TITLE: B-299744; B-299744.4, Computer Literacy World, Inc., August 6, 2007
BNUMBER: B-299744; B-299744.4
DATE: August 6, 2007
*******************************************************************
B-299744; B-299744.4, Computer Literacy World, Inc., August 6, 2007

   DOCUMENT FOR PUBLIC RELEASE
   The decision issued on the date below was subject to a GAO Protective
   Order. This redacted version has been approved for public release.

   Decision

   Matter of: Computer Literacy World, Inc.

   File: B-299744; B-299744.4

   Date: August 6, 2007

   Michael A. Gordon, Esq., and Fran Baskin, Esq., Holmes & Gordon, for the
   protester.

   Daniel R. Forman, Esq., Christopher Gagne, Esq., and John E. McCarthy,
   Jr., Esq., Crowell & Moring LLP, for Electronic Data Systems, Inc., and
   John S. Pachter, Esq., Jonathan D. Shaffer, Esq., and Mary Pat Gregory,
   Esq., Smith Pachter McWhorter PLC, for XTec, Inc., intervenors.

   Carmody A. Gaba, Esq., Micul E. Thompson, Esq., and Kevin J. Rice, Esq.,
   for the agency.

   Edward Goldstein, Esq., and Christine S. Melody, Esq., Office of the
   General Counsel, GAO, participated in the preparation of the decision.

   DIGEST

   Protester's interpretation of solicitation issued under the Federal Supply
   Schedule program for a contractor managed "end-to-end" solution meeting
   government-wide federal identification card requirements as requiring all
   products and services within a vendor's "end-to-end" solution to be listed
   on the agency's Approved Products List (APL) at the time technical
   submissions were due is unreasonable where the agency, in answer to a
   question regarding when items within a vendor's "end-to-end" solution had
   to be on the APL, indicated that they had to be on the APL by Milestone 1
   during contract performance.

   DECISION

   Computer Literacy World, Inc. (CLW) protests the issuance of a task order
   to Electronic Data Systems, Inc. (EDS) under request for quotations (RFQ)
   No. TQ-PLB07-0002, issued by the General Services Administration (GSA) to
   vendors under its Federal Supply Schedule (FSS) program, to provide
   contractor-managed services for an "end-to-end" solution meeting
   government-wide federal identification card requirements. CLW argues that
   EDS was not eligible for an order because its solution did not meet
   mandatory solicitation requirements and that GSA improperly evaluated its
   own solution under the RFQ's technical criteria.

   We deny the protest.

   BACKGROUND

   Homeland Security Presidential Directive-12

   In an effort to enhance security, increase efficiency, reduce identity
   fraud, protect personal privacy, and deter terrorist threats, the
   President, on August 27, 2004, issued Homeland Security Presidential
   Directive-12 (HSPD-12), mandating the establishment of a standard for
   identification of federal employees and contractors. HSPD-12 requires the
   use of a common identification card for access to federally-controlled
   facilities and information systems.[1] RFQ amend. 4, at 6-7.

   Under HSPD-12, the National Institute of Standards and Technology (NIST)
   was tasked with producing a standard for a secure and reliable form of
   identification. In response, on February 25, 2005, NIST issued Federal
   Information Processing Standard Publication 201 (FIPS 201), Personal
   Identity Verification (PIV) of Federal Employees and Contractors. In order
   to assist agencies with implementing the FIPS 201 requirements, the Office
   of Management and Budget (OMB) established GSA as the "executive agency"
   for government-wide acquisition of the products and services necessary to
   implement the HSPD-12 mandate. As the executive agency, GSA is responsible
   for making available products and services that meet all applicable
   federal standards and requirements, to include FIPS 201, for acquisition
   by federal agencies.

   In order to achieve this end, and as directed by OMB, GSA has assumed
   various roles. Specifically, in conjunction with NIST, GSA identified 22
   categories of products/services which must comply with specific normative
   requirements contained in FIPS 201. In May 2006, GSA established a FIPS
   201 evaluation program to ensure that commercial products in the 22
   identified categories are FIPS 201 compliant. Under this program,
   laboratories test products and services under the 22 categories to ensure
   conformance with FIPS 201 standards. When a product/service is determined
   to be FIPS 201 compliant, GSA issues an approval letter, specifying the
   supplier, the Approved Products List (APL) category (e.g., PIV smart
   card), approved product name, and version/part number. Products/services
   receiving an approval letter under one of the 22 categories are publicly
   listed on what is known as the FIPS 201 APL. As it relates to this
   protest, "graphical personalization" and "electronic personalization"
   products and services are within the 22 categories of products and
   services which must be approved as compliant with the requirements of FIPS
   201.[2] Pursuant to OMB guidance, when agencies seek to acquire products
   or services within the 22 FIPS 201 categories, they can only acquire those
   products and services which have been approved by GSA--that is, those
   products and services listed on the APL. Approved products/services for
   the 22 categories are posted on the idmanagement.gov website.

   In addition, GSA has recognized that agencies may require the services of
   contractors which are outside the scope of the FIPS 201 evaluation
   program, as they seek to develop and implement their HSPD-12 systems. In
   this regard, GSA has established an "integration services qualification
   program" through GSA's Center for Smartcard Solutions, whereby GSA
   identifies vendors that are qualified to provide "integrated, bundled
   solutions, and contractor managed solutions." GSA Hearing Exh. 4, at 7.
   Under this program, GSA established qualification requirements in
   following five areas: (1) enrollment products and services; (2) systems
   infrastructure products and services; (3) card production products and
   services; (4) card finalization products and services; and (5) integration
   services (which included the following sub-categories "pure integration"
   services, "turn-key" solutions, and "contractor-managed services."[3] Id.
   at 11.

   As explained by GSA, qualification requirements under the five areas are
   evaluated under three criteria, "functional requirements," "experience
   requirements," and "security requirements." Id. at 12. Those firms meeting
   the qualification requirements receive a certificate specifying in which
   of the five areas the firm is qualified as a systems integrator. Vendors
   certified in all five areas are considered "end-to-end" integrators.

   GSA indicates that as a requirement for obtaining the systems integrator
   qualification certificate, all HSPD-12 systems integrators must expressly
   commit to delivering systems which incorporate approved products/services,
   i.e., those products/services listed on the APL. See GSA Hearing Exh. 4,
   at 13. In this regard, GSA states that the systems integrator
   qualification and certification process does not examine what GSA refers
   to as a firm's particular "bundled" solution to determine whether it is
   actually comprised of components from the APL. Rather, GSA qualifies
   integrators based on their commitment to deliver bundled systems comprised
   only of products from the APL. Id. As with FIPS 201 approved products and
   services, GSA maintains a list of vendors qualified to provide the above
   described services on the idmanagement.gov website.

   In order to further facilitate the ability of federal agencies to acquire
   FIPS 201 approved products/services and integration services from
   qualified firms, GSA established special item number (SIN) 132-62, under
   the GSA Schedule Information Technology (IT) 70, specifically for FIPS 201
   compliant products and qualified integrators.[4] Under Schedule 70, SIN
   132-62, GSA sought to make available to agencies the various products and
   types of services that they would need as they endeavored to implement the
   HSPD-12 mandate.

