PRESOL | 70 | computer equipment | 04-Mar-11

FBO DAILY ISSUE OF MARCH 04, 2011 FBO #3387
SOLICITATION NOTICE

70 -- computer equipment

Notice Date: 3/2/2011
Notice Type: Combined Synopsis/Solicitation
NAICS: 334111 — Electronic Computer Manufacturing
Contracting Office: Department of Health and Human Services, National Institutes of Health, Clinical Center/Office of Purchasing & Contracts, 6707 Democracy Blvd, Suite 106, MSC 5480, Bethesda, Maryland, 20892-5480
ZIP Code: 20892-5480
Solicitation Number: 11-001834
Point of Contact: Lynda Johnson, Phone: 301-496-2342
E-Mail Address: lynda_johnson@nih.gov
(lynda_johnson@nih.gov)
Small Business Set-Aside: N/A
Description: Please email all quotes to ljohnson@cc.nih.gov Background The mission of the National Institutes of Health (NIH) is to uncover new knowledge that will lead to better health for everyone. The NIH accomplishes that mission by conducting research in its own laboratories; supporting the research of non-Federal scientists in universities, medical schools, hospitals, and research institutions throughout the country and abroad; helping in the training of research investigators; and fostering communication of biomedical information. The NIH Clinical Center (CC) is a 234-bed federally funded, biomedical research hospital located on the NIH campus in Bethesda, Maryland. The Clinical Center is the delivery setting for all NIH intramural clinical research protocols. The hospital complex consists of two main facilities that are connected to each other by "bridges". The original 14-story building is 2.5 million square feet and continues to house the clinical laboratories, imaging sciences, surgical suites, and several outpatient clinics. The new 870,000 square foot facility houses inpatient units and day hospitals. The Clinical Center accounts for about half of all NIH-funded clinical research beds in the United States and accommodates about 7,000 inpatient and 70,000 outpatient visits a year. Patients are admitted to the NIH Clinical Center from all over the world for the sole purpose of participating in a clinical research protocol. The Department of Clinical Research Informatics (DCRI) is responsible for the operation and management IT infrastructure that supports patient care and research. The infrastructure includes networking equipment, servers, Storage Area Networks (SANS), Virtual Tape Library, desktops, laptops, workstations on wheels (WOW), Sunray terminals, Commercial off the Shelf (COTS) applications, custom applications, and other supporting technology systems. The (COTS) both Clinical and administrative as well as custom applications are hosted on a variety of Windows and UNIX based server technologies located in the Clinical Center Data Center (CCDC). Purpose This request is for the purchase of the servers below for the CCDC. These servers are life cycle replacements for the servers supporting the Eclipsys Sunrise Clinical Manager Training servers. Scope The vendor will provide a proposal for items listed below Qty Description Part Number SCM55-TrainingCON2011 Server 1 HP DL380 G7 E5620 6GB BASE 589152-001 Includes: HP E5620 DL380 G7 PROC KIT 12GB RAM (3 x 4GB DIMMs) P40i Controller 1 HP E5620 DL380 G7 PROC KIT 587476-B21 1 HP 512MB P-SERIES BBWC UPGRADE 462967-B21 1 HP SLIM DVR SATA OPTICAL KIT 481043-B21 1 HP 460W HE 12V HOTPLUG AC PWR SUPPLY 503296-B21 3 HP 4GB 2RX4 PC3-10600R-9 KIT 500658-B21 6 HP 160GB 3GB SATA 7.2K 2.5IN 530888-B21 1 HP ILO ADV 1 SRV TSU SW 512485-B21 1 HPE 3YR 24X7X4 DL380 U4545E Qty Description Part Number SCM55-TrainingMaster2011 Server 1 HP PROLIANT DL380 G7 SVR 583917-B21 1 HP E5506 QC PROC KIT 587495-L21 1 HP E5506 QC PROC KIT 587495-B21 12 HP 2GB 2RX8 PC3-10600E-9 500670-B21 4 HP SATA 1TB 7.2K HDD 454146-B21 2 HP 160GB 7.2K PLUG SATA ETY 458945-B21 1 HP 512MB P-SERIES BBWC UPGRADE 462967-B21 2 HP 6' 1.83M 10A C13-UL US P AF556A 2 HP 460W HE 12V HOTPLG AC PR 503295-B21 1 HP PROLIANT FOUNDATION PACK 534516-B21 1 HP INSIGHT CTL ML/DL BDL E- TC278AAE 1 HPE 3Y 24X7X4 ONSITE DL380 U4545E Servers must arrive pre-configured with all the hardware components installed Mandatory Requirements Servers shall be capable of monitoring and management using the existing HP Systems Insight Manager utility. This is necessary to provide pre-failure warranty support for CPUs, memory and disks drives. Servers shall be architecturally compatible and interoperable with the HP ProLiant DL380 class of systems to ensure that Microsoft Active -Active or Active-Passive clustering can be maintained. Servers shall share common power supplies with the ability to choose the appropriate sized power supply depending on specific server configurations. Servers shall provide the capability to support up to 4 administrators to view and share control of a single virtual KVM session. The system must provide the ability to record a server KVM session on demand, and automatically record a system boot or failure. Servers shall include an external display that indicates system status, without the need to load server agents and without the need to read a "code book" to determine system faults. Servers shall meet the EPA's new Gold Energy Star rating in the Climate Savers Computing Initiative, and an ECOS Consulting 80PLUS Gold rating. Additionally, systems must have the ability to monitor and cap overall server power utilization. Section 508 Section 508 applies to this requirement. All Electronic and Information Technology (EIT) procured through this procurement must meet the applicable accessibility standards at 36 CFR 1194, unless an agency exception to this requirement exists. 36 CFR 1194 implements Section 508 of the Rehabilitation Act of 1973, as amended, and is viewable at http://accessboard.gov/sec508/508standards.htm Part 1194. Contractors are now responsible for indicating on each line item in the procurement whether products or services are compliant or noncompliant with the accessibility standards at 36 CFR 1194 Section 508 Program Need Requirements for accessibility based on Section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d) are determined to be relevant for the following program need: "Computer Server." Section 508 Deliverable Requirements Technical standards from 36 CFR part 1194 Subpart B have been determined to apply to this acquisition. Solicitation respondents must describe how their proposed Electronic and Information Technology (EIT) deliverables meet at least those technical provisions identified as applicable in the attached Government Product/Service Accessibility Template (GPAT). Functional performance criteria from 36 CFR part 1194 Subpart C have been determined to apply to this acquisition. Solicitation respondents must describe how their proposed Electronic and Information Technology (EIT) deliverables meet at least those functional performance criteria identified as applicable in the attached Government Product/Service Accessibility Template (GPAT). Information, documentation, and support requirements from 36 CFR part 1194 Subpart D have been determined to apply to this acquisition. Solicitation respondents must