SOLICITATION NOTICE
70 -- Fiscal Service on behalf of the Office of Information and Security Services has a need for RMG Networks Symoncare licenses adn maintenance renewals between their Parkersburg, WV & Minneapolis, MN locations. - RFQ-ISS-34300204-15-024
- Notice Date
- 9/30/2015
- Notice Type
- Combined Synopsis/Solicitation
- NAICS
- 541519
— Other Computer Related Services
- Contracting Office
- Department of the Treasury, Bureau of the Public Debt (BPD), Bureau of the Fiscal Service, Avery 5F, 200 Third Street, Parkersburg, West Virginia, 26106-5312, United States
- ZIP Code
- 26106-5312
- Solicitation Number
- RFQ-ISS-34300204-15-024
- Archive Date
- 10/31/2015
- Point of Contact
- Eric Stanley,
- E-Mail Address
-
Eric.Stanley@fiscal.treasury.gov
(Eric.Stanley@fiscal.treasury.gov)
- Small Business Set-Aside
- Total Small Business
- Description
- Pricing Spreadsheet Complete combined sol/synopsis pdf. This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotes are being requested and a written solicitation will NOT be issued. This combined synopsis/solicitation is issued as a Request for Quote (RFQ ISS-3400204-15-024). The NAICS code is 541519 Information Technology Value Added Resellers and the size standard is 150 employees. This is a set-aside for small businesses. The Department of Treasury, Bureau of the Fiscal Service (Fiscal Service) on behalf of the Office of Information and Security Services (ISS) has a need for a contractor to provide RMG Networks Symoncare licenses and maintenance renewals between their Parkersburg, WV and Minneapolis, MN locations. (Brand Name or Equal) This is a 100% Small Business Set-Aside. Interested Offerors shall submit quotes electronically by Monday October 16, 2015 08:00 AM ET to Purchasing@fiscal.treasury.gov Attn: ES/BW, RE: RFQ-ISS-34300204-15-024. 52.252-2 Clauses Incorporated By Reference (Feb 1998) This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this address: https://www.acquisition.gov/far 52.212-4 Contract Terms and Conditions -- Commercial Items (May 2015) 1052.201-70 Contracting Officer's Representative (COR) Appointment and Authority (Apr 2015) (a) The COR(s) are named on the award form. Should a change to the COR(s) be necessary in the future, they will be named on the modification SF-30. (b) Performance of work under this contract is subject to the technical direction of the COR identified above, or a representative designated in writing. The term "technical direction" includes, without limitation, direction to the contractor that directs or redirects the labor effort, shifts the work between work areas or locations, and/or fills in details and otherwise serves to ensure that tasks outlined in the work statement are accomplished satisfactorily. (c) Technical direction must be within the scope of the contract specification(s)/work statement. The COR does not have authority to issue technical direction that: (1) Constitutes a change of assignment or additional work outside the contract specification(s)/work statement; (2) Constitutes a change as defined in the clause entitled "Changes"; (3) In any manner causes an increase or decrease in the contract price, or the time required for contract performance; (4) Changes any of the terms, conditions, or specification(s)/work statement of the contract; (5) Interferes with the contractor's right to perform under the terms and conditions of the contract; or (6) Directs, supervises or otherwise controls the actions of the contractor's employees. (d) Technical direction may be oral or in writing. The COR must confirm oral direction in writing within five workdays, with a copy to the Contracting Officer. (e) The Contractor shall proceed promptly with performance resulting from the technical direction issued by the COR. If, in the opinion of the contractor, any direction of the COR or the designated representative falls within the limitations of (c) above, the contractor shall immediately notify the Contracting Officer no later than the beginning of the next Government work day. (f) Failure of the Contractor and the Contracting Officer to agree that technical direction is within the scope of the contract shall be subject to the terms of the clause entitled "Disputes." 1052.203-99 Prohibition on Contracting with Entities that Require Certain Internal Confidentiality Agreements (Deviation 2015-00003) (Mar2015) (a) The Contractor shall not require employees or subcontractors seeking to report fraud, waste, or abuse to sign or comply with internal confidentiality agreements or statements prohibiting or otherwise restricting such employees or subcontractors from lawfully reporting such waste, fraud, or abuse to a designated investigative or law enforcement representative of a Federal department or agency authorized to receive such information. (b) The contractor shall notify employees that the prohibitions and restrictions of any internal confidentiality agreements covered by this clause are no longer in effect. (c) The prohibition in paragraph (a) of this clause does not contravene requirements applicable to Standard Form 312, Form 4414, or any other form issued by a Federal department or agency governing the nondisclosure of classified information. (d)(1) In accordance with section 743 of Division E, Title VII, of the Consolidated and Further Continuing Resolution Appropriations Act, 2015 (Pub. L. 113-235), use of funds appropriated (or otherwise made available) under that or any other Act may be prohibited, if the Government determines that the Contractor is not in compliance with the provisions of this clause. (2) The Government may seek any available remedies in the event the contractor fails to comply with the provisions of this clause. 1052.210-70 Contractor Publicity (Apr 2015) The Contractor, or any entity or representative acting on behalf of the Contractor, shall not refer to the supplies or services furnished pursuant to the provisions of this contract in any news release or commercial advertising, or in connection with any news release or commercial advertising, without first obtaining explicit written consent to do so from the Contracting Officer. Should any reference to such supplies or services appear in any news release or commercial advertising issued by or on behalf of the Contractor without the required consent, the Government shall consider institution of all remedies available under applicable law, including 31 U.S.C. 333, and this contract. Further, any violation of this clause may be considered during the evaluation of past performance. 52.217-6 Option for Increased Quantity (Mar 1989) The Government may increase the quantity of supplies called for in the Schedule at the unit price specified. The Contracting Officer may exercise the option by written notice to the Contractor prior to contract expiration. Delivery of the added items shall continue at the same rate as the like items called for under the contract, unless the parties otherwise agree. 52.217-8 Option to Extend Services (Nov 1999) The Government may require continued performance of any services within the limits and at the rates specified in the contract. These rates may be adjusted only as a result of revisions to prevailing labor rates provided by the Secretary of Labor. The option provision may be exercised more than once, but the total extension of performance hereunder shall not exceed 6 months. The Contracting Officer may exercise the option by written notice to the Contractor prior to contract expiration. 52.217-9 Option to Extend the Term of the Contract (Mar 2000) (a) The Government may extend the term of this contract by written notice to the Contractor prior to expiration of each contract period; provided, that the Government gives the Contractor a preliminary written notice of its intent to extend at least 30 days before the contract expires. The preliminary notice does not commit the Government to an extension. (b) If the Government exercises this option, the extended contract shall be considered to include this option clause. (c) The total duration of this contract, including the exercise of any options under this clause, shall not exceed 36 months. Section 508 Compliance All electronic and information technology (EIT) must meet the applicable accessibility standards at 36 CFR 1194, unless an agency exception to this requirement exists. 36 CFR 1194 implements Section 508 of the Rehabilitation Act of 1973, as amended. In accordance with above contractors must ensure that all EIT that they provide either: (1) meets the technical provisions of the Section 508 Access Board Standards applicable to a given procurement (see below); or (2) uses designs or technologies as alternatives to those prescribed in the specified technical provisions, provided they result in substantially equivalent or greater access to and use of a product for people with disabilities. The following standards have been determined to be applicable to this contract: X 1194.21 Software applications and operating systems. 1194.22 Web-based intranet and internet information and applications. 1194.23 Telecommunications products. 1194.24 Video and multimedia products. 1194.25 Self-contained, closed products. 1194.26 Desktop and portable computers. 1194.31 Functional Performance Criteria 1194.41 Information, Documentation and Support The standards do not require the installation of specific accessibility-related software or the attachment of an assistive technology device, but merely require that the EIT be compatible with such software and devices so that it can be made accessible if so required by the agency in the future 52.232-39 Unenforceability of Unauthorized Obligations (Jun 2013) (a) Except as stated in paragraph (b) of this clause, when any supply or service acquired under this contract is subject to any End User License Agreement (EULA), Terms of Service (TOS), or similar legal instrument or agreement, that includes any clause requiring the Government to indemnify the Contractor or any person or entity for damages, costs, fees, or any other loss or liability that would create an Anti-Deficiency Act violation (31 U.S.C. 1341), the following shall govern: (1) Any such clause is unenforceable against the Government. (2) Neither the Government nor any Government authorized end user shall be deemed to have agreed to such clause by virtue of it appearing in the EULA, TOS, or similar legal instrument or agreement. If the EULA, TOS, or similar legal instrument or agreement is invoked through an "I agree" click box or other comparable mechanism (e.g., "click-wrap" or "browse-wrap" agreements), execution does not bind the Government or any Government authorized end user to such clause. (3) Any such clause is deemed to be stricken from the EULA, TOS, or similar legal instrument or agreement. (b) Paragraph (a) of this clause does not apply to indemnification by the Government that is expressly authorized by statute and specifically authorized under applicable agency regulation and procedures. 