Page 1 A Guide to the Procurement of Trusted Systems: An ... - csirt
Page 1 A Guide to the Procurement of Trusted Systems: An ... - csirt
Page 1 A Guide to the Procurement of Trusted Systems: An ... - csirt
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
During source selection, <strong>the</strong> interface with <strong>the</strong> Offerors is strictly<br />
controlled and limited <strong>to</strong> <strong>the</strong> Contracting Officer or his/her designee. Some<br />
formal communications between <strong>the</strong> Government and <strong>the</strong> Offeror(s), usually<br />
relate <strong>to</strong> clarifying <strong>the</strong> Offeror's proposal. Often a Government central<br />
point <strong>of</strong> contact for technical matters is identified, known as <strong>the</strong> Contracting<br />
Officer's Technical Representative (COTR). However, <strong>the</strong> COTR does not have <strong>the</strong><br />
authority <strong>to</strong> obligate <strong>the</strong> Government.<br />
2.4.3 AT CONTRACT AWARD<br />
Two important meetings are conducted at contract award.<br />
2.4.3.1 POST-AWARD DEBRIEFING<br />
Security technology is <strong>of</strong>ten an elimina<strong>to</strong>r in competition. This session<br />
provides feedback for industry on how well, in general terms, <strong>the</strong>ir<br />
responses met <strong>the</strong> Government's requirements. The Program Manager should attend<br />
<strong>the</strong> debriefing and be prepared <strong>to</strong> provide "lessons learned" from <strong>the</strong><br />
security vantage point. This process will help <strong>the</strong> industry representatives<br />
understand where <strong>the</strong>y were responsive and where improvements can be made.<br />
The purpose is not <strong>to</strong> recite all <strong>the</strong> details, but <strong>to</strong> point out security<br />
strengths and weaknesses noted in <strong>the</strong> evaluation <strong>of</strong> Offerors' proposals.<br />
2.4.3.2 AWARD CONFERENCE<br />
This meeting is <strong>the</strong> first formal exchange between <strong>the</strong> Government and <strong>the</strong><br />
successful Offeror, which is now termed <strong>the</strong> "Contrac<strong>to</strong>r." The Program<br />
Manager should attend <strong>the</strong> meeting <strong>to</strong> ensure that security issues are addressed<br />
and reflected in <strong>the</strong> minutes.<br />
2.4.4 AFTER CONTRACT AWARD<br />
After contract award, interface with <strong>the</strong> Contrac<strong>to</strong>r is somewhat easier. Keep<br />
<strong>the</strong> following issues in mind.<br />
2.4.4.1 OBLIGATING THE GOVERNMENT<br />
No one may obligate <strong>the</strong> Government except a Contracting Officer.<br />
2.4.4.2 CONTRACT SCOPE<br />
Specification <strong>of</strong> security is extremely difficult. What has been given <strong>to</strong> <strong>the</strong><br />
contrac<strong>to</strong>r in an RFP, or <strong>the</strong> response, may later prove <strong>to</strong> be inadequate. The<br />
implications <strong>of</strong> a modification may be great, increasing significantly <strong>the</strong><br />
effort <strong>the</strong> contrac<strong>to</strong>r originally proposed. The result is ano<strong>the</strong>r negotiation -<br />
- bargaining with security and dollars as <strong>the</strong> chips. Diluting security is<br />
not an option. Nei<strong>the</strong>r is overinflated security costs. From <strong>the</strong> Government's<br />
standpoint, two solutions apply: adequate specification in <strong>the</strong> first place or,<br />
if that has not happened, technically astute trade-<strong>of</strong>fs and cost effective<br />
technological innovation. This is <strong>the</strong> most important time <strong>to</strong> call on<br />
security expertise.<br />
2.4.4.3 TECHNICAL INTERCHANGE MEETING<br />
<strong>Page</strong> 24