Guidehouse Inc.

DOCUMENT FOR PUBLIC RELEASE
The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release.

Decision

Matter of: Guidehouse Inc.

File: B-422147; B-422147.2

Date: January 25, 2024

DIGEST

Protest challenging the agency’s technical evaluation of quotations is denied where the record demonstrates that the evaluation was conducted reasonably and in accordance with the terms of the solicitation.

Guidehouse Inc. of McLean, Virginia, protests the issuance of a task order to Accenture Federal Services, LLC (Accenture) of Arlington, Virginia. The task order was issued by the Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), under request for quotations (RFQ) No. 70RCSJ23Q00000049, for cybersecurity risk reduction services. The protester challenges the agency’s evaluation of quotations.

We deny the protest.

Background

CISA is responsible for protecting and enhancing the resilience of physical and cyber infrastructure. Agency Report (AR), Tab 4a, Statement of Work (SOW) at 2. Within CISA’s cybersecurity division (CSD), vulnerability management subdivision (VM), the Insights branch (or simply, “Insights”) works to reduce vulnerability risk and attack surface exposure through continuous data analysis. Id. The instant procurement seeks a contractor to provide actionable, timely, relevant, and accurate data‑driven analysis and risk reduction guidance to the Insights branch. Id.

On July 14, 2023, CISA issued the RFQ to holders of the National Institutes of Health (NIH) Chief Information Officer Solutions and Partners 3 (CIO‑SP3) indefinite‑delivery, indefinite‑quantity (IDIQ) contract. AR, Tab 3, Initial RFQ at 1. The RFQ contemplated the issuance of a single fixed‑price and labor‑hour task order, with a 9‑month base period and four 1‑year option periods. Id. at 35; AR, Tab 4a, SOW at 35.

The task order would be issued using the procedures of Federal Acquisition Regulation (FAR) 16.505 to the vendor whose quotation represented the best value to the government. AR, Tab 5, RFQ Amend. 0002 at 37. Quotations would first be evaluated on a pass/fail basis under a facility clearance factor.[1] Id. at 38‑39. Quotations that passed the facility clearance factor would then be evaluated and rated under the following non‑price factors, listed here in descending order of importance: demonstrated corporate experience; technical approach; and management approach/key personnel.[2] Id. at 38. All non‑price factors when combined were considered significantly more important than price. Id. Quotations were due on August 14, 2023. AR, Tab 4, RFQ Amend. 0001 at 35.

The agency received six quotations in response to the RFQ. AR, Tab 13, Technical Evaluation Team (TET) Report at 2. All quotations satisfied an initial administrative documents and compliance review, and earned a rating of pass under the facility clearance factor.[3] Id. at 6. Therefore, all quotations were submitted to the TET for evaluation under the non‑price factors.

Under the non‑price factors, the TET assigned quotations overall confidence ratings. The ratings were based on elements of the quotation that either positively or negatively affected the TET’s level of confidence in the vendor’s likely successful performance of the contract. See e.g. id. at 101‑105 (discussing elements of Guidehouse’s demonstrated corporate experience volume). For example, under the demonstrated corporate experience factor, the TET found that elements of Guidehouse’s quotation increased the agency’s confidence in Guidehouse’s ability to successfully perform the contract, while others decreased its confidence, cumulating in an overall rating of high confidence. Id.

Following the TET’s evaluation of quotations, the contracting officer issued a best value recommendation to the source selection authority (SSA) which considered the results of the technical evaluation and price. AR, Tab 14, Recommendation Memorandum at 1, 7. The relevant evaluation results were as follows:

	Guidehouse	Accenture
Facility Clearance	Pass	Pass
Demonstrated Corporate Experience	High Confidence	High Confidence
Technical Approach	Medium Confidence	High Confidence
Management Approach & Key Personnel	Medium Confidence	High Confidence
Total Evaluated Price	$100,024,553	$100,706,093

 

Id. at 7. Based on the evaluation results shown above, the contracting officer recommended issuing the task order to Accenture, concluding that its quotation represented the best value to the government. Id. at 34.

The SSA concurred with the contracting officer’s recommendation. AR, Tab 15, Source Selection Decision Document (SSDD) at 1. In conducting the tradeoff analysis, the SSA determined that Accenture’s quotation offered significant technical advantages over Guidehouse’s quotation. Id. Further, the SSA found that the minimal price premium associated with Accenture’s quotation, as compared to the price of Guidehouse’s quotation, was justified, in part, because Accenture’s technical approach and management approach were superior. Id. at 6. Based on the assessment of all quotations, the SSA selected Accenture’s quotation as the best value to the government and the agency issued the task order to Accenture. Id. at 6‑7.

On September 30, Guidehouse received an unsuccessful vendor notice. AR, Tab 7, Unsuccessful Vendor Notice at 1. Guidehouse requested and received a debriefing, and was given the opportunity to ask additional questions. AR, Tab 9, Guidehouse Debriefing. On October 13, the agency responded to Guidehouse’s questions and closed the debriefing. AR, Tab 10, CISA Resp. to Questions. On October 18, Guidehouse filed this protest with our Office, challenging the agency’s selection of Accenture’s quotation for award.[4]

Discussion

Guidehouse challenges the agency’s technical evaluation in several ways. First, under the demonstrated corporate experience factor, Guidehouse challenges three elements of decreased confidence assessed to its quotation and argues that the evaluation was conducted in a disparate manner. Protest at 15‑18; Comments & Supp. Protest at 2‑11; Supp. Comments at 1‑6. Second, under the technical approach factor, Guidehouse challenges three elements of decreased confidence assessed to its quotation. Protest at 18‑22; Comments & Supp. Protest at 11‑17. Third, under the management approach and key personnel factor, Guidehouse challenges two elements of decreased confidence assessed to its quotation and argues that the agency failed to award it proper credit for exceeding the requirement for a key person position. Protest at 22‑24; Comments & Supp. Protest at 17‑22. The agency defends its evaluation as reasonable. As discussed below, we find no basis to sustain the protest.[5]

