Riftur

Army Instructional Support Proposal Gap Analysis for FAR/DFARS

Solicitation Name	ACO-P Cyber School
Solicitation Link	SAM.gov
Industry	NAICS 61 – Educational Services

This procurement is for non-personal instructional support services under a commercial services structure, with fixed-price CLINs, defined travel and surge controls, and DoD-specific invoicing and clause compliance. The results show the proposal is generally aligned on the schedule-driven items that are easy to state and verify, such as periods of performance, option continuity, NTE ceilings for travel and surge, and the non-personal services boundary. Where the submission becomes vulnerable is in requirements that demand affirmative representations, formal attachments, or measurable implementation details. Those gaps are not cosmetic. They affect responsiveness, eligibility under set-aside rules, and the government’s ability to accept performance and pay without delay. The most consequential exposure sits in small business compliance. If the subcontracting plan clause is operative, the absence of a complete plan with goals, SBLO responsibility, make-or-buy logic, and eSRS reporting is a high-likelihood evaluation and awardability blocker because it is often treated as a required element rather than a narrative quality factor. In parallel, the lack of an explicit limitations-on-subcontracting commitment and a prime-versus-sub staffing and personnel-cost split creates an eligibility risk that can undermine the offer even if the technical approach is strong. These omissions also reduce auditability post-award because there is no described mechanism to monitor compliance or demonstrate good-faith performance against stated thresholds. Cybersecurity is the other high-leverage gap because the solicitation’s DFARS safeguarding ecosystem hinges on more than a general promise to comply. The proposal does not clearly address the representation tied to safeguarding controls, nor does it provide the operational specifics evaluators look for, such as NIST SP 800-171 alignment posture, CUI boundary and toolset controls, incident reporting timelines and steps, media preservation, and subcontractor flowdowns. That combination can trigger responsibility concerns and increase the risk of being found unacceptable or higher risk during evaluation. Even if award proceeds, it increases the likelihood of post-award noncompliance findings because the contract will require evidenceable procedures, not intent. Several medium-level issues concentrate around evaluability and execution friction rather than core capability. The proposal’s WAWF section covers routing data and the intended invoice type, but it does not address receiving report content requirements, typical supporting attachments, or acceptance workflow details that commonly drive invoice rejects and payment delays. Administrative compliance items are also thin, including explicit acknowledgment of instruction provisions, key certifications and representations, and an installation training commitment that often gates access. Finally, the instructional services CLIN is only partially supported because the submission does not yet show a staffing and qualification mapping to the PWS, which can depress technical scoring by making labor realism and readiness hard to validate.

Output Analysis

This gap analysis maps explicit requirements and compliance obligations stated in solicitation_text.docx (SF 1449 line items, performance periods, invoicing instructions, and incorporated FAR/DFARS clauses/provisions) against the contents of input_proposal.docx (offer letter and narrative). Requirements were extracted primarily from the CLIN descriptions (0001–0004 and option CLINs), the non-personal services statement, the travel/SCR instructions, and DFARS 252.232-7006 WAWF clause fields and process steps, plus the solicitation’s clause/provision set that can impose performance and representation obligations. Coverage was assessed as Covered, Partially Covered, or Gap based on whether the proposal provides specific, actionable commitments (who/what/how), not just general statements of intent. Where the solicitation includes checked/operative provisions (e.g., 52.219-9, 52.219-14, 52.204-7, DFARS 252.204-7008/7024/7017), the proposal was checked for affirmative compliance statements, planned processes, and evidence artifacts commonly expected in DoD proposals (e.g., subcontracting plan, limitations on subcontracting approach, cybersecurity control framework alignment). Risks emphasize award evaluation vulnerability, post-award noncompliance exposure, and payment/acceptance delays stemming from missing operational details. Recommendations focus on adding precise compliance matrices, required representations, and implementation procedures to strengthen alignment to solicitation_text.docx without introducing packaging-only comments.

