Bidder Not Required to Comply With Cybersecurity Standards Before Award, GAO B-412773, Discover Technologies LLC

From: PubKLaw

***

Discover Technologies LLC protested a Department of Health and Human Services blanket purchase agreement for website content management system support services, awarded to Information Innovators Inc. Discover challenged HHS’s evaluation of Triple-i’s quotation with regard to information security, arguing that solicitation required contractors to “be familiar and comply with applicable federal information technology and information management laws, regulations, policies, and standards,” including the Federal Information Security Management Act of 2002 (FISMA).

***

“Here, although the solicitation’s evaluation criteria included consideration of a vendor’s approach to ensuring security, the criteria did not require a showing of current compliance with FISMA or other information security standards,” GAO wrote. “Requirements such as this, which impose obligations on the ‘contractor,’ are performance requirements that need not be met before the source selection decision; therefore, whether Triple-i ultimately performs in a way that meets the requirement is a matter of contract administration, which our office will not review.”

Read Complete Article

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published.

Please Answer: *