   Believing that some agencies may decide to buy FIPS 201 compliant products
   and services on an individual basis and attempt to develop and integrate
   their own HSPD-12 systems, GSA provided for vendors to list their approved
   FIPS 201 compliant products and services under SIN 132-62. As explained by
   GSA, in order for a vendor to list its FIPS 201 product or service under
   SIN 132-62, the item must first be approved and listed on the APL.

   Due to the tight timeline associated with implementing the HSPD-12
   mandate, however, GSA was encouraging agencies not to handle the HSPD-12
   mandate on their own, but rather to have qualified firms provide them with
   contractor-managed services for "end-to-end" systems. Hearing Transcript
   at 35-36. As a consequence, GSA also included the services of qualified
   integrators under SIN 132-62. According to GSA, as a prerequisite for a
   systems integrator to be listed on SIN 132-62, it had to demonstrate that
   it had obtained the applicable GSA systems integrator certification
   awarded by GSA's Center for SmartCard Solutions.

   In sum, as explained by GSA, it had established two parallel, yet distinct
   processes for firms to meet agencies' HSPD-12 needs. One process pertained
   to individual products/services falling under the 22 categories requiring
   FIPS 201 approval, which entailed testing the specific products/services
   for FIPS 201 compliance and listing approved products/services on the APL.
   As a predicate for vendors to have their products/services listed under
   SIN 132-62, GSA required vendors to demonstrate that the particular
   product or service was listed on the APL. GSA also identified a separate
   process for qualifying HSPD-12 systems integrators seeking to provide
   integrated HSPD-12 system solutions to federal agencies.

   RFQ No. TQ-PLB07-0002

   Consistent with its mission to assist federal agencies in their efforts to
   implement HSPD-12, on January 12, 2007, GSA issued the subject
   solicitation under IT Schedule 70, SIN 132-62, seeking proposals[5] from
   vendors for the issuance of a task order to provide a "shared service
   solution for an end-to-end" contractor-managed HSPD-12 system, that is, a
   bundled system capable of meeting the following core HSPD-12 system
   elements: (1) enrollment, (2) system infrastructure (identity management
   system, card management system), (3) card production and issuance, and (4)
   card activation. RFQ amend. 4, at 7. The selected vendor would "supply
   equipment, materials, and services" necessary to meet these core services
   requirements for various federal agencies endeavoring to meet the HSPD-12
   mandates. Id. The RFQ contemplated a base period of performance from the
   date of issuance of the order through September 30, 2007, and four 1-year
   option periods. The base period was composed of four "milestone" dates. As
   it relates to the protest, within Milestone 1, System Setup, GSA
   identified three sub-elements, 1A -- Initial Functionality (due 30 days
   after issuance of the order), 1B -- Updated Functionality (due 45 days
   after issuance of the order) and 1C -- Infrastructure Build Out (due 60
   days after issuance of the order). Within Milestone 1A, the vendor was
   required to demonstrate numerous requirements, and deliver "key
   documents." RFQ amend. 4, at 11.

   The RFQ contemplated selection of the vendor whose proposal represented
   the "best value" to the government considering price and the following
   non-price factors (listed in descending order of importance): (1)
   operational capability demonstration (OCD); (2) understanding of and
   capability to fully and timely perform technical requirements; (3) project
   management; and (4) past performance. In regard to the best value
   determination, the RFQ provided that the non-price factors were
   collectively more important than price. RFQ amend. 4, at 128.

   Under the RFQ, vendors were required to submit a technical and management
   proposal for the purpose of "identify[ing] how the contractor meets the
   requirements stated in th[e] solicitation." RFQ amend. 4, at 127. The RFQ
   further advised vendors that proposals "must address the requirements,
   provisions, terms and conditions, and clauses stated in all sections of
   this solicitation." RFQ amend. 4, at 128. In evaluating vendors'
   proposals, GSA sought to ensure that the vendor fully understood and was
   capable of performing the technical requirements contained in the RFQ,
   that it demonstrated this understanding, and that "the proposed solution
   is technically sound." RFQ amend. 4, at 130. The RFQ also indicated that
   GSA would evaluate vendors' proposals to ensure a full understanding of
   all project management requirements contained in the RFQ and evaluate
   vendors' past performance risk.

   The OCD, the most heavily weighted non-price evaluation factor, consisted
   of a "functional capability demonstration" of specific HSPD-12 system
   technical requirements contained in the RFQ. RFQ amend. 4, at 146. The
   specific functional requirements tested were called "use cases," which
   were individually identified in the RFQ.[6] Under the OCD factor, GSA
   identified two subfactors: (1) the results of the use case functional
   requirements demonstration, which were evaluated on a "demonstrated/not
   demonstrated" basis for the various use cases identified; and
   (2) observations regarding expected and desired results, efficiency of
   data entry, and flow of the system. RFQ amend. 4, at 148. Prior to
   conducting their demonstrations, each vendor was required to submit a
   "white paper" containing its proposed test plan, any assumptions, and
   documentation containing detailed system architecture, security
   architecture, and user interface specification. According to the RFQ, the
   test plan was not to be evaluated, but rather was to be used by GSA to
   prepare for the OCD evaluation. RFQ amend. 4, at 129.

   Vendors were advised that after evaluation of the non-price factors, GSA
   would request price proposals from those vendors whose non-price proposals
   were "rated highly acceptable technically." RFQ amend. 4, at 130.

   At the time GSA issued the RFQ, it had executed agreements with
   approximately

   40 agencies to obtain an end-to-end HSPD-12 solution under the
   contemplated task order. While these agreements had resulted in a
   requirement under the task order for the vendor to enroll and issue
   HSPD-12 compliant credentials to approximately 420,000 federal employees
   and contractors, GSA informed vendors that it also had an open offer for
   other agencies to employ the task order to meet their HSPD-12
   requirements. RFQ at 7. Given the undefined scope of the ultimate
   requirement, the RFQ required vendors to price their "end-to-end" service
   on the basis of a "seat" price, which was defined as "a single enrollment
   transaction per enrollee" or, as described by the contracting officer, "a
   single, active PIV account." RFQ amend. 4, at 8; Contracting Officer's
   (CO) Statement of Facts at 3.

   Vendors selected to submit price proposals were required to submit fixed
   prices for two "mandatory" contract line item numbers (CLIN), CLIN 1
   "Milestones 1, 2, and 3 Enrollment Seat Price," and CLIN 2, "Milestones 1,
   2, and 3 Monthly Maintenance Seat Price." RFQ amend. 4, at 132. Under CLIN
   1, a vendor was to submit its "seat price" for its bundled solution for
   enrolling federal employees and contractors in the PIV program. CLIN 2
   required a vendor to submit its "seat price" for maintaining the
   established, active identity accounts. In addition, the RFQ included more
   than 80 "additional optional CLINs," some of which were for
   separately-priced products and services (i.e., PIV activation stations or
   card sleeves). RFQ amend. 4, at 132. As a general matter, vendors were
   required to submit fixed prices on a per item basis for these CLINs.

