Beginner Track • Topic 16

FAR Part 8: Sole Source on FSS Orders

When you order from GSA Federal Supply Schedules, you normally give multiple schedule holders a fair shot. The post-RFO GSAM 538.7104-3 tells you when and how you can go to a single source instead, and what the file has to show to support that call.

The Basics

Sole Source on Federal Supply Schedules

The five statutory exceptions, what the file actually has to show, and where the post-RFO controlling text lives.

Training note. This page is a practical explainer. It is not file authority. The controlling text is the current GSAM 538.7104-3 on acquisition.gov. The Revolutionary FAR Overhaul (RFO) moved this material from FAR 8.405-6 into GSAM Subpart 538.71, and the GSAM text has been materially streamlined from the old FAR. Before signing a justification, verify the current GSAM text, any active class deviations, your agency or component supplement, and your local delegation matrix.

1 Where this lives now (post-RFO)

Under the RFO, the FSS ordering procedures that used to sit in FAR Subpart 8.4 were moved into GSAM Subpart 538.71. The old "limited-sources justification" lane now lives at GSAM 538.7104-3 and is called a sole source justification. The concept is the same: when you place an order against an FSS contract and you are not competing among schedule holders, you owe the file a written justification that supports the call.

The GSAM is significantly leaner than the old FAR text. Most notably: the old eleven-element verbatim list and the FAR-driven dollar-threshold approval ladder are not in GSAM 538.7104-3. The content standard is now "in writing and include sufficient detail and supporting rationale to support the exception used." Approval levels are set by agency or local policy. What hasn't changed: you still need a defensible file, the justification still has to be posted publicly, and a thin justification is still a problem.

Each FAR Part has its own lane for restricting competition. The lanes survived the RFO; some of the names and citations moved:

FAR Part 6: Justification and Approval (J&A). Non-commercial, open market procurements above the SAT.

FAR Part 8 (now GSAM 538.7104-3): Sole source justification on Federal Supply Schedule orders.

FAR Part 12: Commercial sole source path. Commercial item buys using simplified procedures.

FAR Part 16: Exception to Fair Opportunity. Task and delivery orders off IDIQ and requirements contracts.

When someone says "sole source on a schedule," a sharp CO hears "GSAM 538.7104-3, not FAR Part 6."

2 Above MPT, at or below the SAT

This is the lighter of the two tiers. GSAM 538.7103-2(c) routes a sole source action in this range to GSAM 538.7104-3(a), which says the ordering activity CO must determine in writing that the circumstances of the acquisition deem only one source reasonably capable of providing the products, services, or solutions. The GSAM gives examples: urgency, exclusive licensing agreements, and items particular to one manufacturer (brand name).

There is no formal statutory-exception list at this tier. The file standard is the CO's written determination plus the underlying facts that support it. Document who you considered, what made them not capable, why the one source you picked is capable, and how price reasonableness is established. The shorter the dollar figure, the shorter the file can be, but it still needs to be defensible if a reviewer pulls it.

3 Above the SAT — the five statutory exceptions

Above the SAT, GSAM 538.7104-3(b)(1) lists five statutory exceptions. You have to cite which one applies and support it in the file.

(i) Unusual urgency. The need is of such unusual urgency that following the normal procedures would result in unacceptable delays in fulfilling that need. Genuine and unforeseen, not poor planning.

(ii) Only one source capable. Only one source is capable of providing the products, services, or solution required at the level of quality required because the offering is unique or highly specialized. The key word is "capable." If only one schedule holder can actually meet the specific technical requirements, this is your exception.

(iii) Logical follow-on to a competitively issued FSS order. The order should be issued on a sole source basis in the interest of economy and efficiency because it is a logical follow-on to an FSS order already issued on a competitive basis. Note the qualifier: the prior FSS order has to have been competed. A sole source follow-on to a sole source order does not stack.

(iv) FSS BPA minimum guarantee. It is necessary to place the order with a particular FSS contractor to satisfy a minimum guarantee established in the FSS BPA. Narrow, but it exists in the GSAM.