This is a task order competition conducted pursuant to FAR subpart 16.5. The evaluation of quotations is primarily a matter within the contracting agency’s discretion because the agency is responsible for defining its needs and the best method of accommodating them. CACI, Inc.-Federal, B‑420441.3, Nov. 5, 2022, 2022 CPD ¶ 278 at 6. In reviewing protests of the issuance of a task order, our Office will not reevaluate quotations; rather, we will examine the record to determine whether the evaluation and source selection decision were reasonable and consistent with the solicitation and applicable procurement law and regulation. STG, Inc., B‑411415, B‑411415.2, July 22, 2015, 2015 CPD ¶ 240 at 5. Disagreement with the agency’s judgment, without more, does not show that an agency acted unreasonably. Engility Corp., B‑413120.3 et al., Feb. 14, 2017, 2017 CPD ¶ 70 at 16.

It is a vendor’s responsibility to submit a well‑written quotation, with adequately detailed information clearly demonstrating compliance with the solicitation requirements allowing for a meaningful review by the procuring agency. CACI, Inc.-Federal, supra at 10. Agencies are not required to infer information from an inadequately detailed quotation, or to supply information that a vendor elected not to provide. Engility Corp., supra.

In reviewing an agency’s evaluation, we do not limit our consideration to the contemporaneous record, but instead consider all the information provided, including the parties’ arguments and explanations. NCI Info. Sys., Inc., B‑418977, Nov. 4, 2020, 2020 CPD ¶ 362 at 9 n.10. Although we generally give little weight to reevaluations and judgments prepared in the heat of litigation, see Boeing Sikorsky Aircraft Support, B‑277263.2, B‑277263.3, Sept. 29, 1997, 97‑2 CPD ¶ 91 at 5, post‑protest explanations that provide a detailed rationale for contemporaneous conclusions and simply fill in previously unrecorded details will generally be considered, so long as those explanations are credible and consistent with the contemporaneous record. Remington Arms Co., Inc., B‑297374, B‑297374.2, Jan.12, 2006, 2006 CPD ¶ 32 at 12.

Demonstrated Corporate Experience Factor

As noted above, Guidehouse challenges three elements of decreased confidence assessed to its quotation under the demonstrated corporate experience factor, and argues that the evaluation was conducted in a disparate manner. Protest at 15‑18; Comments & Supp. Protest at 2‑11; Supp. Comments at 1‑6. We deny these challenges.

Under the demonstrated corporate experience factor, the RFQ required vendors’ quotations to provide detail about up to four relevant and recent projects demonstrating the vendor’s capability to perform work outlined in identified task areas. RFQ Amend. 0002 at 39. Quotations were to demonstrate required capabilities via a written narrative on each project. Id. Narratives were limited to two pages per project. Id. at 40. CISA would evaluate quotations “to assess the extent to which the [vendor] has demonstrated relevant experience specific to the tasks in SOW [subparts] 2.1 – 2.6.” Id.

Guidehouse’s quotation earned a rating of high confidence under the demonstrated corporate experience factor.[6] AR, Tab 13, TET Report at 101. However, the TET noted that Guidehouse’s second and fourth project examples contained elements of decreased confidence relevant to SOW subpart 2.4.[7] Id. As discussed in more detail below, the TET found that Guidehouse’s quotation did not sufficiently demonstrate certain capabilities associated with the SOW’s vulnerability mitigation planning task. Notwithstanding the elements of decreased confidence, the TET found that overall, Guidehouse “provided strong examples with clear connections between [its] demonstrated corporate experience and [its] ability to perform the SOW task requirements[.]” Id.

These findings of decreased confidence ultimately proved to be significant in the agency’s selection decision. In selecting Accenture’s quotation as the best value, the SSA noted that Guidehouse and Accenture each earned ratings of high confidence under the demonstrated corporate experience factor. AR, Tab 15, SSDD at 3. However, the SSA determined that the elements of decreased confidence associated with Guidehouse’s quotation resulted in Guidehouse’s quotation being considered “lower-rated behind Accenture” under demonstrated corporate experience. Id. Ultimately, the SSA determined that Accenture’s quotation offered “significant advantages under all three factors” which resulted in Accenture’s quotation being considered technically superior to Guidehouse’s quotation and supported the decision to pay the price premium for Accenture’s quotation. Id. at 6.

Elements of Decreased Confidence

Guidehouse challenges the agency’s evaluation of its quotation for two primary reasons. Protest at 15‑18; Comments & Supp. Protest at 5‑11. First, Guidehouse argues that its quotation sufficiently demonstrated the required capabilities and the evaluators ignored relevant information in its quotation. Comments & Supp. Protest at 6. Second, Guidehouse argues that one of the elements of decreased confidence was based on an unstated evaluation criterion. Id. The agency argues that these challenges amount to disagreement with its evaluation conclusions and do not provide a basis to sustain to protest. Memorandum of Law (MOL) at 14‑16.

Below, we first address the element of decreased confidence associated with Guidehouse’s second project example. We then discuss the two elements of decreased confidence associated with Guidehouse’s fourth project example. As discussed below, we find no basis to sustain the protest.

As noted above, under the demonstrated corporate experience factor, vendors were required to detail “relevant and recent” projects. RFQ Amend. 0002 at 39. A relevant project was defined as “being of similar scope to the task areas in the SOW.” Id. at 40. The three elements of decreased confidence assessed to Guidehouse’s quotation related to Guidehouse’s experience with the vulnerability mitigation planning task as outlined in the solicitation’s SOW. AR, Tab 13, TET Report at 103‑105.