   Regarding the mandatory CLINs, while the total number of seats that a
   vendor would have to provide was not defined, the RFQ specified that the
   minimum number of seats to be ordered under the task order would be
   10,000, and that the maximum number of seats that could be ordered over
   the life of the task order was limited to 1.5 million. RFQ amend. 4, at
   124. For the purpose of determining their seat prices, however, vendors
   were instructed to assume an order quantity of 420,000 seats. RFQ amend.
   4, at 8.

   Since this was an acquisition under the FSS program, the RFQ advised
   vendors as follows:

     All products and services must be available on SIN 132-62 and/or
     Schedule 70. If a product, service or labor category is not required to
     be on SIN 132-62, then it must be on Schedule 70. No other Schedules may
     be offered and open market items may not be proposed. All products and
     services must be on Schedules by the time Price Proposals are submitted.
     It is the responsibility of each contractor or team to ensure that all
     required HSPD-12 contract line items that constitute an end-to-end
     solution are priced on their Schedule 70 SIN 132-62. There will be no
     open market items permitted under this task order.

   RFQ amend. 4, at 131.

   In addition, GSA addressed numerous questions raised by vendors regarding
   the RFQ. As it relates to the protest, several questions concerned which
   products or services had to be listed on GSA's APL and when they had to be
   on the APL. In this regard, questions 45-47, which reference RFQ section
   6.1, HSPD-12 General Requirements, are particularly relevant. RFQ section
   6.1 read as follows:

     The system shall be designed with [commercial off-the-shelf (COTS)]
     products with a demonstrated track record wherever possible. Any COTS
     product shall be proven in at least 2 production deployments. For
     product categories requiring GSA approval, only products/services on the
     GSA FIPS 201 Approved Product List may be offered.

   RFQ amend. 4, at 19-20.

   Regarding section 6.1, vendor question number 45 raised the following
   question:

     Considering that several categories in the APL are abstract, that is,
     not specifically related to any specific equipment, such as Electronic
     Personalization, exactly what products used in the solution does GSA
     expect to be on the FIPS 201 APL? Do all products need to be on the APL
     at the time of proposal submission or may some products be undergoing
     the evaluation?

   RFQ mod. 4, at 6.

   Vendor question number 46 asked:

     The GSA APL continues to publish Updates to the Approval Procedures . .
     . . Will GSA consider and accept products that have been submitted and
     are in the process of approval?

   Id.

   GSA answered both questions with the following statement:

     GSA does not agree that categories on the APL are abstract. Electronic
     Personalization products/services represent core functionality for Card
     Management System (CMS) products/services. Products approved on the APL
     for this category are exclusively CMS products/services. GSA anticipates
     that the configuration of products for the end-to-end solution required
     by the solicitation will be provided at the OCD and, therefore, also at
     the time of proposal submission. All products in that configuration must
     be on the APL at the time of system certification and accreditation
     document submission in Milestone 1A. Items offered as CLINs must be
     available on SIN 132-62 and/or Schedule 70 at time of RFQ Price
     Submission. Items requiring GSA approval must be approved on the GSA
     Approved Products List (APL) by that time.

   Id.

   Also referencing section 6.1, vendor question 47 raised the following
   concerns:

     GSA approved companies as "End-to-End" solution providers to allow a
     migration path for solution providers while products are added to the
     list. To this date, there are still categories on the APL with no
     products listed. Additionally, many of the categories have only one or
     two products. It was stated last summer that if the vendor owned the
     equipment, the APL requirements did not apply. GSA states in this RFP
     that the vendor will own all the equipment. In light of this fact and
     that products are in the pipeline or still emerging on the APL, will GSA
     consider and accept products that have applications to the APL submitted
     prior to proposal submission? To meet the objective, GSA could still
     require those products to be listed on the APL prior to award. This
     would allow for the most robust and efficient solution to be provided
     for this important program.

   Id.

   GSA responded as follows:

     GSA's requirements are that system integrators offering contractor
     managed services do not need to have all products/services in their
     bundled solutions on the APL in order to be qualified as a managed
     service contractor. However, GSA clearly articulated that the system
     solution must be comprised of only GSA-approved products/services from
     the APL at time of delivery. This requirement was also provided in
     writing in the contractor managed service qualification requirements. In
     addition, see responses to questions 45 and 46.

   Id.

   On February 8, GSA issued RFQ Modification 5, incorporating the vendors'
   questions and GSA's answers under the RFQ.[7] Modification 5 also
   established an RFQ closing date of February 16, 2007, and provided that
   "all proposal submissions must be sent through the GSA Advantage e-Buy web
   site using its established systems procedures."[8] RFQ mod. 5.

   Proposal Submission

   On February 16, GSA received six proposals in response to the RFQ,
   including proposals from EDS and CLW, a small business which teamed with
   other firms and submitted a proposal as the American Sentinel Alliance PIV
   team. At the time CLW submitted its proposal, CLW did not hold a Schedule
   70 contract. While CLW was in the final stages of receiving its Schedule
   70 contract award, GSA did not award CLW its Schedule 70 contract until
   February 21, 5 days after proposals were due. Agency Report (AR), Tab Q,
   CLW Schedule 70 Contract Form 1449.

   The fact that CLW was not awarded a Schedule 70 contract until after the
   due date for proposals significantly affected CLW's ability to submit a
   proposal in response to the RFQ. Without a Schedule 70 contract, CLW was
   unable to access GSA's e-Buy system and without access to this system, CLW
   was unable to obtain modifications to the RFQ, which were posted
   exclusively through the e-Buy system. Moreover, CLW was unable to submit
   its proposal through e-Buy as mandated by the RFQ. As a consequence, when
   CLW submitted its proposal, it was not based on the final version of the
   RFQ and CLW did not use the e-Buy system; rather, CLW submitted its
   proposal directly to the contracting officer via e-mail as the RFQ had
   required prior to being amended. Notwithstanding CLW's failure to submit
   its proposal through the e-Buy system, the contracting officer determined
   that because "CLW had been working with the GSA Schedules [contracting
   officer] to get their company posted on the Schedules web site before the
   close of the RFQ, this company should be allowed [to] submit their
   offering and be evaluated." AR, Tab T, CO Statement of Facts Regarding
   Late Submission of Proposals, Feb. 22, 2007, at T0005.