CLIN / Performance Requirement Coverage (SF 1449 Schedule)

Solicitation Requirement (CLIN/Section)	Reference Criteria (solicitation_text.docx)	Draft Document Evidence (input_proposal.docx)	Coverage Status	Gap/Risk Notes
Non-personal services nature of requirement	States: “This is a non-personal services contract to provide Instructional Support for the U.S. Army” and reinforces COR/CO roles	Explicitly acknowledges non-personal services; commits to avoid employer-employee relationship; mentions DFARS 252.201-7000 boundaries	Covered	Good alignment; could further define how personal services indicators will be avoided (government direction, scheduling control, tools).
CLIN 0001 Instructional Support Services (FFP) — provide management/supervision/labor per PWS	CLIN 0001: provide all necessary management, supervision and other labor to perform per PWS; FFP	Provides technical approach, program manager role, staffing stability, QC approach; references PWS alignment	Partially Covered	PWS details are not included in provided excerpt; no staffing table, labor categories, quals, or hours mapping shown—evaluation risk if required elsewhere.
CLIN 0002 Service Contract Reporting (FFP) — PWS 5.6 content + due by Oct 31	Requires SCR including composite direct/indirect/relevant/avg hours and value+comp; FY Oct–Sep; report by Oct 31	Commits to SCR per PWS 5.6; repeats data elements and timing; describes internal labor tracking	Covered	Strong; could add the exact system/portal, roles, and validation steps if PWS specifies.
CLIN 0003 Travel (FFP; reimbursed NTE; approved by COR; JTR/FAR 31.205-46)	Travel reimbursed IAW JTR and FAR 31.205-46; must be approved in advance by COR; NTE amounts by year	Acknowledges approval in advance; JTR/FAR 31.205-46; includes base/OY NTE amounts; documentation and audit readiness	Covered	Consider clarifying invoicing method for travel in WAWF (separate line/attachments) if needed.
CLIN 0004 Surge/MTT (FFP; NTE; 30 days notice; written approval; funding)	Requires MTT capability away from Ft. Gordon; CO or COR approves; no performance without prior notification, written approval, and adequate funding; 30 days notice; NTE amounts by year	Acknowledges 30 days notice; written approval/funding; maintains surge-qualified pool and playbook; cites NTE amounts	Covered	Could add readiness metrics (response time, staffing lead time) and how funding authorization is confirmed.
Option CLINs 1001–2004 periods and same CLIN requirements	Option year CLINs mirror base; periods 06 Jul 2027–05 Jul 2028 and 06 Jul 2028–05 Jul 2029	Proposal acknowledges base and both option periods and includes option-year NTE amounts	Covered	Add explicit commitment that option CLIN pricing will be provided per schedule (already stated generally).
Period of Performance (base and options)	Base 06 Jul 2026–05 Jul 2027; OY1 06 Jul 2027–05 Jul 2028; OY2 06 Jul 2028–05 Jul 2029	Explicitly restated with transition readiness; start date commitment	Covered	No gap.
Service Performance Site DoDAAC W58MUV (performance site identifier)	Performance site listing includes DoDAAC W58MUV	Not mentioned	Gap	Low/Medium: may be required for WAWF receiving/acceptance or coordination; omission could cause admin friction.
FOB Destination / delivery terms	SF1449 indicates FOB Destination unless otherwise marked	Not addressed	Gap	Typically low for services; but if any deliverables/training materials are shipped, terms matter.
PSC/NAICS identification	PSC U008; NAICS 611430	Acknowledges NAICS 611430; PSC not mentioned	Partially Covered	Usually minor; add PSC acknowledgement if solicitation expects it.