describe how the information, documentation, and support proposed for Computer Server deliverables meet at least those information, documentation, and support requirements identified as applicable in the attached Government Product/Service Accessibility Template (GPAT). Section 508 Evaluation Factors Responses to this solicitation will only be considered for award after it has been determined that the proposal adequately addresses the requirements for Section 508. Only proposals which contain adequate information to document their responsiveness to the Section 508 requirements (e.g. a completed GPAT, VPAT or equivalent and supporting documentation) will be eligible for any additional merit consideration. Section 508 Acceptance Criteria Computer Servers delivered as a result of this solicitation will be accepted based in part on satisfaction of identified Section 508 requirements for accessibility. Computer Servers delivered must include a completed GPAT, a sample of which is included as a part of this solicitation. Section 508 GPAT Please complete the attachment SCM Train 508 and submit with quote Period of Performance March 1, 2011 thru March 30, 2011 Delivery Location, Schedule, and Instructions Shipment of deliverable items specified in the Scope of Work shall be delivered to the National Institutes of Health, Clinical Center within thirty (30) calendar days after receipt of Purchase Order. The delivery must be noted as an inside delivery to the address listed below. Department of Clinical Research Informatics MMD Receiving, B2 Loading Dock 10 Center Drive, Room B2C123 Bethesda, MD. 20892 Attention: Siron Cox 301-451-9889 lcox@cc.nih.gov Government Furnished Equipment (GFE) There are no government furnished equipment requirements for this order. Inspection and Acceptance Criteria The items listed in the scope of this document must be received and in full working order to be accepted as final by the Clinical Center. Government Product Accessibility Template Summary • Column one includes all the Sections of the Standard that may apply to any deliverable. The total number of provisions within each Section of the Standard is shown in parentheses. • Column two identifies the total number of provisions that typically apply to a deliverable of this type. Some of these may not be features of the vendor's deliverable. Conversely, others not noted may be features of the vendor's deliverable. If the deliverable includes additional features, the accessibility of these features must also be considered. • Column three is for general notes about the Sections of the Standard. Some apply to all deliverables and some are specific to the deliverable. • Column four is a summary of the vendor's response to applicable provisions and additional deliverable features from the Sections of the Standard. • Column five is where the vendor can note explanations for any of the preceding columns, e.g. there are differences between expected applicable provisions and actual product features. CFR 1194 Standard Sections Total Number of Applicable Provisions Notes Total Number of Supported Provisions Please explain Fully Partial Not Section 1194.21 Software Applications and Operating Systems (12 provisions) 12 Servers are generally loaded with application software and Operating Systems. Web server Operating Systems are software, not Web applications. Section 1194.22 Web-based Internet Information and Applications (16 provisions) 16 This Section applies IF information, documentation, and support are provided via an intranet or the Internet. Section 1194.23 Telecommunications Products (14 provisions) 0 Section 1194.24 Video and Multi-media Products (5 provisions) 3 These provisions apply IF information, documentation, and support are provided via video or multimedia production. Section 1194.25 Self-Contained, Closed Products (13 provisions) 0 Section 1194.26 Desktop and Portable Computers (4 provisions) 0 Desktop computers can be used as servers. However, requirements from this Section would generally not apply because sever hardware does not directly interface with users. Section 1194.31 Functional Performance Criteria (6 provisions) 6 Functional performance criteria always apply. Section 1194.41 Information, Documentation and Support (3 provisions) 3 If information, documentation, and support are to be provided by the vendor, then this Section applies. Subpart B -- Technical Standards Note: If there is a possibility that the provision applies, the default value is "Yes". • Column one is the full text of the provision from the Standard. • Column two documents the agency's accessibility requirement based on common characteristics of the EIT deliverable. Place a Yes or No in this column based on program need and actual characteristics of your expected deliverable (i.e., Is this provision seen as applicable to the expected deliverable?) • Column three provides explanatory information about the provision to help both the agency in determining applicability and the vendor in providing accessibility information. • Column four is for the vendor to check off whether the deliverable meets, partially meets or does not meet the specific provision. • Column five is for the vendor to provide an explanation of how the deliverable meets or does not meet the specific provision. It is also an opportunity to explain why a deliverable does not have an applicable feature or why it has a feature that was not identified as applicable. Section 1194.21 Software applications and operating systems Provision Text Applicable Notes How does the EIT meet this requirement? Please explain (a) When software is designed to run on a system that has a keyboard, product functions shall be executable from a keyboard where the function itself or the result of performing a function can be discerned textually. Yes This applies to QWERTY keyboards. __Fully __Partially __No (b) Applications shall not disrupt or disable activated features of other products that are identified as accessibility features, where those features are developed and documented according to industry standards. Applications also shall not disrupt or disable activated features of any operating system that are identified as accessibility features where the application programming interface for those accessibility features has been documented by the manufacturer of the operating system and is available to the product developer. Yes __Fully __Partially __No (c) A well-defined on-screen indication of the current focus shall be provided that moves among interactive interface elements as the input focus changes. The focus shall be programmatically exposed so that Assistive Technology can track focus and focus changes. Yes __Fully __Partially __No (d) Sufficient information about a user interface element including the identity, operation and state of the element shall be available to Assistive Technology. When an image represents a program element, the information conveyed by the image must also be available in text. Yes __Fully __Partially __No (e) When bitmap images are used to identify controls, status indicators, or