   GSA's Evaluation of Vendors' Proposals

   After receipt of proposals, GSA scheduled the OCD with each vendor. EDS
   conducted its OCD on February 26. CLW attempted to conduct its OCD on
   March 9, but due to system difficulties, it was permitted a one-time
   24-hour reset in accordance with the ground rules of the OCD as
   established under the RFQ. CLW then completed its OCD the next day.
   Thereafter, GSA completed its evaluation of vendors' proposals under the
   technical factors and ranked them as follows:

   +------------------------------------------------------------------------+
   |Vendor|Factor 1 -| Factor 2 -  |Factor 3 --| Factor 4 - Past | Overall  |
   |      |   OCD    |Understanding| Project.  |   Performance   |  Rating  |
   |      |          |             |   Mgmt.   |                 |          |
   |------+----------+-------------+-----------+-----------------+----------|
   | EDS  |Excellent/|Good/Low Risk|Excellent/ |      Good       |Excellent/|
   |      | Low Risk |             | Low Risk  |                 | Low Risk |
   |------+----------+-------------+-----------+-----------------+----------|
   |  A   |Excellent/|Good/Low Risk| Good/Low  |      Good       |Good/ Low |
   |      | Low Risk |             |   Risk    |                 |   Risk   |
   |------+----------+-------------+-----------+-----------------+----------|
   |  B   | Good/Low |Good/Low Risk| Good/Low  |      Good       | Good/Low |
   |      |   Risk   |             |   Risk    |                 |   Risk   |
   |------+----------+-------------+-----------+-----------------+----------|
   |  C   | Average/ |Average/ Mod.| Good/Low  |      Good       | Average/ |
   |      |Mod. Risk |    Risk     |   Risk    |                 |Mod. Risk |
   |------+----------+-------------+-----------+-----------------+----------|
   |  D   | Average/ | Average/Low | Good/Low  |     Average     | Average/ |
   |      |Mod. Risk |    Risk     |   Risk    |                 |Mod. Risk |
   |------+----------+-------------+-----------+-----------------+----------|
   | CLW  |Poor/High |Average/High | Average/  |     Average     | Average/ |
   |      |   Risk   |    Risk     | Mod. Risk |                 |High Risk |
   +------------------------------------------------------------------------+

   AR, Tab H, CO Decision to Invite Price Proposals, at H0011.

   On April 5, the contracting officer decided to invite the three most
   highly rated vendors to submit price proposals. The contracting officer
   notified CLW that same day that it was not being considered further for
   selection. GSA ultimately issued the task order to EDS, the highest
   technically rated vendor, with the lowest evaluated price of $66,379,641.
   After learning of GSA's decision, CLW requested a debriefing. GSA provided
   CLW with a "post-award briefing" in which it detailed CLW's evaluated
   strengths and weaknesses under each of the non-price evaluation
   factors.[9] Thereafter, CLW filed this protest with our Office.

   DISCUSSION

   CLW raises two principal issues. First, CLW argues that EDS was not
   eligible for selection because its solution did not meet mandatory
   solicitation requirements. In this regard, CLW contends that when vendors
   submitted their technical solutions on February 16, the RFQ required that
   a vendor's end-to-end solution (CLINs 1 and 2) had to be composed of only
   approved products and services--that is, products and services listed on
   the APL. According to CLW, it was the only vendor with a system composed
   entirely of APL products and services. In support of this contention, CLW
   indicates that it was the only vendor utilizing Gemalto "graphical
   personalization" and "electronic personalization" products and services,
   which were the only such products and services listed on the APL. Second,
   CLW contends that GSA improperly evaluated its proposal under the
   solicitation's technical criteria. CLW takes issue with GSA's findings
   regarding its performance during the OCD, and concerns that CLW did not
   address other requirements in its proposal. Closely tied to this issue is
   CLW's contention that, because it did not have access to the e-Buy system,
   it did not obtain critical RFQ modifications, notwithstanding the fact
   that the contracting officer "promised" to provide CLW with the amendments
   and updates to the RFQ. Protest at 6 n.1.

   As an initial matter, GSA argues that CLW is not an interested party for
   the purpose of filing its protest.[10] Under our Bid Protest Regulations,
   a party will not be deemed to have the necessary economic interest to
   maintain a protest if it would not be in line for selection if its protest
   were sustained. See 4 C.F.R. sect. 21.0(a) (2007). GSA argues that the
   procurement was limited to Schedule 70, SIN 132-62 contract holders, that
   CLW did not hold a Schedule 70 contract as of February 16, the date
   "technical proposals" were due, and thus that CLW was not eligible to
   participate in the procurement.[11]

   In analyzing this issue, the record clearly reflects that CLW was not a
   Schedule 70 contract holder until after the date vendors were required to
   submit their technical proposals and, as a consequence, CLW was unable to
   submit its proposal through the e-Buy system as required by the RFQ. The
   record further reflects that while CLW did not use the e-Buy system to
   submit its technical proposal, GSA did in fact consider and evaluate CLW's
   submission.[12]

   We find implicit support for the agency's argument that CLW was not an
   interested by virtue of the fact that GSA required use of the e-Buy
   system, which was limited to schedule contract holders, for the purpose of
   soliciting and obtaining vendors' proposals. On the other hand, GSA's
   position is not supported by the express terms of the RFQ. In this regard,
   no version of the RFQ specified that a vendor had to be a Schedule 70
   contract holder at the time set for submission of technical proposals for
   the purpose of participating in the procurement. Rather, the final version
   of the RFQ simply stated that the "Contractor must be a schedule 70
   contract holder," without any indication of the time at which the vendor
   had to be a Schedule 70 contract holder. RFQ amend. 4, at 116. Moreover,
   statements in the RFQ indicating that "no open market items" (items not on
   Schedule 70, SIN 132-62) would be allowed on the task order do not
   establish that a vendor had to be a Schedule 70 contract holder in order
   to submit a technical proposal. RFQ amend. 4, at 132. GSA's argument in
   this regard is undermined by the fact that express language in the RFQ
   stated that vendors did not have to have any of their products and
   services on the schedule until "Price Proposals are submitted," which was
   after technical proposals were due. Id. Since a vendor did not have to
   have the items required under the RFQ on its Schedule 70, SIN 132-62
   contract until the submission of price proposals, it is not clear why a
   vendor would have had to have been a schedule 70 contract holder in order
   to submit a technical proposal.

   Given the conflicting indications on the record--i.e., the agency's use of
   the e-Buy system, contrasted with the absence of explicit language
   establishing the time at which a vendor had to be a Schedule 70 contract
   holder--we view the issue of CLW's interested party status as a close
   question. We need not resolve the issue, however, because, even assuming
   CLW is an interested party, we find that the underlying bases of protest
   are without merit.

   APL Compliance

   In challenging GSA's issuance of a task order to EDS, CLW maintains that
   EDS and other vendors in the competition failed to comply with the RFQ
   requirements by incorporating in their technical proposals "graphical
   personalization" and "electronic personalization" services that were not
   on GSA's APL at the time they submitted their technical proposals. More
   specifically, CLW maintains that at the time technical proposals were due,
   only one firm, Gemalto, had been approved by GSA and listed on the APL for
   the purpose of providing graphical personalization and electronic
   personalization services, and that none of the vendors (other than CLW)
   incorporated the Gemalto services as part of their bundled solutions.

   The crux of CLW's argument revolves around its interpretation of the RFQ
   as requiring vendors to incorporate in their end-to-end solutions, at the
   time technical proposals were due, only FIPS 201 approved graphical
   personalization and electronic personalization products and
   services--those listed on the APL. In support of this interpretation, CLW
   principally relies on section 6 of the RFQ, stating that "only
   products/services on the GSA FIPS 201 Approved Product List may be
   offered" as well as the statement in the RFQ that "[o]nly Graphical
   Personalization, Electronic Personalization (product), and/or Electronic
   Personalization (services), as appropriate, as approved on the GSA
   FIPS-201 Approved Product List (APL) may be offered." RFQ amend. 4, at 20,
   32.

