In the United States Court of Federal Claims
No. 21-1823 C
Filed Under Seal: December 22, 2021
Reissued: January 13, 2022 *
* * * * * * * * * * * * * * * * ** *
*
CACI, INC.-FEDERAL, *
*
Plaintiff, *
*
v. *
*
THE UNITED STATES, *
*
Defendant, *
*
GENERAL DYNAMICS MISSION *
SYSTEMS, INC., and SIERRA *
NEVADA CORPORATION, *
*
Defendant-Intervenors. *
*
* * * * * * * * * * * * * * * * ** *
Gary J. Campbell, with whom were G. Matthew Koehl and Miles McCann, Womble
Bond Dickinson LLP, all of Washington, D.C., for Plaintiff.
Daniel Falknor, Trial Attorney, Commercial Litigation Branch, Civil Division,
Department of Justice, with whom were Reginald T. Blades, Jr., Assistant Director, Martin F.
Hockey, Jr., Acting Director, and Brian M. Boynton, Acting Assistant Attorney General, all of
Washington, D.C., for Defendant, and Major Michael R. Tregle, Jr., Trial Attorney, U.S. Army
Legal Services Agency, of Fort Belvior, VA, of counsel.
Shaun C. Kennedy, with whom were Chris R. Hogle, Thomas A. Morales, Hannah E.
Armentrout, and Ryan K. Lundquist, Holland & Hart LLP, all of Denver, CO, for Defendant-
Intervenor Sierra Nevada Corp.
Noah Benjamin Bleicher, with whom were Jeri K. Somers, Carla J. Weiss, and Scott E.
Whitman, Jenner & Block LLP, all of Washington, D.C., for Defendant-Intervenor General
Dynamics Mission Systems, Inc.
*
Pursuant to the protective order entered in this case, this opinion was filed initially under seal. The parties
provided proposed redactions of confidential or proprietary information. In addition, the Court made minor
typographical and stylistic corrections.
OPINION AND ORDER
SOMERS, Judge.
On September 8, 2021, Plaintiff CACI, Inc.-Federal (“CACI”) filed a complaint in this
Court challenging the United States Army’s award of a contract in August 2021 to Defendant-
Intervenors General Dynamics Mission Systems, Inc. (“GDMS”) and Sierra Nevada Corporation
(“Sierra Nevada” or “SNC”) for the design and manufacture of the Next Generation Load Device
Medium (“NGLD-M” or “device”). ECF No. 1 (“Compl.”). 1 Plaintiff asserts that the Army
misevaluated its proposal and applied unstated evaluation criteria in assigning its proposal three
deficiencies and two weaknesses. Id. at 2.
Plaintiff filed a motion for judgment on the administrative record, ECF No. 42 (“CACI
MJAR”), on October 18, 2021, to which the government and Defendant-Intervenors filed cross-
motions. See ECF Nos. 48 (“USA MJAR”), 49 (“SNC MJAR”), 50 (“GDMS MJAR”).
Additionally, Sierra Nevada and the government filed motions to dismiss, asserting that CACI
lacked standing because of an organizational conflict of interest (“OCI”) that made CACI
ineligible for award even if it was successful on the merits of its protest. See ECF No. 43 (“SNC
Mot. to Dismiss”); USA MJAR at 18-25. For the reasons that follow, the Court finds that
Plaintiff has not met its burden to establish standing to bring this bid protest. Moreover, in the
alternative, even if CACI had standing, it has failed to demonstrate that the three deficiencies it
received were the result of actions by the Army that were arbitrary, capricious, an abuse of
discretion, or otherwise contrary to law.
BACKGROUND AND PROCEDURAL HISTORY
On November 16, 2020, the Army issued Request for Proposal No. W15P7T-21-R-0001
for the design, development, and production of the NGLD-M. AR Tab 14. The NGLD-M will
be used by the Army on the battlefield to encrypt and decrypt sensitive information. The device
will need to be certified and approved by the National Security Agency (“NSA”) before the
Army’s implementation. Id. The solicitation was amended and reissued on December 3, 2020,
and then again on January 11, 2021. AR Tab 15-16. The solicitation provided that the Army
could award up to two contracts but “reserve[d] the right to make a single award or no award at
all.” AR 1515. It required offerors to address various technical aspects of the NGLD-M.
Specifically, offers were required to:
include all data and information requested by the [Solicitation] and shall be
submitted in accordance with (IAW) these instructions. The Offeror shall address
the requirements outlined in the Engineering Development Performance Work
Statement (PWS), Program Management Statement of Work (SOW), Contract
Data Requirements Lists (CDRLs), NGLD-M System Requirements Document
1
Plaintiff filed an amended complaint on November 3, 2021. ECF No. 47. The primary change made in
Plaintiff’s amended complaint is a new allegation that Sierra Nevada has an organizational conflict of interest that
disqualifies it from award. See id. ¶ 86-91. The amended complaint was neither filed within the time prescribed by
RCFC 15(a)(1), nor did CACI have the consent of the government or leave of the Court to file. Accordingly, for the
reasons set forth in ECF No. 60, the Clerk was directed to strike the amended complaint.
2
(SRD), Technical Security Requirements Document (TSRD), and the Information
Assurance Security Requirements Directive (IASRD).
AR 1499.
The solicitation notified offerors that failing to address these factors could result in their
proposal being eliminated from further consideration. Id. Offerors’ proposals were evaluated on
four factors: Technical; Cost; Past Performance; and Small Business Participation. AR 1514.
Technical and cost ratings were weighed “approximately equal in importance” to each other, but
both categories were “significantly more important” than the rating for past performance. Id.
Small Business Participation was rated on an “acceptable/unacceptable basis.” Id.
The solicitation also detailed that the technical evaluation would be rated on four sub-
factors: (1) Hardware and Application Programming Interface (“API”) Integration/Description
Approach; (2) User Application Software (“UAS”) Approach/Key Management Interface
Implementation; (3) Management; and (4) Production. Id. The solicitation informed offerors
that the Army would rate the technical evaluation as follows:
Strength: is an aspect of an offeror’s proposal that has merit or exceeds specific
performance or capability requirements in a way that will be advantageous to the
Government during contract performance.
Weakness: means a flaw in the proposal that increases the risk of unsuccessful
contract performance. A significant weakness in the proposal is a flaw that
appreciably increases the risk of unsuccessful contract performance.
Significant Weakness: means a flaw in the proposal that appreciably increases the
risk of unsuccessful contract performance.
Deficiency: is a material failure of a proposal to meet a Government requirement
or a combination of significant weaknesses in a proposal that increases the risk of
unsuccessful contract performance to an unacceptable level.
AR 1519-20.
Based on the above ratings, the Army would then score the proposals on a combined
technical evaluation from “Outstanding” to “Unacceptable” as set forth in the following table:
3
AR 1520.
The Army evaluated the offerors in two phases: an initial phase and, in accordance with
Federal Acquisition Regulation (“FAR”) 15.306, a second phase for those offerors within the
competitive range. See generally AR Tab 32. On January 13, 2021, during the initial evaluation
phase, the Army received proposals from five different offerors, including SNC, GDMS, and
CACI. The proposals from both SNC and GDMS received the highest technical rating of
“Outstanding,” AR 6885, 6895, and both progressed to the next phase of the Army’s evaluation
process. AR 5331-33. Plaintiff CACI received a score of “Unacceptable” on its combined
technical factors, based in part on the Army finding a “deficiency” with Plaintiff’s proposal
under the API Integration/Description sub-factor for failing to adequately detail how it would
meet certain authentication requirements. AR 6910. Despite the deficiency, the Army viewed
Plaintiff’s offer as “among the most highly rated proposals submitted” and determined it would
be readily feasible for Plaintiff to make corrections. AR 5334 (“The technical deficiency that led
to the unacceptable rating is not one that would require a complete redesign and/or proposal
rewrite; this is also the case for the significant weaknesses identified in the technical
evaluation.”). Accordingly, Plaintiff remained within the competitive range for award and
advanced to the second phase of the acquisition process along with SNC and GDMS. Id. The
other two offerors were eliminated from further consideration. AR 5334-37.
Through letters dated June 7, 2021, the Army notified SNC, GDMS, and Plaintiff that
their proposals were within the competitive range and invited them to submit revised and final
4
proposals. AR 5282-95. On June 18, 2021, the Anny received the offerors' revised proposals.
ill the second evaluation, SNC and GDMS once again received the highest attainable score of
"Outstanding" under the technical factor without any weaknesses, significant weaknesses, or
deficiencies. AR 5042-43, 5051-52.
Plaintiff, on the other hand, was again given an "Unacceptable" technical rating based on
the Anny identifying three deficiencies in its technical evaluation of Plaintiff's proposal. AR
5062-64, 5066-67. The Anny detennined that, in attempting to conect the deficiency related to
the authentication requirements identified in the initial evaluation phase, Plaintiff created three
new deficiencies. Id. The Almy gave Plaintiff two deficiencies related to its USB po1t based on
finding that its design would be incapable of simultaneously perfonning two required functions.
AR 5066-67. Plaintiff's proposal received a third deficiency for failing to specify the external
dimensional measmements of its device, and, therefore, the Almy dete1mined it was "unclear if
the proposed design meets the NGLD-M length and weight requirements." AR 5063. ill
addition, Plaintiffs proposal received two weaknesses on its technical approach. AR 5064-65,
5067.
