Beginner Track • Topic 16

FAR Part 8: Limiting Sources

When you order from GSA Federal Supply Schedules, you normally need to give multiple schedule holders a fair shot. FAR 8.405-6 tells you when and how you can limit that competition.

The Basics

Limiting Sources on Federal Supply Schedules

The three circumstances, what to document, and who needs to approve.

1 How This Is Different from Part 6

FAR Part 6 covers competition on the open market. FAR Part 8 covers ordering from existing Federal Supply Schedules. They are separate authorities with separate rules. When you place an order against a GSA schedule, you do not need a Part 6 J&A. You follow Part 8 procedures instead. Part 8.405-6 specifically addresses when you can limit the number of schedule contractors you solicit, or restrict an order to one source on a schedule.

Each FAR Part has its own lane for restricting competition, and each lane has its own name for the sole source document:

FAR Part 6: Justification and Approval (J&A). Non-commercial, open market procurements above the SAT.

FAR Part 8: Limited Sources Justification. Orders from Federal Supply Schedules (GSA).

FAR Part 12: Commercial Sole Source Justification. Commercial item buys using simplified procedures.

FAR Part 16: Exception to Fair Opportunity. Task and delivery orders off IDIQ and requirements contracts.

When someone says "limited sources justification," a sharp contracting officer hears "GSA schedule order."

2 Three Circumstances for Limiting Sources

FAR 8.405-6 allows you to limit sources in three situations:

1. An urgent and compelling need exists, and following the normal ordering procedures would result in unacceptable delays. This is the schedule equivalent of urgency. The need must be genuine and unforeseen, not just poor planning.

2. Only one source is capable of providing the supplies or services at the level of quality required because the supplies or services are unique or highly specialized. The key word here is "capable." If only one vendor on the schedule can actually meet your specific technical requirements, you can go directly to them.

3. The order is a logical follow-on to an order already issued under the schedule. If you have an existing order and it makes sense to continue with the same vendor for continuity, you can limit the follow-on. However, you need to justify why switching vendors would be disruptive or costly.

3 Documentation: Below vs. Above the SAT

The documentation burden depends on the dollar value of the order.

Orders above the micro-purchase threshold but at or below the SAT: The contracting officer documents the basis for limiting sources in the contract file. Include which of the three circumstances applies, what market research you conducted among schedule holders, and a determination that the order represents the best value. If using the logical follow-on basis, describe why the relationship between the original order and the follow-on is logical.

Orders above the SAT: You need a formal written justification that includes the eleven elements listed in FAR 8.405-6. These cover identification of the contracting activity, description of the requirement with estimated value, the basis for limiting sources with supporting rationale, a best value determination, market research results, and certifications.

Part 8 has a unique element the others do not: You must include a determination that the order represents the best value consistent with FAR 8.404(d). Parts 6, 12, and 16 require a fair and reasonable price determination. Part 8 goes further and requires you to affirmatively determine best value.

4 Approval Thresholds

FAR 8.405-6 sets the approval levels based on the estimated value of the order:

Above the SAT but not above $900,000: The ordering activity contracting officer's certification serves as approval, unless a higher level is established by agency procedures.

Above $900,000 but not above $20M: The advocate for competition of the ordering activity. This authority is not delegable.

Above $20M but not above $90M ($150M for DoD, NASA, Coast Guard): The head of the procuring activity, or a designee who is a general/flag officer or civilian serving above GS-15.

Above $90M ($150M for DoD, NASA, Coast Guard): The senior procurement executive. Not delegable, except for the Under Secretary of Defense for Acquisition and Sustainment.

Agencies may delegate the lower thresholds differently. Check your local policy for specific delegation guidance at your activity.

5 Posting Requirements

For orders exceeding the SAT, the contracting officer must post the justification within 14 days of placing the order. The justification goes on SAM.gov and the agency website for a minimum of 30 days. For urgent/compelling need orders, you can proceed with the order and post within 30 days after award instead.

Before posting, screen the justification for contractor proprietary data and remove it. If the justification appears to contain proprietary information, give the contractor a chance to review it before posting, but do not let that process delay the posting timeline.

6 What Goes Into an Over-the-SAT Justification

For orders valued above the SAT, FAR 8.405-6 requires a written justification that includes, at minimum, the following eleven elements:

(1) Identification of the agency and contracting activity, and specific identification of the document as a "Limited-Sources Justification."

(2) Nature and/or description of the action being approved.

(3) A description of the supplies or services required to meet the agency's needs, including the estimated value.

(4) The authority and supporting rationale, including a demonstration of the proposed contractor's unique qualifications or the nature of the acquisition that requires limiting sources.

(5) A determination by the ordering activity contracting officer that the order represents the best value consistent with FAR 8.404(d).