52.232-40 Providing Accelerated Payments to Small Business Subcontractors (Dec 2013) (a) Upon receipt of accelerated payments from the Government, the Contractor shall make accelerated payments to its small business subcontractors under this contract, to the maximum extent practicable and prior to when such payment is otherwise required under the applicable contract or subcontract, after receipt of a proper invoice and all other required documentation from the small business subcontractor. (b) The acceleration of payments under this clause does not provide any new rights under the Prompt Payment Act. (c) Include the substance of this clause, including this paragraph (c), in all subcontracts with small business concerns, including subcontracts with small business concerns for the acquisition of commercial items. 1052.232-7003 Electronic Submission of Payment Requests (Apr 2015) (a) Definitions. As used in this clause- (1) "Payment request" means a bill, voucher, invoice, or request for contract financing payment with associated supporting documentation. The payment request must comply with the requirements identified in FAR 32.905(b), "Content of Invoices" and the applicable Payment clause included in this contract. (b) Except as provided in paragraph (c) of this clause, the Contractor shall submit payment requests electronically using the Invoice Processing Platform (IPP). Information regarding IPP, including IPP Customer Support is available at www.ipp.gov or any successor site. (c) The Contractor may submit payment requests using other than IPP only when the Contracting Officer authorizes alternate procedures in writing in accordance with Treasury procedures. (d) If alternate payment procedures are authorized, the Contractor shall include a copy of the Contracting Officer's written authorization with each payment request. Payment and Invoice Questions (IPP) For payment and invoice questions, go to https://arc.publicdebt.treas.gov/ipp/fsippqrg.htm or contact Accounts Payable at (304) 480-8000 option 7 or via email at AccountsPayable@fiscal.treasury.gov. Overpayments In accordance with 52.212-4 section (i) 5 Overpayments: Accounts Receivable Conversion of Check Payments to electronic funds transfer (EFT): If the Contractor sends the Government a check to remedy duplicate contract financing or an overpayment by the government, it will be converted into an EFT. This means the Government will copy the check and use the account information on it to electronically debit the Contractor's account for the amount of the check. The debit from the Contractor's account will usually occur within 24 hours and will be shown on the regular account statement. The Contractor will not receive the original check back. The Government shall destroy the Contractor's original check, but will keep a copy of it. If the EFT cannot be processed for technical reasons, the Contractor authorizes the Government to process the copy in place of the original check. Marking of Shipments The Contractor shall ensure the contract number is clearly visible on all shipping/service documents, containers, and invoices. 52.212-5 Contract Terms and Conditions Required to Implement Statutes or Executive Orders -- Commercial Items (May 2015) (a) The Contractor shall comply with the following Federal Acquisition Regulation (FAR) clauses, which are incorporated in this contract by reference, to implement provisions of law or Executive orders applicable to acquisitions of commercial items: (1) 52.209-10, Prohibition on Contracting with Inverted Domestic Corporations (Dec 2014) (2) 52.233-3, Protest After Award (AUG 1996) (31 U.S.C. 3553). (3) 52.233-4, Applicable Law for Breach of Contract Claim (OCT 2004)(Public Laws 108-77 and 108-78 (19 U.S.C. 3805 note)). (b) The Contractor shall comply with the FAR clauses in this paragraph (b) that the Contracting Officer has indicated as being incorporated in this contract by reference to implement provisions of law or Executive orders applicable to acquisitions of commercial items: __ (1) 52.203-6, Restrictions on Subcontractor Sales to the Government (Sept 2006), with Alternate I (Oct 1995) (41 U.S.C. 4704 and 10 U.S.C. 2402). __ (2) 52.203-13, Contractor Code of Business Ethics and Conduct (Apr 2010) (41 U.S.C. 3509)). __ (3) 52.203-15, Whistleblower Protections under the American Recovery and Reinvestment Act of 2009 (June 2010) (Section 1553 of Pub. L. 111-5). (Applies to contracts funded by the American Recovery and Reinvestment Act of 2009.) _X_ (4) 52.204-10, Reporting Executive Compensation and First-Tier Subcontract Awards (Jul 2013) (Pub. L. 109-282) (31 U.S.C. 6101 note). __ (5) [Reserved]. __ (6) 52.204-14, Service Contract Reporting Requirements (Jan 2014) (Pub. L. 111-117, section 743 of Div. C). __ (7) 52.204-15, Service Contract Reporting Requirements for Indefinite-Delivery Contracts (Jan 2014) (Pub. L. 111-117, section 743 of Div. C). _X_ (8) 52.209-6, Protecting the Government's Interest When Subcontracting with Contractors Debarred, Suspended, or Proposed for Debarment. (Aug 2013) (31 U.S.C. 6101 note). __ (9) 52.209-9, Updates of Publicly Available Information Regarding Responsibility Matters (Jul 2013) (41 U.S.C. 2313). __ (10) [Reserved]. __ (11)(i) 52.219-3, Notice of HUBZone Set-Aside or Sole-Source Award (Nov 2011) (15 U.S.C. 657a). __ (ii) Alternate I (Nov 2011) of 52.219-3. __ (12)(i) 52.219-4, Notice of Price Evaluation Preference for HUBZone Small Business Concerns (OCT 2014) (if the offeror elects to waive the preference, it shall so indicate in its offer) (15 U.S.C. 657a). __ (ii) Alternate I (JAN 2011) of 52.219-4. __ (13) [Reserved] _X_ (14)(i) 52.219-6, Notice of Total Small Business Set-Aside (Nov 2011) (15 U.S.C. 644). __ (ii) Alternate I (Nov 2011). __ (iii) Alternate II (Nov 2011). __ (15)(i) 52.219-7, Notice of Partial Small Business Set-Aside (June 2003) (15 U.S.C. 644). __ (ii) Alternate I (Oct 1995) of 52.219-7. __ (iii) Alternate II (Mar 2004) of 52.219-7. __ (16) 52.219-8, Utilization of Small Business Concerns (Oct 2014) (15 U.S.C. 637(d)(2) and (3)). __ (17)(i) 52.219-9, Small Business Subcontracting Plan (Oct 2014) (15 U.S.C. 637(d)(4)). __ (ii) Alternate I (Oct 2001) of 52.219-9. __ (iii) Alternate II (Oct 2001) of 52.219-9. __ (iv) Alternate III (Oct 2014) of 52.219-9. _X_ (18) 52.219-13, Notice of Set-Aside of Orders (Nov 2011)(15 U.S.C. 644(r)). __ (19) 52.219-14, Limitations on Subcontracting (Nov 2011) (15 U.S.C. 637(a)(14)). __ (20) 52.219-16, Liquidated Damages-Subcon-tracting Plan (Jan 1999) (15 U.S.C. 637(d)(4)(F)(i)). __ (21) 52.219-27, Notice of Service-Disabled Veteran-Owned Small Business Set-Aside (Nov 2011) (15 U.S.C. 657 f). _X_ (22) 52.219-28, Post Award Small Business Program Rerepresentation (Jul 2013) (15 U.S.C. 632(a)(2)). __ (23) 52.219-29, Notice of Set-Aside for Economically Disadvantaged Women-Owned Small Business (EDWOSB) Concerns (Jul 2013) (15 U.S.C. 637(m)). __ (24) 52.219-30, Notice of Set-Aside for Women-Owned Small Business (WOSB) Concerns Eligible Under the WOSB Program (Jul 2013) (15 U.S.C. 637(m)). _X_ (25) 52.222-3, Convict Labor (June 2003) (E.O. 11755). _X_ (26) 52.222-19, Child Labor-Cooperation with Authorities and Remedies (Jan 2014) (E.O. 13126). _X_ (27) 52.222-21, Prohibition of Segregated Facilities (Apr 2015). _X_ (28) 52.222-26, Equal Opportunity (Apr 2015) (E.O. 11246). _X_ (29) 52.222-35, Equal Opportunity for Veterans (Jul 2014)(38 U.S.C. 4212). _X_ (30) 52.222-36, Equal Opportunity for Workers with Disabilities (Jul 2014) (29 U.S.C. 793). _X_ (31) 52.222-37, Employment Reports on Veterans (JUL 2014) (38 U.S.C. 4212). __ (32) 52.222-40, Notification of Employee Rights Under the National Labor Relations Act (Dec 2010) (E.O. 13496). _X_ (33)(i) 52.222-50, Combating Trafficking in Persons (Mar 2015) (22 U.S.C. chapter 78 and E.O. 13627). __ (ii) Alternate I (Mar 2015) of 52.222-50 (22 U.S.C. chapter 78 and E.O. 13627). __ (34) 52.222-54, Employment Eligibility Verification (AUG 2013). (Executive Order 12989). (Not applicable to the acquisition of commercially available off-the-shelf items or certain other types of commercial items as prescribed in 22.1803.) __ (35)(i) 52.223-9, Estimate of Percentage of Recovered Material Content for EPA-Designated Items (May 2008) (42 U.S.C. 6962(c)(3)(A)(ii)). (Not applicable to the acquisition of commercially available off-the-shelf items.) __ (ii) Alternate I (May 2008) of 52.223-9 (42 U.S.C. 6962(i)(2)(C)). (Not applicable to the acquisition of commercially available off-the-shelf items.) __ (36)(i) 52.223-13, Acquisition of EPEAT®-Registered Imaging Equipment (JUN 2014) (E.O.s 13423 and 13514). __ (ii) Alternate I (Jun 2014) of 52.223-13. __ (37)(i) 52.223-14, Acquisition of EPEAT®-Registered Televisions (JUN 2014) (E.O.s 13423 and 13514). __ (ii) Alternate I (Jun 2014) of 52.223-14. __ (38) 52.223-15, Energy Efficiency in Energy-Consuming Products (DEC 2007) (42 U.S.C. 8259b). __ (39)(i) 52.223-16, Acquisition of EPEAT®-Registered Personal Computer Products (JUN 2014) (E.O.s 13423 and 13514). __ (ii) Alternate I (Jun 2014) of 52.223-16. _X_ (40) 52.223-18, Encouraging Contractor Policies to Ban Text Messaging While Driving (AUG 2011) (E.O. 13513). _X_ (41) 52.225-1, Buy American-Supplies (May 2014) (41 U.S.C. chapter 83). _X_ (42)(i) 52.225-3, Buy American-Free Trade Agreements-Israeli Trade Act (May 2014) (41 U.S.C. chapter 83, 19 U.S.C. 3301 note, 19 U.S.C. 2112 note, 19 U.S.C. 3805 note, 19 U.S.C. 4001 note, Pub. L. 103-182, 108-77, 108-78, 108-286, 108-302, 109-53, 109-169, 109-283, 110-138, 112-41, 112-42, and 112-43. __ (ii) Alternate I (May 2014) of 52.225-3. __ (iii) Alternate II (May 2014) of 52.225-3. __ (iv) Alternate III (May 2014) of 52.225-3. __ (43) 52.225-5, Trade Agreements (NOV 2013) (19 U.S.C. 2501, et seq., 19 U.S.C. 3301 note). _X_ (44) 52.225-13, Restrictions on Certain Foreign Purchases (June 2008) (E.O.'s, proclamations, and statutes administered by the Office of Foreign Assets Control of the Department of the Treasury). __ (45) 52.225-26, Contractors Performing Private Security Functions Outside the United States (Jul 2013) (Section 862, as amended, of the National Defense Authorization Act for Fiscal Year 2008; 10 U.S.C. 2302 Note). __ (46) 52.226-4, Notice of Disaster or Emergency Area Set-Aside (Nov 2007) (42 U.S.C. 5150). __ (47) 52.226-5, Restrictions on Subcontracting Outside Disaster or Emergency Area (Nov 2007) (42 U.S.C. 5150). __ (48) 52.232-29, Terms for Financing of Purchases of Commercial Items (Feb 2002) (41 U.S.C. 4505, 10 U.S.C. 2307(f)). __ (49) 52.232-30, Installment Payments for Commercial Items (Oct 1995) (41 U.S.C. 4505, 10 U.S.C. 2307(f)). _X_ (50) 52.232-33, Payment by Electronic Funds Transfer-System for Award Management (Jul 2013) (31 U.S.C. 3332). __ (51) 52.232-34, Payment by Electronic Funds Transfer-Other than System for Award Management (Jul 2013) (31 U.S.C. 3332). __ (52) 52.232-36, Payment by Third Party (May 2014) (31 U.S.C. 3332). __ (53) 52.239-1, Privacy or Security Safeguards (Aug 1996) (5 U.S.C. 552a). __ (54)(i) 52.247-64, Preference for Privately Owned U.S.