On August 9, 2021, the Almy's Somce Selection Adviso1y Council ("SSAC")
recollllllended that both SNC and GDMS be awarded contracts for the NGLD-M, as their
proposals represented the best value to the government. AR 7123. The repo1t also concluded
that Plaintiff's proposal failed to meet the requirements of the solicitation and summarized the
three deficiencies. AR 7122-23. As the solicitation makes clear, even one deficiency renders a
proposal "Unacceptable" under the technical factor and automatically unawardable. AR 1520
("Red/Unacceptable-Proposal does not meet requirements of the solicitation, and thus, contains
one or more deficiencies, and/or risk of unsuccessful perfo1mance is unacceptable. Proposal is
unawardable."); see also AR 7122. The SSAC repo1t sUilllllarized the offerors' scores in the
following chart:
Offeror Technical Past Small FPRPrice Total
Performance Business Evaluated
Partici ation Price
[SNC] Ouhdaoirting Substantial Acceptable $544,267,922
Confidence
[GDMS] Ouhdaoirting Substantial Acceptable $229,952,952
Confidence
[CACI] Substantial Acceptable Undetennined
Confidence
AR 7120.
On August 10, 2021, the Almy awarded SNC and GDMS contracts on the NGLD-M
solicitation. AR Tabs 52, 55. The Almy notified Plaintiff on August 11, 2021, that it was "not
selected for award" and that the "decision was driven by the unacceptable rating." AR 7137-38.
The notification also highlighted the ratings of the three offerors' proposals and included a
summaiy of Plaintiff's deficiencies and weaknesses. Id. The Almy, pmsuant to FAR 15.506,
provided a post-award debriefing to CACI. See generally AR Tab 58. Additionally, the Almy,
5
on August 23, 2021, provided further information to CACI based on questions CACI submitted
regarding the evaluation process. See generally AR Tab 59.
CACI filed this post-award bid protest on September 8, 2021. The complaint alleges,
inter alia, that the Army unreasonably assigned three deficiencies to Plaintiff’s technical
proposal. See Compl. at 32-38. Plaintiff argues that but for these errors, it would have been
awarded the NGLD-M contract over SNC because of CACI’s lower price proposal. CACI asks
the Court to enjoin performance on the contract and require the Army to re-evaluate the
proposals. Id. at 50.
Defendant-Intervenor SNC and the government filed motions to dismiss Plaintiff’s
complaint under Rule 12(b)(1) of the Rules of the Court of Federal Claims (“RCFC”), arguing
that CACI has not established that it has standing to protest the award because it is not an
“interested party.” See SNC Mot. to Dismiss; USA MJAR at 18-25. Based on prior task orders
CACI performed for the Army, SNC and the government argue that CACI has an unmitigable,
biased ground rules OCI disallowing it from being awarded the contract at issue regardless of the
errors that CACI alleges the Army made in its technical evaluation, and, therefore, Plaintiff
cannot clear the “prejudice” threshold to establish standing. SNC Mot. to Dismiss at 8-18.
On December 7, 2021, the Court held oral argument on the pending motions, and the
matter is now ripe for consideration.
DISCUSSION
A. Legal Standard
The Tucker Act, as amended by the Administrative Dispute Resolution Act, provides the
Court of Federal Claims with “jurisdiction to render judgment on an action by an interested party
objecting to . . . the award of a contract or any alleged violation of statute or regulation in
connection with a procurement . . . .” 28 U.S.C. § 1491(b)(1). In such actions, the Court “shall
review the agency’s decision pursuant to the standards set forth in section 706 of title 5.” 28
U.S.C. § 1491(b)(4). Accordingly, the Court examines whether an agency’s action was
“arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law.” 5 U.S.C.
§ 706. Under such review, an “award may be set aside if either: (1) the procurement official’s
decision lacked a rational basis; or (2) the procurement procedure involved a violation of
regulation or procedure.” Impresa Construzioni Geom. Domenico Garufi v. United States, 238
F.3d 1324, 1332 (Fed. Cir. 2001).
On the first ground, “the courts have recognized that contracting officers are entitled to
exercise discretion upon a broad range of issues confronting them in the procurement process.”
Id. (citations and internal quotations omitted). Thus, the Court must “determine whether the
contracting agency provided a coherent and reasonable explanation of its exercise of discretion,
. . . and the disappointed bidder bears a heavy burden of showing that the award decision had no
rational basis.” Id. at 1332-33 (citations and internal quotations omitted). On the second ground,
“the disappointed bidder must show a clear and prejudicial violation of applicable statutes or
regulations.” Id. at 1333 (citation and internal quotation omitted).
6
Bid protests are generally decided on cross-motions for judgment on the administrative
record, pursuant to RCFC 52.1. RCFC 52.1 requires that the Court “make factual findings from
the record evidence as if it were conducting a trial on the record.” Bannum, Inc. v. United States,
404 F.3d 1346, 1354 (Fed. Cir. 2005). “Unlike a motion for summary judgment, a genuine
dispute of material fact does not preclude a judgment on the administrative record.” Id. at 1355-
56. Therefore, in reviewing cross-motions for judgment on the administrative record, “the court
asks whether, given all the disputed and undisputed facts, a party has met its burden of proof
based on the evidence in the record.” Jordan Pond Co., LLC v. United States, 115 Fed. Cl. 623,
630 (2014).
However, before the Court can proceed to the merits of a bid protest, a protestor must
establish that it has standing. Castle v. United States, 301 F.3d 1328, 1337 (Fed. Cir. 2002)
(“Standing is a threshold jurisdictional issue, which . . . may be decided without addressing the
merits of a determination.”); see also Lujan v. Defenders of Wildlife, 504 U.S. 555, 561 (1992)
(“The party invoking federal jurisdiction bears the burden of establishing [the] elements [of
standing].”). As standing is a jurisdictional issue, it may be raised in a motion to dismiss under
RCFC 12(b)(1). In considering a motion to dismiss for lack of subject matter jurisdiction, the
Court must accept a plaintiff’s well-pleaded factual allegations as true and draw all reasonable
inferences in the light most favorable to that party. Nalco Co. v. Chem-Mod, LLC, 883 F.3d
1337, 1347 (Fed. Cir. 2018) (citing Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) and Bell Atl.
Corp. v. Twombly, 550 U.S. 544, 570 (2007)). If a challenge is raised to subject matter
jurisdiction, the plaintiff has the burden of proving that the Court has jurisdiction by a
preponderance of the evidence. Reynolds v. Army & Air Force Exch. Serv., 846 F.2d 746, 748
(Fed. Cir. 1988).
B. Plaintiff Has Not Established That It Has Standing
“It is well-established that the plaintiff bears the burden of establishing the court’s
jurisdiction by a preponderance of the evidence.” Brandt v. United States, 710 F.3d 1369, 1373
(Fed. Cir. 2013). In bid protests,“[o]nly an ‘interested party’ has standing to challenge a contract
award.” Digitalis Educ. Sols., Inc. v. United States, 664 F.3d 1380, 1384 (Fed. Cir. 2012) (citing
Rex Serv. Corp. v. United States, 448 F.3d 1305, 1307 (Fed. Cir. 2006); 28 U.S.C. § 1491(b).
This means that in bid protests standing “is limited to actual or prospective bidders or offerors
whose direct economic interest would be affected by the award of the contract or by the failure to
award the contract.” Am. Fed’n of Gov’t Emps., AFL-CIO v. United States, 258 F.3d 1294, 1302
(Fed. Cir. 2001). Accordingly, Plaintiff must prove two elements to establish that it has
standing: (1) that it is an actual or prospective offeror, and (2) that it possesses a direct economic
interest in the award of the contract. CGI Fed. Inc. v. United States, 779 F.3d 1346, 1348 (Fed.
Cir. 2015). There is no question that Plaintiff is an actual offeror. Thus, the question of standing
turns on whether Plaintiff had a direct economic interest in the award of the Army’s NGLD-M
contract.
In order to establish that it had a direct economic interest in the NGLD-M procurement,
Plaintiff must demonstrate prejudice. See Myers Investigative & Sec. Servs., Inc. v. United
States, 275 F.3d 1366, 1370 (Fed. Cir. 2002) (“[P]rejudice (or injury) is a necessary element of
7
standing”). Moreover, “because the question of prejudice goes directly to the question
of standing, the prejudice issue must be reached before addressing the merits.” Info. Tech. &
Applications v. United States, 316 F.3d 1312, 1319 (Fed. Cir. 2003). Since this is a post-award
bid protest, to establish prejudice Plaintiff “must show that there was a ‘substantial chance’ it
would have received the contract award but for the alleged error in the procurement process.”
Id. (emphasis added); see also Labatt Food Serv., Inc. v. United States, 577 F.3d 1375, 1378
(Fed. Cir. 2009) (“A party has been prejudiced when it can show that but for the error, it would
have had a substantial chance of securing the contract.”) (citations omitted). In other words, to
demonstrate that it had standing, Plaintiff needed to “establish that it ‘could compete for the
contract’ if the bid process were made competitive.” Myers, 275 F.3d at 1370 (quoting Impresa,
238 F.3d at 1334). That is to say, Plaintiff was required to show that, assuming arguendo it was
successful on the merits, it was eligible to be awarded a contract and thus had an economic
interest in the outcome.