other programmatic elements, the meaning assigned to those images shall be consistent throughout an application's performance. Yes In this requirement, the term "bitmap" refers to a broad number of image formats, such as.bmp,.gif,.jpeg,.tif and.svg. __Fully __Partially __No (f) Textual information shall be provided through operating system functions for displaying text. The minimum information that shall be made available is text content, text input caret location, and text attributes. Yes __Fully __Partially __No (g) Applications shall not override user selected contrast and color selections and other individual display attributes. Yes __Fully __Partially __No (h) When animation is displayed, the information shall be displayable in at least one non-animated presentation mode at the option of the user. Yes Self-scrolling and moving text are considered animation. __Fully __Partially __No (i) Color coding shall not be used as the only means of conveying information, indicating an action, prompting a response, or distinguishing a visual element. Yes This requirement is also addressed in provision 1194.25(g). __Fully __Partially __No (j) When a product permits a user to adjust color and contrast settings, a variety of color selections capable of producing a range of contrast levels shall be provided. Yes See www.lighthouse.org/color_contrast.htm This requirement is also addressed in provision 1194.25(h). __Fully __Partially __No (k) Software shall not use flashing or blinking text, objects, or other elements having a flash or blink frequency greater than 2 Hz and lower than 55 Hz. Yes Other elements include turning graphics on and off or changing between images. This requirement is also addressed in provisions 1194.22(j) and 1194.25(i). __Fully __Partially __No (l) When electronic forms are used, the form shall allow people using Assistive Technology to access the information, field elements, and functionality required for completion and submission of the form, including all directions and cues. Yes This requirement is also addressed in provision 1194.22(n). __Fully __Partially __No Section 1194.22 Web-based intranet and internet information and applications Note: Since information, documentation, and support (Section 1194.41) are often provided via the Web, the default value for "Applicable" in Section 1194.22 Web-based intranet and Internet information and applications is "Yes". Provision Text Applicable Notes How does the EIT meet this requirement? Please explain (a) A text equivalent for every non-text element shall be provided (e.g., via "alt", "longdesc", or in element content). Yes If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. __Fully __Partially __No (b) Equivalent alternatives for any multimedia presentation shall be synchronized with the presentation. Yes If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. __Fully __Partially __No (c) Web pages shall be designed so that all information conveyed with color is also available without color, for example from context or markup. Yes If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. __Fully __Partially __No (d) Documents shall be organized so they are readable without requiring an associated style sheet. Yes If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. __Fully __Partially __No (e) Redundant text links shall be provided for each active region of a server-side image map. Yes If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. __Fully __Partially __No (f) Client-side image maps shall be provided instead of server-side image maps except where the regions cannot be defined with an available geometric shape. Yes If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. __Fully __Partially __No (g) Row and column headers shall be identified for data tables. Yes This requirement does not apply to tables used strictly for layout. If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. __Fully __Partially __No (h) Markup shall be used to associate data cells and header cells for data tables that have two or more logical levels of row or column headers. Yes If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. __Fully __Partially __No (i) Frames shall be titled with text that facilitates frame identification and navigation Yes If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. __Fully __Partially __No (j) Pages shall be designed to avoid causing the screen to flicker with a frequency greater than 2 Hz and lower than 55 Hz. Yes If Web-base information, documentation, and support (Section 1194.41) are requested, then this requirement applies. This requirement is also addressed in provisions 1194.21(k) and 1194.25(i). __Fully __Partially __No (k) A text-only page, with equivalent information or functionality, shall be provided to make a web site comply with the provisions of this part, when compliance cannot be accomplished in any other way. The content of the text-only page shall be updated whenever the primary page changes. Yes This should only be used as a last resort. If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. __Fully __Partially __No (l) When pages utilize scripting languages to display content, or to create interface elements, the information provided by the script shall be identified with functional text that can be read by Assistive Technology. Yes If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. __Fully __Partially __No (m) When a web page requires that an applet, plug-in or other application be present on the client system to interpret page content, the page must provide a link to a plug-in or applet that complies with Section1194.21(a) through (l). Yes If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. __Fully __Partially __No (n) When electronic forms are designed to be completed on-line, the form shall allow people using Assistive Technology to access the information, field elements, and functionality required for completion and submission of the form, including all directions and cues. Yes If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. This requirement is also addressed in provision 1194.21(l). __Fully __Partially __No (o) A method shall be provided that permits users to skip repetitive navigation links. Yes If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. __Fully __Partially __No (p) When a timed response is required, the user shall be alerted and given sufficient time to indicate more time is required. Yes If Web-based information, documentation, and support (Section 1194.41) are requested, then this requirement applies. This requirement is also addressed in provision 1194.25(b). __Fully __Partially __No NIH/CC SECURITY - CONTRACT PROVISION September 29, 2009 (rev 12/22/2009) NIH INFORMATION SECURITY THE FOLLOWING MATERIAL IS APPLICABLE TO DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) TASK ORDERS FOR WHICH CONTRACTOR/SUBCONTRACTOR PERSONNEL WILL (1) DEVELOP, (2) HAVE THE ABILITY TO ACCESS, OR (3) HOST AND/OR MAINTAIN A FEDERAL INFORMATION SYSTEM(S). For more information, see HHS Information Security Program Policy at: http://www.hhs.gov/ocio/policy/2004-0002.001.html#intro. If