-Flag Commercial Vessels (Feb 2006) (46 U.S.C. Appx. 1241(b) and 10 U.S.C. 2631). __ (ii) Alternate I (Apr 2003) of 52.247-64. (c) The Contractor shall comply with the FAR clauses in this paragraph (c), applicable to commercial services, that the Contracting Officer has indicated as being incorporated in this contract by reference to implement provisions of law or Executive orders applicable to acquisitions of commercial items: __ (1) 52.222-17, Nondisplacement of Qualified Workers (May 2014)(E.O. 13495). __ (2) 52.222-41, Service Contract Labor Standards (May 2014) (41 U.S.C. chapter 67). __ (3) 52.222-42, Statement of Equivalent Rates for Federal Hires (May 2014) (29 U.S.C. 206 and 41 U.S.C. chapter 67). __ (4) 52.222-43, Fair Labor Standards Act and Service Contract Labor Standards-Price Adjustment (Multiple Year and Option Contracts) (May 2014) (29 U.S.C. 206 and 41 U.S.C. chapter 67). __ (5) 52.222-44, Fair Labor Standards Act and Service Contract Labor Standards-Price Adjustment (May 2014) (29 U.S.C. 206 and 41 U.S.C. chapter 67). __ (6) 52.222-51, Exemption from Application of the Service Contract Labor Standards to Contracts for Maintenance, Calibration, or Repair of Certain Equipment-Requirements (May 2014) (41 U.S.C. chapter 67). __ (7) 52.222-53, Exemption from Application of the Service Contract Labor Standards to Contracts for Certain Services-Requirements (May 2014) (41 U.S.C. chapter 67). __ (8) 52.222-55, Minimum Wages Under Executive Order 13658 (Dec 2014)(E.O. 13658). __ (9) 52.226-6, Promoting Excess Food Donation to Nonprofit Organizations (May 2014) (42 U.S.C. 1792). __ (10) 52.237-11, Accepting and Dispensing of $1 Coin (Sept 2008) (31 U.S.C. 5112(p)(1)). (d) Comptroller General Examination of Record. The Contractor shall comply with the provisions of this paragraph (d) if this contract was awarded using other than sealed bid, is in excess of the simplified acquisition threshold, and does not contain the clause at 52.215-2, Audit and Records-Negotiation. (1) The Comptroller General of the United States, or an authorized representative of the Comptroller General, shall have access to and right to examine any of the Contractor's directly pertinent records involving transactions related to this contract. (2) The Contractor shall make available at its offices at all reasonable times the records, materials, and other evidence for examination, audit, or reproduction, until 3 years after final payment under this contract or for any shorter period specified in FAR Subpart 4.7, Contractor Records Retention, of the other clauses of this contract. If this contract is completely or partially terminated, the records relating to the work terminated shall be made available for 3 years after any resulting final termination settlement. Records relating to appeals under the disputes clause or to litigation or the settlement of claims arising under or relating to this contract shall be made available until such appeals, litigation, or claims are finally resolved. (3) As used in this clause, records include books, documents, accounting procedures and practices, and other data, regardless of type and regardless of form. This does not require the Contractor to create or maintain any record that the Contractor does not maintain in the ordinary course of business or pursuant to a provision of law. (e)(1) Notwithstanding the requirements of the clauses in paragraphs (a), (b), (c), and (d) of this clause, the Contractor is not required to flow down any FAR clause, other than those in this paragraph (e)(1) in a subcontract for commercial items. Unless otherwise indicated below, the extent of the flow down shall be as required by the clause- (i) 52.203-13, Contractor Code of Business Ethics and Conduct (Apr 2010) (41 U.S.C. 3509). (ii) 52.219-8, Utilization of Small Business Concerns (Oct 2014) (15 U.S.C. 637(d)(2) and (3)), in all subcontracts that offer further subcontracting opportunities. If the subcontract (except subcontracts to small business concerns) exceeds $650,000 ($1.5 million for construction of any public facility), the subcontractor must include 52.219-8 in lower tier subcontracts that offer subcontracting opportunities. (iii) 52.222-17, Nondisplacement of Qualified Workers (May 2014) (E.O. 13495). Flow down required in accordance with paragraph (l) of FAR clause 52.222-17. (iv) 52.222-21, Prohibition of Segregated Facilities (Apr 2015) (v) 52.222-26, Equal Opportunity (Apr 2015) (E.O. 11246). (vi) 52.222-35, Equal Opportunity for Veterans (Jul 2014) (38 U.S.C. 4212). (vii) 52.222-36, Equal Opportunity for Workers with Disabilities (Jul 2014) (29 U.S.C. 793). (viii) 52.222-37, Employment Reports on Veterans (Jul 2014) (38 U.S.C. 4212) (ix) 52.222-40, Notification of Employee Rights Under the National Labor Relations Act (Dec 2010) (E.O. 13496). Flow down required in accordance with paragraph (f) of FAR clause 52.222-40. (x) 52.222-41, Service Contract Labor Standards (May 2014) (41 U.S.C. chapter 67). (xi) _X_(A) 52.222-50, Combating Trafficking in Persons (Mar 2015) (22 U.S.C. chapter 78 and E.O 13627). __(B) Alternate I (Mar 2015) of 52.222-50 (22 U.S.C. chapter 78 and E.O 13627). (xii) 52.222-51, Exemption from Application of the Service Contract Labor Standards to Contracts for Maintenance, Calibration, or Repair of Certain Equipment-Requirements (May 2014) (41 U.S.C. chapter 67). (xiii) 52.222-53, Exemption from Application of the Service Contract Labor Standards to Contracts for Certain Services-Requirements (May 2014) (41 U.S.C. chapter 67). (xiv) 52.222-54, Employment Eligibility Verification (AUG 2013). (xv) 52.222-55, Minimum Wages Under Executive Order 13658 (Dec 2014) (Executive Order 13658). (xvi) 52.225-26, Contractors Performing Private Security Functions Outside the United States (Jul 2013) (Section 862, as amended, of the National Defense Authorization Act for Fiscal Year 2008; 10 U.S.C. 2302 Note). (xvii) 52.226-6, Promoting Excess Food Donation to Nonprofit Organizations (May 2014) (42 U.S.C. 1792). Flow down required in accordance with paragraph (e) of FAR clause 52.226-6. (xviii) 52.247-64, Preference for Privately Owned U.S.-Flag Commercial Vessels (Feb 2006) (46 U.S.C. Appx. 1241(b) and 10 U.S.C. 2631). Flow down required in accordance with paragraph (d) of FAR clause 52.247-64. (2) While not required, the contractor may include in its subcontracts for commercial items a minimal number of additional clauses necessary to satisfy its contractual obligations.   SOLICITATION PROVISIONS 52.252-1 Solicitation Provisions Incorporated by Reference (Feb 1998) This solicitation incorporates one or more solicitation provisions by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. The offeror is cautioned that the listed provisions may include blocks that must be completed by the offeror and submitted with its quotation or offer. In lieu of submitting the full text of those provisions, the offeror may identify the provision by paragraph identifier and provide the appropriate information with its quotation or offer. Also, the full text of a solicitation provision may be accessed electronically at this/these address: https://www.acquisition.gov/far/ 1052.203-98 Prohibition on Contracting with Entities that Require Certain Internal Confidentiality Agreements-Representation (Deviation 2015-00003) (Mar2015) (a) In accordance with section 743 of Division E, Title VII, of the Consolidated and Further Continuing Resolution Appropriations Act, 2015 (Pub. L. 113-235), Government agencies are not permitted to use funds appropriated (or otherwise made available) under that or any other Act for contracts with an entity that requires employees or subcontractors of such entity seeking to report fraud, waste, or abuse to sign internal confidentiality agreements or statements prohibiting or otherwise restricting such employees or subcontractors from lawfully reporting such waste, fraud, or abuse to a designated investigative or law enforcement representative of a Federal department or agency authorized to receive such information. (b) The prohibition in paragraph (a) of this provision does not contravene requirements applicable to Standard Form 312, Form 4414, or any other form issued by a Federal department or agency governing the nondisclosure of classified information. (c) Representation. By submission of its offer, the Offeror represents that it does not require employees or subcontractors of such entity seeking to report fraud, waste, or abuse to sign internal confidentiality agreements or statements prohibiting or otherwise restricting such employees or subcontractors from lawfully reporting such waste, fraud, or abuse to a designated investigative or law enforcement representative of a Federal department or agency authorized to receive such information. 52.209-2 Prohibition on Contracting with Inverted Domestic Corporations--Representation (Dec 2014) (a) Definitions. "Inverted domestic corporation" and "subsidiary" have the meaning given in the clause of this contract entitled Prohibition on Contracting with Inverted Domestic Corporations (52.209-10). (b) Government agencies are not permitted to use appropriated (or otherwise made available) funds for contracts with either an inverted domestic corporation, or a subsidiary of an inverted domestic corporation, unless the exception at 9.108-2(b) applies or the requirement is waived in accordance with the procedures at 9.108-4. (c) Representation. By submission of its offer, the offeror represents that- (1) It is not an inverted domestic corporation: and (2) It is not a subsidiary of an inverted domestic corporation. 1052.209-71 Representation by Corporations Regarding a Unpaid Federal Tax Liability or Conviction of a Felony Criminal Violation under Federal Law (Deviation 2015-00002) (Jan 2015) (a) In accordance with Sections 744 and 745 of Division E, Title VII, of the Consolidated and Further Continuing Appropriations Act, 2015 (Public Law 113-235) none of the funds made available by this or any other Act may be used to enter into a contract with any corporation that---- (1) Has any unpaid Federal tax liability that has been assessed, for which all judicial and administrative remedies have been exhausted or have lapsed, and that is not being paid in a timely manner pursuant to an agreement with the authority responsible for collecting the tax liability, where the awarding agency is aware of the unpaid tax liability, unless a Federal agency has considered suspension or debarment of the corporation and has made a determination that this further action is not necessary to protect the interests of the Government; or (2) Was convicted of a felony criminal violation under any Federal law within the preceding 24 months, where the awarding agency is aware of the conviction, unless a Federal agency has considered suspension or debarment of the corporation and has made a determination that this further action is not necessary to protect the interests of the Government. (b) The Offeror represents that- (1) It is [ ] is not [ ] a corporation that has any unpaid Federal tax liability that has been assessed, for which all judicial and administrative remedies have been exhausted or have lapsed, and that is not being paid in a timely manner pursuant to an agreement with the authority responsible for collecting the tax liability. (2) It is [ ] is not [ ] a corporation that was convicted of a felony criminal violation under any Federal law within the preceding 24 months. 