Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF DECEMBER 23, 2017 FBO #5874
SOLICITATION NOTICE

D -- Agreement Tool Replacement Software and Implementation Services - Agreement Tool Requirements List - Statement of Work - Instructions to Offeror

Notice Date
12/21/2017
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
511210 — Software Publishers
 
Contracting Office
Department of Transportation, Office of the Secretary (OST) Administration Secretariate, Volpe National Transportation Systems Center, 55 Broadway, Kendall Square, Cambridge, Massachusetts, 02142-1093, United States
 
ZIP Code
02142-1093
 
Solicitation Number
6913G618R200005
 
Archive Date
12/21/2018
 
Point of Contact
Christine L. Guy, Phone: 6174943559, ,
 
E-Mail Address
christine.guy@dot.gov,
(christine.guy@dot.gov, /div)
 
Small Business Set-Aside
Total Small Business
 
Description
Instructions to Offeror Statement of Work Agreement Tool Requirements List This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Federal Acquisition Regulation (FAR) Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotations are being requested and a written solicitation will not be issued. Solicitation No. 6913G618R200005 is issued as a Request for Proposal (RFP). This solicitation is being conducted in accordance with the policies and procedures prescribed in FAR Part 12, Acquisition of Commercial Items and FAR Part 13.5, Simplified Procedures for Certain Commercial Items. The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-96, effective November 6, 2017. This procurement is being solicited under NAICS code 511210 small business size standard $38.5 million. This Combined Synopsis/Solicitation is being issued as 100% small business set-aside. The U.S. Department of Transportation, John A. Volpe National Transportation Systems Center (Volpe Center), Cambridge, MA, has a requirement for agreement tool replacement software and implementation services. The contractor is required to provide all requested services in accordance with the Statement of Work (SOW) and Agreement Tool Replacement Requirements attached to this notice. REQUIREMENTS/SPECIFICATIONS The Government intends to award a firm fixed price purchase order as a result of this Combined Synopsis/Solicitation. This notice is expected to result in a single award, subject to receipt of an acceptable proposal. The Offeror's proposal shall be prepared in accordance with the Instructions, Conditions, and Notice to Offerors attached. The Offeror's price quotation shall include a firm fixed price for each CLIN identified below and the total firm fixed price for CLINS 0100-0502. CLINs 0200 through 0502 are Optional CLINs that may be exercised at the sole discretion of the Government. CLIN 0100 Base Year - Agreement Tool Replacement Software and Implementation Services (Not separately priced) CLIN 0101 Base Year - Agreement Tool Replacement Software Subscription Services 12 Months X $_____________ /month = $_____________________ CLIN 0102 Base Year - Agreement Tool Replacement Software Consulting Services 440 Hours X $_____________ /hour = $_____________________ CLIN 0103 Base Year - Initial Set-Up Fees for Agreement Tool Replacement $_____________________ CLIN 0200 Option Year One - Agreement Tool Replacement Software and Implementation Services (Not separately priced) CLIN 0201 Option Year One - Agreement Tool Replacement Software Subscription Services 12 Months X $_____________ /month = $_____________________ CLIN 0202 Option Year One - Agreement Tool Replacement Software Consulting Services 10 Hours X $_____________ /hour = $_____________________ CLIN 0300 Option Year Two - Agreement Tool Replacement Software and Implementation Services (Not separately priced) CLIN 0301 Option Year Two - Agreement Tool Replacement Software Subscription Services 12 Months X $_____________ /month = $_____________________ CLIN 0302 Option Year Two - Agreement Tool Replacement Software Consulting Services 5 Hours X $_____________ /hour = $_____________________ CLIN 0400 Option Year Three - Agreement Tool Replacement Software and Implementation Services (Not separately priced) CLIN 0401 Option Year Three - Agreement Tool Replacement Software Subscription Services 12 Months X $_____________ /month = $_____________________ CLIN 0402 Option Year Three - Agreement Tool Replacement Software Consulting Services 5 Hours X $_____________ /hour = $_____________________ CLIN 0500 Option Year Four - Agreement Tool Replacement Software and Implementation Services (Not separately priced) CLIN 0501 Option Year Four - Agreement Tool Replacement Software Subscription Services 12 Months X $_____________ /month = $_____________________ CLIN 0502 Option Year Four - Agreement Tool Replacement Software Consulting Services 5 Hours X $_____________ /hour = $_____________________ TOTAL for CLINs 0100 through 0502: $______________________ NOTICE TO OFFERORS FAR 52.212-1, Instructions to Offerors-Commercial Items applies to this acquisition and is incorporated by reference. All Offerors must include a completed copy of the provision at FAR 52.212-3, Offeror Representations and Certification-Commercial Items (the complete provision is provided in an attachment to this notice). An Offeror shall complete only paragraph (b) of this provision if the Offeror has completed the annual representations and certifications electronically using the System for Award Management (SAM) accessible via http://www.Sam.gov. If the Offeror has not completed the annual representations and certifications electronically in SAM, the Offeror