The vulnerability mitigation planning task was “focused on providing tailored mitigation strategies and improvement[] plans, for vulnerabilities identified through CISA authorities and cyber security assessment services and to identify, acquire, and verify data requirements to achieve Insights’ analysis and analytic functions.” AR, Tab 4a, SOW at 16. The vulnerability mitigation planning task contained six sections, with some of those sections consisting of subsections. See AR, Tab 4a, SOW at 16‑18. For example, the first section (SOW section 2.4.1) consisted of three subsections (SOW subsections 2.4.1.1 through 2.4.1.3), whereas the second section (SOW section 2.4.2) did not have any subsections. Id. at 16‑17.

Guidehouse submitted four project examples under the demonstrated corporate experience factor. AR, Tab 11b, Guidehouse Volume 2 Quotation at 1‑8. Of relevance here, Guidehouse’s second project example detailed work performed for CISA’s Federal Network Resilience (FNR) division. Id. at 3‑4. Addressing the vulnerability mitigation planning task, Guidehouse’s description of its FNR project read as follows:

Guidehouse experts in vulnerability detection and mitigations enabled agencies to patch or mitigate identified vulnerabilities reducing opportunities for threat actor exploitation. Guidehouse oversaw the development and execution of four [binding operational directives (BODs)] and two Emergency Directives (ED), requiring entities to remediate cyber risks and threats. Guidehouse brought timely attention to pressing threats on Federal systems, while enabling agencies to swiftly patch vulnerabilities. Our support enabled CISA to assist agencies in addressing challenges to the implementation of directive requirements and increase stakeholder trust. Guidehouse also supported the [Operational Collaboration Partnerships Branch (OCPB)] by facilitating engagements with Federal stakeholders through [deleted] to provide agency‑specific critical vulnerability notifications and corresponding mitigation strategies across the [federal civilian executive branch (FCEB)] enterprise.

AR, Tab 11b, Guidehouse Volume 2 Quotation at 4 (emphasis omitted).

In evaluating the FNR project under the vulnerability mitigation planning task, the TET found an element of decreased confidence because Guidehouse did not adequately demonstrate experience with the non‑policy compliance work required under the SOW. AR, Tab 13, TET Report at 103. More specifically, the element of decreased confidence read in relevant part:

[The Vendor] described prior experience of their support that enabled CISA to assist agencies in addressing challenges to the implementation of directive requirements and increase stakeholder trust. The experience the [vendor] presented solely focused on policy compliance which does not align with the requirements of SOW 2.4. These elements decreased the TET’s confidence level as the quotation lacked specificity to demonstrate the [vendor’s] capability to perform the non‑policy compliance work such as performing analysis to determine the security posture of stakeholders’ operational cyber security environment and provide CISA with tools (process focused) and services to mitigate current and future vulnerabilities.

Id. (citing AR, Tab 11b, Guidehouse Volume 2 Quotation at 4).

Guidehouse challenges this element of decreased confidence. Protest at 16; Comments & Supp. Protest at 6-8. According to the protester, its discussion of developing BODs and EDs was relevant to the requirement to “provide tailored mitigation strategies and improvement plans.” Protest at 16. In this regard, Guidehouse claims that the “subject areas of the BODs and EDs directly related to identified vulnerabilities on Federal civilian systems and thus mitigation for Insights.” Id. Further, Guidehouse asserts that its quotation sufficiently detailed work with stakeholders “to develop the appropriate mitigation strategy and track progress towards completion” and also sufficiently explained how its work “enabled CISA to assist agencies in addressing challenges to the implementation of directive requirements” and to “increase stakeholder trust.” Id. As argued by Guidehouse, the agency’s evaluation overlooked its experience with “specific BODs and EDs that related to identified vulnerabilities and implicated mitigation strategies” which demonstrated “ample evidence” of its capabilities to perform the vulnerability mitigation planning task. Comments & Supp. Protest at 7.

The agency disagrees. According to CISA, this challenge amounts to disagreement with a reasonable evaluation. MOL at 15. In this regard, CISA maintains that Guidehouse’s FNR project did not sufficiently address required capabilities and the TET reasonably noted that Guidehouse’s lack of specificity decreased their confidence. Id. at 14‑16.

As additional context and support, the contracting officer explains that BODs and EDs identify policy requirements for the federal civilian executive branch (FCEB) and enable CISA to assist agencies in addressing challenges to the implementation of directive requirements. Contracting Officer’s Statement (COS) at 7. Per the contracting officer, BODs and EDs are policy requirements, and overseeing the BOD and ED process does not indicate that Guidehouse can support the vulnerability mitigation task as outlined in SOW subpart 2.4, as it also required non‑policy compliance work. Id. at 7‑8.

On this record, we find no basis to disturb the assessed element of decreased confidence. The agency’s evaluation was reasonably based on the terms of the solicitation and the contents of Guidehouse’s quotation.

In this regard, the RFQ explained that quotations would be evaluated by considering the project narratives against the requirements of the SOW. RFQ Amend. 0002 at 39‑40. The SOW’s vulnerability mitigation planning task required experience performing a “Root Cause and Risk Prioritization Analysis to determine the security posture of stakeholders’ operational cyber security environment” and providing CISA “with tools [] and services to mitigate current and/or future vulnerabilities.” AR, Tab 4a, SOW at 17 (SOW subsection 2.4.1.3). To satisfy this task, Guidehouse described experience developing and executing BODs and EDs, which as discussed by the contracting officer, are policy requirements.[8] AR, Tab 11b, Guidehouse Volume 2 Quotation at 4.