1052.209-72 Representation by Entities Regarding Incorporation or Charter in Bermuda or the Cayman Islands - Fiscal Year 2015 Appropriations, Division E Agencies (Deviation 2015-00004) (Apr 2015) (a) In accordance with Section 627 of the Consolidated and Further Continuing Appropriations, Act, 2015 (Public Law 113-235) none of the funds made available by Division E of Public Law 113-235 may be used to enter into any contract with an incorporated entity if such entity's sealed bid or competitive proposal shows that such entity is incorporated or chartered in Bermuda or the Cayman Islands, and such entity's sealed bid or competitive proposal shows that such entity was previously incorporated in the United States. (b) The Offeror represents that it is [ ] is not [ ] an entity incorporated or chartered in Bermuda or the Cayman Islands, and was [ ] or was not [ ] previously incorporated in the United States. 52.211-6 Brand Name or Equal (Aug 1999) Brand Name or Equal: See specifications for all items. If an Equal is submitted, specifications must be included or offer, quote, or proposal will be rejected. Offerors proposing an equal product are responsible for demonstrating how their product is equal to or better than the brand requested. 52.212-1 Instructions to Offerors -- COMMERCIAL ITEMS (APR 2014) Interested Offerors shall submit quotes electronically by Monday October 16, 2015 08:00 AM ET to Purchasing@fiscal.treasury.gov Attn: ES/BW, RE: RFQ-ISS-34300204-15-024. NOTICE TO FIRMS DEBARRED, SUSPENDED, OR PROPOSED FOR DEBARMENT In accordance with far 9.405, offers, quotes, proposals are not solicited from firms debarred, suspended, or proposed for debarment. Ineligible firms shall consider this an informational copy only. PROPOSAL INSTRUCTIONS The Offeror assumes full responsibility for ensuring all electronic materials and attachments submitted are formatted in accordance with the Bureau of the Fiscal Service Security Requirements. The following file extensions are not allowable and application materials/data submitted with these extensions cannot be considered:.bat,.cmd,.com,.exe,.pif,.rar,.scr,.vbs,.hta,.cpl, html, mhtml, and.zip files The Government does not allow 3rd party messaging systems/secure mail. Microsoft Office non-macro enabled compatible documents and.PDF documents are acceptable. If the Offeror determines that other formats are necessary, it is the Offeror's responsibility to verify with Fiscal Service that those formats are acceptable. Proposal materials with unacceptable or unreadable formats may be found non-responsive. In addition to the items specified in the solicitation provision above, the following information is necessary to enable proper evaluation: (a) Price shall be shown in U.S. dollars with a maximum of two decimal points. (b) Include the following: 1) Per unit and extended pricing for each item. 2) VPAT (if applicable) for each item being quoted. The Offeror shall submit a completed Voluntary Product Accessibility Template (VPAT) for each EIT product and service listed in their proposal, if applicable. By completing the VPAT the Offeror represents that the products and services offered in response to this solicitation comply with the Electronic and Information Technology Accessibility Standards at 36 CFR 1194, unless stated otherwise within the VPAT form. The Offeror shall indicate, for each line item, whether each product or service is compliant or noncompliant with the accessibility standards at 36 CFR 1194. 3) Place of Manufacture - The Physical Address, City, State, & Zip - 4 Digit, or Country for the Principal place of plant or place of business where the items were produced, manufactured, mined, grown, supplied from stock, or where service will be performed or provided from (i.e. final manufacturing assembly point). 4) Delivery terms _________________ 5) DUNS & CAGE # 6) Invoice Terms 7) Payment Terms 8) Warranty Details INVOICE PROCESSING PLATFORM (IPP) WAIVER If unable to use IPP for submitting payment requests, Offerors are required to complete the attached waiver form (see IPP Waiver Attachment) and submit with proposal. Adobe Acrobat Portable Document Format (PDF) and Microsoft Word are the only acceptable electronic invoicing formats. Invoices must contain the information required in FAR 52.212-4(g). On the waiver form the Offeror shall indicate the reason(s) and the duration for which it is requesting the waiver. If the Offeror's current invoicing system is not compatible with IPP, the Offeror shall provide contact information for the person who can work with the IPP administrator to develop an interface. The waiver duration will be for no more than 6 months at which time the Contractor must be fully compliant with IPP requirements, or apply for a follow on waiver with the Contracting Officer. The Contracting Officer will review the waiver request and either approve or deny the request. If approved, and the Offeror receives award, the Contractor shall submit a copy of the approved waiver along with each emailed invoice. If a copy of the waiver is not attached, the invoice will be rejected. 52.212-2 Evaluation -- Commercial Items (Oct 2014) (a) The Government will award a contract resulting from this solicitation to the responsible offeror whose offer conforming to the solicitation will be most advantageous to the Government, price and other factors considered. The following factors shall be used to evaluate offers: LOWEST PRICED, TECHNICALLY ACCEPTABLE (LPTA) (b) Options. The Government will evaluate offers for award purposes by adding the total price for all options to the total price for the basic requirement. The Government may determine that an offer is unacceptable if the option prices are significantly unbalanced. Evaluation of options shall not obligate the Government to exercise the option(s). (c) A written notice of award or acceptance of an offer, mailed or otherwise furnished to the successful offeror within the time for acceptance specified in the offer, shall result in a binding contract without further action by either party. Before the offer's specified expiration time, the Government may accept an offer (or part of an offer), whether or not there are negotiations after its receipt, unless a written notice of withdrawal is received before award. Addendum to 52.212-2, Evaluation - Commercial Items (JAN 1999) The Government may issue and award to the responsible Contractor whose offer represents the LPTA offer: price and other factors considered. The Government anticipates make award on the LPTA basis. It is our intent to review the lowest priced response first. If that quote is technically acceptable the other responses will not be reviewed and the award will be made to the lowest priced offeror. If the lowest priced offeror does not meet the established technically acceptable standards, they will not be considered further and the next lowest response will be reviewed and so forth. If no responses are evaluated as technically acceptable, the Government reserves the right to cancel the solicitation. The Government will award a contract resulting from this solicitation to the responsible offeror whose quote conforming to the solicitation, is determined to be the LPTA. Quotes will be evaluated for price and technically acceptability for specifications. Evaluation Factors Quotes will be evaluated for the following factors listed in order of importance: - Price & Attachment E Specifications Additional Quantity of two (2) established under the Optional Quantity Line items is established for LPTA evaluation purposes only. Government anticipates purchasing additional licenses during the life of the contract, but the Government cannot anticipate the number of additional licenses that may be needed or when these licenses may or may not be required. If an equal is submitted, specs must be with quote or quote will be rejected. Offerors proposing an "or equal" are responsible for demonstrating how their product is equal to or better than the brand requested. Provide a product description that identifies the specifications, characteristics, and capabilities of your product and clearly demonstrate how they are equal to or better than the brand name provided. (Go No/Go Factor) 52.216-1 Type of Contract (Apr 1984) The Government contemplates award of a firm fixed-priced purchase order resulting from this solicitation. 52.217-5 Evaluation of Options (Jul 1990) 52.225-4 Buy American -- Free Trade Agreements - Israeli Trade Act Certificate (May 2014) (a) The offeror certifies that each end product, except those listed in paragraph (b) or (c) of this provision, is a domestic end product and that for other than COTS items, the offeror has considered components of unknown origin to have been mined, produced, or manufactured outside the United States. The terms "Bahrainian, Moroccan, Omani, Panamanian, or Peruvian end product," "commercially available off-the-shelf item," "component," "domestic end product," "end product," "foreign end product," "Free Trade Agreement country," "Free Trade Agreement country end product," "Israeli end product," and "United States" are defined in the clause of this solicitation entitled "Buy American-Free Trade Agreements-Israeli Trade Act." (b) The offeror certifies that the following supplies are Free Trade Agreement country end products (other than Bahrainian, Moroccan, Omani, Panamanian, or Peruvian end products) or Israeli end products as defined in the clause of this solicitation entitled "Buy American--Free Trade Agreements--Israeli Trade Act": Free Trade Agreement Country End Products (Other than Bahrainian, Moroccan, Omani, Panamanian, or Peruvian End Products) or Israeli End Products: Line Item No.: Country of Origin: [List as necessary] (c) The offeror shall list those supplies that are foreign end products (other than those listed in paragraph (b) of this provision) as defined in the clause of this solicitation entitled "Buy American--Free Trade Agreement--Israeli Trade Act." The offeror shall list as other foreign end products those end products manufactured in the United States that do not qualify as domestic end products, i.e., an end product that is not a COTS item and does not meet the component test in paragraph (2) of the definition of "domestic end product." Other Foreign End Products: Line Item No.: Country of Origin: [List as necessary] (d) The Government will evaluate offers in accordance with the policies and procedures of Part 25 of the Federal Acquisition Regulation. (End of provision) Alternate I (May 2014). As prescribed in 25.1101 (b)(2)(ii), substitute the following paragraph (b) for paragraph (b) of the basic provision: (b) The offeror certifies that the following supplies are Canadian end products as defined in the clause of this solicitation entitled "Buy American--Free Trade Agreements--Israeli Trade Act": Canadian End Products: Line Item No.---------------------------------------------------------- 52.225-6 Trade Agreements Certificate (May 2014) (a) The offeror certifies that each end product, except those listed in paragraph (b) of this provision is a U.S.