the SOW requires Hardware the following must be included (1) IT equipment procurement requests (servers, desktops, laptops, Blackberries, PDAs, data storage devices, and all information processing equipment) For more information see: • All IT equipment procurement requests (servers, desktops, laptops, Blackberries, PDAs, data storage devices, and all information processing equipment) must be reviewed by the IC CIO or designee to insure that they conform to HHS, NIH, and Institute and Center (IC) standards before procurement approval is granted. NIH Initial Security Configuration Policy http://irm.cit.nih.gov/security/sec_policy.html#Acq Pursuant to Federal and HHS Information Security Program Policies the contractor and any subcontractor performing under this task order shall comply with the following requirements: a. Federal Information Security Management Act of 2002 (FISMA), Title III, E-Government Act of 2002, Pub. L. No. 107-347 (Dec. 17, 2002); http://csrc.nist.gov/drivers/documents/FISMA-final.pdf b. OMB Memorandum M-06-15, Safeguarding Personally Identifiable c. Information (05-22-06): http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf d. OMB Memorandum M-06-16, Protection of Sensitive Agency Information (06-23-06): e. http://www.whitehouse.gov/OMB/memoranda/fy2006/m06-16.pdf f. OMB Memorandum M-06-19, Safeguarding Against and Responding to the Breach of Personally Identifiable Information: http://www.whitehouse.gov/omb/memoranda/fy2006/m06-19.pdf g. Guide for Identifying Sensitive Information, including Information in Identifiable Form, http://ocio.nih.gov/security/NIH_Sensitive_Info_Guide.doc h. OMB Memorandum M-07-16, Protection of Sensitive Agency Information. http://www.whitehouse.gov/omb/assets/omb/memoranda/fy2007/m07-16.pdf i. Homeland Security Presidential Directive/HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors (08-27-04): http://www.whitehouse.gov/news/releases/2004/08/print/20040827-8.html j. OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 - Policy for a Common Identification Standard for Federal Employees and Contractors (08-05-05): http://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf k. Federal Information Processing Standards Publication (FIPS PUB) 201-1 (Updated June 26, 2006): http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf l. HHS Interim Policy: Contractual Implementation of Homeland Security Presidential Directive (HSPD) 12, Policy for a Common Identification Standard for Federal Employees and Contractors [Draft] Include Sections A through G in all contracts A. INFORMATION TYPE **** (NOTE: Based on information provided by the ISSO, PO, and Privacy Officer, select the appropriate general information type(s) below, and provide the specific type of information.) **** [ ] Administrative, Management and Support Information: **** (NOTE: If the above box is checked, the specific type(s) of information from NIST SP 800-60, Volume II: Appendices to Guide for Mapping Types of Information and Information Systems To Security Categories, APPENDIX C, Table 3, at http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V2-final.pdf must be inserted here. This information will be provided by the IC ISSO and/or Project Officer) **** [ X ] Mission Based Information: **** (NOTE: If the above box is checked, the specific type(s) of information from NIST SP 800-60, Volume II: Appendices to Guide For Mapping Types Of Information and Information Systems To Security Categories, APPENDIX D, Table 5, at http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V2-final.pdf must be inserted here D.14.4 Health Care Delivery Services Information Type Health Care Delivery Services provides and supports the delivery of health care to its beneficiaries. This includes assessing health status; planning health services; ensuring quality of services and continuity of care; and managing clinical information and documentation. B. SECURITY CATEGORIES AND LEVELS **** (NOTE: Based on information provided by the ISSO and Project Officer, select the Security Level for each Security Category. Select the Overall Security Level which is the highest level of the three factors (Confidentiality, Integrity and Availability). NIST SP 800-60, Volume II: Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories, Appendices C and D contain suggested Security Levels for Each Information Type at http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V2-final.pdf For additional information and assistance for completion of this item, see Table 1, Security Categorization of Federal Information and Information Systems at: http://irm.cit.nih.gov/security/table1.htm )**** Confidentiality Level: [ x ] Low [ ] Moderate [ ] High Integrity Level: [ ] Low [ ] Moderate [ x ] High Availability Level: [ x ] Low [ ] Moderate [ ] High Overall Level: [ ] Low [ ] Moderate [ ] High Include sections R through T in all contracts C. SPECIAL INFORMATION SECURITY REQUIREMENTS FOR FOREIGN CONTRACTORS/SUBCONTRACTORS When foreign contractors/subcontractors perform work under this acquisition at non-US Federal Government facilities, provisions of HSPD-12 do NOT apply. D. REFERENCES: INFORMATION SECURITY INCLUDING PERSONALLY IDENTIFIABLE INFORMATION (1) Federal Information Security Management Act of 2002 (FISMA), Title III, E-Government Act of 2002, Pub. L. No. 107-347 (Dec. 17, 2002); http://csrc.nist.gov/drivers/documents/FISMA-final.pdf (2) DHHS Personnel Security/Suitability Handbook: http://www.knownet.hhs.gov/acquisition/pssh.pdf (3) NIH Computer Security Awareness Course: http://irtsectraining.nih.gov/ (4) NIST Special Publication 800-16, Information Technology Security Training Requirements: http://csrc.nist.gov/publications/nistpubs/800-16/800-16.pdf Appendix A-D: http://csrc.nist.gov/publications/nistpubs/800-16/AppendixA-D.pdf (5) NIST SP 800-18, Guide for Developing Security Plans for Information Technology Systems: http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf (6) NIST SP 800-53, Revision 1, Recommended Security Controls for Federal Information Systems: http://www.csrc.nist.gov/publications/drafts/800-53-rev1-ipd-clean.pdf (7) NIST SP 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories, Volume I: http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V1-final.pdf; Volume II, Appendices to Guide For Mapping Types of Information and Information Systems To Security Categories, Appendix C at: http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V2-final.pdf and Appendix D at: http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V2-final.pdf. (8) NIST SP 800-64, Security Considerations in the Information System Development Life Cycle: http://csrc.nist.gov/publications/nistpubs/800-64/NIST-SP800-64.pdf (9) FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems: http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf (10) FIPS PUB 200, Minimum Security Requirements for Federal Information and Information Systems: http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf (11) OMB Memorandum M-06-15, Safeguarding Personally Identifiable Information (05-22-06): http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf (12) OMB Memorandum M-06-16, Protection of Sensitive Agency Information (06-23-06): http://www.whitehouse.gov/OMB/memoranda/fy2006/m06-16.pdf (13) OMB Memorandum M-06-19, Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments (07-12-06) http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-19.pdf (14) OMB Memorandum, Recommendations for Identity Theft Related Data Breach Notification (09-20-06) http://www.whitehouse.gov/omb/memoranda/fy2006/task_force_theft_memo.pdf (15) OMB Memorandum M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information (05-22-07) http://www.whitehouse.gov/omb/memoranda/fy2007/m07-16.pdf (16) OMB Memorandum M-07-18, Ensuring New Acquisitions Include Common Security Configurations (06-01-07) http://www.whitehouse.gov/omb/memoranda/fy2007/m07-18.pdf (17) Guide for Identifying Sensitive Information, including Information in Identifiable Form, at the NIH ( 04-18-2008) (http://irm.cit.nih.gov/security/NIH_Sensitive_Info_Guide.doc (18) HHS OCIO Policies http://www.hhs.gov/ocio/policy/index.html#Security (19) NIH Privacy Awareness Course: http://irtsectraining.nih.gov/ E. REFERENCES: PHYSICAL ACCESS SECURITY (1) HHS Information Security Program Policy: http://intranet.hhs.gov/infosec/docs/policies_guides/ISPP/Information_Security_Program_Policy.pdf (2) Homeland Security Presidential Directive/HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors (08-27-04): http://www.whitehouse.gov/news/releases/2004/08/print/20040827-8.html (3) OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 - Policy for a Common Identification Standard for Federal Employees and Contractors (08-05-05): http://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf (4) OMB Memorandum M-07-06, Validating and Monitoring Agency Issuance of Personal Identity Verification Credentials (01-11-07): http://www.whitehouse.gov/omb/memoranda/fy2007/m07-06.pdf (5) Federal Information Processing Standards Publication (FIPS PUB) 201-1 (Updated June 26, 2006): http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf (6) HHS Interim Policy: Contractual Implementation of Homeland Security Presidential Directive (HSPD) 12, Policy for a Common Identification Standard for Federal Employees and Contractors [Draft] http://www.hhs.gov/oamp/policies/hspd12contractguide.doc (7) HHS Office of Security and Drug Testing, Personnel Security/Suitability Handbook (02-01-05): http://www.hhs.gov/oamp/policies/personnel_security_suitability_handbook.html (8) HHSAR 307.7106, Statement of Work (SOW); HHSAR 307.7108 in new coverage as of 02-01-07: http://knownet.hhs.gov/acquisition/hhsar/Default.htm (9) Federal Acquisition Regulation (FAR) 37.602, Performance Work Statement (PWS): http://acquisition.gov/far/current/html/Subpart%2037_6.html#wp1074648 (10) FAR Subpart 4.13, Personal Identity Verification of Contractor Personnel: http://acquisition.gov/far/current/html/Subpart%204_13.html#wp1074125 (11) FAR 52.204-9, Personal Identity Verification of Contractor Personnel [clause]: http://acquisition.gov/far/current/html/52_200_206.html#wp1139617 Include Section W in all acquisitions used in patient care or patient care settings F. Data and System Interoperability Compliance Standards Executive Order 13410 - Promoting Quality and Efficient Health Care in Federal Government Administered or Sponsored Health Care Programs http://www.whitehouse.gov/news/releases/2006/08/20060822.html requires that any system that is used in patient care or that are used in the patient care setting must comply with the CCHIT certification and that those standards are located at http://www.cchit.org. Include Section X in all IT contracts G. ELECTRONIC AND INFORMATION TECHNOLOGY ACCESSIBILITY (January2008) Pursuant to Section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d), as amended by the Workforce Investment Act of 1998, all electronic and information technology (EIT) products and services developed, acquired, maintained, and/or used under this contract/order must comply with the "Electronic and Information Technology Accessibility Provisions" set forth by the Architectural and Transportation Barriers Compliance Board (also referred to as the "Access Board") in 36 CFR part 1194. Information about Section 508 provisions is available at http://www.section508.gov The complete text of Section 508 Final provisions can be accessed at http://www.accessboard.gov/sec508/provisions.htm. The Section 508 standards applicable to this contract/order are identified in the Statement of Work. The contractor must provide a written Section 508 conformance certification due at the end of each order/contract exceeding $100,000 when the order/contract duration is one year or less. If it is determined By the Government that EIT products and services provided by the Contractor do not conform to the described accessibility in the Product Assessment Template, remediation of the products and/or services to the level of conformance specified in the vendor's Product Assessment Template will be the responsibility of the Contractor at its own expense. In the event of a modification(s) to the contract/order, which adds new EIT products and services or revised the type of, or specifications for, products and services the Contractor is to provide, including EIT deliverables such as electronic documents and reports, the Contracting Officer may require that the contractor submit a completed HHS Section 508 Product Assessment Template to assist the Government in determining that the EIT products and services support Section 508 accessibility requirements. Instructions for documenting accessibility via the HHS Section 508 Product Assessment Template may be found at http://508.hhs.gov. [(End of HHSAR 352.270-19(b)] Prior to the Contracting Officer exercising an option for a subsequent performance period/additional quantity or adding increment funding for a subsequent performance period under this contract, as applicable, the Contractor must provide a Section 508 Annual Report to the Contracting Officer and Contracting Officer's Technical Representative (also known as Project Officer or Contracting Officer's Representative). Unless otherwise directed by the Contracting Officer in writing, the Contractor shall provide the cited report in accordance with the following schedule. Instructions for completing the report are available at: http://508.hhs.gov. under the heading Vendor Information and Documents. The Contractor's failure to submit a timely and properly completed report may jeopardize the Contracting Officer's exercising an option or adding incremental funding, as applicable. Schedule for Contractor Submission of Section 508 Annual Report: [End of HHSAR 352.270-19(c)] 1) PRIVACY ACT- FAR 52.224-1 Privacy Act Notification (Apr 1984) The Contractor will be required to design, develop, or operate a system of records on individuals, to accomplish an agency function subject to the Privacy Act of 1974, Public Law 93-579, December 31, 1974 (5 U.S.C. 552a) and applicable agency regulations. Violation of the Act may involve