In evaluating the information from Guidehouse about its FNR project, the TET found that it did not demonstrate the capability to perform “non‑policy compliance work” because the quotation “lacked specificity” regarding SOW subsection 2.4.1.3 involving “analysis to determine the security posture of stakeholders’ operational cyber security environment” and providing CISA “with tools [] and services to mitigate current and/or future vulnerabilities.” AR, Tab 13 TET Report at 103. Based on our review of the record, we have no basis to question the reasonableness of the agency’s conclusion that Guidehouse’s quotation lacked details related to the required non‑policy compliance work. See AR, Tab 11b, Guidehouse Volume 2 Quotation at 4. The requirement involved both policy and non‑policy compliance work, and Guidehouse’s narrative focused on the policy side while neglecting the non‑policy compliance side. For example, although Guidehouse points to its work overseeing BOD and ED processes, the quotation did not specifically address how BODs and EDs demonstrate experience providing analysis to determine security postures or providing CISA with tools and services to mitigate vulnerabilities. See id. CISA was under no obligation to infer information from Guidehouse’s quotation. Engility Corp., supra. This challenge amounts to disagreement with the agency’s evaluation conclusions. Accordingly, it is denied. STG, Inc., supra at 8.

Next, Guidehouse challenges two elements of decreased confidence assessed to its quotation related to its fourth project example, which detailed work performed for the Department of Justice (DOJ). See AR, Tab 11b, Guidehouse Volume 2 Quotation at 7‑8 (description of the DOJ project). Relevant here, Guidehouse’s quotation stated:

Guidehouse managed all operational aspects of DOJ’s Enterprise Scanning Services, which hosts DOJ’s cybersecurity applications [] for scanning, monitoring, and managing their assets on an infrastructure ingesting [] data daily. Guidehouse conducted vulnerability scanning for the network and the operating system, database, and application levels. The scanning tools are frequently reviewed to evaluate specification and costs to assist in recommending best vulnerability projects. These services provided critical operational support in managing the [] end points of the Department. Additionally, as part of our broader support to the Front Office, Guidehouse managed the compliance, reporting, and communications for all DHS CISA EDs, requiring swift communication of highly technical vulnerability mitigations across [] Components.

Id. at 8 (emphasis omitted).

In evaluating the DOJ project under the vulnerability mitigation planning task, the TET found an element of decreased confidence because the project lacked enough specificity to demonstrate the required experience. More specifically, the element of decreased confidence read:

[T]he experience the [vendor] presented focused on policy compliance and lacked the specificity to demonstrate the [vendor’s] capability to perform tasks within SOW 2.4, such as identifying gaps in risk reduction mitigation strategies, targeting both internal CISA [cybersecurity division (CSD)] and external [] stakeholders and developing tailored post‑assessment mitigation plans . . . and services to the federal task leads standard in order to maximize “return on mitigation” and reduce the probability and impact of cybersecurity risks[.]

AR, Tab 13, TET Report at 104‑105.

Guidehouse challenges this element of decreased confidence, arguing that the TET applied an unstated evaluation criterion. Protest at 16‑17; Comments & Supp. Protest at 8‑11. In this regard, the protester characterizes the TET’s concern to be whether Guidehouse had specific experience working with CISA CSD but argues that “working with CISA [] was not part of the Solicitation’s requirements.” Protest at 17.

The agency disagrees. The agency explains that the evaluation finding was not about Guidehouse’s supposed lack of CISA-specific information; rather, it was about the firm’s failure to sufficiently address a stated requirement. MOL at 18. CISA explains that the element of decreased confidence was related to the vulnerability mitigation planning task; specifically, SOW subsection 2.4.1.1 which states: “Contribute to reports, and identify gaps in risk reduction mitigation strategies, targeting both internal CISA CSD and external [] stakeholders.” MOL at 18 (citing AR, Tab 4a, SOW at 16). The agency argues that this element of decreased confidence is not the product of an unstated evaluation criterion because it is based on express language from the SOW. Id.; COS at 9 (“This criterion is explicitly mentioned in SOW [sub]section 2.4.1.1”).

We find this element of decreased confidence reasonable and consistent with the terms of the solicitation. As highlighted by the agency, the TET’s concern was not about whether Guidehouse had specific experience working with CISA CSD; rather it was tied to express language in the SOW requiring experience demonstrating the capability to contribute to reports and identify gaps in risk reduction mitigation strategies relevant to CISA CSD stakeholders. See AR, Tab 4a SOW at 16; RFQ Amend. 0002 at 39. Thus, instead of applying an unstated criterion, the TET applied express language from the SOW in its evaluation of Guidehouse’s quotation, as required by the terms of the RFQ. RFQ Amend. 0002 at 40. To the extent Guidehouse argues its quotation sufficiently addressed this stated requirement, we find that such a challenge amounts to disagreement with the agency’s judgment, which, without more, is not a basis to sustain the protest. STG, Inc., supra at 8. Accordingly, this protest ground is denied.

Next, Guidehouse challenges the second element of decreased confidence assessed to its quotation related to the DOJ project. That element of decreased confidence read:

The [vendor] described prior experience in conducting vulnerability scanning for the network and operating system, database, and application levels. Further, the [vendor] cited that scanning tools are frequently reviewed to evaluate specification and costs to assist in recommending best vulnerability products. The [vendor] experience focused on cost of a vulnerability project, which does not align with the stated requirements within SOW 2.4. These elements decreased the TET’s confidence as the provided experience lacked the specificity to demonstrate the [vendor’s] capability to perform the work required, such as providing technical mitigation advice for vulnerabilities, including responses to requests [] for mitigation advice content to use in response to new vulnerability events or incidents[.]

AR, Tab 13, TET Report at 105.