-made or designated country end product, as defined in the clause of this solicitation entitled "Trade Agreements." (b) The offeror shall list as other end products those supplies that are not U.S.-made or designated country end products. Other End Products Line Item No. Country of Origin: [List as necessary] (c) The Government will evaluate offers in accordance with the policies and procedures of Part 25 of the Federal Acquisition Regulation. For line items covered by the WTO GPA, the Government will evaluate offers of U.S.-made or designated country end products without regard to the restrictions of the Buy American statute. The Government will consider for award only offers of U.S.-made or designated country end products unless the Contracting Officer determines that there are no offers for such products or that the offers for those products are insufficient to fulfill the requirements of this solicitation. 52.225-25 Prohibition on Contracting with Entities Engaging in Certain Activities or Transactions Relating to Iran-Representation and Certifications (Dec 2012) 52.212-3 OFFEROR REPRESENTATIONS AND CERTIFICATIONS -- COMMERCIAL ITEMS (MAR 2015) The offeror shall complete only paragraph (b) of this provision if the Offeror has completed the annual representations and certification electronically via the System for Award Management (SAM) Web site accessed through http://www.acquisition.gov. If the Offeror has not completed the annual representations and certifications electronically, the Offeror shall complete only paragraphs (c) through (p) of this provision. (a) Definitions. As used in this provision- "Economically disadvantaged women-owned small business (EDWOSB) concern" means a small business concern that is at least 51 percent directly and unconditionally owned by, and the management and daily business operations of which are controlled by, one or more women who are citizens of the United States and who are economically disadvantaged in accordance with 13 CFR part 127. It automatically qualifies as a women-owned small business eligible under the WOSB Program. "Forced or indentured child labor" means all work or service- (1) Exacted from any person under the age of 18 under the menace of any penalty for its nonperformance and for which the worker does not offer himself voluntarily; or (2) Performed by any person under the age of 18 pursuant to a contract the enforcement of which can be accomplished by process or penalties. "Highest-level owner" means the entity that owns or controls an immediate owner of the offeror, or that owns or controls one or more entities that control an immediate owner of the offeror. No entity owns or exercises control of the highest level owner. "Immediate owner" means an entity, other than the offeror, that has direct control of the offeror. Indicators of control include, but are not limited to, one or more of the following: Ownership or interlocking management, identity of interests among family members, shared facilities and equipment, and the common use of employees. "Inverted domestic corporation," means a foreign incorporated entity that meets the definition of an inverted domestic corporation under 6 U.S.C. 395(b), applied in accordance with the rules and definitions of 6 U.S.C. 395(c). "Manufactured end product" means any end product in Federal Supply Classes (FSC) 1000-9999, except- (1) FSC 5510, Lumber and Related Basic Wood Materials; (2) Federal Supply Group (FSG) 87, Agricultural Supplies; (3) FSG 88, Live Animals; (4) FSG 89, Food and Related Consumables; (5) FSC 9410, Crude Grades of Plant Materials; (6) FSC 9430, Miscellaneous Crude Animal Products, Inedible; (7) FSC 9440, Miscellaneous Crude Agricultural and Forestry Products; (8) FSC 9610, Ores; (9) FSC 9620, Minerals, Natural and Synthetic; and (10) FSC 9630, Additive Metal Materials. "Place of manufacture" means the place where an end product is assembled out of components, or otherwise made or processed from raw materials into the finished product that is to be provided to the Government. If a product is disassembled and reassembled, the place of reassembly is not the place of manufacture. Restricted business operations" means business operations in Sudan that include power production activities, mineral extraction activities, oil-related activities, or the production of military equipment, as those terms are defined in the Sudan Accountability and Divestment Act of 2007 (Pub. L. 110-174). Restricted business operations do not include business operations that the person (as that term is defined in Section 2 of the Sudan Accountability and Divestment Act of 2007) conducting the business can demonstrate- (1) Are conducted under contract directly and exclusively with the regional government of southern Sudan; (2) Are conducted pursuant to specific authorization from the Office of Foreign Assets Control in the Department of the Treasury, or are expressly exempted under Federal law from the requirement to be conducted under such authorization; (3) Consist of providing goods or services to marginalized populations of Sudan; (4) Consist of providing goods or services to an internationally recognized peacekeeping force or humanitarian organization; (5) Consist of providing goods or services that are used only to promote health or education; or (6) Have been voluntarily suspended. Sensitive technology- (1) Means hardware, software, telecommunications equipment, or any other technology that is to be used specifically- (i) To restrict the free flow of unbiased information in Iran; or (ii) To disrupt, monitor, or otherwise restrict speech of the people of Iran; and (2) Does not include information or informational materials the export of which the President does not have the authority to regulate or prohibit pursuant to section 203(b)(3) of the International Emergency Economic Powers Act (50 U.S.C. 1702(b)(3)). "Service-disabled veteran-owned small business concern"- (1) Means a small business concern- (i) Not less than 51 percent of which is owned by one or more service-disabled veterans or, in the case of any publicly owned business, not less than 51 percent of the stock of which is owned by one or more service-disabled veterans; and (ii) The management and daily business operations of which are controlled by one or more service-disabled veterans or, in the case of a service-disabled veteran with permanent and severe disability, the spouse or permanent caregiver of such veteran. (2) Service-disabled veteran means a veteran, as defined in 38 U.S.C. 101(2), with a disability that is service-connected, as defined in 38 U.S.C. 101(16). "Small business concern" means a concern, including its affiliates, that is independently owned and operated, not dominant in the field of operation in which it is bidding on Government contracts, and qualified as a small business under the criteria in 13 CFR Part 121 and size standards in this solicitation. "Small disadvantaged business concern, consistent with 13 CFR 124.1002," means a small business concern under the size standard applicable to the acquisition, that- (1) Is at least 51 percent unconditionally and directly owned (as defined at 13 CFR 124.105) by- (i) One or more socially disadvantaged (as defined at 13 CFR 124.103) and economically disadvantaged (as defined at 13 CFR 124.104) individuals who are citizens of the United States; and (ii) Each individual claiming economic disadvantage has a net worth not exceeding $750,000 after taking into account the applicable exclusions set forth at 13 CFR 124.104(c)(2); and (2) The management and daily business operations of which are controlled (as defined at 13.CFR 124.106) by individuals, who meet the criteria in paragraphs (1)(i) and (ii) of this definition. "Subsidiary" means an entity in which more than 50 percent of the entity is owned- (1) Directly by a parent corporation; or (2) Through another subsidiary of a parent corporation. "Veteran-owned small business concern" means a small business concern- (1) Not less than 51 percent of which is owned by one or more veterans(as defined at 38 U.S.C. 101(2)) or, in the case of any publicly owned business, not less than 51 percent of the stock of which is owned by one or more veterans; and (2) The management and daily business operations of which are controlled by one or more veterans. "Women-owned business concern" means a concern which is at least 51 percent owned by one or more women; or in the case of any publicly owned business, at least 51 percent of the its stock is owned by one or more women; and whose management and daily business operations are controlled by one or more women. "Women-owned small business concern" means a small business concern - (1) That is at least 51 percent owned by one or more women or, in the case of any publicly owned business, at least 51 percent of the stock of which is owned by one or more women; and (2) Whose management and daily business operations are controlled by one or more women. "Women-owned small business (WOSB) concern eligible under the WOSB Program (in accordance with 13 CFR part 127)," means a small business concern that is at least 51 percent directly and unconditionally owned by, and the management and daily business operations of which are controlled by, one or more women who are citizens of the United States. (b) (1) Annual Representations and Certifications. Any changes provided by the offeror in paragraph (b)(2) of this provision do not automatically change the representations and certifications posted on the SAM website. (2) The offeror has completed the annual representations and certifications electronically via the SAM website accessed through https://www.acquisition.gov. After reviewing the SAM database information, the offeror verifies by submission of this offer that the representation and certifications currently posted electronically at FAR 52.212-3, Offeror Representations and Certifications-Commercial Items, have been entered or updated in the last 12 months, are current, accurate, complete, and applicable to this solicitation (including the business size standard applicable to the NAICS code referenced for this solicitation), as of the date of this offer and are incorporated in this offer by reference (see FAR 4.1201), except for paragraphs ____________. [Offeror to identify the applicable paragraphs at (c) through (p) of this provision that the offeror has completed for the purposes of this solicitation only, if any. These amended representation(s) and/or certification(s) are also incorporated in this offer and are current, accurate, and complete as of the date of this offer. Any changes provided by the offeror are applicable to this solicitation only, and do not result in an update to the representations and certifications posted electronically on SAM.] (c) Offerors must complete the following representations when the resulting contract is to be performed in the United States or its outlying areas. Check all that apply. (1) Small business concern. The offeror represents as part of its offer that it [_] is, [_] is not a small business concern. (2) Veteran-owned small business concern. [Complete only if the offeror represented itself as a small business concern in paragraph (c)(1) of this