shall complete only paragraphs (c) through (o) of this provision. All Contractors must be registered in SAM in order to receive an award from a DOT Agency. The Government intends to award one (1) purchase order on a firm-fixed price basis as a result of this solicitation. This RFP is expected to result in a single purchase order award, subject to receipt of an acceptable proposal. FAR Clauses and Provisions 52.212-4, Contract Terms and Conditions-Commercial Items, 52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders-Commercial Items, 52.217-5 Evaluation of Options, 52.217-8 Option to Extend Services, 52.217-9 Option to Extend the Term of the Contract are hereby incorporated by reference. Additional provisions cited in 52.212-4 that apply are: 52.203-17 and 52.227-14. Additional clauses cited in 52.212-5 that apply to this acquisition are: 52.203-6, 52.204-10, 52.209-6, 52.209-9, 52.219-8, 52.219-28, 52.222-3, 52.222-19, 52.222-21, 52.222-26, 52.222-35, 52.222-36, 52.222-37, 52.222-40, 52.222-50, 52.222-54, 52.223-15, 52.223-18, 52.225-1, 52.225-13, and 52.232-33. TAM Clause 1252.223-73 is hereby incorporated by reference. The provisions and clauses cited in this notice can be viewed at: FAR http://www.acquisition.gov/far and TAR https://www.transportation.gov/assistant-secretary-administration/procurement/tar-part-1252-solicitatons-provisions-and-contract This combined synopsis/solicitation hereby incorporates all Federal Acquisition Regulation (FAR) provisions and clauses contained herein. The offer should be addressed to the following: U.S. Department of Transportation, Volpe National Transportation Systems Center, Attn: Christine Guy, V222, 55 Broadway, Cambridge, MA 02142. The signed offer must be submitted via e-mail to Christine.guy@dot.gov by closing date of January 19, 2018 at 4:00 p.m. ET. No telephone requests will be honored. The Government will not pay for any information received. It is anticipated that an award resulting from this combined synopsis/solicitation will be made on or about February 2, 2018. The following FAR provision is incorporated by full text: 52.203-98 - PROHIBITION ON CONTRACTING WITH ENTITIES THAT REQUIRE CERTAIN INTERNAL CONFIDENTIALITY AGREEMENTS- REPRESENTATION (FEB 2015) (DEVIATION 2015-02) (a) In accordance with section 743 of Division E, Title VII, of the Consolidated and Further Continuing Resolution Appropriations Act, 2015 (Pub. L. 113-235), Government agencies are not permitted to use funds appropriated (or otherwise made available) under that or any other Act for contracts with an entity that requires employees or subcontractors of such entity seeking to report fraud, waste, or abuse to sign internal confidentiality agreements or statements prohibiting or otherwise restricting such employees or subcontractors from lawfully reporting such waste, fraud, or abuse to a designated investigative or law enforcement representative of a Federal department or agency authorized to receive such information. (b) The prohibition in paragraph (a) of this provision does not contravene requirements applicable to Standard Form 312, Form 4414, or any other form issued by a Federal department or agency governing the nondisclosure of classified information. (c) Representation. By submission of its offer, the Offeror represents that it does not require employees or subcontractors of such entity seeking to report fraud, waste, or abuse to sign internal confidentiality agreements or statements prohibiting or otherwise restricting such employees or subcontractors from lawfully reporting such waste, fraud, or abuse to a designated investigative or law enforcement representative of a Federal department or agency authorized to receive such information. (End of provision) The following FAR provision is incorporated by full text: 52.203-99 - PROHIBITION ON CONTRACTING WITH ENTITIES THAT REQUIRE CERTAIN INTERNAL CONFIDENTIALITY AGREEMENTS (FEB 2015) (DEVIATION 2015-02) The Contractor shall not require employees or subcontractors seeking to report fraud, waste, or abuse to sign or comply with internal confidentiality agreements or statements prohibiting or otherwise restricting such employees or subcontractors from lawfully reporting such waste, fraud, or abuse to a designated investigative or law enforcement representative of a Federal department or agency authorized to receive such information. The contractor shall notify employees that the prohibitions and restrictions of any internal confidentiality agreements covered by this clause are no longer in effect. The prohibition in paragraph (a) of this clause does not contravene requirements applicable to Standard Form 312, Form 4414, or any other form issued by a Federal department or agency governing the nondisclosure of classified information. (1) In accordance with section 743 of Division E, Title VII, of the Consolidated and Further Continuing Resolution Appropriations Act, 2015 (Pub. L. 113-235), use of funds appropriated (or otherwise made available) under that or any other Act may be prohibited, if the Government determines that the Contractor is not in compliance with the provisions of this clause. (2) The Government may seek any available remedies in the event the contractor fails to comply with the provisions of this clause. (End of clause) 52.232-40 Providing Accelerated Payments to Small Business Subcontractors. Providing Accelerated Payments to Small Business Subcontractors (Dec 2013) (a) Upon receipt of accelerated payments from the Government, the Contractor shall make accelerated payments to its