental Protest, at 12. In support of this "inherent requirement," XTec principally cites the sections of the RFQ stating that "[p]rices shall be evaluated to determine whether an offeror's proposed price is fair and reasonable and complete in relation to the solicitation, the OCD, [and] the offeror's overall proposal," and that "offerors shall be required to demonstrate an understanding of all requirements and a capability to provide all services required by this solicitation." RFQ amend. 4, at 127-28. The record reflects that during the OCD, EDS expressly informed GSA that it would demonstrate PKI using the Exostar product, but that its final solution would incorporate the Entrust product, and that EDS did in fact ultimately propose and price its end-to-end solution based on the Entrust PKI product. In challenging this substitution, XTec has failed to indicate how it had any material effect on GSA's evaluation of EDS's proposal. Given that EDS expressly informed GSA of the planned substitution at the time of its OCD, as well as the fact that there is nothing in the record to suggest that the contemplated substitution would have had any negative effect on, or introduced any material risk to EDS's solution as priced and proposed--in fact, XTec itself incorporated the Entrust PKI product in its own solution (see, XTec's Technical Proposal, at 6)--we find that the agency's failure to downgrade EDS's proposal based on the substitution was neither unreasonable nor inconsistent with the terms of the solicitation.[15] The protest is denied. Gary L. Kepplinger General Counsel ------------------------ [1] As it has developed, one feature of the contemplated common identification card is the inclusion of a biometric verification element, specifically, the incorporation of fingerprint verification. [2] These 22 categories relate to the following areas: PIV smart cards, smart card readers, fingerprint scanners, fingerprint capture stations, fingerprint template generation and matching equipment, facial image capture stations, card printing stations, and graphical and electronic personalization products and services. [3] A "turn-key" solution is characterized as one where the contractor transfers ownership of an integrated system to the government and the government operates the system. In contrast, under a contractor-managed system, the contractor retains ownership of all equipment and manages operation of the system for the government. [4] While OMB has established GSA as the HSPD-12 executive agency and other agencies are encouraged to acquire their HSPD-12 requirements through GSA, they are not required to do so. Thus, IT Schedule 70 SIN 132-62 is not a mandatory source for agencies. [5] Although the solicitation is identified on its cover page as an RFQ, the term "proposal," as opposed to "quotation," repeatedly appears in, among other places, the solicitation's descriptions of the evaluation factors and selection scheme, as well as the parties' submissions. Given this, we refer to the firms' submissions as proposals for the sake of consistency, notwithstanding the fact that they are more properly referred to as quotations. [6] By way of example, one of the use cases identified for testing involved the "enrollment" function and specifically the ability of the vendor's system to support new enrollment and re-enrollment activities. [7] GSA issued Modification 5 as Amendment 4 to the RFQ. [8] Federal Acquisition Regulation (FAR) sect. 8.402(d) states that "'e-Buy,' GSA's electronic Request for Quotation (RFQ) system, is a part of a suite of on-line tools which complement GSA Advantage!. E-Buy allows ordering activities to post requirements, obtain quotes, and issue orders electronically." [9] GSA informed XTec that because the procurement was conducted under the procedures established by FAR Part 8.4 it was only required to provide XTec with "a brief explanation of the basis for the award decision." See FAR sect. 8.405-2(d). [10] During the development of the protest our Office dismissed XTec's allegation that GSA failed to conduct meaningful discussions as failing to state a valid basis of protest given that XTec failed to identify any specific evaluated weaknesses or deficiencies that were required to be the topic of discussions. In addition, XTec expressly withdrew the following protest grounds: (1) GSA improperly evaluated XTec's proposal under the technical understanding and project management factors; (2) GSA improperly evaluated price; and (3) GSA improperly evaluated past performance. Moreover, we consider XTec to have abandoned its argument that EDS was not eligible for an order since its electronic personalization product had not passed required testing, see Protest at 21, since GSA addressed this issue in its report and XTec did not rebut the agency's response in its comments. Citrus College; KEI Pearson, Inc., B-293543 et al., Apr. 9, 2004, 2004 CPD para. 104 at 8 n.4. [11] The record reflects that XTec, like EDS, did not have all of its products and services within its end-to-end solution on the APL by the time price proposals were due. XTec, however, maintains that this was due to the failure of GSA to properly and timely test its various product submissions. [12] We find XTec's reliance on the March 7 letter to be misplaced. Setting aside the fact that the March 7 letter was not part of the RFQ and did not purport to alter the RFQ, it appears to merely serve as a reminder that under the RFQ, vendors' CLIN offerings had to be listed on their Schedule 70, SIN 132-62 contracts by the time price proposals were due. To the extent the letter also required vendors to submit "GSA Approval Letter[s] associated with each product/service" that "support the offeror's proposed CLIN structure," this statement is ambiguous and can be reasonably read to require approval letters solely for those CLINs for individual items by the time price proposals were due, as opposed to CLINs comprising a vendor's end-to-end solution--consistent with GSA's interpretation of the RFQ, as explained below. AR, Tab R, XTec Approval Letters, at R0001-0002. [13] With respect to the parties' differing interpretations of the RFQ, our decision in a related protest regarding this procurement, Computer Literacy World, Inc., B-299744, B-299744.4, discusses at length our view that GSA's interpretation in fact is reasonable in light of the underlying objectives and acquisition scheme GSA established as the executive agency for the government-wide acquisition of the products and services necessary to implement HSPD-12. Given our finding that XTec has not established prejudice flowing from its own interpretation of the solicitation, we need not resolve the question of whether XTec's interpretation was also reasonable, thereby potentially introducing at most an ambiguity in the RFQ. [14] PKI is a system for verifying and authenticating the identity of parties to an internet transaction. See http://www.webopedia.com/TERM/PKI.html. [15] XTec also argues that GSA waived the requirement that vendors address all technical requirements in their technical proposal by not requiring EDS to include in its technical proposal information related to the products it demonstrated during the OCD. The short answer is that the type of information XTec insists should have been part of EDS's technical proposal was not required by the RFQ. Because we conclude that XTec's allegations regarding GSA's evaluation of EDS's proposal are without merit or otherwise not for consideration, XTec's objection to the best value decision--based solely on these alleged improprieties--likewise provides no basis to sustain the protest.