provision.] The offeror represents as part of its offer that it [_] is, [_] is not a veteran-owned small business concern. (3) Service-disabled veteran-owned small business concern. [Complete only if the offeror represented itself as a veteran-owned small business concern in paragraph (c)(2) of this provision.] The offeror represents as part of its offer that it [_] is, [_] is not a service-disabled veteran-owned small business concern. (4) Small disadvantaged business concern. [Complete only if the offeror represented itself as a small business concern in paragraph (c)(1) of this provision.]The offeror represents that it [_] is, [_] is not, a small disadvantaged business concern as defined in 13 CFR 124.1002. (5) Women-owned small business concern. [Complete only if the offeror represented itself as a small business concern in paragraph (c)(1) of this provision.] The offeror represents that it [_] is, [_] is not a women-owned small business concern. Note: Complete paragraphs (c)(8) and (c)(9) only if this solicitation is expected to exceed the simplified acquisition threshold. (6) WOSB concern eligible under the WOSB Program. [Complete only if the offeror represented itself as a women-owned small business concern in paragraph (c)(5) of this provision.] The offeror represents that- (i) It [_] is, [_] is not a WOSB concern eligible under the WOSB Program, has provided all the required documents to the WOSB Repository, and no change in circumstances or adverse decisions have been issued that affects its eligibility; and (ii) It [_] is, [_] is not a joint venture that complies with the requirements of 13 CFR part 127, and the representation in paragraph (c)(6)(i) of this provision is accurate for each WOSB concern eligible under the WOSB Program participating in the joint venture. [The offeror shall enter the name or names of the WOSB concern eligible under the WOSB Program and other small businesses that are participating in the joint venture: _________.] Each WOSB concern eligible under the WOSB Program participating in the joint venture shall submit a separate signed copy of the WOSB representation. (7) Economically disadvantaged women-owned small business (EDWOSB) concern. [Complete only if the offeror represented itself as a WOSB concern eligible under the WOSB Program in (c)(6) of this provision.] The offeror represents that- (i) It [_] is, [_] is not an EDWOSB concern, has provided all the required documents to the WOSB Repository, and no change in circumstances or adverse decisions have been issued that affects its eligibility; and (ii) It [_] is, [_] is not a joint venture that complies with the requirements of 13 CFR part 127, and the representation in paragraph (c)(7)(i) of this provision is accurate for each EDWOSB concern participating in the joint venture. [The offeror shall enter the name or names of the EDWOSB concern and other small businesses that are participating in the joint venture: _____________.] Each EDWOSB concern participating in the joint venture shall submit a separate signed copy of the EDWOSB representation. (8) Women-owned business concern (other than small business concern). [Complete only if the offeror is a women-owned business concern and did not represent itself as a small business concern in paragraph (c)(1) of this provision.] The offeror represents that it [_] is, a women-owned business concern. (9) Tie bid priority for labor surplus area concerns. If this is an invitation for bid, small business offerors may identify the labor surplus areas in which costs to be incurred on account of manufacturing or production (by offeror or first-tier subcontractors) amount to more than 50 percent of the contract price: ___________________________________________ (10) HUBZone small business concern. [Complete only if the offeror represented itself as a small business concern in paragraph (c)(1) of this provision.] The offeror represents, as part of its offer, that- (i) It [_] is, [_] is not a HUBZone small business concern listed, on the date of this representation, on the List of Qualified HUBZone SmallBusiness Concerns maintained by the Small Business Administration, and no material changes in ownership and control, principal office, or HUBZone employee percentage have occurred since it was certified in accordance with 13 CFR part 126; and (ii) It [_] is, [_] is not a HUBZone joint venture that complies with the requirements of 13 CFR part 126, and the representation in paragraph (c)(10)(i) of this provision is accurate for each HUBZone small business concern participating in the HUBZone joint venture. [The offeror shall enter the names of each of the HUBZone small business concerns participating in the HUBZone joint venture: __________.] Each HUBZone small business concern participating in the HUBZone joint venture shall submit a separate signed copy of the HUBZone representation. (d) Representations required to implement provisions of Executive Order 11246 - (1) Previous contracts and compliance. The offeror represents that - (i) It [_] has, [_] has not, participated in a previous contract or subcontract subject to the Equal Opportunity clause of this solicitation; and (ii) It [_] has, [_] has not, filed all required compliance reports. (2) Affirmative Action Compliance. The offeror represents that - (i) It [_] has developed and has on file, [_] has not developed and does not have on file, at each establishment, affirmative action programs required by rules and regulations of the Secretary of Labor (41 CFR parts 60-1 and 60-2), or (ii) It [_] has not previously had contracts subject to the written affirmative action programs requirement of the rules and regulations of the Secretary of Labor. (e) Certification Regarding Payments to Influence Federal Transactions (31 U.S.C. 1352). (Applies only if the contract is expected to exceed $150,000.) By submission of its offer, the offeror certifies to the best of its knowledge and belief that no Federal appropriated funds have been paid or will be paid to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress or an employee of a Member of Congress on his or her behalf in connection with the award of any resultant contract. If any registrants under the Lobbying Disclosure Act of 1995 have made a lobbying contact on behalf of the offeror with respect to this contract, the offeror shall complete and submit, with its offer, OMB Standard Form LLL, Disclosure of Lobbying Activities, to provide the name of the registrants. The offeror need not report regularly employed officers or employees of the offeror to whom payments of reasonable compensation were made. (f) Buy American Certificate. (Applies only if the clause at Federal Acquisition Regulation (FAR) 52.225-1, Buy American - Supplies, is included in this solicitation.) (1) The offeror certifies that each end product, except those listed in paragraph (f)(2) of this provision, is a domestic end product and that for other than COTS items, the offeror has considered components of unknown origin to have been mined, produced, or manufactured outside the United States. The offeror shall list as foreign end products those end products manufactured in the United States that do not qualify as domestic end products, i.e., an end product that is not a COTS item and does not meet the component test in paragraph (2) of the definition of "domestic end product." The terms "commercially available off-the-shelf (COTS) item," "component," "domestic end product," "end product," "foreign end product," and "United States" are defined in the clause of this solicitation entitled "Buy American-Supplies." (2) Foreign End Products: LINE ITEM NO. COUNTRY OF ORIGIN [List as necessary] (3) The Government will evaluate offers in accordance with the policies and procedures of FAR Part 25. (g) (1) Buy American -- Free Trade Agreements -- Israeli Trade Act Certificate. (Applies only if the clause at FAR 52.225-3, Buy American -- Free Trade Agreements -- Israeli Trade Act, is included in this solicitation.) (i) The offeror certifies that each end product, except those listed in paragraph (g)(1)(ii) or (g)(1)(iii) of this provision, is a domestic end product and that for other than COTS items, the offeror has considered components of unknown origin to have been mined, produced, or manufactured outside the United States. The terms "Bahrainian, Moroccan, Omani, Panamanian, or Peruvian end product," "commercially available off-the-shelf (COTS) item," "component," "domestic end product," "end product," "foreign end product," "Free Trade Agreement country," "Free Trade Agreement country end product," "Israeli end product," and "United States" are defined in the clause of this solicitation entitled "Buy American--Free Trade Agreements--Israeli Trade Act." (ii) The offeror certifies that the following supplies are Free Trade Agreement country end products (other than Bahrainian, Moroccan, Omani, Panamanian, or Peruvian end products) or Israeli end products as defined in the clause of this solicitation entitled "Buy American-Free Trade Agreements-Israeli Trade Act": Free Trade Agreement Country End Products (Other than Bahrainian, Moroccan, Omani, Panamanian, or Peruvian End Products) or Israeli End Products: LINE ITEM NO. COUNTRY OF ORIGIN [List as necessary] (iii) The offeror shall list those supplies that are foreign end products (other than those listed in paragraph (g)(1)(ii) or this provision) as defined in the clause of this solicitation entitled "Buy American-Free Trade Agreements-Israeli Trade Act." The offeror shall list as other foreign end products those end products manufactured in the United States that do not qualify as domestic end products, i.e., an end product that is not a COTS item and does not meet the component test in paragraph (2) of the definition of "domestic end product." Other Foreign End Products: LINE ITEM NO. COUNTRY OF ORIGIN [List as necessary] (iv) The Government will evaluate offers in accordance with the policies and procedures of FAR Part 25. (2) Buy American-Free Trade Agreements-Israeli Trade Act Certificate, Alternate I. If Alternate I to the clause at FAR 52.225-3 is included in this solicitation, substitute the following paragraph (g)(1)(ii) for paragraph (g)(1)(ii) of the basic provision: (g)(1)(ii) The offeror certifies that the following supplies are Canadian end products as defined in the clause of this solicitation entitled "Buy American-Free Trade Agreements-Israeli Trade Act": Canadian End Products: Line Item No.: ___________________________________________ [List as necessary] (3) Buy American-Free Trade Agreements-Israeli Trade Act Certificate, Alternate II. If Alternate II to the clause at FAR 52.225-3 is included in this solicitation, substitute the following paragraph (g)(1)(ii) for paragraph (g)(1)(ii) of the basic provision: (g)(1)(ii) The offeror certifies that the following supplies are Canadian end products or Israeli end products as defined in the clause of this solicitation entitled "Buy American--Free Trade Agreements--Israeli Trade Act'': Canadian or Israeli End Products: Line Item No.: Country of Origin: [List as necessary] (4) Buy American-Free Trade Agreements-Israeli Trade Act Certificate, Alternate III. If Alternate III to the clause at 52.225-3 is included in this solicitation, substitute the following paragraph (g)(1)(ii) for paragraph (g)(1)(ii) of the basic provision: (g)(1)(ii) The offeror certifies that the following supplies are Free Trade Agreement country end products (other than Bahrainian, Korean, Moroccan, Omani, Panamanian, or Peruvian end products) or Israeli end products as defined in the clause of this solicitation entitled "Buy American-Free Trade Agreements-Israeli Trade Act": Free Trade Agreement Country End Products (Other than Bahrainian, Korean, Moroccan, Omani, Panamanian, or Peruvian End Products) or Israeli End Products: Line Item No.: Country of Origin: [List as necessary] (5) Trade Agreements Certificate. (Applies only if the clause at FAR 52.225-5, Trade Agreements, is included in this solicitation.) (i) The offeror certifies that each end product, except those listed in paragraph (g)(5)(ii) of this provision, is a U.S.