(v) Law expressly authorizes or requires the specified source. A statute names the source or directs that the purchase be made from a specified source. Rare, and when it shows up it usually shows up clearly.

4 The content standard: sufficient detail and supporting rationale

The current GSAM does not enumerate elements. GSAM 538.7104-3(b)(2) says, in full: justifications must be in writing and include sufficient detail and supporting rationale to support the exception used. That is the entire content rule.

What "sufficient detail and supporting rationale" looks like in practice for an above-SAT sole source file is not a regulatory checklist. It is a defensibility question. A thorough above-SAT file generally still ends up covering:

  • Who the agency and ordering activity are, and that this document is a sole source justification under GSAM 538.7104-3
  • What the action is (new order, FSS BPA, modification) and against which FSS contract
  • What you are buying, with enough specificity that a reviewer can understand it, plus the estimated value
  • Which of the five statutory exceptions applies, and the rationale that supports it with verifiable facts and references
  • What market research you did among FSS contractors, and what it showed
  • How you established price reasonableness
  • Signatures: CO, technical or requirements personnel certifying the technical claims, and the approving official whose level is set by agency or local policy

None of those are GSAM-mandated line items the way the old FAR's eleven elements were. They are the working parts of a file that holds up under review. Build the file to the underlying logic, not to a checklist.

Brand name on a schedule. Items peculiar to one manufacturer (including any brand-name item) get an additional test under GSAM 538.7104-4. The particular brand, product, or feature must be essential to the requirement, and market research must show that other contractors' similar products do not meet, or cannot be modified to meet, the need. If the brand-name order is competed among schedule holders, document the basis for restricting consideration to the brand-name item. If it is sole source, execute the GSAM 538.7104-3 justification on top of the brand-name file work.

5 Approval level

The current GSAM 538.7104-3 does not contain dollar-threshold approval levels. The old FAR 8.405-6 ladder ($900K, $20M, $90M / $150M for DoD/NASA/Coast Guard) is not in the controlling GSAM text.

Approval authority for a sole source justification is now whatever your agency or component supplement and your local delegation matrix say it is. For DAF activities that may run through DAFFARS, MAJCOM supplements, and the local SCO or Senior Contracting Official delegation. For other components it runs through their agency supplements. Pull the actual delegation document and have the right approver named in the file before you ask anyone to sign.

Don't quote dollar thresholds from old training material. The old FAR 8.405-6 thresholds get passed around in slides and write-ups from before the RFO and they are no longer in the controlling text. Cite your local delegation, not a number you saw in a deck.

6 Publication

For above-SAT sole source justifications, GSAM 538.7104-3(b)(3) requires the justification to be made publicly available within 14 days after award. Urgency-based justifications under 538.7104-3(b)(1)(i) have 30 days. Posting goes on the Government-wide Point of Entry (currently SAM.gov) or the ordering activity website, and the minimum posting period is 30 days.

Before posting, screen the justification. The GSAM requires you to identify and remove contractor proprietary data, and to evaluate whether the justification or portions of it are exempt from disclosure under the Freedom of Information Act or FAR Part 24. Where publication would compromise national security or otherwise involves extraordinary circumstances, the GSAM provides an exception.

Check the Sole Source Examples tab to see what a defensible above-SAT file looks like, and how it falls apart when the rationale is thin.

Interactive Tool

Sole Source Justification Examples

Same scenario, two very different justifications. A base Communications Squadron needs to order a SIEM/SOAR cybersecurity platform through GSA MAS. The order is above the SAT, so a written sole source justification under GSAM 538.7104-3(b) applies. The GSAM content standard is "sufficient detail and supporting rationale to support the exception used" — the good example shows what that looks like in a thorough file; the bad example shows what falls apart. Click highlighted sections for coaching notes. Blue borders = strong. Red borders = problems.