   GSA, however, articulates a different interpretation of the RFQ. According
   to GSA, the RFQ established that FIPS 201 categories of services and
   products, which were necessarily part of a vendor's end-to-end solution
   (under CLINs 1 and 2) did not have to be on the APL at the time technical
   proposals were due; rather, they had to be on the APL by Milestone 1. This
   was in contrast to FIPS 201 category products or services identified as
   stand-alone items under an individual CLIN (not part of a vendor's
   end-to-end solution), which had to be on the APL at the time price
   proposals were due. Since graphical personalization and electronic
   personalization products and services were solely included within vendors'
   bundled end-to-end solutions under CLINs 1 and 2, these products and
   services only had to be listed on the APL by Milestone 1. As a
   consequence, failure to propose Gemalto for these products and services
   did not render EDS, or other vendors', proposals technically unacceptable.

   When an agency conducts a formal competition under the FSS program, we
   will review the agency's evaluation of vendor submissions to ensure that
   the evaluation was reasonable and consistent with the terms of the
   solicitation. SI Int'l, SEIT, Inc., B-297381.5; B-297381.6, July 19, 2006,
   2006 para. CPD 114 at 11; COMARK Fed. Sys.,B-278343; B-278343.2, Jan. 20,
   1998, 98-1 CPD para. 34 at 4-5. Where a protester and agency disagree over
   the meaning of solicitation language, we will resolve the matter by
   reading the solicitation as a whole and in a manner that reasonably gives
   effect to all its provisions. Solec Corp., B-299266, Mar. 5, 2007, 2007
   CPD para. 42 at 2. We will not read a provision restrictively where it is
   not clear from the solicitation that such a restrictive interpretation was
   intended by the agency. Id.

   Here, we conclude that CLW does not advance a reasonable interpretation of
   the solicitation. As noted above, CLW's interpretation of the RFQ is
   derived from section 6 of the RFQ providing that "only products/services
   on the GSA FIPS 201 Approved Product List [to include graphical
   personalization and electronic personalization] may be offered." RFQ
   amend. 4, at 20, 32. In analyzing this issue, we note that these
   statements, standing alone, may have introduced some ambiguity in the RFQ
   regarding the timing of APL compliance;[13] CLW's interpretation of the
   APL compliance requirement, however, does not withstand scrutiny when one
   reviews questions and answers 45-47, which subsequently were incorporated
   in the RFQ through modification 5, and directly speak to the question of
   the timing of APL compliance in an effort to clarify vendor confusion
   regarding this issue.[14]

   Specifically, in response to vendor question 45, which asked whether all
   products needed to be on the APL at the time of proposal submission or
   whether products could still be undergoing evaluation for the purpose of
   being listed on the APL, GSA explained that all products in a vendor's
   "end-to-end" solution "must be on the APL at the time of system
   certification and accreditation document submission in Milestone 1A,"
   which was well after the time for the submission of technical
   proposals.[15] RFQ, Mod. 4, at 6. GSA referenced this answer in responding
   to question 46, which expressly asked whether GSA would consider and
   accept products that were not on the APL but were in the process of
   undergoing the FIPS 201 evaluation and obtaining approval. Furthermore,
   consistent with its statement that the products and services incorporated
   in vendors' end-to-end solutions had to be on the APL at Milestone 1, in
   its answer to question 47, GSA explained that a vendor's bundled system
   solution "must be comprised of only GSA-approved products/services from
   the APL at the time of delivery." Id. Given that the vendors' questions
   specifically raised the question of timing of APL compliance, and GSA's
   responses indicated that, with regard to a vendor's end-to-end solution,
   all products must be on the APL at Milestone 1, CLW's contrary
   interpretation of the RFQ is not reasonable.

   Throughout this case there has been much discussion of whether GSA's
   interpretation of the solicitation is reasonable. Based on the record, we
   find that GSA's interpretation of the timing for APL compliance, as
   reflected in the questions and answers incorporated in the RFQ through
   modification 5, is reasonable in light of the underlying objectives and
   acquisition scheme GSA established as the executive agency for the
   government-wide acquisition of the products and services necessary to
   implement HSPD-12.

   As explained above, in implementing the HSPD-12 acquisition program, GSA
   developed a bifurcated approval process, differentiating between the
   approval of individual products and services falling within the 22
   categories of products and services requiring FIPS 201 compliance, and the
   acquisition of contractor-managed services for bundled, integrated HSPD-12
   solutions, which entailed a qualification process. These separate
   processes resulted in GSA's listing of individual products and services
   that were FIPS 201 compliant on the APL, as well as a separate listing of
   firms which were qualified to provide integration services. Depending on
   their approach to meeting the mandate, agencies could use either of these
   lists to aid in their efforts to obtain the products and services they
   needed to meet the HSPD-12 mandates.

   GSA then took the next step of establishing Schedule 70, SIN 132 in order
   to further facilitate the ability of agencies to acquire the various
   products and types of services needed to implement the HSPD-12 mandate. In
   establishing Schedule 70, SIN 132, GSA incorporated the bifurcated process
   in its procedures for listing products on Schedule 70, SIN 132-62. In this
   regard, there is no dispute that when a vendor sought to obtain a schedule
   contract for a product or service that required FIPS 201 compliance, the
   vendor had to demonstrate that its product or service was on the APL. As
   more fully discussed below, the record also reflects that when a vendor
   sought to list its services as a contractor-managed service provider of
   bundled HSPD-12 solutions, a vendor could be awarded a schedule contract,
   notwithstanding the fact that the components of its underlying bundled
   solution were not yet then on the APL.

   This bifurcated process is consistent with GSA's interpretation of the
   RFQ's requirements for the timing of APL compliance. In this regard, the
   RFQ contained CLINs for separately-priced products and services requiring
   FIPS 201 compliance, as well as CLINs for end-to-end integrated
   services--i.e., bundled solutions (principally CLINs 1 and 2). In
   addition, the RFQ also required vendors to have all their CLINs on
   Schedule 70, SIN 132-62 by the time price proposals were due. As explained
   above, in order for a vendor to list its FIPS 201 products and services on
   the schedule, they had to be on the APL. Not so, however, for bundled
   solutions, which merely required a vendor to obtain a certificate
   approving its solution; as also noted above, this process did not look
   behind the solution to determine whether it was comprised of component
   products and services from the APL. Rather, GSA relied on the vendor's
   commitment under its certification and under its schedule contract to only
   utilize APL products and services in its solution--thereby making APL
   listing for the vendor providing integrator services a matter of contract
   performance.