WAWF / Payment Instruction Compliance Mapping (DFARS 252.232-7006)

Payment Instruction Element	Reference Criteria (solicitation_text.docx)	Draft Document Evidence (input_proposal.docx)	Coverage Status	Gap/Risk Notes
WAWF registration prerequisites	Must have designated electronic business POC in SAM and be registered in WAWF	States intent to use WAWF; mentions SAM maintenance and keeping E-Biz POC current	Partially Covered	Does not explicitly commit to WAWF registration steps/training; may be assumed but better to state account readiness.
Document type selection	For fixed-price services no shipment: Invoice 2-in-1 (or as CO specifies)	Commits to Invoice 2-in-1 “when applicable/when directed”; repeats services context	Covered	Good.
Routing Data Table values	Pay Official HQ0490; Issue By W91249; Admin W91249; Service Approver/Acceptor TBD; other fields blank	States Pay Official HQ0490; Issue By/Admin W91249; will coordinate to input Service Approver/Acceptor once designated	Covered	Does not mention other routing fields (Inspect By/Ship To/etc.)—likely N/A for services but could note “blank unless directed.”
Receiving report requirements	Receiving report must meet DFARS Appendix F requirements	Not mentioned	Gap	Medium: could affect acceptance workflow if separate receiving report is required or if 2-in-1 must meet receiving report content.
Payment request documentation sufficiency	Payment request must include documentation appropriate to type per payment/financing clause	States each payment request will include appropriate documentation and accurate CLIN/POP/amounts; will resolve rejects	Partially Covered	Could specify typical attachments (approved travel auths, receipts, SCR deliverable, COR acceptance) to prevent rejects.
WAWF training / practice site	Clause recommends training and practice site use	Not mentioned	Gap	Low: not mandatory wording (“should”), but helpful for credibility.
WAWF POC details	Contracting activity WAWF POC is TBD; helpdesk provided	Not mentioned	Gap	Low: informational.

Clause/Provision Compliance & Representation Coverage (Key Items in solicitation_text.docx)

