Skip to the main content.
Free Case Review




green lock security thumb

green lock security thumb



green lock security thumb

green lock security thumb



3 min read

Colorado Springs Company Protests NSA IDIQ Award to Competitor

NSA GAO IDIQ award protest

Root9B, LLC, a small business in Colorado Springs, Colorado, protested a contract award to Chiron Technology Services, Inc. The National Security Agency (“NSA”) awarded the contract for cybersecurity training services.  The Government Accountability Office (“GAO”) denied the protest.


            The NSA issued a Request for Proposal (“RFP”) in November of 2018.  The RFP solicited proposals for the delivery of cybersecurity training courses for the National Cryptologic School under an indefinite-delivery, indefinite-quantity (“IDIQ”) contract.  The RFP said that the NSA would award the contract to the offeror whose proposal provided the best value to the government.  The RFP stated three non-price evaluation factors: technical, management, and past performance.  These three factors, when combined, carried more weight in the source-selection process than the proposed prices.

            The NSA only received two proposals, one from Root9B and the other from Chiron.  The NSA evaluation found multiple weaknesses and deficiencies in Root9B’s technical proposal.   The NSA claimed Root9B did not account for uncertainties in the nature of the classes to be delivered.  This created performance risks, but the proposal did not contain any strategies to mitigate such risks.  The Source Selection Evaluation Board (SSEB) found Root9B’s proposal did not provide the government with enough information about how the contractor would mitigate this “course uncertainty.”  Due to such uncertainty, the SSEB concluded that Root9B’s proposal “posed an unacceptable risk of unsuccessful performance.”

Evaluation of Root9’s Proposal

            Root9B claimed the NSA misevaluated its proposal as unacceptable under the performance risk subfactor.  It also argued that the NSA improperly determined that the winning bidder’s contract price was reasonable.  Root9B challenged the evaluation of its technical proposal arguing that the NSA unreasonably assessed weaknesses and deficiency.  It challenged the SSEB’s assessment of the deficiency in its proposal under the performance risk assessment subfactor for not adequately addressing mitigation strategies.  Root9B said the RFP directed it to provide required courses despite not knowing what courses the NSA might order.

Root9B said that it provided an approach to performing course currency task orders in its proposal, but the RFP did not request specific approaches to course content or task orders.  Root9B said that the RFP provided direction to address uncertainty in the specific nature of the classes to be delivered in relation to the different skill and topic levels.  Root9B argued that it satisfied this direction by explaining its capability to provide courses on any particular topic area, at varying skill levels, in multiple locations, its potential to provide training in all potential class locations, as well as the depth of its team instructors. 

            The NSA, however, argued Root9B’s proposal did not provide a sufficient approach to mitigate risks associated with course topics that were not specified in the RFP.  It argued that the RFP directed offerors to account for the specific nature of the classes to be delivered in each knowledge and skill level.  It also required them to mitigate performance risks created by uncertainties about class topics. It said that the NSA properly assessed a deficiency in Root9B’s proposal.  The NSA concluded Root9B did not satisfactorily address how it would mitigate the risk associated with “providing current course content for dynamic topic areas.”

The GAO found that the NSA’s method for evaluating the merits of competing proposals is within the agency’s discretion.  The GAO indicated that instead of reevaluating proposals or substituting its judgment for an agency’s evaluators, it reviewed the record to determine if the agency’s evaluation was reasonable and consistent with the solicitation’s evaluation criteria.  It found the NSA’s evaluation of Root9B’s proposal was reasonable.  It noted the Root9B proposal did not describe who would mitigate issues and how they would be mitigated.  NSA’s assessment of Root9B’s deficiency was deemed reasonable and consistent with the evaluation criteria in the RFP.

            GAO disagreed with Root9B’s argument that the NSA did not treat the two companies equally when it evaluated their proposals.  Chiron proposed multiple triggers used to identify and prioritize change to course content outside of the normal maintenance cycle.  It also proposed greater communication that would be used to recommend course updates. The GAO denied Root9B’s challenges to the NSA’s technical evaluation of its proposal.

Price Reasonableness Determination

            Root9B also argued that the NSA improperly determined that Chiron’s bid price was reasonable.  It claimed the NSA’s comparison of Chiron’s price to the independent government estimate was improper because the estimate was “factually unsupported.”  The NSA, however, argued that Chiron’s price was obtained through competition where the agency received multiple proposals. The NSA said that it reasonably assessed Chiron’s price, which was four percent above the government estimate.  The NSA asserted that its estimate was “a valid means to assess the reasonableness of Chiron’s evaluated price.”


            In November of 2019, the GAO denied Root9B’s post-award  protest.  This case highlights one of the principal issues that may justify a post-award bid protest (evaluation of your proposal in a manner that is not consistent with the criteria in the RFP). If you believe that you were unfairly denied a government contract award, we recommend that you contact Whitcomb Selinsky PC and discuss your case with one of our government-contracts attorneys. Consultations are always free.