   As explained by GSA, the bifurcated scheme established under the schedule
   was reflected in the RFQ. For CLINs comprising a vendor's end-to-end
   solution, GSA did not look behind the solution to determine whether it was
   composed of products from the APL, but rather considered it to be a matter
   to be addressed during contract performance. This is consistent with GSA's
   responses to vendor questions 45-46 which stated that "GSA anticipates
   that the configuration of products for the end-to-end solution . . . must
   be on the APL . . . in Milestone 1A." RFQ, Mod. 4, at 6. Moreover, in
   response to question 47, GSA clearly indicated that a vendor's end-to-end
   solution "must be comprised of only GSA-approved products/services from
   the APL at the time of delivery." Id.

   CLW argues that GSA's position is based on a false factual premise--that a
   vendor did not have to have the components of its end-to-end solution on
   the APL in order to receive an integrator services contract under SIN
   132-62. According to CLW, in order to be listed on the schedule a vendor
   had to demonstrate that its bundled solution was composed entirely of
   products and services from the APL. Because APL compliance was a predicate
   for being listed on Schedule 70, SIN 132, and because the RFQ required
   vendors to have all their CLINs on schedule 70, SIN 132 prior to the
   submission of price proposals, CLW argues that the agency's interpretation
   of the RFQ as requiring APL compliance at Milestone 1 is inconsistent with
   the underlying structure of the Schedule 70 acquisition process and merely
   a post-hoc rationalization.[16] CLW maintains that this conclusion is
   confirmed by two letters (dated March 7 and March 15) it received from
   GSA, which required CLW to demonstrate that its end-to-end solution was
   composed entirely of products and services from the APL. We find that
   CLW's factual arguments in this regard are not supported by the record.

   First, testimony from GSA witnesses directly supports GSA's position that
   components of bundled solutions were not examined for APL compliance as
   part of the process of listing a certified integrator's contractor-managed
   bundled solution on Schedule 70, SIN 132. In this regard, GSA's director
   of Identity Policy and Management for the Office of Government-wide Policy
   testified as follows:

     GAO ATTORNEY: . . . [F]or a contractor to have a product listed under
     SIN 132-62, that product . . . would have to be an approved product
     before it is listed?

     THE WITNESS: Yes.

     GAO ATTORNEY: For sale under SIN 132-62?

     THE WITNESS: Correct.

     GAO ATTORNEY: Now, for an integrator under the integrator category to be
     listed on SIN 132-62, the integrator would have to meet qualification
     requirements?

     THE WITNESS: Correct.

     GAO ATTORNEY: And those requirements don't look at . . . the actual
     products that they would be using, necessarily?

     THE WITNESS: That's correct. We required as a qualification requirement
     that the integrators must commit to use approved product list products
     in their systems that are delivered in the qualification requirements
     which were published in June 2006. . . .

     GAO ATTORNEY: An integrator may be qualified, notwithstanding the fact
     that there might not be any products for them to use in providing
     integrated services to the government because . . . there are no
     products at that time on the APL?

     THE WITNESS: Right. So we were approving integrators as of that time
     based on their commitment to use only approved products on the approved
     products list for the systems that they deliver.

   Hearing Transcript, at 29-32.

   In support of this understanding, a GSA Schedule 70 contracting officer
   also testified that before she would award individually priced products
   under SIN 132-62, the vendor was required to confirm that the specific
   item was on the APL. The process for awarding integration services or
   bundled solutions, however, was different. "We do not look at each
   individual [component] because we are not the technical experts. . . . We
   would require a letter . . . indicating that they are qualified to provide
   . . . integration services, then that letter . . . will be sufficient for
   us . . . to place [the vendor's services] on Schedule 70 [SIN 132-62]."
   Hearing Transcript at 38-39. Moreover, GSA's Director of the Center for
   Smartcard Solutions submitted a declaration confirming that when he and
   his staff reviewed vendors' SIN 132-62 bundled solutions for the purpose
   of providing vendors and the Schedule 70 contracting office with the
   necessary "Certificate of Bundled Services Approval," the "[p]roducts and
   services incorporated in the bundled offerings were not required to be on
   the Approved Products List in order to be approved, nor did the review
   process include verifying whether the aforementioned products and services
   were on the Approved Products List." GSA's Post Hearing Comments, Exh. 1,
   Declaration of Director of the Center for Smartcard Solutions, July 9,
   2007

   In addition, GSA's position is consistent with its answer to a question
   posted on its FIPS 201 evaluation program website in which GSA explained
   that delivery is the critical time for APL compliance with respect to
   integrator provided end-to-end solutions. Specifically, the question
   asked, "If my offering is on the SINs, do I need to be on the NIST or GSA
   approved lists?" and GSA answered, "If you are offering products, the
   answer is yes. If you are offering integrated solutions, you must be
   qualified by GSA and you must commit to delivering only products which
   have been approved and appear on the Approved product List." EDS Hearing
   Exh., at 4.

   Second, CLW is misplaced in its reliance on the March 7 and March 15
   letters as definitive proof of GSA's requirement that vendors' end-to-end
   solutions had to be composed entirely of APL products and services before
   proposals were due. Setting aside the fact that neither letter was part of
   the RFQ or purported to alter the RFQ, the March 7 letter appears to
   merely serve as a reminder that under the RFQ, vendors' CLIN offerings
   must also be listed on their Schedule 70, SIN 132-62 contracts by the time
   price proposals were due. To the extent the letter also required vendors
   to submit "GSA Approval Letter[s] associated with each product/ service"
   that "support the offeror's proposed CLIN structure", this statement is
   ambiguous and can be reasonably read to require approval letters solely
   for those CLINs for individual items by the time price proposals were due,
   as opposed to CLINs comprising a vendor's end-to-end solution--consistent
   with GSA's interpretation of the RFQ. AR, Tab O, CLW Approval Letters, at
   O0037.

   Moreover, the March 15 letter does not appear to support CLW's
   contentions. Rather, this letter supports GSA's explanation of the
   distinction between the process for listing individual products and
   services on SIN 132-62, and the process for listing contractor-managed
   services, or bundled solutions. In the letter, GSA explains that in order
   for CLW to have its individual products and services listed on SIN 132,
   CLW had to demonstrate that they were on the APL. In addition, the letter
   explained that for "bundled solutions," CLW had to submit its certificate
   of approval from GSA's Center for Smartcard Solutions. Of significance,
   GSA did not, through this letter, require CLW to provide APL letters for
   each of the components comprising its bundled solution.

   CLW also argues that GSA's interpretation is contrary to OMB policy
   prohibiting agencies from acquiring products and services that are not on
   the APL since it results in a system whereby agencies can place orders for
   contractor-managed end-to-end solutions which are composed of products and
   services that are not FIPS 201 compliant. See OMB Memorandum,
   Implementation of Homeland Security Presidential Directive (HSPD) 12 --
   Policy for a Common Identification Standard for Federal Employees and
   Contractors, M-05-24, Aug. 5, 2005 (stating "all departments and agencies
   must acquire products and services that are approved to be compliant with
   the [FIPS-201] Standard and included on the approved products list"). As
   explained by GSA, however, under the RFQ, agencies did not actually
   "acquire" any products or services that are subject to the FIPS 201
   compliance requirement. Rather, the RFQ sought contractor-managed services
   (an end-to-end solution) whereby the vendor would supply a complete
   identity management system. In this regard, all elements of the system
   would be owned and operated by the selected vendor. Moreover, later-issued
   OMB guidance also explicitly drew the distinction between the acquisition
   of individual product items versus complete contractor managed services
   and provided that "vendors offering contractor managed services . . . must
   ensure that only approved products . . . are acquired and incorporated
   into delivered system solutions." OMB Memorandum, Acquisition of Products
   and Services for Implementation of HSPD-12, June 30, 2006. This language,
   which emphasizes delivery of the system, is consistent with GSA's
   interpretation that, with regard to contractor-managed systems, APL
   compliance was viewed as a matter to be addressed during Milestone 1 of
   contract performance.