Clause/Provision (Reference Criteria)	Type	What it Requires (high level)	Draft Document Evidence (input_proposal.docx)	Coverage Status	Gap/Risk Notes
FAR 52.212-1 Instructions to Offerors	Solicitation provision	Proposal formatting/submission instructions, addenda, etc.	General statement will comply with FAR/DFARS; no explicit acknowledgment of submission instructions	Gap	Medium: if 52.212-1 requires specific representations, technical volumes, or addenda responses not shown here.
FAR 52.212-4 / 52.212-5 (Deviation versions)	Contract clauses	Commercial terms; statutory EO requirements; flowdowns; audit access in 52.212-5(d)	States intent to comply with FAR 52.212-4 and -5 and applicable deviations/addenda; mentions subcontract flowdowns generally	Partially Covered	Does not address 52.212-5(d) record access/retention explicitly; no flowdown list/process.
DFARS 252.232-7006 WAWF Payment Instructions	Contract clause (full text)	Use WAWF, correct doc type and routing, documentation	Addressed in invoicing section with routing data	Covered	See receiving report gap above.
DFARS 252.204-7012 Safeguarding CDI and Cyber Incident Reporting	Contract clause	Implement required safeguarding; report cyber incidents; potentially NIST SP 800-171 alignment via 7012/800-171 ecosystem	Commits to comply; states will manage systems with appropriate controls; mentions CUI handling and authorized systems	Partially Covered	No mention of NIST SP 800-171, SPRS score, incident reporting timelines/process, media preservation, subcontractor flowdown—compliance risk.
DFARS 252.204-7008 Compliance with Safeguarding CDI Controls (provision)	Solicitation provision	Representation/assurance of implemented controls (ties to 7012/800-171)	Not mentioned	Gap	High: missing explicit representation/approach may be disqualifying depending on solicitation instructions.
DFARS 252.204-7024 Supplier Performance Risk System notice	Solicitation provision	Notice regarding SPRS use in evaluation/monitoring	Not mentioned	Gap	Low/Medium: informational but can affect evaluation narrative; address awareness.
DFARS 252.204-7017 / 7018 covered defense telecom prohibition + representation	Provision/Clause	Represent whether covered telecom will be provided; review excluded parties; avoid prohibited items/services	Proposal states will comply with prohibition and align selections with DFARS 252.204-7018; does not provide the 7017 checkbox-style representation	Partially Covered	Add explicit representation outcome (will/will not provide) consistent with SAM reps.
FAR 52.204-27 ByteDance covered application prohibition	Clause	Prohibits covered application use on govt info systems etc.	Explicitly acknowledges compliance	Covered	Could add internal enforcement mechanism (MDM, policy) for strength.
FAR 52.224-3 Privacy Training (and Alt I listed)	Clause	Ensure privacy training for personnel when applicable	Commits to ensure personnel complete required privacy training	Covered	Add tracking/records retention method if desired.
FAR 52.204-7 SAM Registration (provision) + 52.204-13 SAM Maintenance (clause)	Provision/Clause	Maintain SAM registration; keep info current	States will maintain active SAM registration and keep eBiz POC current	Covered	No gap.
FAR 52.204-9 Personal Identity Verification	Clause (addendum)	PIV, credentialing/access processes	Commits to support PIV and coordinate credentialing early; onboarding includes background checks/access prerequisites	Covered	Could specify typical artifacts (I-9/E-Verify if applicable, JPAS/DISS if needed) but not required.
FAR 52.219-9 Small Business Subcontracting Plan (checked in 52.212-5 list)	Clause	If other-than-small or as applicable: requires subcontracting plan, goals, reporting (eSRS)	Proposal mentions subcontract flowdowns generally; no subcontracting plan/goals/process	Gap	High: if clause is applicable/checked, absence of plan is a major compliance/evaluation deficiency.
FAR 52.219-14 Limitations on Subcontracting (checked)	Clause	Requires prime to perform required % of work for set-asides (services typically 50% of personnel costs)	Not addressed	Gap	High: must explain how prime will meet LOS, especially if using subs/instructors.
FAR 52.219-8 Utilization of Small Business Concerns (checked)	Clause	Encourage use of small businesses; flowdown when offering further subcontracting	Not addressed beyond generic flowdowns	Gap	Medium: typically addressed with supplier outreach approach.
FAR 52.222-50 Combating Trafficking in Persons (checked)	Clause	Compliance program elements; reporting; policy; training as required	Acknowledges compliance	Partially Covered	No description of policy, awareness training, reporting channel, recruitment fee prohibition—add for strength.
DFARS 252.204-7004 Antiterrorism Awareness Training	Clause	AT awareness training for contractor personnel	Not mentioned	Gap	Medium: training requirement often enforced at installation access.
FAR 52.203-19 internal confidentiality agreements prohibition; FAR 52.203-18 representation	Clause/Provision	No prohibited NDAs; represent compliance	Not mentioned	Gap	Medium: representation may be required in offer package.
FAR 52.203-11 Certification re lobbying	Provision	Certification/disclosure re payments to influence federal transactions	Not mentioned	Gap	Medium: required certification can be a responsiveness issue.
FAR 52.229-11 Tax on Certain Foreign Procurements—Notice/Representation	Provision	Represent foreign person status; W-14 if applicable	Not mentioned	Gap	Medium: representation may be required in offer package.
FAR 52.217-8 / 52.217-9 Options	Clauses	Government option rights; notice periods; extension limits	Acknowledges preparedness to continue under -8 and -9 at specified rates/periods	Covered	Good.
52.240-93 Basic Safeguarding of Covered Contractor Information Systems (addendum)	Clause (addendum)	Basic safeguarding requirements (separate from 7012)	Proposal mentions “basic safeguarding measures consistent with applicable contract requirements”	Partially Covered	No explicit acknowledgment of 52.240-93 by number; clarify applicability and implementation.

Key Gaps / Issues Register (Procurement Gap Analysis)