Guidehouse levies a two‑pronged challenge to this element of decreased confidence. First, the protester argues that its project narrative provided enough detail and that the TET’s criticism about a lack of specificity ignored relevant language from its quotation. Protest at 18; Comments & Supp. Protest at 10. Second, Guidehouse argues that the TET’s concern about a focus “on cost of a vulnerability project” was unreasonable. Protest at 18; Comments & Supp. Protest at 9‑10. We address these prongs in turn.

First, regarding the lack of specificity, Guidehouse asserts that it sufficiently explained its experience providing technical mitigation advice by stating that it had “conducted vulnerability scanning for the network and the operating systems, database, and application levels[.]” Protest at 18; Comments & Supp. Protest at 10. Additionally, Guidehouse contends that it sufficiently explained its experience responding to requests for mitigation advice content by stating that it had “managed the compliance, reporting, and communications for all DHS CISA [EDs], requiring swift communication of highly technical vulnerability mitigations[.]” Id.

The agency argues that its evaluation was reasonable. MOL at 19-21; COS at 10. CISA maintains that the TET reasonably found a lack of specificity in the DOJ project narrative regarding the firm’s capability to perform certain required work. MOL at 20. More specifically, the agency argues that Guidehouse failed to sufficiently detail the experience required by SOW subsection 2.4.3.2 to demonstrate “technical mitigation advice for vulnerabilities, including responding to requests from VM and CISA for mitigation advice content[.]” Id. (citing AR, Tab 4a, SOW at 17). The contracting officer explains that Guidehouse’s focus on “compliance, reporting, and communications” did not sufficiently address the requirement to provide technical mitigation advice. COS at 10.

On this record, we find no reason to disturb this evaluation finding. The TET’s critique of the DOJ project was reasonably grounded in the terms of the solicitation and based on the contents of Guidehouse’s quotation. In this regard, the SOW required experience with providing technical mitigation advice and responding to requests for mitigation advice content. AR, Tab 4a, SOW at 17. While Guidehouse challenges the evaluation finding that its quotation did not adequately demonstrate this experience by pointing to direct quotes from its quotation, it fails to explain how the quoted language demonstrates the required experience or otherwise provides the detail that the agency contends is lacking. See Protest at 18; Comments & Supp. Protest at 10. CISA was under no obligation to infer information not explained or stated in Guidehouse’s quotation. Engility Corp., supra. Therefore, this prong of the challenge is denied.

As for the second prong of this challenge, Guidehouse argues that the TET’s concern about a focus “on cost of a vulnerability project” was unreasonable. Protest at 18. According to the protester, the SOW “contemplated an evaluation of vulnerability products’ cost” in SOW section 2.4.4, which involved “quantitative custom market research[.]”[9] Protest at 18. Guidehouse recognizes that the SOW did “not specifically reference cost,” but suggests that cost was “necessarily implicated by the SOW’s focus on market research and importing products and services[.]” Comments & Supp. Protest at 10. Guidehouse claims that its “approach to an experience with providing cost‑effective, reliable vulnerability products is directly relevant to the overall SOW task of vulnerability mitigation[,]” and that the assessed element of decreased confidence was unreasonable. Id. at 9‑10.

This argument is a red herring. Here, the protester contends that focusing on cost was reasonably contemplated by SOW section 2.4.4.[10] Protest at 18. However, the TET’s concern was not just with the protester’s focus on cost but also involved SOW subsection 2.4.3.2‑‑a different area of the SOW. AR, Tab 13, TET Report at 105. That subsection required experience providing “technical mitigation advice” to include responding to requests from VM and CISA for “mitigation advice content to use in response to new vulnerability events or incidents.” AR, Tab 4a, SOW at 17. In light of this requirement, the agency found that Guidehouse’s provided experience “lacked the specificity to demonstrate the [vendor’s] capability to perform the work required, such as providing technical mitigation advice for vulnerabilities, including responding to requests from VM and CISA for mitigation advice content to use in response to new vulnerability events or incidents.” AR, Tab 13, TET Report at 105.

As explained above, the TET raised a reasonable concern about the failure of the DOJ project to demonstrate Guidehouse’s experience providing technical mitigation advice and responding to requests for mitigation advice content. As also explained above, the agency’s evaluation was consistent with the SOW, which required firms to demonstrate this capability. AR, Tab 4a, SOW at 17. The TET found that Guidehouse’s quotation missed the mark because it both focused on the costs of vulnerability projects and also the experience as described did not align with the stated requirements of providing technical mitigation advice and giving responses to requests for mitigation advice content. AR, Tab 13, TET Report at 105. The protester has not provided a sufficient explanation as to how its quotation met the relevant requirement. On this record, we have no basis to disturb the evaluation. Accordingly, we deny the protest ground.

Disparate Treatment

In a supplemental protest, Guidehouse argues that CISA evaluated quotations in a disparate manner. Comments & Supp. Protest at 2‑5; Supp. Comments at 1‑6. We have reviewed these challenges and find no basis to sustain the protest. Below, we discuss a representative example.

Guidehouse contends that the agency unfairly credited Accenture’s quotation with increased confidence findings based on Accenture’s experience with innovative approaches and analysis. According to Guidehouse, the basis for the agency’s findings were indistinguishable from aspects of Guidehouse’s quotation, yet the agency did not give Guidehouse’s quotation similar credit. Supp. Comments at 1‑4.

It is a fundamental principle of government procurement that agencies must treat vendors equally, which means, among other things, that they must evaluate quotations in an even‑handed manner. Sigmatech, Inc., B‑419565 et al., May 7, 2021, 2021 CPD ¶ 241 at 8. Where a protester alleges unequal treatment in a technical evaluation, we will review the record to determine whether the differences in evaluation results reasonably stem from differences in the quotations. Octo Consulting Grp., Inc., B‑421182, B‑421182.2, Jan. 17, 2023, 2023 CPD ¶ 27 at 9. To prevail on such a protest ground, a protester must show that the differences in results did not stem from differences between the vendors’ quotations. Sigmatech, Inc., supra at 20. As explained below, we deny these challenges because Guidehouse has not made the requisite showing that the agency treated similar aspects of the two quotations differently.