small business subcontractors under this contract, to the maximum extent practicable and prior to when such payment is otherwise required under the applicable contract or subcontract, after receipt of a proper invoice and all other required documentation from the small business subcontractor. (b) The acceleration of payments under this clause does not provide any new rights under the Prompt Payment Act. (c) Include the substance of this clause, including this paragraph (c), in all subcontracts with small business concerns, including subcontracts with small business concerns for the acquisition of commercial items. (End of clause) FEDERAL INFORMATION TECHNOLOGY SYSTEMS SECURITY REQUIREMENT (FedRAMP) FOR UNCLASSIFIED CLOUD CONTRACT (SEP 2016) 1. The Contractor shall be responsible for the following privacy and security safeguards. a) To the extent required to carry out the FedRAMP assessment and authorization process and FedRAMP continuous monitoring, to safeguard against threats and hazards to the security, integrity, and confidentiality of any non-public Government data collected and stored by the Contractor, the Contractor shall afford the Government access to the Contractor's facilities, installations, technical capabilities, operations, documentation, records and databases. b) If new or unanticipated threats or hazards are discovered by either the Government or the Contractor, or if existing safeguards have ceased to function, the discoverer shall immediately bring the situation to the attention of the other party. c) The contractor shall also comply with any additional FedRAMP privacy requirements. d) The Government has the right to perform manual or automated audits, scans, reviews, or other inspections of the vendor's IT environment being used to provide or facilitate services for the Government. e) The Contractor shall not publish or disclose in any manner, without the Contracting Officer's written consent, the details of any safeguards either designed or developed by the Contractor under this contract or otherwise provided by the Government. Exception - Disclosure Contractor under this contract or otherwise provided by the Government. Exception - Disclosure to a Consumer Agency for purposes of C&A verification. f) To the extent required to carry out a program of inspection to safeguard against threats and hazards to the security, integrity, and confidentiality of Government data, the Contractor shall afford the Government access to the Contractor's facilities, installations, technical capabilities, operations, documentation, records, and databases within 72 hours. The program of inspection shall include, but is not limited to: Authenticated and unauthenticated operating system/network vulnerability scans Authenticated and unauthenticated web application vulnerability scans Authenticated and unauthenticated database application vulnerability scans Automated scans can be performed by Government personnel, or agents acting on behalf of the Government, using Government operated equipment, and Government specified tools. g) If new or unanticipated threats or hazards are discovered by either the Government or the Contractor, or if existing safeguards have ceased to function, the discoverer shall immediately bring the situation to the attention of the other party. If the contractor chooses to run its own automated scans or audits, results from these scans may, at the Government's discretion, be accepted in lieu of Government performed vulnerability scans. In these cases, scanning tools and their configuration shall be approved by the Government. In addition, the results of contractor conducted scans shall be provided, in full, to the Government. 2. Sensitive Information Storage For Official Use Only (FOUO) information, data, and/or equipment will only be disclosed to authorize personnel on a Need-To-Know basis. The contractor shall ensure that appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of this information, data, and/or equipment is properly protected. When no longer required, this information, data, and/or equipment will be returned to Government control, destroyed, or held until otherwise directed. Destruction of items shall be accomplished by following NIST Special Publication 800-88, Guidelines for Media Sanitization. The disposition of all data will be at the written direction of the COR, this may include documents returned to Government control; destroyed; or held as specified until otherwise directed. 3. Protection of Information The Government will retain unrestricted rights to Government data. The ordering activity retains ownership of any user created/loaded data and applications hosted on vendor's infrastructure, as well as maintains the right to request full copies of these at any time. Government data loaded into or processed by the cloud services shall be protected against unauthorized access, disclosure or modification, theft, or destruction. The contractor shall ensure that the facilities that house the network infrastructure are physically secure. The data must be available to the Government upon request within one business day or within the timeframe specified otherwise, and shall not be used for any other purpose other than that specified herein. The contractor shall provide requested data at no additional cost to the Government. No data shall be released by the Contractor without the consent of the Government in writing. All requests for release must be submitted in writing to the COR/CO. 4. Security Classification The preparation of the deliverables in this contract will be completed at a Sensitive but Unclassified level. 