Plaintiff has failed, however, to carry its burden to demonstrate that it would be eligible
for award if the Court agreed with its arguments on the merits. A contract may not be awarded
to an “apparent successful offeror” if “a conflict of interest is determined to exist that cannot be
avoided or mitigated.” 48 C.F.R. 9.504(e). It was alleged, and the Administrative Record
appears to demonstrate, that Plaintiff had a conflict of interest that could not be avoided or
mitigated; therefore, the burden was on Plaintiff to prove that no such conflict existed.
FAR subpart 9.5 describes three categories of OCIs: biased ground rules, unequal access
to information, and impaired objectivity. The government and SNC assert that CACI has a
biased ground rules OCI with regard to the NGLD-M solicitation. They further argue that
because a biased ground rules OCI cannot be avoided or mitigated, Plaintiff would not have been
eligible for the award of a contract pursuant to the solicitation regardless of the merits of its
protest and, therefore, lacks standing. See generally SNC Mot. to Dismiss; USA MJAR at 18-25;
see also 48 C.F.R. § 9.504(e) (barring the award of a contract to an “apparent successful offeror”
if “a conflict of interest [was] determined to exist that cannot be avoided or mitigated.”).
“The biased ground rules category of OCIs focuses on the concerns that a company may,
by participating in the process of setting procurement ground rules, have special knowledge of
the agency’s future requirements that may skew the competition in its favor.” Turner Const. Co.
v. United States, 645 F.3d 1377, 1382 (Fed. Cir. 2011). Because of the “highly influential and
responsible position” of contractors that performed systems engineering and technical direction,
[a] contractor that provides systems engineering and technical direction for a
system but does not have overall contractual responsibility for its development, its
integration, assembly, and checkout, or its production shall not – (1) be awarded a
contract to supply the system or any of its major components or (2) be a
subcontractor or consultant to a supplier of the system or any of its major
components.
48 C.F.R. § 9.505–1(a) (emphasis added). In other words, “[t]he FAR prohibits a [systems
engineering and technical direction] contractor, as either a prime contractor or a subcontractor,
from supplying any of the system’s major components, without regard to whether work was
8
performed as to that particular component.” Filtration Dev. Co., LLC v. United States, 60 Fed.
Cl. 371, 379 (2004).
The Army required all offerors to identify any potential OCIs related to the procurement.
AR 1500. In response, Plaintiff disclosed that it had performed two Systems Engineering and
Technical Assistance (“SETA”) contracts related to the NGLD-M procurement. 2 AR 2244-45.
First, it disclosed that CACI was a contractor on a task order that resulted in the Capability
Production Document (“CPD”) from which the technical and operational requirements for the
NGLD-M were derived. See AR 1198 (“The SRD identifies requirements to develop the NGLD-
M and its interfaces. The requirements in this document are derived from the Capability
Production Document (CPD) for NGLD family of systems Version (v) 1.05, dated 22 April
2013.”). As part of this task order, a CACI employee “supported the development” of the CPD
and that employee was listed as a “Secondary Point of Contact” on the cover page of the CPD.
AR 2244; ECF No. 55-1. Plaintiff also disclosed that two other employees assisted in
developing the CPD as part of CACI’s CPD task order. AR 2244. Second, Plaintiff disclosed
that a “small portion of CACI’s work” on a separate 2014 SETA task order “provided support to
the NGLD-M program.” AR 2244-45. In short, as part of its proposal, CACI admits it did
SETA work related to the NGLD-M by working on the development of the CPD and on the 2014
task order.
Indeed, as SNC correctly observes, “[t]he specifications in the CPD in fact pervade all of
the technical and operational requirement[s] for the NGLD-M set forth in the Solicitation.” SNC
Mot. to Dismiss at 11. And, moreover, “the Solicitation indicates the Army utilized the CPD
developed through CACI’s SETA task orders to create the technical and operational
requirements for the NGLD-M.” Id. at 12. Specifically, the CPD was used to develop the SRD,
which outlines the technical requirements in the NGLD-M solicitation. See generally AR 1270-
1343. In fact, the NGLD-M SRD Requirements Traceability Matrix contains a column sourcing
each SRD requirement to the CPD. Id. It would appear, therefore, that at the very least there is
prima facie evidence that CACI’s prior work on the task order that resulted in the CPD created a
biased ground rules OCI that would disqualify CACI from being awarded a contract pursuant to
the solicitation.
The government attempts to buttress this prima facie evidence with a November 5, 2021,
declaration from the Contracting Officer (“CO”) declaring that “a biased ground rules OCI
exists” and that “there is no question that the CPD would be part of the RFP for the NGLD-M
program when it was developed; that was the entire purpose of the CPD development and
2
Plaintiff takes significant issue with the use of the term “systems engineering and technical assistance”
versus the FAR’s use of the term “systems engineering and technical direction.” It appears that the two terms are
regularly used interchangeably in government contracting and that there is quite a bit of overlap between them.
Compare 48 C.F.R. § 9.505-1(b) (2021) with 48 C.F.R. § 209.571-1 (2021). The problem though for Plaintiff, as is
discussed more fully below, is that Plaintiff had the burden of proving standing, something it could not do simply by
attacking the slight possible differences between the meanings of the terms “systems engineering and technical
assistance” and “systems engineering and technical direction.” Moreover, Plaintiff itself alerted the Army to this
potential OCI while referring to the potentially conflict-creating task orders as systems engineering and technical
assistance contracts. If Plaintiff really believes there is a meaningful difference between the two terms, then there
was no need to have put the OCI statement in its proposal since it characterized its task orders as systems
engineering and technical assistance contracts, not systems engineering and technical direction contracts.
9
approval process as clearly stated in the CPD.” ECF No. 52-1 at 3-4. The CO concluded in his
declaration that “CACI did perform SETA work related to the NGLD-M program under previous
task orders. That SETA work does constitute a biased ground rules OCI that cannot be mitigated
and which no waiver exists.” Id. at 4. Thus, he determined, “[i]n the event that CACI is
successful in protest of the award of the NGLD-M procurement, CACI will not be eligible for
award.” Id.
Normally, the Court would need to assess how much weight, if any, to give this
declaration because of the alleged procedural issues with its promulgation and alleged problems
with the reasoning contained therein. See Sys. Plus, Inc. v. United States, 69 Fed. Cl. 757, 763-
69 (2006). However, in this case, Plaintiff has completely failed to offer any evidence
whatsoever that it did not have a biased ground rules OCI (much less evidence sufficient to
overcome the prima facie evidence of a biased ground rules OCI that is apparent on the face of
its proposal and in the sourcing of the technical requirements contained in solicitation and related
documents). Rather than offer any evidence that the apparent OCI was not in fact an OCI (and,
therefore, attempt to meet its burden to establish standing), Plaintiff instead focused its response
to the motions to dismiss on alleged procedural deficiencies with, perceived terminology issues
in, and the timing of, the CO’s declaration. Plaintiff’s burden, however, was not to demonstrate
that the government and SNC had not established that an OCI exists; its burden was to prove by
a preponderance of the evidence that it has standing. See Reynolds, 846 F.2d at 748 (holding that
a plaintiff “bears the burden of establishing subject matter jurisdiction by a preponderance of the
evidence”).
This is a burden Plaintiff made no attempt to meet. Plaintiff failed to provide this Court
with a single piece of evidence to show it did not have an OCI. 3 See Moyer v. United States, 190
F.3d 1314, 1318 (Fed. Cir. 1999) (“Fact-finding is proper when considering a motion to dismiss
where the jurisdictional facts in the complaint . . . are challenged.”). There are myriad ways
through which CACI could have come forward with some evidence to attempt to establish that it
did not have a biased ground rules OCI and thus standing to bring the instant protest. For
instance, assuming that a biased ground rules OCI does not in fact exist, CACI could have
simply introduced an affidavit from its former employee who was the secondary point of contact
on the CPD task order explaining whether she or anyone else from CACI took part in systems
engineering and technical direction as part of that task order. Such a declaration may have been
sufficient to establish standing. But CACI instead chose to attack the CO’s declaration. If it was
3
The closest Plaintiff comes to attempting to offer any evidence that an OCI does not exist was its
attachment of a letter it sent to the CO in September 2020 regarding why it did not believe an OCI existed. ECF No.
55-5. This letter is largely redundant of the OCI statement in its proposal. However, the letter does nothing to
explain why the SETA work CACI admits it did on the NGLD-M does not in fact constitute systems engineering
and technical direction. In fact, the letter confirms that CACI did SETA work on the NGLD-M. It then cleverly
attempts to dismiss its employee’s role by noting that her role was to provide “logistical and administrative support”
to the Army as it reviewed and approved the CPD. It does not explain why logistical and administrative support
could not constitute systems engineering and technical direction, but more importantly it says nothing about what
her role was in the development of the CPD itself, which was then reviewed and approved by the Army. The point
is that CACI’s employee supported the development of the CPD as part of a CACI task order and thus could have
been “in a position to make decisions favoring its own products or capabilities.” 48 C.F.R. § 9.505–1(b). The letter
does nothing to disprove this, nor does it explain in any way that the work CACI did was not in fact systems
engineering and technical direction for the NGLD-M.