ID	Gap Area	Requirement Source (solicitation_text.docx)	What’s Missing in input_proposal.docx	Impact	Risk Level
G-01	Small Business Subcontracting Plan	FAR 52.219-9 (checked in 52.212-5 list) + addendum listing 52.219-9 (Alt II)	No subcontracting plan, goals, eSRS reporting approach, designated SBLO, make-or-buy, or good-faith effort narrative	May render offer noncompliant or score poorly; post-award compliance exposure	High
G-02	Limitations on Subcontracting (LOS) approach	FAR 52.219-14 (checked)	No explicit commitment that prime will perform required % of personnel costs; no staffing split prime vs subs	Eligibility/compliance risk for set-aside; potential termination/penalties	High
G-03	Cybersecurity compliance specifics (CUI/CDI)	DFARS 252.204-7012; DFARS 252.204-7008; addendum 52.240-93/52.240-91	No NIST 800-171 alignment statement, SSP/POA&M posture, SPRS score/process, incident reporting SOP, subcontractor flowdown confirmation	Material performance and compliance risk; could affect award responsibility	High
G-04	Representations/certifications not explicitly addressed in narrative	FAR 52.203-11, 52.203-18, FAR 52.229-11, DFARS 252.204-7017, etc.	No explicit statement that required reps/certs are completed in SAM/attachments; no crosswalk list	Administrative non-responsiveness risk depending on solicitation instructions	Medium
G-05	Antiterrorism Awareness Training	DFARS 252.204-7004	No commitment to complete AT awareness training prior to performance/access	Installation access delays; noncompliance finding	Medium
G-06	WAWF receiving report / Appendix F awareness	DFARS 252.232-7006(f)(5)	No statement ensuring Invoice 2-in-1 content meets receiving report requirements; no acceptance workflow description	Invoice rejects/payment delays; admin friction with COR	Medium
G-07	Service Performance Site identifiers	Performance site DoDAAC W58MUV (schedule section)	Not referenced; no plan to confirm site POC/address details	Coordination/acceptance friction; minor risk	Low/Medium
G-08	Detailed staffing qualifications mapping to PWS	CLIN 0001 references PWS; implied evaluation expectation	No resumes, quals, labor category mapping, hiring pipeline, substitution process	Technical evaluation weakness; performance risk perception	Medium

Overlap / Strong Alignment Highlights

Area	Matched Requirement (solicitation_text.docx)	Draft Document Strength (input_proposal.docx)	Why it Matters
CLIN structure and NTE acknowledgment	CLIN 0003/0004 NTE ceilings by year; travel/surge controls	Correctly cites base and option NTE amounts; emphasizes approvals and funding	Shows attentiveness to cost ceilings and authorization controls.
SCR timing and data elements	CLIN 0002 + FY timing + Oct 31 deadline	Restates requirement precisely; adds internal tracking approach	Reduces government admin burden; lowers compliance risk.
Non-personal services boundaries and COR/CO roles	Non-personal services statement; DFARS 252.201-7000 COR	Explains channels for direction and escalation; program manager as SPOC	Reduces personal services risk; improves governance credibility.
WAWF routing data awareness	DFARS 252.232-7006 routing table fields	Includes Pay Official/Issue By/Admin DoDAACs and TBD service approver/acceptor plan	Reduces invoicing errors and payment delays.
Options readiness	FAR 52.217-8 and 52.217-9	Explicit readiness to continue performance if exercised	Supports continuity and reduces transition risk.

Risk Assessment (Award + Post-Award Compliance)

Risk	Trigger / Cause	Likelihood	Impact	Overall Risk	Mitigation Recommendations
Offer deemed noncompliant due to missing subcontracting plan	52.219-9 checked/required but plan not provided	Medium	High	High	Add a complete Small Business Subcontracting Plan (incl. goals, SBLO, eSRS cadence, good-faith procedures, flowdowns) or explicitly justify non-applicability (if prime is small and clause not applicable per solicitation instructions).
Set-aside compliance failure (LOS)	No documented plan to meet 52.219-14 for services	Medium	High	High	Add LOS compliance statement and staffing/subcontract cost model proving prime will meet % personnel cost requirement; include controls to monitor LOS monthly.
Cybersecurity responsibility determination concerns	Lack of explicit 7012/7008/NIST/incident process details	Medium	High	High	Add CUI/CDI handling approach, NIST SP 800-171 implementation posture, SSP/POA&M governance (if applicable), incident reporting SOP aligned to 7012, and subcontractor flowdown/control verification.
Payment delays due to WAWF acceptance/receiving report issues	Invoice 2-in-1 may be rejected if not meeting Appendix F or if routing fields wrong	Medium	Medium	Medium	Add WAWF process steps, internal checklist, and coordination plan for Service Approver/Acceptor DoDAAC assignment; confirm receiving report data elements.
Mobilization delays due to training/access requirements	AT awareness training and PIV/access not fully enumerated	Medium	Medium	Medium	Add a compliance training matrix (AT, privacy, trafficking, cyber) with tracking method and pre-start completion commitment.