-made or designated country end product as defined in the clause of this solicitation entitled "Trade Agreements." (ii) The offeror shall list as other end products those end products that are not U.S.-made or designated country end products. Other End Products Line Item No.: Country of Origin: [List as necessary] (iii) The Government will evaluate offers in accordance with the policies and procedures of FAR Part 25. For line items covered by the WTO GPA, the Government will evaluate offers of U.S.-made or designated country end products without regard to the restrictions of the Buy American statute. The Government will consider for award only offers of U.S.-made or designated country end products unless the Contracting Officer determines that there are no offers for such products or that the offers for such products are insufficient to fulfill the requirements of the solicitation. (h) Certification Regarding Responsibility Matters (Executive Order 12689). (Applies only if the contract value is expected to exceed the simplified acquisition threshold.) The offeror certifies, to the best of its knowledge and belief, that the offeror and/or any of its principals- (1) [_] Are, [_] are not presently debarred, suspended, proposed for debarment, or declared ineligible for the award of contracts by any Federal agency; (2) [_] Have, [_] have not, within a three-year period preceding this offer, been convicted of or had a civil judgment rendered against them for: commission of fraud or a criminal offense in connection with obtaining, attempting to obtain, or performing a Federal, state or local government contract or subcontract; violation of Federal or state antitrust statutes relating to the submission of offers; or commission of embezzlement, theft, forgery, bribery, falsification or destruction of records, making false statements, tax evasion, violating Federal criminal tax laws, or receiving stolen property; and (3) [_] Are, [_] are not presently indicted for, or otherwise criminally or civilly charged by a Government entity with, commission of any of these offenses enumerated in paragraph (h)(2) of this clause; and (4) [_] Have, [_] have not, within a three-year period preceding this offer, been notified of any delinquent Federal taxes in an amount that exceeds $3,000 for which the liability remains unsatisfied. (i) Taxes are considered delinquent if both of the following criteria apply: (A) The tax liability is finally determined. The liability is finally determined if it has been assessed. A liability is not finally determined if there is a pending administrative or judicial challenge. In the case of a judicial challenge to the liability, the liability is not finally determined until all judicial appeal rights have been exhausted. (B) The taxpayer is delinquent in making payment. A taxpayer is delinquent if the taxpayer has failed to pay the tax liability when full payment was due and required. A taxpayer is not delinquent in cases where enforced collection action is precluded. (ii) Examples. (A) The taxpayer has received a statutory notice of deficiency, under I.R.C. §6212, which entitles the taxpayer to seek Tax Court review of a proposed tax deficiency. This is not a delinquent tax because it is not a final tax liability. Should the taxpayer seek Tax Court review, this will not be a final tax liability until the taxpayer has exercised all judicial appear rights. (B) The IRS has filed a notice of Federal tax lien with respect to an assessed tax liability, and the taxpayer has been issued a notice under I.R.C. §6320 entitling the taxpayer to request a hearing with the IRS Office of Appeals Contesting the lien filing, and to further appeal to the Tax Court if the IRS determines to sustain the lien filing. In the course of the hearing, the taxpayer is entitled to contest the underlying tax liability because the taxpayer has had no prior opportunity to contest the liability. This is not a delinquent tax because it is not a final tax liability. Should the taxpayer seek tax court review, this will not be a final tax liability until the taxpayer has exercised all judicial appeal rights. (C) The taxpayer has entered into an installment agreement pursuant to I.R.C. §6159. The taxpayer is making timely payments and is in full compliance with the agreement terms. The taxpayer is not delinquent because the taxpayer is not currently required to make full payment. (D) The taxpayer has filed for bankruptcy protection. The taxpayer is not delinquent because enforced collection action is stayed under 11 U.S.C. §362 (the Bankruptcy Code). (i) Certification Regarding Knowledge of Child Labor for Listed End Products (Executive Order 13126). [The Contracting Officer must list in paragraph (i)(1) any end products being acquired under this solicitation that are included in the List of Products Requiring Contractor Certification as to Forced or Indentured Child Labor, unless excluded at 22.1503(b).] (1) Listed End Product Listed End Product: Listed Countries of Origin: (2) Certification. [If the Contracting Officer has identified end products and countries of origin in paragraph (i)(1) of this provision, then the offeror must certify to either (i)(2)(i) or (i)(2)(ii) by checking the appropriate block.] [_] (i) The offeror will not supply any end product listed in paragraph (i)(1) of this provision that was mined, produced, or manufactured in the corresponding country as listed for that product. [_] (ii) The offeror may supply an end product listed in paragraph (i)(1) of this provision that was mined, produced, or manufactured in the corresponding country as listed for that product. The offeror certifies that is has made a good faith effort to determine whether forced or indentured child labor was used to mine, produce, or manufacture any such end product furnished under this contract. On the basis of those efforts, the offeror certifies that it is not aware of any such use of child labor. (j) Place of manufacture. (Does not apply unless the solicitation is predominantly for the acquisition of manufactured end products.) For statistical purposes only, the offeror shall indicate whether the place of manufacture of the end products it expects to provide in response to this solicitation is predominantly- (1) [_] In the United States (Check this box if the total anticipated price of offered end products manufactured in the United States exceeds the total anticipated price of offered end products manufactured outside the United States); or (2) [_] Outside the United States. (k) Certificates regarding exemptions from the application of the Service Contract Labor Standards. (Certification by the offeror as to its compliance with respect to the contract also constitutes its certification as to compliance by its subcontractor if it subcontracts out the exempt services.) [The contracting officer is to check a box to indicate if paragraph (k)(1) or (k)(2) applies.] (1) [_] Maintenance, calibration, or repair of certain equipment as described in FAR 22.1003-4(c)(1). The offeror [_] does [_] does not certify that- (i) The items of equipment to be serviced under this contract are used regularly for other than Governmental purposes and are sold or traded by the offeror (or subcontractor in the case of an exempt subcontract) in substantial quantities to the general public in the course of normal business operations; (ii) The services will be furnished at prices which are, or are based on, established catalog or market prices (see FAR 22.1003-4(c)(2)(ii)) for the maintenance, calibration, or repair of such equipment; and (iii) The compensation (wage and fringe benefits) plan for all service employees performing work under the contract will be the same as that used for these employees and equivalent employees servicing the same equipment of commercial customers. (2) [_] Certain services as described in FAR 22.1003-4(d)(1). The offeror [_] does [_] does not certify that- (i) The services under the contract are offered and sold regularly to non-Governmental customers, and are provided by the offeror (or subcontractor in the case of an exempt subcontract) to the general public in substantial quantities in the course of normal business operations; (ii) The contract services will be furnished at prices that are, or are based on, established catalog or market prices (see FAR 22.1003-4(d)(2)(iii)); (iii) Each service employee who will perform the services under the contract will spend only a small portion of his or her time (a monthly average of less than 20 percent of the available hours on an annualized basis, or less than 20 percent of available hours during the contract period if the contract period is less than a month) servicing the Government contract; and (iv) The compensation (wage and fringe benefits) plan for all service employees performing work under the contract is the same as that used for these employees and equivalent employees servicing commercial customers. (3) If paragraph (k)(1) or (k)(2) of this clause applies- (i) If the offeror does not certify to the conditions in paragraph (k)(1) or (k)(2) and the Contracting Officer did not attach a Service Contract Labor Standards wage determination to the solicitation, the offeror shall notify the Contracting Officer as soon as possible; and (ii) The Contracting Officer may not make an award to the offeror if the offeror fails to execute the certification in paragraph (k)(1) or (k)(2) of this clause or to contact the Contracting Officer as required in paragraph (k)(3)(i) of this clause. (l) Taxpayer identification number (TIN) (26 U.S.C. 6109, 31 U.S.C. 7701). (Not applicable if the offeror is required to provide this information to the SAM database to be eligible for award.) (1) All offerors must submit the information required in paragraphs (l)(3) through (l)(5) of this provision to comply with debt collection requirements of 31 U.S.C. 7701(c) and 3325(d), reporting requirements of 26 U.S.C. 6041, 6041A, and 6050M, and implementing regulations issued by the Internal Revenue Service (IRS). (2) The TIN may be used by the government to collect and report on any delinquent amounts arising out of the offeror's relationship with the Government (31 U.S.C. 7701(c)(3)). If