(6) A description of the market research conducted among schedule holders, or an explanation of why market research was not conducted.

(7) Any other facts supporting the justification.

(8) A statement of the actions, if any, the agency may take to remove or overcome any barriers that led to the restricted consideration before any subsequent acquisition for the supplies or services.

(9) The contracting officer's certification that the justification is accurate and complete to the best of the contracting officer's knowledge and belief.

(10) Evidence that any supporting data from technical or requirements personnel has been certified as complete and accurate by those personnel.

(11) A written determination by the approving official that one of the circumstances for limiting sources applies.

Element (4) is the heart of the document. Element (5) is what makes Part 8 different from the others: you must affirmatively determine best value, not just fair and reasonable pricing. Element (6) is where you show your work among the schedule holders specifically.

Brand-name orders on a schedule must also include the rationale for why the specific brand-name item is needed rather than a comparable item available from other schedule contractors. Brand-name specifications must not be used unless the particular brand, product, or feature is essential and market research shows other contractors' products cannot meet the need.

Check the LSJ Examples tab to see how this looks on paper, and how it falls apart when done wrong.

Interactive Tool

Limited Sources Justification Examples

Same scenario, two very different justifications. A base Communications Squadron needs to order a SIEM/SOAR cybersecurity platform through GSA MAS. The order is above the SAT, so the full 11-element justification under FAR 8.405-6 applies. Click highlighted sections for coaching notes. Blue borders = strong. Red borders = problems.

Limited-Sources Justification

FAR 8.405-6
Element (1): Agency and Contracting Activity
Agency: Department of the Air Force
Contracting Activity: 633 CONS/LGCB, Joint Base Langley-Eustis, VA 23665
Document Type: Limited-Sources Justification per FAR 8.405-6
PR Number: FD2026-LGCB-0087
Element (2): Nature/Description of Action
New delivery order under GSA MAS Contract GS-35F-0511T (CyberShield Inc.) for cybersecurity monitoring and automated incident response software. SIN 54151HACS (Highly Adaptive Cybersecurity Services).
Element (3): Description of Supplies/Services and Estimated Value
CyberShield Pro v3.1 Enterprise SIEM/SOAR platform: 75 analyst licenses, 12-month subscription (base year), including the Threat Intelligence Management module and automated playbook engine. For the 633d Communications Squadron Security Operations Center (SOC). The SOC provides 24/7 cybersecurity monitoring for Joint Base Langley-Eustis, serving 45 operational squadrons across two installations with approximately 12,000 networked endpoints.

Estimated value (base year): $315,000.00 ($4,200/license x 75 users).
Option Year 1: $315,000.00. Option Year 2: $315,000.00.
Total potential value including all option years: $945,000.00.
Element (4): Authority and Supporting Rationale
Authority: FAR 8.405-6(a)(2). Only one source is capable of providing the supplies or services required at the level of quality required because the supplies or services are unique or highly specialized.

Rationale: The 633d CS SOC operates a Palo Alto-native security stack: Cortex XDR v3.8 for endpoint detection (Contract FA4800-24-F-0092, period of performance through 30 Sep 2027) and Panorama v11.1 for firewall management across 47 perimeter devices (Contract FA4800-23-F-0147, period of performance through 30 Sep 2026).

CyberShield Pro is the only SIEM/SOAR platform on GSA MAS SIN 54151HACS that provides native bidirectional API integration with both Cortex XDR and Panorama through the unified Cortex Data Lake. This native integration enables automated playbook execution (threat detection to containment action) in under 1 second without middleware.

Alternative SIEM/SOAR platforms evaluated on GSA MAS:
- SolarWinds Security Event Manager (GS-35F-0674P): Does not offer SOAR automation or Cortex XDR integration. Confirmed via email from M. Torres, Federal Sales, 12 Feb 2026 (Exhibit C).
- Splunk Enterprise Security + SOAR (GS-35F-0822R): Requires custom REST API connector for Cortex XDR. J. Ramirez, Federal Sales Engineer, confirmed in writing (14 Feb 2026, Exhibit D) that a native Cortex XDR connector is not on the FY26 development roadmap.
- Datadog Cloud SIEM (GS-35F-0299U): Supports log ingestion from Cortex XDR but not bidirectional automated response. T. Okafor, DoD Programs, confirmed by phone (15 Feb 2026, 571-555-0183, memorialized in Exhibit E) that automated playbook integration with Palo Alto products is in beta, not production-ready.