5. Confidentiality and Nondisclosure The preliminary and final deliverables and all associated working papers and other material deemed relevant by the agency that have been generated by the contractor in the performance of this contract, are the property of the U.S. Government and must be submitted to the COR at the conclusion of the contract. The U.S. Government has unlimited data rights to all deliverables and associated working papers and materials in accordance with FAR 52.227-14. All documents produced for this project are the property of the U.S. Government and cannot be reproduced, or retained by the contractor. All appropriate project documentation will be given to the agency during and at the end of this contract. The contractor shall not release any information without the written consent of the Contracting Officer. Personnel working on any of the described tasks may, at Government request, be required to sign formal non-disclosure and/or conflict of interest agreements to guarantee the protection and integrity of Government information and documents. 6. Disclosure of Information Any information made available to the Contractor by the Government shall be used only for the purpose of carrying out the provisions of this contract and shall not be divulged or made known in any manner to any persons except as may be necessary in the performance of the contract. In performance of this contract, the Contractor assumes responsibility for protection of the confidentiality of Government records and shall ensure that all work performed by its subcontractors shall be under the supervision of-the Contractor or the Contractor's responsible employees. Each officer or employee of the Contractor or any of its subcontractors to whom any Government record may be made available or disclosed shall be notified in writing by the Contractor that information disclosed to such officer or employee can be used only for that purpose and to the extent authorized herein. Further disclosure of any such information, by any means, for a purpose or to an extent unauthorized herein, may subject the offender to criminal sanctions imposed by 18 U.S.C. §§ 1030. 7. Security Requirements Section The minimum requirements for low, moderate and high impact level cloud systems are contained within the FedRAMP Cloud Computing Security Requirements Baseline. The contractor and Federal Government Agency share responsibility to ensure compliance with security requirements. The implementation of a new Federal Government cloud system requires a formal process, known as Assessment and Authorization, which provides guidelines for performing the assessment. FedRAMP requires cloud service providers to utilize a Third-Party Assessment Organization (3PAO) to perform an assessment of the cloud service provider's security controls to determine the extent to which security controls are implemented correctly, operate as intended, and produce the desired outcome with respect to meeting security requirements. The FedRAMP PMO security staff will be available for consultation during the process. Both the FedRAMP PMO staff and Joint Authorization Board (JAB) will review the results before issuing a Provisional Authorization decision. The Government reserves the right to verify the infrastructure and security test results before issuing an Authorization decision. DOT will be able to leverage the provisional Authorization granted by FedRAMP, and agency­ issued FedRAMP authorizations, and any documentation prepared by the contractor to issue their own authority to operate in accordance with DOT Security Authorization & Continuous Monitoring Performance Guide. The contractor is advised to review the FedRAMP guidance documents (see References below) to determine the level of effort that will be necessary to complete the requirements. All FedRAMP documents and templates are available at http://FedRAMP.gov. 8. FedRAMP Security Compliance Requirements: The contractor shall implement the controls contained within the FedRAMP Cloud Computing Security Requirements Baseline and FedRAMP Continuous Monitoring Requirements for low, moderate, and high impact level systems (as defined in FIPS 199). These documents define requirements for compliance to meet minimum Federal information security and privacy requirements for both low and moderate impact systems. The FedRAMP baseline controls are based on NIST Special Publication 800-53, Revision 4. The contractor shall generally, substantially, and in good faith follow FedRAMP guidelines and Security guidance. In situations where there are no procedural guides, the contractor shall use generally accepted industry best practices for IT security. 9. Required FedRAMP Policies and Regulations: OMB Memo Security Authorization of Information Systems in Cloud Computing Environments 10. Assessment and Authorization: The Agency may choose to cancel the (Contract/award) and terminate any outstanding orders if the contractor has its provisional authorization revoked and the deficiencies are greater than agency risk tolerance thresholds. 