the imposition of criminal penalties. FAR 52.224-2 Privacy Act (April 1984) (a) The Contractor agrees to- (1) Comply with the Privacy Act of 1974 (the Act) and the agency rules and regulations issued under the Act in the design, development, or operation of any system of records on individuals to accomplish an agency function when the contract specifically identifies- (i) The systems of records; and (ii) The design, development, or operation work that the contractor is to perform; (2) Include the Privacy Act notification contained in this contract in every solicitation and resulting subcontract and in every subcontract awarded without a solicitation, when the work statement in the proposed subcontract requires the redesign, development, or operation of a system of records on individuals that is subject to the Act; and (3) Include this clause, including this paragraph (3), in all subcontracts awarded under this contract which requires the design, development, or operation of such a system of records. (b) In the event of violations of the Act, a civil action may be brought against the agency involved when the violation concerns the design, development, or operation of a system of records on individuals to accomplish an agency function, and criminal penalties may be imposed upon the officers or employees of the agency when the violation concerns the operation of a system of records on individuals to accomplish an agency function. For purposes of the Act, when the contract is for the operation of a system of records on individuals to accomplish an agency function, the Contractor is considered to be an employee of the agency. (c)(1) "Operation of a system of records," as used in this clause, means performance of any of the activities associated with maintaining the system of records, including the collection, use, and dissemination of records. (2) "Record," as used in this clause, means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and that contains the person's name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a fingerprint or voiceprint or a photograph. (3) "System of records on individuals," as used in this clause, means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. 2) Personal Identity Verification of Contractor Personnel FAR 52.204-9 (SEPT 2007) (a) The Contractor shall comply with agency personal identity verification procedures identified in the contract that implement Homeland Security Presidential Directive-12 (HSPD-12), Office of Management and Budget (OMB) guidance M-05-24 and Federal Information Processing Standards Publication (FIPS PUB) Number 201. (b) The Contractor shall insert this clause in all subcontracts when the subcontractor is required to have routine physical access to a Federally-controlled facility and/or routine access to a Federally- controlled information system. 3) EMPLOYMENT ELIGIBILITY VERIFICATION FAR 52.222-54 (JAN 2009) (a) Definitions. As used in this clause- "Commercially available off-the-shelf (COTS) item"- (1) Means any item of supply that is- (i) A commercial item (as defined in paragraph (1) of the definition at 2.101); (ii) Sold in substantial quantities in the commercial marketplace; and (iii) Offered to the Government, without modification, in the same form in which it is sold in the commercial marketplace; and (2) Does not include bulk cargo, as defined in section 3 of the Shipping Act of 1984 (46 U.S.C. App. 1702), such as agricultural products and petroleum products. Per 46 CFR 525.1 (c)(2), "bulk cargo" means cargo that is loaded and carried in bulk onboard ship without mark or count, in a loose unpackaged form, having homogenous characteristics. Bulk cargo loaded into intermodal equipment, except LASH or Seabee barges, is subject to mark and count and, therefore, ceases to be bulk cargo. "Employee assigned to the contract" means an employee who was hired after November 6, 1986, who is directly performing work, in the United States, under a contract that is required to include the clause prescribed at 22.1803. An employee is not considered to be directly performing work under a contract if the employee- (1) Normally performs support work, such as indirect or overhead functions; and (2) Does not perform any substantial duties applicable to the contract. "Subcontract" means any contract, as defined in 2.101, entered into by a subcontractor to furnish supplies or services for performance of a prime contract or a subcontract. It includes but is not limited to purchase orders, and changes and modifications to purchase orders. "Subcontractor" means any supplier, distributor, vendor, or firm that furnishes supplies or services to or for a prime Contractor or another subcontractor. "United States", as defined in 8 U.S.C. 1101(a)(38), means the 50 States, the District of Columbia, Puerto Rico, Guam, and the U.S. Virgin Islands. (b) Enrollment and verification requirements. (1) If the Contractor is not enrolled as a Federal Contractor in E-Verify at time of contract award, the Contractor shall- (i) Enroll. Enroll as a Federal Contractor in the E-Verify program within 30 calendar days of contract award; (ii) Verify all new employees. Within 90 calendar days of enrollment in the E-Verify program, begin to use E-Verify to initiate verification of employment eligibility of all new hires of the Contractor, who are working in the United States, whether or not assigned to the contract, within 3 business days after the date of hire (but see paragraph (b)(3) of this section); and (iii) Verify employees assigned to the contract. For each employee assigned to the contract, initiate verification within 90 calendar days after date of enrollment or within 30 calendar days of the employee's assignment to the contract, whichever date is later (but see paragraph (b)(4) of this section). (2) If the Contractor is enrolled as a Federal Contractor in E-Verify at time of contract award, the Contractor shall use E-Verify to initiate verification of employment eligibility of- (i) All new employees. (A) Enrolled 90 calendar days or more. The Contractor shall initiate verification of all new hires of the Contractor, who are working in the United States, whether or not assigned to the contract, within 3 business days after the date of hire (but see paragraph (b)(3) of this section); or (B) Enrolled less than 90 calendar days. Within 90 calendar days after enrollment as a Federal Contractor in E-Verify, the Contractor shall initiate verification of all new hires of the Contractor, who are working in the United States, whether or not assigned to the contract, within 3 business days after the date of hire (but see paragraph (b)(3) of this section); or (ii) Employees assigned to the contract. For each employee assigned to the contract, the Contractor shall initiate verification within 90 calendar days after date of contract award or within 30 days after assignment to the contract, whichever date is later (but see paragraph (b)(4) of this section). (3) If the Contractor is an institution of higher education (as defined at 20 U.S.C. 1001(a)); a State or local government or the