ARTICLE
11 December 2024

GAO Rules Air Force Contractor Can Meet Certification Requirements Via Merger

On Nov. 13, 2024, the U.S. Government Accountability Office (GAO) sustained a protest by DecisionPoint Corp. finding that the U.S. Department of the Air Force improperly rejected...
United States Government, Public Sector

On Nov. 13, 2024, the U.S. Government Accountability Office (GAO) sustained a protest by DecisionPoint Corp. finding that the U.S. Department of the Air Force improperly rejected DecisionPoint's proposal for an $83 million task order in response to a defensive cyber realization, integration, and operational support services solicitation. The GAO determined that the Air Force should have considered DecisionPoint's merger with another entity, EmeSec, to meet the solicitation's requirement of a Level III Capability Maturity Model Integration (CMMI) certification.

The Air Force had previously deemed DecisionPoint ineligible for award, claiming the company failed to submit proof of the necessary certification. However, the GAO found the Air Force's interpretation of the solicitation as requiring immediate proof of certification was flawed, and that it had neglected to properly consider the effects of the EmeSec merger. The GAO recommended that the Air Force reevaluate DecisionPoint's proposal, assess the merger's impact, and, as appropriate, make a new source selection decision.

This case offers government contractors several key takeaways:

  • Consider the impact of corporate transactions on solicitation requirements — When considering any type of corporate transaction, government contractors should assess how the new organizational structure will impact compliance obligations under pending proposals.
  • Ensure compliance with post-closing requirements — Transactions involving government contracts, especially prime federal contracts, often include post-closing notice or consent obligations. Compliance with these requirements may have a material impact on the post-closing entity's ability to meet compliance requirements.
  • Keep implications for CMMC compliance in mind — The soon-to-be implemented Cybersecurity Maturity Model Certification 2.0 program will include similar pre-award certification requirements to those at issue in this decision. Federal contractors merging with or acquiring entities should consider the impact of the transaction on a post-closing entity's ability to continue to make CMMC (among other) certifications.

Solicitation Background and Award

On March 23, 2023, the Air Force issued a solicitation requiring offerors to submit proof of the proposed prime contractor's level III CMMI certification. On May 1, 2023, DecisionPoint— then EmeSec— submitted a proposal, identifying EmeSec as the prime contractor, noting EmeSec was a subsidiary of DecisionPoint, and including DecisionPoint's level III CMMI certificate. EmeSec also included a meaningful relationship commitment letter, which demonstrated its agreement to use DecisionPoint's certification. On June 26, 2023, DecisionPoint entered into a novation agreement with the U.S. General Services Administration, which recognized DecisionPoint as EmeSec's successor in interest. On Dec. 5, 2023, the Air Force awarded the contract to EmeSec, and DecisionPoint only then informed the Air Force of the novation.

Centuria Corp., one of the other offerors, protested this award at the GAO. The Air Force opted to take corrective action to reevaluate offerors' proposals and make a new best-value determination. The Air Force contacted the Information Systems Audit and Control Association for information regarding how it issues its CMMI certificates. After corrective action, the Air Force issued the task order to Centuria, explaining that DecisionPoint failed to submit proof of the proposed prime contractor's level III CMMI certification.

GAO Decision

DecisionPoint filed a GAO protest challenging the Air Force's award to Centuria. DecisionPoint argued the Air Force erred in interpreting the solicitation as requiring offerors to provide evidence at the time of proposal submission demonstrating that the prime contractor held a level III CMMI certification. The GAO held the Air Force's interpretation was reasonable based on the solicitation's language, which required offerors to "[s]ubmit proof of any Level III CMMI Certification for the prime contractor providing the CPT support services."

DecisionPoint then argued that the Air Force's decision that it was ineligible for award was unreasonable because the Air Force ignored EmeSec's merger into DecisionPoint and the related novation. The GAO stated the Air Force's determination that DecisionPoint's proposal was ineligible for award was both inconsistent with the terms of the solicitation and unsupported by the record. While the Air Force did not know that DecisionPoint was the prime contractor at the time of its initial evaluation, the Air Force was aware of this when it conducted its post-corrective action evaluation. Accordingly, it was incumbent on the Air Force to consider the impact of the merger. At the time the Air Force conducted its post-corrective action evaluation, DecisionPoint had included proof of its level III CMMI certificate in its proposal. Based on this determination, the GAO recommended the Air Force (1) reevaluate DecisionPoint's proposal; (2) conduct an analysis of the effect of the merger on DecisionPoint's proposed approach to performing the contract; and (3) make a new source selection decision.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More