Guidehouse takes issue with an element of increased confidence credited to Accenture’s quotation which reads, in relevant part:

The [vendor] provided relevant experience in providing innovative approaches (e.g., data mining, [machine learning (ML)] predictive modeling); and use Base [statistical analysis software (SAS)], SAS Stat, and Python to enhance data models which identified [deleted] suspected vendors responsible for [deleted] suspicious procurements. The [vendor] provided evidence that they have experience in developing the [deleted] and [deleted], which automated the identification of [deleted] export violations, [deleted] leads of foreign access, and [deleted] leads of virtual private network (VPN) use. These elements provided in the quotation increased the TET’s confidence in the [vendor’s] capability to generate predictive analysis via [ML] as the [vendor] was able to identify data anomalies (suspicious procurement activities) using advanced analytic techniques.

AR, Tab 13, TET Report at 9 (citing AR, Tab 12, Accenture Volume 2 Quotation at 3‑4). According to Guidehouse, its quotation described “indistinguishable experience” with regard to ML capabilities, scripting languages, and using Python, but was not credited with increasing the TET’s confidence in the same way as Accenture’s quotation. Comments & Supp. Protest at 3; Supp. Comments at 2.

In short, the agency argues that while similar terms‑‑such as ML, scripting languages, and Python‑‑appear in both quotations, the context surrounding those terms demonstrates that Guidehouse and Accenture described substantively different experience warranting different evaluation results. Supp. MOL at 8‑9. As additional context and support, the contracting officer explains that while Guidehouse’s quotation met the requirement, Accenture’s quotation earned increased confidence by including “specific quantitative outcomes of [its] innovative approaches and models” as well as including information on the results and successes of its experience. Supp. COS at 5.

Based on our review of the record, we find no basis to conclude that the vendors were treated unequally here. The record demonstrates that both vendors described experience with ML capabilities, scripting languages, and Python, but the described experiences were substantively different.

For example, Accenture’s quotation stated that it “developed and integrated [deleted],” and explained [deleted], [it] integrate[d] [deleted] data and [deleted] data [deleted][,] appl[ied] innovative approaches (e.g., data mining, ML, predictive modeling)[,] and use[d] Base SAS, SAS Stat, and Python to enhance models.” AR, Tab 12, Accenture Volume 2 Quotation at 3. As the agency noted, Accenture’s quotation also provided the quantitative results of its [deleted] solution such as identifying [deleted] suspected vendors responsible for [deleted] suspicious procurements. Id. In contrast, Guidehouse’s quotation discussed experience constructing “automated processes to streamline statistics reporting of the vulnerability landscape using Python scripts, reducing time to complete from [deleted] to [deleted][,]” and experience recommending and implementing functions “that optimized analytical performance, ML capabilities, scalability, and cloud compute processes.” AR, Tab 11b, Guidehouse Volume 2 Quotation at 1. Put simply, these experiences, as described in each vendor’s respective quotation, are different.

On this record, we find that the agency reasonably concluded Accenture’s experience‑‑which included a description of its [deleted] solution and listed specific quantitative outcomes, results, and successes‑‑provided the agency with increased confidence, while Guidehouse’s experience met the requirement but did not provide increased confidence. We therefore do not find that the agency disparately evaluated quotations with respect to this issue. Accordingly, the protest ground is denied. Sigmatech, Inc., supra at 20.

Technical Approach Factor

Guidehouse challenges three elements of decreased confidence assessed to its quotation under the technical approach factor. Protest at 18‑22; Comments & Supp. Protest at 11‑17. We have reviewed these challenges and find that none provide a basis to sustain the protest. Below, we discuss a representative sample.

Under the technical approach factor, the RFQ required vendors to discuss their technical approach, their understanding of the requirements, and how they would meet the specific requirements of SOW subparts 2.1 thorough 2.6. RFQ Amend. 0002 at 40. The RFQ also required vendors to address their ability to provide:

A sound, effective and comprehensive technical approach to meeting, integrating, and accomplishing the objectives, conditions, and requirements of each Task Area that encompasses all task requirements of the SOW.

Id. at 41. In short, the RFQ stated that quotations would be evaluated based on the requirement described above and would be rated on a scale of high confidence, medium confidence, or low confidence. Id. at 43‑44.

Under the technical approach factor, Guidehouse’s quotation earned a rating of medium confidence based, in part, on three elements of decreased confidence.[11] AR, Tab 13, TET Report at 105‑116. As relevant to this discussion, the first of the three elements of decreased confidence related to SOW section 2.1.1, which required the following:

The Contractor shall provide program and product management that includes program management documentation and conduct program management activities across all Insights Sections in coordination with Insights’ Program and Product Management federal staff. Documentation and activities shall include agile project management approaches that deliver business value.

AR, Tab 4a, SOW at 4. In assessing the element of decreased confidence associated with SOW section 2.1.1, the TET had concerns with a graphic in Guidehouse’s quotation. The TET found that the graphic did not provide sufficient detail and did not explain how certain items on the graphic related to each other. AR, Tab 13, TET Report at 108. The TET further determined that Guidehouse “[did] not explain the technical approach of how the requirement will be managed” across sections. Id. The TET explained that its confidence was decreased because Guidehouse had not provided evidence that it could “integrate the requirements” and because Guidehouse did not “provide specific details of how the sections work together, analyzing, developing, and disseminating Insights products.” Id.