10
the government’s burden to establish that standing does not exist, this tactic may have proved
fruitful.
Unfortunately for CACI, it bears this jurisdictional burden, not the government. And
because the obligation to establish standing is not a mere pleading requirement “but rather an
indispensable part of the plaintiff’s case, each element must be supported in the same way as any
other matter on which the plaintiff bears the burden of proof, i.e., with the manner and degree of
evidence required at the successive stages of the litigation.” Lujan, 504 U.S. at 561. Although
judges of this Court have at times indicated that at the standing stage only a “limited review” is
conducted, CACI failed to provide the Court with anything to review other than arguments as to
why the CO’s declaration is “faulty.” But none of these arguments as to why the CO’s
declaration is “faulty” demonstrate that CACI did not provide systems engineering and technical
direction for the NGLD-M, past services that make it ineligible for award of the contract at issue.
Plaintiff argues at length that “[t]he Agency’s post-hoc, faulty OCI determination does
not deprive the Court of subject matter jurisdiction.” ECF No. 55 at 5 (“CACI Reply”).
Plaintiff’s argument, however, misses the point. It is not the “Agency’s post-hoc, faulty OCI
determination” that is depriving the Court of jurisdiction. It is Plaintiff’s failure to offer any
evidence to show that it did not have an OCI, and thus was eligible for award, that deprives the
Court of jurisdiction. If the CO’s declaration was the lynchpin of the standing inquiry, attacking
it with the reasoning used in Systems Plus, Inc. v. United States may have aided Plaintiff. 4 But,
as is explained above, the CO’s declaration is not what is depriving the Court of jurisdiction.
Moreover, in Systems Plus, unlike the instant case, the plaintiff offered evidence in the form of a
declaration and a memorandum from a fact witness that significantly undermined, if not
disproved, the alleged OCI. 69 Fed. Cl. at 768.
In sum, once the OCI issue was raised, it was Plaintiff’s burden to affirmatively
demonstrate that there was no OCI and that it was thus eligible for award. Because Plaintiff has
not shown that it was eligible for award, it has no economic interest in the outcome of the
Army’s NGLD-M solicitation. That is to say, even if the Court assumed all the factual
allegations Plaintiff makes on the merits of its protest are true and that Plaintiff was prejudiced
by the alleged procurement process errors, Plaintiff has not shown that it was eligible for award.
Without an economic interest in the outcome, Plaintiff does not have standing to challenge the
government’s award of the contracts to SNC and GDMS.
C. Even if Plaintiff Had Standing, the Government and Defendant-Intervenors Would
Nonetheless Be Entitled to Judgment on the Administrative Record
Even had Plaintiff been able to demonstrate that it had standing, its protest would have
nonetheless failed on the merits. The Administrative Record demonstrates the reasonableness of
4
But see Turner Const. Co. v. United States, 645 F.3d 1377, 1386 (Fed. Cir. 2011) (“With respect to the
timing of the CO’s investigations, the court explained that the FAR does not require a CO, in every single
procurement, to review and document whether OCIs exist prior to award. Courts reviewing bid protests routinely
consider post-award OCI analyses and consider evidence developed in response to a bid protest . . . . If the first time
an allegation or evidence of a potential OCI appears is after award, then the earliest time to evaluate that potential
OCI as countenanced by § 9.504(a)(1) might be at that time.”) (citations and internal quotations omitted).
11
the Army’s actions—specifically, its assignment of three deficiencies to Plaintiff’s proposal—in
the NGLD-M procurement process.
1. The Army Technical Evaluation Team Reasonably Assigned Two Deficiencies to
CACI’s Design Methodology
The parties first cross-move for judgment on the administrative record with regard to the
technical evaluation team’s (“TET”) assignment of two deficiencies to Plaintiff’s design—
specifically, the detrimental effect that its chosen two-factor authentication (“2FA”) solution
would have on the device’s ability to meet other design requirements. Plaintiff alleges the
agency erred in assigning the two deficiencies; the government and Defendant-Intervenors assert
that the Army acted rationally in assigning both. The Court finds the agency’s actions entirely
reasonable based on the record before the Court.
To review, “[i]t is well established that the evaluation of proposals for their technical
quality generally requires the special expertise of procurement officials.” KSC Boss All., LLC v.
United States, 142 Fed. Cl. 368, 380 (2019). Thus, as in the instant case, “challenges concerning
‘the minutiae of the procurement process in such matters as technical ratings . . . involve
discretionary determinations of procurement officials that a court will not second guess.’”
Enhanced Veterans Sols., Inc. v. United States, 131 Fed. Cl. 565, 584 (2017) (quoting E.W. Bliss
Co. v. United States, 77 F.3d 445, 449 (Fed. Cir. 1996)). The Court must merely “determine
whether the contracting agency provided a coherent and reasonable explanation of its exercise of
discretion, . . . and the disappointed bidder bears a heavy burden of showing that the award
decision had no rational basis.” Impresa, 238 F.3d at 1332-33 (citations and quotes omitted).
Proceeding to the record, the Court looks first to what the Army’s solicitation required.
Under a plain reading, the solicitation compels 2FA as a threshold requirement. See AR 1272
(NGLD-M_SRD_0025 providing that “[t]he NGLD-M shall enforce two-factor authentication
when started in Medium Assurance mode.”); AR 1273 (NGLD-M_SRD_0033 providing that
“[t]he NGLD-M shall enforce two-factor authentication when started in High Assurance
mode.”); AR 1275 (NGLD-M_SRD_055 providing that “[t]he NGLD-M shall support two factor
authentication.”). Given this requirement, the Court next looks to what the Army’s evaluators
ultimately found. The clearest reflection is the TET’s evaluation of Plaintiff’s proposal, in which
the team assigned two deficiencies to Plaintiff. 5 The first deficiency is set forth in full as
follows:
DEFICIENCY: The offeror’s proposal is flawed as the design methodology to
meet the two-factor authentication requirements (NGLD-M_SRD_0025 (Medium
Assurance) and NGLDM_SRD_0033 (High Assurance)) does not allow the
system to meet the USB data receiving (Req IDs: NGLD-M_SRD_: 0575; 0577;
0578; 0581; 0583; 0585; 0587) and Software/Firmware update via USB interface
(NGLD-M_SRD_0573) requirements while meeting RMF and IASRD
5
As mentioned previously, Plaintiff’s initial proposal suffered from merely one deficiency: failure to
“define a two-factor authentication approach for Medium Assurance (MA) mode (NGLD-M_SRD_0025).” AR
6910. It is the effect of Plaintiff’s proposed solution to this initial deficiency—an external USB-C dongle that would
commandeer the single USB-C port—that ultimately resulted in two of the new deficiencies in the final evaluation.
12
requirements. The proposal does not discuss how the exchanges in the NGLD-M
System Requirements Document Table 5 “NGLD-M Receiving Data Types and
Interfaces” for the USB port are met when the design approach requires the
continuous use of the only USB-C interface on the device to maintain a two factor
authenticated session. The proposal’s approach to meeting the two-factor
authentication requirements is an external USB-C dongle and .
The proposed design has single USB-C port which is required to support both
two-factor authentication dongle and USB data receiving requirements which
physically does not allow the device to maintain a two-factor authenticated
sessions [sic] and perform USB Receiving requirements. On Volume 2, page 14
the Offeror proposes to resolve this conflict through the following statement “The
external USB-C [Two-Factor Authentication] 2FA device is required to be
attached during login authentication in both MA or HA modes and required to be
inserted in response to periodic reauthentication.” According to IASRD TOK-2
“The authentication period for a token shall conclude when the token is removed
from the host/terminal interface. Under agreed upon conditions, the token may be
required to be removed from the equipment after authentication of the user is
completed.” The proposal does not discuss or mention any “agreed upon
conditions” with the National Security Agency when an authenticated session can
be maintained after removal of the token. The proposed design does not meet the
NGLD-M requirements without violating IASRD TOK-2 as well as adherence to
Risk Management Framework security policies regarding authentication sessions
to meet receiving data requirements across the USB. The proposal does not covey
an understanding of requirements nor convey a feasible approach to meeting the
requirements.
AR 5066. 6 In almost identical fashion, the second deficiency follows in full:
DEFICIENCY: The offeror’s proposal is flawed as the design methodology to
meet the two-factor authentication requirements (NGLD-M_SRD_0025 (Medium
Assurance) and NGLDM_SRD_0033 (High Assurance)) does not allow the
system to meet the USB distributing (Req IDs: NGLD-M_SRD_: 0576; 0579;
0580; 0582; 0584; 0586; 0588) while meeting RMF and IASRD requirements.
The proposal does not discuss how the exchanges in the NGLD-M System
Requirements Document Table 7 “NGLD-M Distribution Data Types and
Interfaces” for the USB port are met when the design approach requires the
continuous use of the only USB-C interface on the device to maintain a two factor
authenticated session. The proposal’s approach to meeting the two-factor
authentication requirements is an external USB-C dongle and .