Sole Source Justification

GSAM 538.7104-3(b)
Agency and Contracting Activity
Agency: Department of the Air Force
Contracting Activity: 633 CONS/LGCB, Joint Base Langley-Eustis, VA 23665
Document Type: Sole Source Justification per GSAM 538.7104-3(b)
PR Number: FD2026-LGCB-0087
Nature of Action
New delivery order under GSA MAS Contract GS-35F-0511T (CyberShield Inc.) for cybersecurity monitoring and automated incident response software. SIN 54151HACS (Highly Adaptive Cybersecurity Services).
Description and Estimated Value
CyberShield Pro v3.1 Enterprise SIEM/SOAR platform: 75 analyst licenses, 12-month subscription (base year), including the Threat Intelligence Management module and automated playbook engine. For the 633d Communications Squadron Security Operations Center (SOC). The SOC provides 24/7 cybersecurity monitoring for Joint Base Langley-Eustis, serving 45 operational squadrons across two installations with approximately 12,000 networked endpoints.

Estimated value (base year): $315,000.00 ($4,200/license x 75 users).
Option Year 1: $315,000.00. Option Year 2: $315,000.00.
Total potential value including all option years: $945,000.00.
Statutory Exception and Supporting Rationale
Exception: GSAM 538.7104-3(b)(1)(ii). Only one source is capable of providing the products, services, or solution required at the level of quality required because the offering is unique or highly specialized.

Rationale: The 633d CS SOC operates a Palo Alto-native security stack: Cortex XDR v3.8 for endpoint detection (Contract FA4800-24-F-0092, period of performance through 30 Sep 2027) and Panorama v11.1 for firewall management across 47 perimeter devices (Contract FA4800-23-F-0147, period of performance through 30 Sep 2026).

CyberShield Pro is the only SIEM/SOAR platform on GSA MAS SIN 54151HACS that provides native bidirectional API integration with both Cortex XDR and Panorama through the unified Cortex Data Lake. This native integration enables automated playbook execution (threat detection to containment action) in under 1 second without middleware.

Alternative SIEM/SOAR platforms evaluated on GSA MAS:
- SolarWinds Security Event Manager (GS-35F-0674P): Does not offer SOAR automation or Cortex XDR integration. Confirmed via email from M. Torres, Federal Sales, 12 Feb 2026 (Exhibit C).
- Splunk Enterprise Security + SOAR (GS-35F-0822R): Requires custom REST API connector for Cortex XDR. J. Ramirez, Federal Sales Engineer, confirmed in writing (14 Feb 2026, Exhibit D) that a native Cortex XDR connector is not on the FY26 development roadmap.
- Datadog Cloud SIEM (GS-35F-0299U): Supports log ingestion from Cortex XDR but not bidirectional automated response. T. Okafor, DoD Programs, confirmed by phone (15 Feb 2026, 571-555-0183, memorialized in Exhibit E) that automated playbook integration with Palo Alto products is in beta, not production-ready.

Using a non-natively integrated platform would require custom middleware connectors at an estimated additional cost of $47,000/year (Exhibit F, cost estimate from 633 CS/SCOO), introduce 30-60 second latency per automated response action, and create an additional attack surface through the middleware layer.
Price Reasonableness and Best Value
The GSA MAS price of $4,200/license for CyberShield Pro Enterprise is within the competitive range of comparable SIEM/SOAR platforms on the schedule: Splunk Enterprise Security at $4,500/user, Datadog Cloud SIEM at $3,900/user, and SolarWinds SEM at $3,200/user (pricing verified on GSA Advantage, 10 Feb 2026; see Exhibit G).

CyberShield Pro's native Cortex integration provides quantified advantages: (a) eliminates $47,000/year in custom middleware development and maintenance, (b) reduces automated incident response time from 30-60 seconds (middleware) to under 1 second (native API), and (c) avoids the additional cybersecurity risk of a middleware integration layer. These advantages directly support compliance with USCYBERCOM TASKORD 22-0187 (15-minute total incident containment).