In making the tradeoff decision, the SSA adopted the rating of medium confidence and specifically noted certain elements of decreased confidence assessed to Guidehouse’s quotation. AR, Tab 15, SSDD at 3‑4. For example, the SSA specifically noted the element of decreased confidence associated with SOW section 2.1.1, discussed above. Id. To justify paying the price premium associated with Accenture’s quotation, the SSA mentioned, among other things, that Accenture earned a higher rating than Guidehouse under the technical approach factor. Id. at 6.

Guidehouse challenges the element of decreased confidence associated with SOW section 2.1.1.[12] Protest at 19‑20; Comments & Supp. Protest at 12‑14. Guidehouse argues that its quotation sufficiently described its approach to the requirement and therefore it was unreasonable to assess this element of decreased confidence.[13] See e.g., Protest at 19.

The agency counters that the RFQ required an evaluation of the vendor’s ability to meet, integrate, and accomplish the objectives detailed in the SOW, and argues that the TET reasonably determined Guidehouse’s quotation failed to demonstrate that ability. MOL at 26 (citing RFQ Amend. 0002 at 43). According to the agency, while Guidehouse’s quotation detailed its approach to meet certain requirements, the quotation did not sufficiently demonstrate the ability to integrate those requirements, as required by the RFQ. Id. Put differently, the agency found that Guidehouse did not provide specific details on how the relevant sections would work together. Id.

Guidehouse disagrees with the agency’s position. Comments & Supp. Protest at 12‑14. According to the protester, its quotation did enough, and the agency’s evaluation was unreasonable.[14] Id. at 13.

We find no basis to sustain this protest ground. The RFQ stated that quotations would be evaluated to assess the vendor’s ability to “meet, integrate, and accomplish the objectives, conditions, and requirements of each Task Area[.]” RFQ Amend. 0002 at 43. SOW section 2.1.1 required conducting “program management activities across all Insights Sections in coordination with Insights’ Program and Product Management federal staff.” AR, Tab 4a, SOW at 4. In evaluating Guidehouse’s quotation, the TET found that Guidehouse did not provide evidence that it could integrate those requirements, and did not provide specific details on how relevant sections would work together, which decreased its confidence. AR, Tab 13, TET Report at 108.

On this record, we have no basis to question the reasonableness to the agency’s evaluation finding. While Guidehouse cites language from its quotation to support its protest ground, it has not specifically explained what that cited language means or how that language contradicts the agency’s evaluation conclusions. In sum, this protest ground amounts to disagreement with the agency’s evaluation conclusions, which, without more, is not a basis to sustain the protest. STG, Inc., supra at 8. Accordingly, this protest ground is denied.

Management Approach and Key Personnel Factor

Guidehouse challenges a common aspect of two elements of decreased confidence assessed to its quotation under the management approach and key personnel factor, and argues that CISA failed to award it proper credit for proposing a key person with more than the required minimum experience. Protest at 22‑24; Comments & Supp. Protest at 17‑22. As discussed below, we find no merit to these challenges.

Under the management approach and key personnel factor, vendors were instructed to describe their approach to accomplishing all tasks outlined in SOW subparts 2.1 thorough 2.6, to include the following relevant items:

Explanation on how the [vendor] will identify and escalate critical issues and information as well as an explanation of the controls and people that are involved in the decision‑making process.

Methodology for identifying, tracking, and reporting risks associated with its proposed solution. [Vendors] shall identify the key risks associated with their proposed solution and the proposed response to those risks.

RFQ Amend. 0002 at 44. In short, the RFQ stated that quotations would be evaluated based on the requirements described above and would be rated on a scale of high confidence, medium confidence, or low confidence. Id. at 44‑45.

The RFQ described a rating of high confidence as: “Based on the soundness, feasibility, and thoroughness of the proposed management approach, the Government has high confidence that the [vendor] will successfully perform the required effort with little to no Government intervention.” Id. at 45. In contrast, a rating of medium confidence under the management approach factor was described as: “Based on the soundness, feasibility, and thoroughness of the proposed management approach, the Government has some confidence that the [vendor] will successfully perform the required effort with some Government intervention.” Id.

Under the management approach and key personnel factor, Guidehouse earned a rating of medium confidence based, in part, on two elements of decreased confidence. AR, Tab 13, TET Report at 117‑123. The first element of decreased confidence read in relevant part:

The [vendor’s] described process of identification and escalation of critical issues did not provide significant details on who manages issue controls, how issues are escalated and the Government’s (Insights Staff, Leadership, [contracting officer’s representative or contracting officer]) involvement in issue resolution. . . . The elements that were not provided in the quotation decreased the TET’s confidence as the [vendor] did not provide the details on the issue escalation process and Government involvement and communication.

Id. at 118‑119. The second element of decreased confidence read:

The [vendor’s] methodology for identifying, tracking and reporting risk(s) did not provide the significant details on how risks are rated and escalated to the Government. The [vendor] states they will “Analyze Risks” based on ‘potential risk impact and likelihood,’ but [does] not state how this analysis of risk contributes influences the escalation steps and who the risk is communicated to. Additionally, the [vendor] does not state who from the Government will be involved in the communication of risks []. These elements that were not provided decreased the TET’s confidence in the [vendor’s] ability to identify, track and report risks.

Id. at 119. In making the tradeoff decision, the SSA cited these elements of decreased confidence. AR, Tab 15, SSDD at 4, 6.

Guidehouse takes issue with the common aspect of these two elements of decreased confidence, which critiques its quotation for failing to address government involvement. Protest at 23‑24; Comments & Supp. Protest at 18‑21. According to Guidehouse, this critique is “untethered from the Solicitation evaluation criteria that put a premium on limiting agency intervention.” Comments & Supp. Protest at 18. To this point, Guidehouse argues that because the RFQ’s description of a high confidence rating included an assessment of whether the vendor could perform “with little to no Government intervention[,”] the elements of decreased confidence unreasonably fault its proposed approach for “limit[ing] Agency involvement and intervention.” Protest at 23‑24.