   In conclusion, we find that CLW's interpretation of the RFQ as requiring
   APL compliance of all products and services comprising vendors' end-to-end
   solutions at time of proposal submission is not reasonably supported when
   the RFQ is read as whole and that GSA's less restrictive
   interpretation--that APL compliance for end-to-end components was a matter
   to determined during Milestone 1 of the task order--is reasonable.

   CLW's Technical Evaluation

   When an agency issues a solicitation under the FSS program, we will review
   the agency's evaluation of vendor submissions to ensure that the
   evaluation was reasonable and consistent with the terms of the
   solicitation. SI Int'l, SEIT, Inc., supra; COMARK Fed. Sys., supra. In
   this regard, a protester's mere disagreement with the agency's judgment or
   its belief that its quotation deserved a higher technical rating alone is
   not sufficient to establish that the agency acted unreasonably. Worldwide
   Language Res., Inc., B-297210 et al., Nov. 28, 2005, 2005 CPD para. 211 at
   3.

   CLW challenges GSA's evaluation of its proposal under each of the
   technical evaluation factors. We conclude that these challenges are
   unsupported and amount to little more than disagreement with GSA's
   evaluation. As an initial matter, we note that of the six vendors in the
   competition, CLW was ranked last. Under factor 1, the OCD, GSA rated CLW
   as "poor" and "high risk," finding that CLW failed to demonstrate 11
   sub-use cases required under the OCD. CLW asserts that it did in fact
   demonstrate 9 of the 11 sub-use cases, however, in its protest, it
   specifically addresses its demonstration of only three of the sub-use
   cases at issue and merely states it is "certain that the other sub uses
   were demonstrated." Supplemental Protest at 2. Moreover, to the extent CLW
   challenges GSA's additional findings that "[i]t was difficult to discern
   if all processes worked as single business process," its "demonstration
   seemed disconnected at times making it difficult to determine if the
   expected and desired results were met," "the RFQ requires . . . largely
   automated processes but [CLW's] solution required continuous manual
   intervention," and "the overall pervasiveness of problems throughout the
   demonstrations was indicative to the government that [CLW's] solution
   would require significant government oversight in order to meet the RFQ
   requirements," AR, Tab N, CLW Evaluation, at N0001-N0002, its arguments
   are simply unsupported or present little more than CLW's disagreement with
   the agency's evaluation. For example, CLW bases its challenge to GSA's
   determination that it did not demonstrate a "single business process" on
   the unsupported assertion that this conclusion was due to "an apparent
   misperception by an evaluator based on CLW's use of [DELETED]."
   Supplemental Protest at 2. As a consequence, we find that CLW's challenge
   to its evaluation in this regard does not provide a basis for sustaining
   its protest.

   CLW also challenges its evaluation under factor 2, understanding of and
   capability to perform technical requirements; factor 3, project
   management; and factor 4, past performance. In evaluating CLW's proposal
   under factor 2, GSA found no strengths and numerous weaknesses and rated
   CLW as "poor" under 3 of the 10 elements considered. Specifically, GSA
   rated CLW "poor" with regard to its "Understanding or Requirements and Use
   Cases," "Quality of Training Approach," and "Understanding of Help Desk
   Requirements and Ability to meet them." AR, Tab N, CLW Evaluation, at
   N0004. Specifically, GSA noted that CLW did not demonstrate an overall
   understanding of the technical requirements, finding that CLW failed to
   state that "a PKI SSP [Public Key Infrastructure Shared Service Provider]
   is a component of their solution as required by the RFQ," its "detailed
   descriptions of the functions and capabilities required for each component
   `station' are not in compliance with either the RFQ or FIPS 201," and its
   "detailed descriptions of the roles and responsibilities are not in
   compliance with either the RFQ or FIPS 201." Id. at N0005. In addition,
   GSA found that CLW did not address minimum solicitation requirements,
   specifically, "training for government role holders", "requirement to meet
   [Shareable Content Object Reference Model] compliance," "Section 508
   compliance," and "the requirement to implement an automated call
   distribution center," and that CLW failed to "provide details for
   providing a tiered approach to help desk services to manage level 1 and
   level 2 trouble calls," and did not "specifically address help desk
   support . . . as required." Id.

   Under the third factor, project management, GSA rated CLW's proposal as
   "average" with "moderate risk," noting one strength, and two principal
   weaknesses, specifically, that there was no work breakdown structure or
   description of how it planned to meet all the milestones and that CLW's
   project manager did not appear to have experience "related to projects of
   similar size and scope." AR, Tab N, CLW Evaluation, at N0007. In addition,
   GSA noted that because CLW's project manager had a current commitment to
   the Army War College, there was a moderate risk to the government relating
   to meeting Milestone 1A. Under the past performance factor, GSA found that
   several of CLW's projects were of "low relevance." AR, Tab N, CLW
   Evaluation, at N0008.

   In challenging its evaluation under the above factors, CLW addresses only
   a handful of the weaknesses assessed by GSA, and with regard to those few
   issues, its challenges are conclusory in nature and reflect mere
   disagreement with GSA's evaluation. By way of example, in challenging its
   past performance evaluation, CLW states that it "disagrees with the
   characterization and ratings assigned in the Past Performance area" and
   that its "projects are highly relevant and entitled CLW to a higher
   rating." Supplemental Protest at 3. We conclude that the record reasonably
   supports GSA's evaluation, and that CLW's allegations regarding GSA's
   evaluation do not provide a basis for sustaining CLW's protest.

   CLW further argues that many of the weaknesses attributed to its proposal
   under these factors were the direct result of its failure to receive
   Amendment 4 to the RFQ. For example, CLW indicates that its failure to
   address certain help desk support requirements was due to the fact that
   they were incorporated in Amendment 4 and GSA did not provide CLW with the
   amendment as the contracting officer had "promised" he would do. The
   record reflects, however, that the reason CLW did not obtain Amendment 4
   was entirely due to CLW's inability to access the e-Buy system, which was
   not the fault of GSA, but rather simply due to the fact that CLW was not a
   Schedule 70 vendor at the time Amendment 4 was issued.[17] Nor is there
   any support for CLW's assertion that the contracting officer "promised" to
   provide CLW with any changes or updates to the RFQ on an ongoing basis.
   Rather, the record reflects that in response to a request from CLW's
   subcontractor that it be included on the "distribution list" for
   solicitation materials, the contracting officer informed CLW's
   subcontractor that solicitation material would only be published through
   e-Buy, but agreed to provide copies of then-current solicitation
   documents. AR, Tab S, E-mail from Contracting Officer to CLW
   Subcontractor, Jan. 14, 2007, at S0001. We note that CLW made no timely
   objection to the agency's use of the e-Buy system to disseminate the RFQ
   and amendments, we think the agency's actions here were unobjectionable.