Using a non-natively integrated platform would require custom middleware connectors at an estimated additional cost of $47,000/year (Exhibit F, cost estimate from 633 CS/SCOO), introduce 30-60 second latency per automated response action, and create an additional attack surface through the middleware layer.
Element (5): Best Value Determination
The GSA MAS price of $4,200/license for CyberShield Pro Enterprise is within the competitive range of comparable SIEM/SOAR platforms on the schedule: Splunk Enterprise Security at $4,500/user, Datadog Cloud SIEM at $3,900/user, and SolarWinds SEM at $3,200/user (pricing verified on GSA Advantage, 10 Feb 2026; see Exhibit G).

CyberShield Pro's native Cortex integration provides quantified advantages: (a) eliminates $47,000/year in custom middleware development and maintenance, (b) reduces automated incident response time from 30-60 seconds (middleware) to under 1 second (native API), and (c) avoids the additional cybersecurity risk of a middleware integration layer. These advantages directly support compliance with USCYBERCOM TASKORD 22-0187 (15-minute total incident containment).

I have determined that this order represents the best value to the Government consistent with FAR 8.404(d), based on equivalent pricing, $47,000 annual cost avoidance, and superior operational performance.
Element (6): Market Research Conducted
Searched GSA eBuy on 10 Feb 2026 for SIN 54151HACS (Highly Adaptive Cybersecurity Services). Identified 23 schedule holders offering cybersecurity monitoring platforms. Narrowed to 4 vendors with enterprise SIEM/SOAR capability based on published technical specifications. Contacted 3 alternative vendors directly to verify Cortex XDR/Panorama integration status (see Element 4 for details and exhibits). Additionally reviewed Gartner 2025 Magic Quadrant for SIEM (Exhibit H) which identifies native platform integration as a key differentiator for Palo Alto-environment deployments. See full Market Research Report dated 18 Feb 2026 (Exhibit B).
Element (7): Other Supporting Facts
USCYBERCOM TASKORD 22-0187 directs all DoD installations to achieve 15-minute total incident containment capability by 30 Sep 2026. The 633d CS SOC currently processes an average of 847 security events per day. Manual triage without SOAR automation would require approximately 6 additional full-time SOC analysts at an estimated $720,000/year in labor (Exhibit I, staffing analysis from 633 CS/CC). CyberShield Pro v3.1 is listed on the DoD Information Network (DoDIN) Approved Products List as of 15 Jan 2026 (APL entry #DoDIN-APL-2025-0847).
Element (8): Actions to Remove Barriers
The 633d CS will include "open API architecture supporting multi-vendor SOAR integration" as a weighted evaluation subfactor in the follow-on Cortex XDR endpoint protection recompete (scheduled FY28, per 633 CS Cyber Investment Roadmap dated Oct 2025). If the replacement endpoint platform supports open-standard APIs, the SIEM/SOAR requirement can be competed among multiple GSA schedule holders. Additionally, the 633d CS Cyber Operations Flight will document all custom playbook logic in vendor-agnostic pseudocode (target completion: Mar 2027) to reduce switching costs if a different SIEM/SOAR platform is selected in the future.
Elements (9), (10), (11): Certifications and Approval
Element (9) - Contracting Officer Certification: I certify that this Limited-Sources Justification is accurate and complete to the best of my knowledge and belief.
/s/ Capt Sarah M. Okonkwo, Contracting Officer, 633 CONS/LGCB, 20 Feb 2026

Element (10) - Technical/Requirements Personnel Certification: I certify that the supporting technical data and requirements described herein, including the Cortex XDR/Panorama integration dependency and the alternatives analysis, are accurate and complete.
/s/ TSgt David R. Nguyen, Cyber Operations Flight Chief, 633 CS/SCOO, 19 Feb 2026

Element (11) - Approving Official Determination: Based on the information provided, I determine that the circumstances described in FAR 8.405-6(a)(2) apply to this order. Only one source on the GSA MAS schedule is capable of providing SIEM/SOAR services with native Cortex XDR and Panorama integration at the level of quality required.
/s/ Capt Sarah M. Okonkwo, Contracting Officer, 633 CONS/LGCB, 20 Feb 2026
TRAINING EXAMPLE | NOT AN OFFICIAL GOVERNMENT DOCUMENT

FAR 8.405-6

Limiting Sources. The complete regulatory text for restricting competition on Federal Supply Schedule orders.

Read on acquisition.gov

FAR 8.405-1

Ordering Procedures for Supplies, and Services Not Requiring a Statement of Work. The baseline ordering procedures that 8.405-6 creates exceptions to.

Read on acquisition.gov

FAR 8.405-2

Ordering Procedures for Services Requiring a Statement of Work. Service ordering procedures and when limiting sources interacts with the SOW process.

Read on acquisition.gov

GSA eBuy

The online Request for Quote (RFQ) tool for GSA Schedule orders. Where you post schedule solicitations.

Visit GSA eBuy