government of a Federally recognized Indian tribe; or a surety performing under a takeover agreement entered into with a Federal agency pursuant to a performance bond, the Contractor may choose to verify only employees assigned to the contract, whether existing employees or new hires. The Contractor shall follow the applicable verification requirements at (b)(1) or (b)(2) respectively, except that any requirement for verification of new employees applies only to new employees assigned to the contract. (4) Option to verify employment eligibility of all employees. The Contractor may elect to verify all existing employees hired after November 6, 1986, rather than just those employees assigned to the contract. The Contractor shall initiate verification for each existing employee working in the United States who was hired after November 6, 1986, within 180 calendar days of- (i) Enrollment in the E-Verify program; or (ii) Notification to E-Verify Operations of the Contractor's decision to exercise this option, using the contact information provided in the E-Verify program Memorandum of Understanding (MOU). (5) The Contractor shall comply, for the period of performance of this contract, with the requirements of the E-Verify program MOU. (i) The Department of Homeland Security (DHS) or the Social Security Administration (SSA) may terminate the Contractor's MOU and deny access to the E-Verify system in accordance with the terms of the MOU. In such case, the Contractor will be referred to a suspension or debarment official. (ii) During the period between termination of the MOU and a decision by the suspension or debarment official whether to suspend or debar, the Contractor is excused from its obligations under paragraph (b) of this clause. If the suspension or debarment official determines not to suspend or debar the Contractor, then the Contractor must reenroll in E-Verify. (c) Web site. Information on registration for and use of the E-Verify program can be obtained via the Internet at the Department of Homeland Security Web site: http://www.dhs.gov/E-Verify. (d) Individuals previously verified. The Contractor is not required by this clause to perform additional employment verification using E-Verify for any employee- (1) Whose employment eligibility was previously verified by the Contractor through the E-Verify program; (2) Who has been granted and holds an active U.S. Government security clearance for access to confidential, secret, or top secret information in accordance with the National Industrial Security Program Operating Manual; or (3) Who has undergone a completed background investigation and been issued credentials pursuant to Homeland Security Presidential Directive (HSPD)-12, Policy for a Common Identification Standard for Federal Employees and Contractors. (e) Subcontracts. The Contractor shall include the requirements of this clause, including this paragraph (e) (appropriately modified for identification of the parties), in each subcontract that- (1) Is for- (i) Commercial or noncommercial services (except for commercial services that are part of the purchase of a COTS item (or an item that would be a COTS item, but for minor modifications), performed by the COTS provider, and are normally provided for that COTS item); or (ii) Construction; (2) Has a value of more than $3,000; and (3) Includes work performed in the United States. Introduction Section 508 of the amended Rehabilitation Act ("Section 508") was enacted to eliminate barriers that might interfere with the ability of individuals with disabilities to fully access Web-delivered information and fully utilize Web-based tools and services. Section 508 requirements apply to Web sites, including all forms of information and posted content, as well as any associated applications including Web or media. This interim acquisition policy provides language applicable to Statements of Work (SOW) or Performance Work Statements (PWS) generated by the Department of Health and Human Services (HHS) that require a contractor or consultant to (1) produce content in any format that could be placed on a Department-owned or Department-funded Web site; or (2) write, create or produce any communications materials intended for public or internal use - to include reports, documents, charts, posters, presentations (such as Microsoft PowerPoint) or video material that could be placed on a Department-owned or Department-funded Web site. The project officer (also known as the contracting officer's technical representative) must ensure that communications products produced or delivered by contractors or consultants meet applicable Section 508 accessibility standards and are suitable for posting to an HHS Web site. Discussion and Analysis This policy applies to: 1. HHS Operating Divisions and Staff Divisions (OPDIVs/STAFFDIVs) and to their contractors and consultants that produce new reports, brochures, and other text or graphical communications products, or produce new multimedia products, such as videotapes and Webcasts, or provide computer based training materials or products. 2. HHS OPDIVs/STAFFDIVs and to their contractors and consultants that provide new Web-based product support documentation to end-users. This interim acquisition guidance does not apply to those systems covered by the specific Health and Human Services Acquisition Regulation (HHSAR) guidance (dated January 16, 2008) for the acquisition of Electronic and Information Technology (EIT) (including Web-based applications, software packages deployed through the Web and script-based interactive sites). This interim acquisition guidance is effective upon issuance for all new acquisitions. US Department of Health and Human Services (HHS) Acquisition of Communications Products Interim Acquisition Guidance 2 Responsibilities The Assistant Secretary for Resources and Technology (ASRT) shall: Provide policy and procedural support with respect to establishing, implementing, operating and maintaining Web sites or producing communication products and services. The Assistant Secretary for Public Affairs (ASPA) shall: Propose Section 508-compliant performance standards, provide guidance for their implementation, and ensure that HHS-funded or HHS-managed Web sites are in compliance with Section 508. Guidance and training is available at http://www.hhs.gov/web/policies/index.html#508. Develop training and technical assistance materials to support OPDIVs/STAFFDIVs in the use of this guidance. Appoint a representative to the HHS Section 508 Program Team to ensure alignment with ongoing Departmental Section 508 activities. The Director of the Office on Disabilities (OD) shall: Approve and interpret Section 508-compliant performance standards. Disseminate updated guidance and policy interpretations through http://508.hhs.gov/. Provide technical support to OPDIVs/STAFFDIVs in determining the application of Section 508. Share best practices through the Section 508 Program Team. Review lessons learned and coordinate with ASPA necessary updates to Section 508 guidance. The Deputy Assistant Secretary for Acquisition Management and