The proposed design has single USB-C port which is required to support both
two-factor authentication dongle and USB data distributing requirements which
physically does not allow the device to maintain a two-factor authenticated
6
The AR, as well as the “Corrected AR,” both appear to mis-tab the initial and final technical evaluation
reports. According to the government’s tabulation, the “Initial Proposal Evaluation” is located at Tab 23 and the
“Final Proposal Evaluation” is at Tab 41. In fact, the “Final” evaluation (dated June 29, 2021) is located at Tab 23
and the “Initial” evaluation (dated March 23, 2021) is located at Tab 41.
13
sessions and perform USB Receiving requirements. On Volume 2, page 14 the
Offeror proposes to resolve this conflict through the following statement “The
external USB-C [Two-Factor Authentication] 2FA device is required to be
attached during login authentication in both MA or HA modes and required to be
inserted in response to periodic reauthentication.” According to IASRD TOK-2
“The authentication period for a token shall conclude when the token is removed
from the host/terminal interface. Under agreed upon conditions, the token may be
required to be removed from the equipment after authentication of the user is
completed.” The proposal does not discuss or mention any “agreed upon
conditions” with the National Security Agency when an authenticated session can
be maintained after removal of the token. The proposed design does not meet the
NGLD-M requirements without violating IASRD TOK-2 as well as adherence to
Risk Management Framework security policies regarding authentication sessions
to meet distributing data requirements across the USB. The proposal does not
covey an understanding of requirements nor convey a feasible approach to
meeting the requirements.
AR 5066-67. In sum, Plaintiff’s proposed 2FA solution would commandeer “the only USB-C
interface on the device,” rendering the port unavailable (and thus the device unable) to
simultaneously perform other key tasks—distributing and receiving data 7—that require an
available USB port. Id.
a. The Army did not apply unstated evaluation criteria
Plaintiff paints myriad objections to the TET’s evaluation, none of which stick to the
canvas. It first contends that the Army
evaluated CACI’s approach to two-factor (“2-FA”) authentication, despite the RFP
expressly instructing offerors that they did not need to address, nor would they be
evaluated, against certain RFP sections (which RFP sections included the offerors’
approach to 2-FA), so long as they proposed to use the Government User
Application Software (“UAS”), which CACI indisputably proposed to do.
CACI MJAR at 1; see also id. at 18 (“First, the Army should never have evaluated CACI’s
proposed solution for 2-FA.”). This line of argument quickly breaks under pressure.
To begin with, it appears that Plaintiff manufactured—or at the very least, misstated—a
quote from the solicitation in defense of its assertion that the Army should never have
“evaluated” its 2FA approach. In its motion for judgment on the administrative record, Plaintiff
purports to quote the solicitation: “[i]n particular, the RFP states that ‘[u]se of the Government
UAS relieves the Offeror from providing any additional information for . . . Device User
7
The solicitation states that the NGLD-M’s USB capabilities are to be “used for supporting data movement
with valid and approved systems and for charging of NGLD-M batteries. Data to be moved includes, but is not
limited to, SW/FW updates, certificate data (e.g., KMI IA(I), KE(I), IA(M), CA certificates, CRL/ARLs, web server
certificates, etc.), mission plans, ECU profile data, CMS packages, and the like.” AR 1252; see also NGLD-
M_SRD_0572-0588 (describing requisite functions “via USB interface”).
14
Management SRD 3.2.2.’” CACI MJAR at 18 (quoting AR 1505). The Court notes Plaintiff’s
choice of a short ellipsis, suggesting to the Court a single sentence is quoted. Yet, the cited
section reads in full as follows:
L24.4 Sub-Factor 1.2. UAS Approach/KMI Implementation
Use of the Government UAS relieves the Offeror from providing any additional
information for this sub-factor, apart from a statement that the Offeror will utilize
the Government UAS. If the Offeror is choosing to develop and deliver their own
UAS solution, the Offeror shall describe the proposed NGLD-M UAS design
from perspectives aligned with the below Elements. This description shall be at a
level of detail that provides the Government confidence that the Offeror has a
design that will allow this UAS to satisfy the SRD requirements, incorporates
KMI capabilities and management design requirements, takes non-functional
requirements into consideration, and ensures fulfilment of all security
requirements.
AR 1505 (emphasis added). There is nothing in this paragraph referencing “Device User
Management SRD 3.2.2,” and certainly nothing referencing it within the single sentence that
Plaintiff appears to quote. To be fair, Plaintiff also cites to AR 1518, where the term does indeed
appear but only after the conclusion of the full paragraph referencing “[u]se of the Government
UAS . . . .” AR 1518. More importantly, however, these segments of the solicitation speak at
most to an offeror needing not provide “any additional information” for a particular sub-factor.
AR 1505 (emphasis added). There is nothing in either of Plaintiff’s cited segments of the
solicitation supporting the entirely different proposition that offerors “did not need to address,
nor would they be evaluated” on whether their proposals satisfy the Army’s baseline
requirements for 2FA. CACI MJAR at 1 (emphasis added).
Moreover, as the government correctly points out, Plaintiff’s initial proposal resulted in a
deficiency for failure to “define a two-factor authentication approach for Medium Assurance
(“MA”) mode (NGLD-M_SRD_0025),” AR 6910, yet Plaintiff did not take issue at that time
with the Army—to borrow a phrase—having “evaluated [its] approach to [2FA] authentication.”
In fact, in response to the initial deficiency, Plaintiff revised its proposal to directly address the
solicitation’s 2FA requirements. See AR 5435-36 (Plaintiff’s “Technical Change Cover Sheet,”
preceding its revised proposal, explaining “[t]he MCL meets NGLD-M requirements for the
submission of login credentials including a two-factor authentication (2FA) token (NGLD-
M_SRD_0055, NGLD-M_SRD_0025 and NGLD-M_SRD_0033) as part of Authentication,
Authorization, Accounting (AAA) state per SRD section 3.1 during user login” and “
is being proposed to serve this purpose.”); see also
AR 5484. In other words, instead of challenging the Army’s authority to assign a deficiency
directly related to 2FA in its initial evaluation, Plaintiff promptly revised its proposal. Only
now, post-award, does Plaintiff challenge the Army’s authority to “evaluate” an offeror’s 2FA
approach.
Nevertheless, even accepting Plaintiff’s contention—that use of the government’s UAS
precluded the Army’s evaluation of Plaintiff’s 2FA approach—there is simply nothing in the
15
final technical evaluation report suggesting that the Army actually “evaluated [Plaintiff’s]
approach to [2FA] . . . .” CACI MJAR at 1 (emphasis added). Rather, the evaluation report
simply observes that Plaintiff’s “proposed design has [a] single USB-C port which is required to
support both two-factor authentication dongle and USB data distributing requirements which
physically does not allow the device to maintain a two-factor authenticated sessions and perform
USB Receiving requirements.” AR 5066 (emphasis added). Stated differently, Plaintiff’s
chosen 2FA solution revealed a design limitation. This limitation could have manifested itself in
an entirely different circumstance had Plaintiff, for example, proposed some other mission-
critical peripheral be attached via USB while the device is operating. Plaintiff’s proposed 2FA
solution necessarily commandeers the single USB port in Plaintiff’s design (discussed further
below); thus, the identified flaw is in Plaintiff’s design, not its 2FA solution or approach.
Contrary to Plaintiff’s suggestions, the Army was not questioning whether (or how) Plaintiff’s
proposed 2FA solution itself accomplishes 2FA. Instead, the Army took issue with Plaintiff’s
“design methodology,” AR 5066-67, which precluded the device from accomplishing multiple
requirements at the same time.
b. Plaintiff’s 2FA solution necessitates continuous use of the only USB port
Plaintiff next objects to the Army’s conclusion that its particular “design approach
requires the continuous use of the only USB-C interface on the device to maintain a two factor
authenticated session.” AR 5066. Recall, the Army evaluators observed that:
[Plaintiff’s] proposal’s approach to meeting the two-factor authentication
requirements is an external USB-C dongle and . The
proposed design has single USB-C port which is required to support both two-
factor authentication dongle and USB data receiving requirements which
physically does not allow the device to maintain a two-factor authenticated
sessions and perform USB Receiving requirements. On Volume 2, page 14 the
Offeror proposes to resolve this conflict through the following statement “The
external USB-C [Two-Factor Authentication] 2FA device is required to be
attached during login authentication in both MA or HA modes and required to be
inserted in response to periodic reauthentication.” According to IASRD TOK-2
“The authentication period for a token shall conclude when the token is removed
from the host/terminal interface. Under agreed upon conditions, the token may be
required to be removed from the equipment after authentication of the user is
completed.” The proposal does not discuss or mention any “agreed upon
conditions” with the National Security Agency when an authenticated session can
be maintained after removal of the token. The proposed design does not meet the
NGLD-M requirements without violating IASRD TOK-2 as well as adherence to
Risk Management Framework security policies regarding authentication sessions
to meet receiving data requirements across the USB.
AR 5066; see also id. (“data distributing” deficiency). Plaintiff argues that the solicitation only
requires 2FA in Medium and High Assurance (“HA”) modes “when started,” citing NGLD-
M_SRD_0025 and NGLD-M_SRD_0033, and that “[a] requirement for 2-FA to be continuous is
not included in the RFP or any other requirements.” CACI MJAR at 20 (emphasis added).