I have determined that this order represents best value to the Government per GSAM 538.7102-2(b)(4), based on equivalent pricing, $47,000 annual cost avoidance, and superior operational performance.
Market Research Among Schedule Holders
Searched GSA eBuy on 10 Feb 2026 for SIN 54151HACS (Highly Adaptive Cybersecurity Services). Identified 23 schedule holders offering cybersecurity monitoring platforms. Narrowed to 4 vendors with enterprise SIEM/SOAR capability based on published technical specifications. Contacted 3 alternative vendors directly to verify Cortex XDR/Panorama integration status (see Statutory Exception and Supporting Rationale section for details and exhibits). Additionally reviewed Gartner 2025 Magic Quadrant for SIEM (Exhibit H) which identifies native platform integration as a key differentiator for Palo Alto-environment deployments. See full Market Research Report dated 18 Feb 2026 (Exhibit B).
Mission Context and Supporting Facts
USCYBERCOM TASKORD 22-0187 directs all DoD installations to achieve 15-minute total incident containment capability by 30 Sep 2026. The 633d CS SOC currently processes an average of 847 security events per day. Manual triage without SOAR automation would require approximately 6 additional full-time SOC analysts at an estimated $720,000/year in labor (Exhibit I, staffing analysis from 633 CS/CC). CyberShield Pro v3.1 is listed on the DoD Information Network (DoDIN) Approved Products List as of 15 Jan 2026 (APL entry #DoDIN-APL-2025-0847).
Actions to Enable Competition Next Time
The 633d CS will include "open API architecture supporting multi-vendor SOAR integration" as a weighted evaluation subfactor in the follow-on Cortex XDR endpoint protection recompete (scheduled FY28, per 633 CS Cyber Investment Roadmap dated Oct 2025). If the replacement endpoint platform supports open-standard APIs, the SIEM/SOAR requirement can be competed among multiple GSA schedule holders. Additionally, the 633d CS Cyber Operations Flight will document all custom playbook logic in vendor-agnostic pseudocode (target completion: Mar 2027) to reduce switching costs if a different SIEM/SOAR platform is selected in the future.
Certifications and Approval
Contracting Officer Certification: I certify that this Sole Source Justification is accurate and complete to the best of my knowledge and belief.
/s/ Capt Sarah M. Okonkwo, Contracting Officer, 633 CONS/LGCB, 20 Feb 2026

Technical/Requirements Personnel Certification: I certify that the supporting technical data and requirements described herein, including the Cortex XDR/Panorama integration dependency and the alternatives analysis, are accurate and complete.
/s/ TSgt David R. Nguyen, Cyber Operations Flight Chief, 633 CS/SCOO, 19 Feb 2026

Approving Official Determination: Based on the information provided, I determine that the circumstances described in GSAM 538.7104-3(b)(1)(ii) apply to this order. Only one source on the GSA MAS schedule is capable of providing SIEM/SOAR services with native Cortex XDR and Panorama integration at the level of quality required. Approval authority verified against the 633 CONS local delegation matrix dated 02 Jan 2026.
/s/ Capt Sarah M. Okonkwo, Contracting Officer, 633 CONS/LGCB, 20 Feb 2026
TRAINING EXAMPLE | NOT AN OFFICIAL GOVERNMENT DOCUMENT

GSAM 538.7104-3 — Sole Source Justifications

The controlling current text. Five statutory exceptions for above-SAT, written-determination standard for above-MPT/below-SAT, publication rules, and screening requirements. This is where the file authority actually lives now.

Open GSAM 538.71

GSAM 538.71 — Full FSS Ordering Procedures

The full subpart that replaced FAR 8.4 under the RFO. Includes the MPT, above-MPT/below-SAT, and above-SAT ordering procedures, plus BPAs, OLMs, brand-name rules, and disputes.

Open GSAM 538.71

RFO Part 8 Deviation Guide

The official deviation guide explaining what changed in FAR Part 8 under the Revolutionary FAR Overhaul and where the procedures moved. Cross-reference this before citing pre-RFO FAR Part 8 sections.

Open Part 8 Deviation Guide

GSA eBuy

The online Request for Quote (RFQ) tool for GSA Schedule orders. Where you post schedule solicitations.

Visit GSA eBuy