Policy (DASAMP) shall: Ensure the HHS Acquisition Regulation (HHSAR) is modified to incorporate the interim Section 508 guidance provided in this document and ensure that it enhances and supports existing Section 508 guidance. OPDIVs/STAFFDIVs shall: Ensure that HHS-funded or HHS-managed Web sites are in compliance with Section 508. Ensure that the staff receives training and technical assistance regarding Section 508.US Department of Health and Human Services (HHS) Acquisition of Communications Products Interim Acquisition Guidance 3 Interim Acquisition Guidance For new actions, while developing or amending a SOW or PWS in accordance with HHSAR 307.7106 (renumbered HHSAR 307.7108) and FAR 37.602, project officers must address communications products and services in the HHS Acquisition Plan. In addition to the acquisition planning requirements under HHSAR Part 307, project officers must address Section 508 compliance requirements for documents generated for and by HHS that require a contractor or consultant to produce content in any format that could be placed on a Department-owned or Department-funded Web site. For those acquisitions of communications products and services not requiring an Acquisition Plan, the Project Officer must include all documentation pursuant to HHSAR 307.7101(c). The assigned project officer (contracting officer's technical representative) will ensure communication products are provided to the end-users in a Section 508- compliant format. The project officer must list the applicable provisions of the Access Board Final (36 CFR Part 1194) in the SOW/PWS - e.g., "36 CFR 1194(a)-(j)". Most Web-based text and communication will need to meet 36 CFR Part 1194.22, "Web-Based Intranet and Internet Information and Applications". Additionally, 36 CFR Part 1194.41, "Information, Documentation and Support," and 36 CFR Part 1194.24 "Video and Multimedia Products" are of particular importance with regard to all written, graphical or broadcast, video materials or products produced for HHS (to include training). 36 CFR Part 1194.41 outlines the requirements supporting services for products accommodating the communication needs of end-users with disabilities. Contact your OPDIV/STAFFDIV Section 508 Coordinator for additional assistance in determining the applicable provisions. The Project Officer (the Contracting Officer's Technical Representative), in consultation with ASPA/Web Communications Division, will make a Section 508-compliance determination prior to posting to a Department-owned or Department-funded Web site. The project officer shall include the attached "Section C.A. Section 508" language in Statements of Work (SOWs) or Performance Work Statements (PWS) generated by the Department of Health and Human Services (HHS) for communication products and services that could be placed on a Department-owned or Department-funded Web site. US Department of Health and Human Services (HHS) Acquisition of Communications Products Interim Acquisition Guidance 4 C.A. Section 508 This language is applicable to Statements of Work (SOW) or Performance Work Statements (PWS) generated by the Department of Health and Human Services (HHS) that require a contractor or consultant to (1) produce content in any format that could be placed on a Department-owned or Department-funded Web site; or (2) write, create or produce any communications materials intended for public or internal use; to include reports, documents, charts, posters, presentations (such as Microsoft PowerPoint) or video material that could be placed on a Department-owned or Department-funded Web site. Section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d) requires Federal agencies to purchase electronic and information technologies (EIT) that meet specific accessibility standards. This law helps to ensure that federal employees with disabilities have access to, and use of, the information and data they need to do their jobs. Furthermore, this law ensures that members of the public with disabilities have the ability to access government information and services. There are three regulations addressing the requirements detailed in Section 508. The Section 508 technical and functional standards are codified at 36 CFR Part 1194 and may be accessed through the Access Board's Web site at http://www.access-board.gov. The second regulation issued to implement Section 508 is the Federal Acquisition Regulation (FAR). FAR Part 39.2 requires that agency acquisitions of Electronic and Information Technology (EIT) comply with the Access Board's standards. The entire FAR is found at Chapter 1 of the Code of Federal Register (CFR) Title 48, located at http://www.acquisition.gov. The FAR rule implementing Section 508 can be found at http://www.section508.gov. The third applicable regulation is the HHS Acquisition Regulation (HHSAR). Regardless of format, all Web content or communications materials produced for publication on or delivery via HHS Web sites - including text, audio or video - must conform to applicable Section 508 standards to allow federal employees and members of the public with disabilities to access information that is comparable to information provided to persons without disabilities. All contractors (including subcontractors1) or consultants responsible for preparing or posting content intended for use on an HHS-funded or HHS-managed Web site must comply with applicable Section 508 accessibility standards, and where applicable, those set forth in the referenced policy or standards documents below. Remediation of any materials that do not comply with the applicable provisions of 36 CFR Part 1194 as set forth in the SOW or PWS, shall be the responsibility of the contractor or consultant retained to produce the Web-suitable content or communications material. 1 Prime contractors may enter into subcontracts in the performance of a Federal contract, but the prime remains obligated to deliver what is called for under the contract. US Department of Health and Human Services (HHS) Acquisition of Communications Products Interim Acquisition Guidance 5 The following Section 508 provisions apply to the content or communications material identified in this SOW or PWS: [Project Officer must list the applicable provisions of the Access Board Final Rule (36 CFR Part 1194) - e.g., "36 CFR 1194.21(a)-(j)"] References: HHS Policy for Section 508 Electronic and Information Technology (E&IT) (January 2005): http://www.hhs.gov/od/Final_Section_508_Policy.html HHS Section 508 Web site: http://508.hhs.gov/ HHS ASPA Web Communications Division Web site: http://www.hhs.gov/web/policies/index.html US General Services Administration (GSA) Section 508 Web site: http://www.section508.gov/index.cfm
Web Link: FBO.gov Permalink
(https://www.fbo.gov/spg/HHS/NIH/CCOPC/11-001834/listing.html)
Record: SN02391305-W 20110304/110302234322-dfee08c0a5f919c06c6c67a297acd159 (fbodaily.com)
Source: FedBizOpps Link to This Notice
(may not be valid after Archive Date)

| FSG Index | This Issue's Index | Today's FBO Daily Index Page |

Loren Data's SAM Daily™

70 -- computer equipment