16
According to Plaintiff, “[t]here is simply no SRD requirement for the 2-FA external USB device
to remain inserted throughout a session . . . .” Id. The government counters, however, that the
Information Assurance Security Requirements Directive (“IASRD”), 8 which is incorporated into
the solicitation, 9 effectively requires that authentication be continuous, absent agreed upon
conditions, when a design incorporates the use of a “token” 10 for 2FA, as Plaintiff proposed via
its external USB-C dongle. USA MJAR at 32.
The Court reads the government’s argument as the better of the two. 11 Per the relevant
section of the IASRD:
The authentication period for a token shall conclude when the token is removed
from the host/terminal interface. Under agreed upon conditions, the token may be
required to be removed from the equipment after authentication of the user is
completed.
AR 7983. While the solicitation may not expressly require that authentication be “continuous,”
the IASRD—clearly incorporated into the solicitation—effectively creates a default or
presumption that a token, if used for 2FA, remain inserted in the device for purposes of
authentication absent agreed upon conditions. Plaintiff did not provide the Army with any such
conditions; instead, it argues it did not need to address conditions for removal. CACI MJAR at
23. But, if Plaintiff is correct, where would that leave the evaluators? The Court, instead,
accepts the government’s invitation to “read the 2FA requirements in the SRD and the IASRD
together.” USA MJAR at 34. Although the solicitation “uses the term ‘when started’ in certain
places, the cited portions of the SRD are silent on removal. The IASRD fills the gap and
requires continuous 2FA by stating that the token can only ‘be removed from the equipment after
authentication of the user is completed’ upon agreed upon conditions.” Id. at 34-35 (citations
omitted). Thus, absent such agreed upon conditions, or any evidence thereof, Plaintiff’s 2FA
8
The IASRD “is a National Security Administration (NSA) security document that contains a core set of
product level security requirements for the protection of Top Secret Information.” USA MJAR at 5 (citing AR
7894).
9
The solicitation provides that “[t]he Offeror shall address the requirements outlined in the Engineering
Development Performance Work Statement (PWS), Program Management Statement of Work (SOW), Contract
Data Requirements Lists (CDRLs), NGLD-M System Requirements Document (SRD), Technical Security
Requirements Document (TSRD), and the Information Assurance Security Requirements Directive (IASRD),” AR
1024 (emphasis added), and “[a]dditionally, requirements from the National Security Agency (NSA) including the
Technical Security Requirement Document (TSRD) and Information Assurance Security Requirements Document
(IASRD),” AR 1055 (emphasis added).
10
The IASRD provides that “[a] token is a physical device that is used to store and carry cryptographic
material (keys and certificates) to support user identity authentication. Tokens are typically small enough to be
carried in a pocket and may take on a wide range of the form factors such as a smart card or universal serial bus
(USB) token.” AR 7982.
11
It is worth noting that a sizable portion of Plaintiff’s argument on this issue rests on the grounds that the
Army “unreasonably identified Deficiencies for failure to meet requirements not stated among the RFP’s evaluation
criteria.” CACI MJAR at 19. According to Plaintiff, “the RFP Section M identified the exclusive list of criteria to
be used to evaluate the Technical Factor. Instead of using RFP Section M to evaluate CACI’s approach to 2-FA, the
Government cited to the SRD Traceability Matrix as the basis for these Deficiencies, which is distinct from the SRD
and not included in RFP Section M, to support the two assessed 2-FA Deficiencies.” Id. Confronted with the fact
that the solicitation did, in fact, incorporate the traceability matrix, Plaintiff withdrew that particular protest ground.
CACI Reply at 1 n.1; see also USA MJAR at 34.
17
approach would need to remain inserted in the device, necessitating an additional available USB
port for data receiving and distributing purposes.
c. Plaintiff’s proposed design only includes a single USB port
The Court moves to what can safely be considered Plaintiff’s central argument and
objection: that “the Army inexplicably found that CACI’s proposed design only included a single
USB port, when, in fact, CACI’s proposal clearly indicated that its proposed design included
both a USB-C and a USB-2.0 port.” CACI MJAR at 1; see also id. at 14 (“[T]he evaluators
mistakenly concluded that CACI’s proposed MCL device design had just a single USB port.”).
In reviewing the record, however, there is nothing “inexplicable” at all about the Army
evaluators’ conclusion that Plaintiff’s design includes a single USB port. In fact, Plaintiff’s own
proposal says so.
First, section 1.1.1.1.6 of Plaintiff’s proposal—notably titled “Physical External
Interface”—includes a segment titled “USB” that, to any reasonable reader, sets forth the
design’s USB capabilities and functionalities:
USB [SRD ID 569, 570, 588]: The MCL incorporates a ruggedized IP68-rated
USB-C connector and corresponding dust cover. The COTS USB-C connector
supports two operating modes where mode selection is based on attached devices.
These modes support either high speed USB 3.0 + USB 2.0 or Display Port +
USB 2.0 interfaces through the single USB-C connector and fully supports USB
On-The-Go (OTG) operation (SRD ID 569, USB 3.0 exceeds SRD threshold
requiring USB 2.0) . . . . The USB-C interface supports the power rating required
(supports 3A to 5A, battery requires 2.03A) to operate the device while charging
the battery (SRD ID 574, Meets Objective). The MCL USB-C solution supports
future innovation using the USB-C connector, which has become the standard
interface for handheld and portable devices, including smartphones and laptops.
USB-C is the next generation USB interface that is fully backward capable and
future-proof.
AR 5478-79 (emphasis in original). The Court draws special attention to the proposal’s choice
of wording. Plaintiff’s design “incorporates a ruggedized IP68-rated USB-C connector . . . .” Id.
(emphasis added). “The COTS USB-C connector supports two operating modes . . . .” Id.
(emphasis added). Most tellingly, “[t]hese modes support either high speed USB 3.0 + USB 2.0
or Display Port + USB 2.0 interfaces through the single USB-C connector . . . .” Id. (emphasis
added). To read this section of the proposal as indicating anything more than a single accessible
USB port would be, frankly, “inexplicable” and unreasonable. Indeed, there is no mention
whatsoever of a second USB port in the section labeled “USB.” See AR 5478-79.
Plaintiff attempts to overcome this fact by first arguing that the Army unreasonably relied
on Plaintiff’s “prototype,” which was shown during an optional demonstration and on which the
Army allegedly should not have relied in assigning deficiencies to Plaintiff’s proposal.
According to Plaintiff,
18
On Febmaiy 4, 2021, prior to the Almy's assessment of the related Deficiencies,
[Plaintiff] provided the optional demonstration of its prototype product to
designated Almy evaluators. As indicated in its Technical Proposal, [Plaintiff]
had already prototyped I% of the SRD's hai·dware requirements prior to its
proposal submission. The prototype device that [Plaintiff] demonstrated already
included a visible external USB-C port. The printed circuit boai·d in the CACI
prototype also included a second built-in USB port, consistent with Figure 5,
MCL Block Dia ·a.in in Plaintiffs Technical Pro osal. Because Plaintif had
this second po1i, this second USB po1i was not visible to the
Almy's eva uators during the product demonstration. It appeai·s that the Almy's
evaluators relied in significant pa.ii on their external view of the CACI prototype
product, rather than [Plaintiffs] unainbiguous proposal responses ...to conclude
enoneously that [Plaintiffs] MCL device design included only a single USB po1i.
CACI MJAR at 15 (citations omitted). Plaintiff fmther ai·gues that "[s]uch an evaluation
contradicts the RFP instruction that 'Offeror demonstrations may only positively impact the risk
rating based on the demonstrated ability to meet the NGLD-M requirements."' Id. at 15-16
(citing AR 1487). Even accepting as hue Plaintiffs contention that a demonstration may not
negatively impact an offeror's evaluation, nothing in Plaintiffs cited segment of the solicitation
provides that the prototype itself, if presented as the offeror's revised proposal, may not
negatively impact an offeror's risk rating. Alld from all appeai·ances, the same or similai·
prototype shown during the demonstration is what Plaintiff presented to the Almy in its final,
revised proposal.
For exainple, Figure 4 of Plaintiffs revised proposal demonsti·ates the "MCL Physical
Design Elements" and declai·es that "[o]ur functional prototype is ready for Government
UAS/API development and integration on Day 1 of award." AR 5473 (emphasis added). Figure
4 unambiguously shows a single USB-C po1i on the self-identified "prototype," as follows:
19
e Plaintiff admits it "included a visible
external
" for
consideration in its revised proposal, as Figure 4 appears to indicate, then the Comi considers it
entirely reasonable to conclude that-to boITow Plaintiffs wording-its alleged "second USB
po1i was not visible to the Anny's evaluators during" the final evaluation of Plaintiffs proposal.
Plaintiffs demonstration did not undennine its evaluation; its self-identified "prototype" design,
which "is ready for Government UAS/API development and integration on Day 1 of award,"
however, ultimately did. AR 5473.