11. Assessment of the System: The contractor shall comply with FedRAMP requirements as mandated by Federal laws and policies, including making available any documentation, physical access, and logical access needed to support this requirement. The Level of Effort for the A&A is based on the System's NIST Federal Information Processing Standard (FIPS) Publication 199 categorization. The contractor shall create, maintain and update the documentation using FedRAMP requirements and templates, which are available at http://FedRAMP.gov. Information systems must be assessed by an accredited 3PAO whenever there is a significant change to the system's security posture in accordance with the FedRAMP Continuous Monitoring Plan. The Government reserves the right to perform Penetration Testing. If the Government exercises this right, the contractor shall allow Government employees (or designated third parties) to conduct Security Assessment activities to include control reviews in accordance with FedRAMP requirements. Review activities include but are not limited to scanning operating systems, web applications, wireless scanning; network device scanning to include routers, switches, and firewall, and IDS/IPS; databases and other applicable systems, including general support structure, that support the processing, transportation, storage, or security of Government information for vulnerabilities. Identified gaps between required FedRAMP Security Control Baselines and Continuous Monitoring controls and the contractor's implementation as documented in the Security Assessment Report shall be tracked by the contractor for mitigation in a Plan of Action and Milestones (POA&M) document. Depending on the severity of the gaps, the Government may require POA&Ms to be remediated before a provisional or agency authorization is issued. The contractor is responsible for mitigating all security risks found during Authorization &Assessment and continuous monitoring activities. All high-risk vulnerabilities must be mitigated within 30 days and all moderate risk vulnerabilities must be mitigated within 90 days from the date vulnerabilities are formally identified. The Government will determine the risk rating of vulnerabilities. 12. Authorization of System: The contractor shall provide access to the Federal Government, or their designee acting as their agent, when requested, in order to verify compliance with the requirements for an Information Technology security program. The Government reserves the right to conduct onsite inspections. The contractor shall make appropriate personnel available for interviews and provide all necessary documentation during this review. 13. Reporting and Continuous Monitoring: Maintenance of the FedRAMP Provisional or DOT-issued Authorizations will be through continuous monitoring and periodic audit of the operational controls within a contractor's system, environment, and processes to determine if the security controls in the information system continue to be effective over time in light of changes that occur in the system and environment. Through continuous monitoring, security controls and supporting deliverables are updated and submitted to the FedRAMP PMO as required by FedRAMP Requirements. The submitted deliverables (or lack thereof) provide a current understanding of the security state and risk posture of the information systems. The deliverables allow the FedRAMP JAB and/or DOT to make credible risk-based decisions regarding the continued operations of the information systems and initiate appropriate responses as needed when changes occur. Contractors will be required to provide updated deliverables and automated data feeds as defined in the FedRAMP Continuous Monitoring Plan. 14. Audit, Inspection, and Access The contractor shall respond to Government requests for docun1entation and/or access to the contractors facilities for any lawful Government purpose to include oversight, audit, and inspection within a reasonable period of notification from the Government not less than two (2) business days unless otherwise negotiated as specific terms within the governing contract. The contractor shall provide access and documentation without requirement for separate or additional non-disclosure. The Government commits to the contractor that information provided by the contractor shall be retained no longer than required by law or applicable Department/Agency policy, shall be appropriately protected while within the Government's possession, and shall be destroyed in accordance with Federal requirements for the destruction of sensitive information and media when no longer required. 15. Additional Stipulations: The FedRAMP deliverables shall be labeled "FOR OFFICIAL USE ONLY" (FOUO) or other label as determined by the Government per document sensitivity. External transmission/dissemination of deliverables labeled FOUO or similar marking or from a Government computer must be encrypted. Certified encryption modules must be used in accordance with FIPS PUB 140-2, "Security requirements for Cryptographic Modules." As prescribed in the Federal Acquisition Regulation (FAR) Part 24.104, if the system involves the design, development, or operation of a system of records on individuals, the contractor shall implement requirements in FAR clause 52.224-1, "Privacy Act Notification" and FAR clause 52.224-2, "Privacy Act." The contractor shall cooperate in good faith in defining non-disclosure agreements that other third parties must sign when acting as the Federal Government's agent.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/notices/0c48f0460a7d0ae04c295b20a479e550)
 
Place of Performance
Address: Contractor's site and at the U.S. Department of Transportation Volpe National Transportation Systems Center, 55 Broadway Cambridge, MA 02142, United States
Zip Code: 02142
 
Record
SN04773366-W 20171223/171221231042-0c48f0460a7d0ae04c295b20a479e550 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.