CISA argues that Guidehouse misrepresents the meaning of the high confidence rating. MOL at 36. The agency explains that the confidence ratings describe an assessment of whether the vendor can perform without government intervention, “meaning the government will not need to step in to direct performance and avoid mission failure.” Id. As stated by the contracting officer, the description of a high confidence rating did not “mean the overall approach should or should not limit Agency involvement.” COS at 15. Rather, the confidence rating would result from the agency’s evaluation of “how the [vendor would] identify and escalate critical issues and information” and would also look at the vendor’s “explanation of the controls and people that are involved in the decision‑making process.” Id.; see RFQ Amend 0002 at 44 (evaluation of management approach and key personnel factor). Therefore, the agency argues that it was reasonable and consistent with the solicitation to evaluate Guidehouse’s proposed method of involving and communicating with government personnel. MOL at 36.

Where a protester and agency disagree over the meaning of solicitation language, we will resolve the matter by reading the solicitation as a whole and in a manner that gives effect to all of its provisions. Leidos Inc.; Booz Allen Hamilton Inc., B‑421524 et al., June 20, 2023, 2023 CPD ¶ 157 at 7. To be reasonable, and therefore valid, an interpretation must be consistent with such a reading. Id.

Viewing the contested language within the context of the management approach and key personnel factor and as part of the solicitation as a whole, it is clear that a rating of high confidence would result from an evaluation of whether the quotation met certain requirements detailed in the RFQ as well as requirements detailed in SOW subparts 2.1 through 2.6. See RFQ Amend. 0002 at 44‑45. These requirements necessarily involve the participation of government personnel; the stated objective of the procurement was acquiring services “to enhance Insights’ capabilities, leveraging private sector best practices, knowledge, and innovation to achieve Insights’ mission requirements[.]” AR, Tab 4a, SOW at 3. In other words, the purpose of the procurement was to hire a contractor to integrate with CISA’s Insights branch to augment its capabilities. In this regard, describing the government personnel that would be involved in the decision‑making process does not amount to requiring government intervention to ensure contract performance, as contemplated by the confidence rating definitions.

Therefore, we find unreasonable Guidehouse’s interpretation of the solicitation, and conclude that the interpretation advanced by CISA is the only reasonable way to read the relevant language. Accordingly, it was reasonable for the TET to assess an element of decreased confidence for Guidehouse’s failure to sufficiently detail government involvement in its approach.

Furthermore, based on our review of the record, the agency’s critique of Guidehouse’s quotation for failing to provide details on government involvement was reasonable. As noted by the TET, Guidehouse proposed to escalate issues “to the contract Task Leads, Deputy [program manager (PM)], and PM,” and to communicate issues to “Insights clients when there is potential impact on project performance or if Insights leadership is needed[,]” but did not specifically describe the government personnel involved in the approach. AR, Tab 13, TET Report at 119 (citing AR, Tab 11d, Guidehouse Volume 4 Quotation at 4‑5); see also COS at 16 (“The Guidehouse quotation did not include all the people involved in the decision‑making process, as there was no specificity[.]”). CISA was under no obligation to infer information from Guidehouse’s quotation. Engility Corp., supra. Guidehouse has not provided us with a basis to question the TET’s critiques other than expressing disagreement with them. See Comments & Supp. Protest at 18‑21. Therefore, this protest ground is denied. STG, Inc., supra at 8.

Finally, Guidehouse argues that the agency failed to award it proper credit for proposing a key person with more than the required minimum 8 years of experience under the SOW’s data integration and analysis task. Protest at 24; Comments & Supp. Protest at 21-22. According to Guidehouse, it proposed a key person with 10 years of experience, which warranted a finding of increased confidence. Protest at 24. Guidehouse contends that the lack of an increased confidence finding for this proposed key person was inconsistent with the agency’s evaluation of its other proposed key personnel who increased the TET’s confidence when their levels of experience exceeded the minimums established by the solicitation. Comments & Supp. Protest at 21.

CISA responds that nothing in the terms of the RFQ required assessing an element of increased confidence for exceeding the minimum key personnel experience requirement by 2 years under the data integration and analysis task. MOL at 37‑38. The agency recognizes that Guidehouse received positive credit for the experience levels of other proposed key personnel, but the agency also explains that it awarded such credit only where proposed key personnel “significantly exceeded the minimum requirements[.]” Id. at 38. For example, Guidehouse received credit for a key person with 20 years of experience for a position requiring a minimum of 10 years of experience. COS at 17; AR, Tab 13, TET Evaluation at 119 (discussing Guidehouse’s proposed [deleted]). The agency argues it reasonably concluded that exceeding an 8‑year minimum experience requirement by 2 years was not enough to issue an increased confidence finding. MOL at 38.

We find this aspect of the evaluation unobjectionable. Under the data integration and analysis task, vendors were required to propose a key person with at least 8 years of experience. AR, Tab 4a, SOW at 27. Nothing in the solicitation indicated that vendors would receive extra credit for proposing a key person with more than 8 years of experience. An agency’s judgment of whether to assess unique strengths is a matter within its discretion and one that our Office will not disturb where the protester fails to demonstrate that the evaluation was unreasonable. MetroStar Sys., Inc., B-419890, B‑419890.2, Sept. 13, 2021, 2021 CPD ¶ 324 at 13. Here, Guidehouse’s challenge represents disagreement with the agency’s judgement, which, without more, is not a sufficient basis to sustain the protest. See id.

The protest is denied.

Edda Emmanuelli Perez
General Counsel

 

---