Plaintiff attempts to rescue itself by pointing to section 1.1.2.1 of its proposal, wherein it
states that the desi "inco1 orates an additional USB 2.0 interface to suppo1i the future addition
of devices like ." AR 5485; see also CACI MJAR at 17
("While CACI did propose only a single USB-C po1i, there was no RFP requirement to propose
more than one, or any, USB-C po1i, and its proposed device design plainly includes a second
USB po1i, a USB-2.0 po1i, which is capable of meeting all of the RFP's USB data distribution
and receiving requirements.") (emphasis in original). Additionally, Plaintiff asserts that its
"device design clearly includes two COTS-item USB po1is which have already achieved TRL-9:
a USB-2 Expansion Po1i and a USB-C Po1i." CACI MJAR at 16 (citing AR 5474). None of
these arglllllents or cited pages of the record suppo1i a finding that the Almy acted arbitrarily or
capriciously in assigning deficiencies to Plaintiffs proposal.
First, the proposal's mention of "an additional USB 2.0 interface" appears not in the
"USB" or "Physical External Interface" sections of the proposal, but rather pages later, buried
within a section concerning "Operating System." AR 5485. Any reasonable evaluator--or any
reasonable reader for that matter-when searching the proposal for indications of a second (or
third, or so on) USB port would rationally tmn to the sub-section titled "USB" under the section
"Physical External Interface." Agencies must indeed review the whole proposal, but they are not
compelled to comb the record for info1mation that an offeror does not othe1wise adequately
present through a well-written proposal. KSC Boss All., LLC, 142 Fed. Cl. at 382 ("An offeror
has the responsibility to submit a well-written proposal with adequately detailed info1mation that
allows for a meaningful review by the procuring agency." (quoting Structural Assocs.,
Inc./Comfort Sys. USA (Syracuse) Joint Venture v. United States, 89 Fed. Cl. 735, 744
(2009))). 12
12 For good measure, the Cowt observes that-to the best of its knowledge after a thorough review of the
record-the first instance in which the term "USB-2.0 po1t" occw·s is not within Plaintiff's proposal but, rather, in
Plaintiff's complaint and briefings to this Court in the instant matter. See ECF No. 1 at 37 ("Compl.") (Plaintiff
asserting its "proposed device design plainly includes a second USB port, a USB-2.0 port, which is capable of
meeting all of the RFP' s USB data distribution and receiving requirements."). Plaintiff's proposal does, however,
use the tenn "USB-C po1t" multiple times. See AR 5484, 5520. Its proposal also uses the tenn "USB-C connector"
multiple times, which under a plain reading the Cowt inte1prets as interchangeable with USB-C "port." See, e.g.,
AR 5478 ("The MCL inco1pora.tes a mggedized IP68-rated USB-C connector and coITesponding dust cover."). Yet,
the term "USB-2.0 connector" appears nowhere in the proposal.
20
Second,as the government points out,USB "2.0" (and " 3.0") "are protocols used to
identify the manner in which a USB device communicates and not physical characteristics used
to describe a USB po1i ...." USA MJAR at 3 0. But the Comi need not take judicial notice of
that technical fact; rather,Plaintiffs own proposal demonstrates the distinction. See AR 5478
("The COTS USB-C connector suppo1is two operating modes where mode selection is based on
attached devices. These modes support either high speed USE 3.0 + USE 2.0 or Display Po1i +
USB 2.0interfaces through the single USE-C connector . ...") (emphasis added).13 Plaintiff,for
that matter, even concedes as much in its motion for judgment on the administrative record.
CACI MJAR at 10n.4 ("USB 2.0and USB 3.0defines the data transfer speed and the function
of the USB cable,while USB-C refers to the shape of the cable plugs and ports.").
Third,context suggests that Plaintiff knew exactly what it meant when it proposed a
"single USB-C connector." AR 5478. In presentin the "MCL Platfonn Architectme,"
Plaintiff's final ro osal states that "[i]n addition to ...there
peripheral circuit cards:
." AR 5485. If Plaintiff's desi gn actually includes a "second USB po11,a USB-2.0
po1i," CACI MJAR at 17,one should reasonably expect its identification-or at least,its
mention-in the MCL Platfo1m Architectme description of Input/Output peripheral circuit cards.
Yet,only the USB-C is expressly paired with an Input/Output peripheral circuit card in
Plaintiff's final proposal. Moreover,the way in which Plaintiff's proposal describes its USB-C
po1i differs markedly from its passing reference to "USB 2.0." For example,Plaintiffs design
"inco1porates a ruggedized IP68-ratedUSB-C connector and corresponding dust cover." AR
5478 (emphasis added). In contrast,its alleged second USB po1i is described-recall,in an
entirely separate section of the ro osal-as merely "an additional ...interface to suppo1i the
future addition of devices ...." AR 5485. Plaintiff's USB-C is also
presented as "suppo1i[ing] the power rating required (suppo11s 3A to 5A,batte1y requires 2.03A)
to operate the device while charging the batte1y (SRD ID 574, Meets Objective)." AR 5478
(emphasis in original). Yet,nowhere in the proposal does Plaintiff describe its "USB 2.0" as
meeting similar requirements.
Fomih,context fmiher suggests that even if Plaintiff contemplated a second USB port, it
was only in te1ms of a future addition to the device-not something that would be available to
the user on Day 1. For example,Plaintiff asse1is that Figme 5,the "MCL Block Diagram,"
shows a "USB-2 Expansion Po1i and a USB-C Po1i," thus its design "clearly includes two
COTS-item USB po11s ...." CACI MJAR at 16 (citing AR 5474). If both were physical po1is
available on Day 1, however,there would presumably be no need to label one po11 an
"expansion " but not the other. Moreover,the proposal's reference to "an additional USB 2.0
interface " mentions only the ''future addition of devices
-·" AR 5485 em hasis added . Related! Figure 10demonstrates the location on the
�for a "Future ," AR 5479 (emphasis added),and the same
page in the proposal states that Plaintiff's "design provisions a dedicated interface and external
13 The Comt also suggests that it would be reasonable for the Anny to wonder what kind of port Plaintiff
has in mind for its "USB 2.0 interface." Does Plaintiff intend for it to use a USB-A connector? USB-B? USB
Micro-A? Mini-A? Micro-B? Mini-B? Plaintiff does not say, and neither the govemment nor the Comt should
have to guess.
21
connector in support of the optional accessory. This requirement is not
included in our Integrated Master Schedule (IMS) as we expect this requirement to be addressed
through an Engineering Change Proposal (ECP).” Id. As the government correctly points out,
“[i]f [Plaintiff’s] proposed design already included a second USB port, . . . there would be no
need for an ECP. would simply plug into the back of the existing
device.” USA MJAR at 29-30 (citation omitted).
In short, the Court finds nothing unreasonable about the Army’s technical evaluation of
Plaintiff’s proposal. 14 The solicitation plainly required 2FA. If 2FA was to be accomplished via
a token, as Plaintiff’s design proposes, the authentication period would end upon removal of the
token, absent agreed upon conditions. Plaintiff provided no such conditions or evidence thereof.
An additional USB port was therefore needed for the NGLD-M to simultaneously perform other
critical functions. Plaintiff’s design proposal—under any reasonable or rational reading—
incorporates a single USB port, which, as was reasonably determined by the Army, cannot carry
out necessary functions simultaneously. Accordingly, the Army evaluators were neither
arbitrary nor capricious in assigning two deficiencies to Plaintiff’s design methodology.
2. The Army Reasonably Assigned a Deficiency for CACI’s Failure to Provide Size
and Weight Information for its 2FA Solution
CACI also asserts that the Army acted unreasonably in assigning it a deficiency related to
the Size, Weight, and Power (“SWAP”) requirements of this procurement. See CACI MJAR at
24-29. As is explained below, the Court finds that not only were the Army evaluators reasonable
in assigning CACI a deficiency for failing to satisfy the SWAP requirements, but that they were
entirely correct in doing so.
As a threshold matter, the Court briefly reviews the unambiguous SWAP requirements
for this procurement. The Army required that the NGLD-M weigh less than eight pounds and be
no greater than 7.75” long, 4.5” wide, and 2.5” deep. AR 1260. These dimensions not only
provide parameters for the device itself, but for “operational hardware used to perform NGLD-M
functions.” Id. Operational hardware encompasses the “primary device, batteries and
accessories required to operate the NGLD-M.” Id. Only “[s]tandalone cables that provide a
means of interfacing with systems, devices or power sources that are outside of the NGLD-M
system context are exempt from the SWAP requirements.” Id.
14
Plaintiff makes one last pitch, arguing that the 2FA deficiencies are the product of a latent ambiguity in
the solicitation and that any such ambiguity should be resolved against the government as the drafter of the
solicitation. According to Plaintiff, “[t]he plain reading of the SRD Traceability Matrix the Army cites for the
requirement is that 2-FA is only required ‘when started.’” CACI MJAR at 29-30 (citation omitted). A plain reading
of the solicitation, including the IASRD requirement when a “token” is used for 2FA, reveals no latent ambiguity.
As the government correctly points out, any such ambiguity—if one exists—would be patent, as the SRD’s demand
for authentication “when started” would facially conflict with the IASRD’s requirement that removal of the “token”
occur only after “agreed upon conditions.” USA MJAR at 40. Plaintiff, thus, would need to have challenged the
solicitation pre-award, not post-award. Blue & Gold Fleet, L.P. v. United States, 492 F.3d 1308, 1315 (Fed. Cir.