Recommendations to Enhance Alignment (No Timelines)

Recommendation	Targets Requirement(s) in solicitation_text.docx	What to Add/Change in input_proposal.docx	Expected Benefit
Insert a Requirements Compliance Matrix (RCM)	CLINs 0001–0004; WAWF clause; key FAR/DFARS clauses/provisions	A table mapping each requirement/paragraph to proposal section(s) and attachments; include status and notes	Improves evaluator traceability; reduces risk of overlooked compliance.
Provide (or explicitly address applicability of) a Small Business Subcontracting Plan	FAR 52.219-9 (and any alternate)	Plan with goals by socioeconomic category, SBLO designation, eSRS reporting method, make-or-buy, flowdown and monitoring	Addresses a high-risk compliance item; strengthens award eligibility.
Add Limitations on Subcontracting (LOS) compliance approach	FAR 52.219-14	Explicit LOS commitment + estimated personnel cost breakdown prime vs subs; monitoring and corrective actions	Reduces set-aside compliance risk; increases confidence in staffing model.
Strengthen cybersecurity section with DFARS 7012/7008 specifics	DFARS 252.204-7012; DFARS 252.204-7008; 52.240-93/52.240-91 as applicable	State NIST SP 800-171 alignment approach, CUI boundary, secure tooling, incident reporting steps, subcontractor flowdowns, and (if applicable) SPRS/NIST assessment posture	Reduces responsibility and performance risk; demonstrates maturity.
Add a WAWF ‘invoice-to-payment’ process and Appendix F acknowledgment	DFARS 252.232-7006(f)(5) and routing table	Checklist of required fields, typical attachments (travel approvals/receipts, acceptance documentation), handling of TBD Service Approver/Acceptor, internal QA before submission	Fewer invoice rejects and payment delays.
Add training/compliance tracking matrix for personnel	DFARS 252.204-7004; FAR 52.224-3; FAR 52.222-50; cyber handling training	List required trainings, when completed (pre-start), how tracked, and who is responsible	Reduces access delays and compliance findings.
Explicitly address key representations/certifications completion method	FAR 52.203-11; 52.203-18; FAR 52.229-11; DFARS 252.204-7017; 52.204-7/SAM	Statement that all reps/certs are current in SAM and any required solicitation attachments are included; include a reps/certs index	Reduces administrative non-responsiveness risk.
Add staffing qualifications/resume and substitution controls (if required by PWS/52.212-1 addenda)	CLIN 0001 per PWS; solicitation instructions in 52.212-1/addenda	Labor category mapping, minimum quals, resume snapshots, backfill/substitution process, surge pool quals	Improves technical rating and demonstrates readiness.

Riftur’s findings show this submission is strongest where the offer repeats concrete schedule and control requirements, including option-period continuity, NTE travel and surge constraints, non-personal services boundaries, and core WAWF routing data. The same analysis isolates higher-impact compliance gaps that are not solved by improving narrative style, such as the missing small business subcontracting plan elements, the absence of a limitations-on-subcontracting commitment tied to a staffing and personnel-cost split, and incomplete coverage of DFARS cybersecurity representations and NIST-aligned operating details. It also surfaces specific evaluability and payment risks, including no stated receiving report/Appendix F awareness for Invoice 2-in-1, limited description of supporting documentation that prevents WAWF rejects, and missing clause-related commitments like antiterrorism awareness training. These are leverage points because they directly affect responsiveness, set-aside eligibility, and the government’s ability to accept services and process invoices without rework. By pinpointing where representations are partial, where required attachments are absent, and where operational procedures are unspecified, the results clarify where risk is concentrated and where the submission is already aligned enough to withstand compliance scrutiny.