   The protest is denied.

   Gary L. Kepplinger
   General Counsel

   ------------------------

   [1] As it has developed, one feature of the contemplated common
   identification card is the inclusion of a biometric verification element,
   specifically, the incorporation of fingerprint verification.

   [2] These 22 categories relate to the following areas: PIV smart cards,
   smart card readers, fingerprint scanners, fingerprint capture stations,
   fingerprint template generation and matching equipment, facial image
   capture stations, card printing stations, and graphical and electronic
   personalization products and services.

   [3] A "turn-key" solution is characterized as one where the contractor
   transfers ownership of an integrated system to the government and the
   government operates the system. In contrast, under a contractor-managed
   system, the contractor retains ownership of all equipment and manages
   operation of the system for the government.

   [4] While OMB has established GSA as the HSPD-12 executive agency and
   other agencies are encouraged to acquire their HSPD-12 requirements
   through GSA, they are not required to do so. Thus, IT Schedule 70 SIN
   132-62 is not a mandatory source for agencies.

   [5] Although the solicitation is identified on its cover page as an RFQ,
   the term "proposal," as opposed to "quotation," repeatedly appears in,
   among other places, the solicitation's descriptions of the evaluation
   factors and selection scheme, as well as the parties' submissions. Given
   this, we refer to the firms' submissions as proposals in several instances
   for the sake of consistency, notwithstanding the fact that they are more
   properly referred to as quotations.

   [6] By way of example, one of the use cases identified for testing
   involved the "enrollment" function and specifically the ability of the
   vendor's system to support new enrollment and re-enrollment activities.

   [7] GSA issued Modification 5 as Amendment 4 to the RFQ.

   [8] Federal Acquisition Regulation (FAR) sect. 8.402(d) states that
   "'e-Buy,' GSA's electronic Request for Quotation (RFQ) system, is a part
   of a suite of on-line tools which complement GSA Advantage!. E-Buy allows
   ordering activities to post requirements, obtain quotes, and issue orders
   electronically."

   [9] While CLW had requested a "debriefing", GSA informed CLW that because
   the procurement was conducted under the procedures established by FAR Part
   8.4 as opposed to those under FAR Part 15, it was not required to provide
   CLW with a formal debriefing as described under FAR sections 15.505 and
   15.506. Rather, GSA was only required to provide CLW with "a brief
   explanation of the basis for the award decision." FAR sect. 8.405-2(d)

   [10] GSA also argued that CLW's protest challenging EDS's proposal as
   non-compliant is untimely since it should have raised this issue when it
   was eliminated from the competition. According to GSA, CLW should have
   known at that time that it was the only vendor with an end-to-end solution
   composed entirely of FIPS 201 products and services from the APL. We
   disagree, notwithstanding the existence of press reports indicating that
   EDS had been invited to submit its price proposal, GSA did not officially
   announce the names of the firms from which price proposals were requested.
   Moreover, according to CLW it only learned that EDS did not offer Gemalto
   products after GSA announced its selection. As a consequence, in our view,
   CLW did not have a sufficient basis of information to file its protest
   until it learned of GSA's selection of EDS.

   [11] GSA also argued that because CLW had the lowest ratings of all six
   vendors under the non-price factors it does not have a reasonable prospect
   of selection and therefore is not an interested party. This argument is
   without merit. In its protest CLW argues that it was the only vendor to
   submit an acceptable technical proposal. In addition, CLW challenges the
   results of GSA's underlying technical evaluation. If our Office were to
   sustain either aspect of CLW's protest, at a minimum, reopening the
   competition or reevaluating vendors' proposals would be appropriate. Since
   CLW would be in a position to either submit a revised proposal or possibly
   receive higher technical ratings, it has a sufficient economic interest to
   qualify as an interested party eligible to maintain a protest challenging
   the issuance of a task order to EDS.

   [12] GSA maintains that the contracting officer only considered CLW's
   technical proposal as a consequence of misleading statements made by CLW,
   which led the contracting officer to believe that CLW had an existing
   Schedule 70 contract at the time it submitted its technical proposal. CLW
   argues that the contracting officer knew its status when it submitted its
   technical proposal. Because, as discussed below, we need not resolve the
   question of CLW's interested party status, we likewise need not resolve
   this issue.

   [13] Implicit in CLW's reading of the cited RFQ provisions is its
   assumption that use of the term "offer" was coextensive with a vendor's
   submission of its technical proposal and that a vendor's technical
   proposal was its "offer" to the government. As an initial matter, we note
   that use of the term "offer" in the RFQ was inherently ambiguous since a
   vendor's submission in response to an RFQ is not technically an "offer"
   since it is not a submission for acceptance by the government to form a
   binding contract; rather, vendor submissions are purely informational.
   Computer Assocs. Int'l, Inc.--Recon., B-292077.6, May 5, 2004, 2004 CPD
   para. 110 at 3. Moreover, CLW's assumption is not consistent with the fact
   that the RFQ was structured as a two-step process with the initial
   submission of technical proposals followed by price proposals. Here, given
   the two-step proposal submission process, prior to submission of a price
   proposal there could not have been an actual "offer" for acceptance.

   [14] It is understandable that CLW based its interpretation of the RFQ
   solely on the language initially incorporated in the RFQ since, at the
   time CLW submitted its technical proposal, CLW was not aware of the
   questions and answers issued under modification 4 and later incorporated
   through modification 5. As previously explained, CLW did not have access
   to the e-Buy system and therefore never obtained modifications 4 or 5 to
   the RFQ and thus did not have the benefit of the questions and answers for
   the purpose of preparing and submitting its proposal.

   [15] While CLW argues that GSA's statement "merely confirms the
   prohibition in Section 6.1 that a contractor cannot substitute products in
   its written response after award," CLW's contention is not reasonable
   given the context of the answer, which was in response to a question
   regarding the timing of APL compliance, not product substitutions during
   performance of the task order. CLW's Post-hearing Comments at 8.

   [16] We also note that CLW's argument in this regard does not support its
   underlying interpretation of the RFQ as requiring APL compliance at the
   time technical proposals were due. Following CLW's logic, APL compliance
   was due by price proposal submission since the RFQ only required vendors
   to have their products and services on Schedule 70, SIN 132 by the time
   price proposals were due.

   [17] To the extent CLW asserts that its inability to access e-Buy was due
   to GSA's failure to award its Schedule 70 in a timely manner, its
   contentions are not supported by the record. The record demonstrates that
   the delay in awarding CLW's underlying schedule contract was the result of
   CLW's failure to provide the Schedule 70 contracting officer with
   requested information in a timely manner.