2007) (“[A] party who has the opportunity to object to the terms of a government solicitation containing a patent
error and fails to do so prior to the close of the bidding process waives its ability to raise the same objection
afterwards in a § 1491(b) action in the Court of Federal Claims.”).
22
CACI’s initial proposal complied with the solicitation’s SWAP requirements. See AR
1565. However, after CACI revised its proposal to address a question that the Army raised
regarding how 2FA would be achieved in Medium Assurance mode, the Army identified that this
solution created an issue regarding SWAP compliance. See AR 5063-64. This is because CACI
proposed to use an external dongle, namely the YubiKey, to successfully achieve 2FA, but in
doing so it neglected to update its SWAP information or provide the requisite measurements to
the Army. Unfortunately for CACI, when it removed one of the Hydra’s heads, three more
appeared in its place. The end result of CACI adding the YubiKey to achieve 2FA was CACI
not being awarded the NGLD-M contract because of three new deficiencies: two related to the
requirements for USB functionality (discussed above) and one for failure to demonstrate SWAP
compliance. AR 7138.
Regarding the deficiency assigned for failure to provide updated SWAP information,
CACI argues that the Army erroneously assigned that deficiency because the YubiKey is an
external device and thus is not included in the SWAP requirements. See CACI MJAR at 25-26.
CACI analogizes the YubiKey to a cellphone or RSA token, both of which are external devices,
and asserts that because neither of those would be considered operational hardware, neither
should the YubiKey. 15 See CACI Reply at 25-26. Further, CACI argues that because the device
would have a limited use outside of MA and HA mode, the YubiKey is not operational hardware
because the YubiKey is only needed to achieve 2FA. See CACI MJAR at 26-28.
It is apparent to the Court that the Army evaluators reasonably determined that the SWAP
dimensions in CACI’s revised proposal did not include the YubiKey. In fact, CACI’s updated
proposal does not indicate any changes between its initial and final proposals in the sections
pertaining to SWAP. 16 Compare AR 1565 with AR 5474 (changes denoted in blue text). CACI
also concedes as much. CACI MJAR at 28. What CACI contests, however, is the determination
that the YubiKey is operational hardware. See generally CACI MJAR 25-28.
According to the Army, knowing the size and weight of all operational hardware in an
offeror’s proposal is important because: 1) the NGLD-M could, and is expected to be, utilized on
the battlefield; and 2) it needs certain external operational hardware to function. See AR 1348;
1207-10 (describing the various triggers and requirements to enter different modes). Most
important to the SWAP deficiency, the device requires 2FA to enter MA and HA modes, AR
1272-73, which CACI ultimately chose to accomplish via an external USB dongle. See AR
5661. The solicitation makes clear that without successful 2FA, the device is useless outside of
turning on, being in alarm mode, or zeroizing. See AR 1207-10. The key question, then, is
whether the YubiKey is operational hardware necessary to “operate the NGLD-M”?
In answering this question, it is important to focus on what the NGLD-M is: a device to
decrypt and encrypt information, namely commands and orders on the battlefield. See AR 1348.
That information is only accessible if users are able, through 2FA, to verify that they are who
15
CACI offers no support for the proposition that a cellphone or an RSA token would not be considered
operational hardware.
16
The Court notes that despite there being no blue text indicating a change in the final bid, there are some
changes in the weight of the MCL with accessories. That being said, the weight of the device and operational
hardware is irrelevant to CACI’s SWAP deficiency. Compare AR 1565 with AR 5474.
23
they say they are and have the appropriate clearances to receive such information. See generally
AR 7971-87 (defining 2FA and its purpose/goals). In arguing that the YubiKey is not
operational hardware, CACI in fact demonstrates its own misunderstanding of the SRD
requirements. The solicitation makes clear that there are only two modes the NGLD-M can
operate in: MA and HA. AR 1268. 17 The only way to activate those modes is to first achieve
2FA. See AR 1272-73; see also 1207-10 (diagramming the “life cycle” of NGLD-M use).
CACI proposed to do so with the YubiKey. See AR 5484. The Court finds that it is reasonable
that the Army concluded that without the YubiKey, CACI’s device could not “operate.” Thus,
because the YubiKey would be something required to operate the NGLD-M, it follows that the
YubiKey is operational hardware. See AR 1260 (“operational hardware may contain . . .
accessories required to operate the NGLD-M.”). Accordingly, CACI failed to comply with the
terms of the solicitation when it did not include the YubiKey’s dimensions in its revised, final
proposal.
Additionally, the Court is not persuaded by CACI’s argument that the Army evaluators
“just Google” the YubiKey’s measurements to give them the confidence that the SWAP
requirements would be met—if only it were that easy. In fact, the Court notes that CACI never
specifies exactly which YubiKey product it plans to use. See CACI MJAR at 28-29 (“CACI
specifically identified the brand and model of the COTS device that it proposed to achieve 2-FA-
the YubiKey - but it did not include the physical specification of the YubiKey . . . .
there are several versions of its COTS YubiKey .”) (emphasis added).
The Court understands that CACI, for argument’s sake, utilized the measurements of the longest,
commercially available YubiKey. But, importantly, the arena to consider whether the YubiKey
actually fits within the SWAP requirements is at the agency—during procurement—not in the
midst of post-award litigation. See Murakami v. United States, 46 Fed. Cl. 731, 735 (2000),
aff’d, 398 F.3d 1342 (Fed. Cir. 2005) (“[L]est the admission of evidence not considered by the
agency below and its consideration by the court convert the ‘arbitrary and capricious’ standard
into effectively de novo review.”). Beyond that, in the course of briefing this motion, three
different measurements of the full length of CACI’s device were asserted. Compare CACI
MJAR at 29 (total length of ”) with USA MJAR at 39 (total length of ”) and CACI Reply
at 26 (noting the YubiKey would be inserted into the NGLD-M, which results in a measurement
mm less than the government’s calculations). If counsel, including Plaintiff’s own counsel,
are unable to arrive at a consensus of the total length of CACI’s device, then the Army likewise
did not have the information necessary to determine whether CACI’s device—with the YubiKey
inserted—met the SWAP requirements. See AR 1504 (“The Offeror shall describe it’s [sic]
proposed NGLD-M physical design to a level of detail that provides the Government confidence
that the proposed design will meet Size, Weight and Power (SWAP) . . . requirements listed in
the SRD.”).
Attempting to land one last punch, CACI argues that its interpretation of the YubiKey as
not operational hardware is equally reasonable as the Army’s determination that it is, which
17
CACI’s argument regarding this appears to conflate the idea of “states” and “modes” for the NGLD-M.
The NGLD-M is only capable of two modes: MA and HA. See AR 1268. What CACI relies on for purposes of this
argument are, in fact, states, which are defined as “the current snapshot of the system at a given time, for example
Power Up, Normal Operation: Interactive etc. The state can transition to another state based on triggers or
stimulus.” Id.
24
gives rise to a latent ambiguity. See CACI MJAR at 30-32. Ambiguities are latent if they are
not apparent on the face of the solicitation. Cmty. Heating & Plumbing Co. v. Kelso, 987 F.2d
1575, 1579 (Fed. Cir. 1993); see also C.N. Constr., Inc. v. United States, 107 Fed. Cl. 503, 512
(2012) (“A latent ambiguity is not apparent on the face of the solicitation and is not discoverable
through reasonable or customary care.”) (citation and internal quotations omitted). In contrast, a
patent ambiguity “is present when the contract contains facially inconsistent provisions that
would place a reasonable contractor on notice and prompt the contractor to rectify the
inconsistency by inquiring of the appropriate parties.” Stratos Mobile Networks USA, LLC v.
United States, 213 F.3d 1375, 1381 (Fed. Cir. 2000). The Court agrees with the government and
Defendant-Intervenors that the plain language of the SRD is clear in defining operational
hardware as including those accessories that make the NGLD-M operational. The only evidence
CACI directs the Court to in its attempt to demonstrate an ambiguity is an alleged inconsistent
treatment between its YubiKey and SNC’s CIK. See CACI MJAR at 31. CACI does not point
to any place in the solicitation as the source of the alleged ambiguity, nor does it cite the
solicitation’s definition of “external device” and argue how the YubiKey fits into that definition.
See generally CACI MJAR at 30-32. The Court agrees with the Army that the YubiKey
unambiguously fits within the definition of operational hardware.
In sum, the Army must be given enough information to draw a reasonable conclusion that
CACI’s proposed device would meet the solicitation’s SWAP requirements. CACI failed to
include a critical piece of such information in bidding for this contract. Therefore, the Army did
not act unreasonably when it assigned CACI a deficiency for failing to meet the SWAP
requirements.
CONCLUSION
For the reasons set forth above, Plaintiff failed to establish that it has standing to bring
the instant protest. As stated in the Court’s December 21, 2021, order, ECF No. 61, Plaintiff’s
complaint is dismissed for lack of subject matter jurisdiction, and the Clerk shall enter judgment
accordingly.
The parties shall confer to determine agreed-to proposed redactions to this opinion. On
or before January 10, 2022, the parties shall file a joint status report indicating their agreement
on proposed redactions, attaching a copy of those pages of the Court’s opinion that contain
proposed redactions, with all proposed redactions clearly indicated.
IT IS SO ORDERED.
s/ Zachary N. Somers
ZACHARY N. SOMERS
Judge
25