the resulting contract is subject to the payment reporting requirements described in FAR 4.904, the TIN provided hereunder may be matched with IRS records to verify the accuracy of the offeror's TIN. (3) Taxpayer Identification Number (TIN). [_] TIN:_____________________. [_] TIN has been applied for. [_] TIN is not required because: [_] Offeror is a nonresident alien, foreign corporation, or foreign partnership that does not have income effectively connected with the conduct of a trade or business in the United States and does not have an office or place of business or a fiscal paying agent in the United States; [_] Offeror is an agency or instrumentality of a foreign government; [_] Offeror is an agency or instrumentality of the Federal Government; (4) Type of organization. [_] Sole proprietorship; [_] Partnership; [_] Corporate entity (not tax-exempt); [_] Corporate entity (tax-exempt); [_] Government entity (Federal, State, or local); [_] Foreign government; [_] International organization per 26 CFR 1.6049-4; [_] Other ____________________. (5) Common parent. [_] Offeror is not owned or controlled by a common parent: [_] Name and TIN of common parent: Name ____________________________________ TIN ______________________________________ (m) Restricted business operations in Sudan. By submission of its offer, the offeror certifies that the offeror does not conduct any restricted business operations in Sudan. (n) Prohibition on Contracting with Inverted Domestic Corporations- (1) Government agencies are not permitted to use appropriated (or otherwise made available) funds for contracts with either an inverted domestic corporation, or a subsidiary of an inverted domestic corporation, unless the exception at 9.108-2(b) applies or the requirement is waived in accordance with the procedures at 9.108-4. (2) Representation. By submission of its offer, the offeror represents that- (i) It is not an inverted domestic corporation; and (ii) It is not a subsidiary of an inverted domestic corporation. (o) Prohibition on contracting with entities engaging in certain activities or transactions relating to Iran. (1) The offeror shall email questions concerning sensitive technology to the Department of State at CISADA106@state.gov. (2) Representation and Certification. Unless a waiver is granted or an exception applies as provided in paragraph (o)(3) of this provision, by submission of its offer, the offeror- (i) Represents, to the best of its knowledge and belief, that the offeror does not export any sensitive technology to the government of Iran or any entities or individuals owned or controlled by, or acting on behalf or at the direction of, the government of Iran; (ii) Certifies that the offeror, or any person owned or controlled by the offeror, does not engage in any activities for which sanctions may be imposed under section 5 of the Iran Sanctions Act; and (iii) Certifies that the offeror, and any person owned or controlled by the offeror, does not knowingly engage in any transaction that exceeds $3,000 with Iran's Revolutionary Guard Corps or any of its officials, agents, or affiliates, the property and interests in property of which are blocked pursuant to the International Emergency Economic Powers Act (50(U.S.C. 1701 et seq.) (see OFAC's Specially Designated Nationals and Blocked Persons List at http://www.treasury.gov/ofac/downloads/t11sdn.pdf). (3) The representation and certification requirements of paragraph (o)(2) of this provision do not apply if- (i) This solicitation includes a trade agreements certification (e.g., 52.212-3(g) or a comparable agency provision); and (ii) The offeror has certified that all the offered products to be supplied are designated country end products. (p) Ownership or Control of Offeror. (Applies in all solicitations when there is a requirement to be registered in SAM or a requirement to have a DUNS Number in the solicitation.) (1) The Offeror represents that it [ ] has or [ ] does not have an immediate owner. If the Offeror has more than one immediate owner (such as a joint venture), then the Offeror shall respond to paragraph (2) and if applicable, paragraph (3) of this provision for each participant in the joint venture. (2) If the Offeror indicates "has" in paragraph (p)(1) of this provision, enter the following information: Immediate owner CAGE code:_____________________________________________ Immediate owner legal name:______________________________________________ (Do not use a "doing business as" name) Is the immediate owner owned or controlled by another entity: [ ] Yes or [ ] No. (3) If the Offeror indicates "yes" in paragraph (p)(2) of this provision, indicating that the immediate owner is owned or controlled by another entity, then enter the following information: Highest level owner CAGE code:_____________________________________________ Highest level owner legal name:______________________________________________ (Do not use a "doing business as" name) ATTACHMENTS: Attachment A (Security Requirements) Attachment B (It Rules of Behavior) Attachment C (Non-Disclosure) Attachment D (Security Controls) Attachment E (Price Listing) Interested Offerors shall submit quotes electronically by Monday October 16, 2015 08:00 AM ET to Purchasing@fiscal.treasury.gov Attn: ES/BW, RE: RFQ-ISS-34300204-15-024. Attachment A - Security Requirements 1 Applicability Attachment A - Security Requirements details high-level security requirements that may apply to procured products, systems, and services. All sections of this document must be included, even when they are not applicable. This ensures that the contractor is informed of requirements in the event they become applicable. This attachment applies to the Contractor, its subcontractors, and contractor personnel, including fiscal and financial agents (hereafter referred to collectively as "Contractor") and addresses specific Bureau of the Fiscal Service (Fiscal Service) requirements in addition to those included in the Federal Acquisition Regulation (FAR), the Privacy Act of 1974 (5 U.S.C. §552a), the Health Insurance Portability and Accountability Act of 1996 (Pub. L. 104-191, 110 Stat. 1936), the Sarbanes-Oxley Act of 2002 (Pub. L. 107-204, 116 Stat 745), and other laws, mandates, or executive orders pertaining to the development and operations of information systems and the protection of sensitive information and data. The following should not be construed to alter or diminish civil and/or criminal liabilities provided under various laws or mandates. 2 Information Types The term "information" is synonymous with data, regardless of format or medium. Personally Identifiable Information (PII) is a subset of Sensitive But Unclassified (SBU) information. Sensitive PII is a subset of PII, and therefore a subset of SBU information. All requirements for SBU information apply to PII and Sensitive PII. All requirements for PII apply to Sensitive PII. 2.1 Sensitive But Unclassified Information Sensitive But Unclassified information (SBU) is any information, the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of Federal programs, or the privacy to which individuals are entitled under the Privacy Act but which has not been specifically authorized under criteria established by an executive order or an act of Congress to be kept secret in the interest of national defense or foreign policy. SBU information is subject to stricter handling requirements than less sensitive non-SBU information because of the increased risk if the data are compromised. Some categories of SBU include financial, medical, health, legal, strategic, and business information. Personally Identifiable Information and Sensitive PII are also considered to be SBU. These categories of information require appropriate protection individually and may require additional protection when aggregated with other sensitive information. 2.2 Personally Identifiable Information Personally Identifiable Information ( as defined in OMB Memorandum M-07-16, refers to information that can be used to distinguish or trace an individual's identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. In performing this assessment, it is important to recognize that non-PII can become PII whenever additional information that is publicly available - in any medium and from any source - is or can be combined to identify an individual. As an example, PII includes a name and an address because it uniquely identifies an individual, but alone may not constitute Sensitive PII. 2.3 Sensitive Personally Identifiable Information Sensitive PII (refers to information that can be used to target, harm, or coerce an individual or entity; assume or alter an individual's or entity's identity; or alter the outcome of an individual's or entity's activities. Sensitive PII requires stricter handling because of the increased risk to an individual or associates if the information is compromised. Some categories of Sensitive PII include stand-alone information, such as Social Security numbers (SSN) or biometric identifiers. Other information such as a financial account, date of birth, maiden names, citizenship status, or medical information, in conjunction with the identity of an individual (directly or indirectly inferred), are also considered Sensitive PII. In addition, the context of the information may determine whether it is sensitive, such as a list of employees with poor performance ratings or a list of employees who have filed a grievance or complaint. 3 Information Protection The Contractor's employees, facilities, services and product(s) shall meet applicable United States (U.S.) federal government laws, directives, executive orders, standards, guidelines, and other requirements for information security, personnel security, physical security, and data encryption. The Contractor shall follow United States Government, Treasury, and Fiscal Service procedures for proper handling of SBU and PII. The Contractor may be required to assist with security reviews by providing information about processes, software, facilities, personnel, and equipment through interviews, on-site inspections (if necessary), and documentary evidence. Sensitive But Unclassified information, data, and/or equipment will only be disclosed to authorized personnel on a need-to-know basis. The contractor shall ensure that appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of this information, data, and/or equipment is properly protected. When no longer required, this information, data, and/or equipment will be returned to Government control, destroyed, or held until otherwise directed. Destruction of items shall be accomplished by following NIST Special Publication 800-88, Guidelines for Media Sanitization. The disposition of all data will be at the written direction of the COR, this may include documents returned to Government control; destroyed; or held as specified until otherwise directed. Items returned to the Government shall be hand carried or sent by certified mail to the COR. The contractor shall be responsible for properly protecting all information used, gathered, or developed as a result of work under this contract. The contractor shall also protect all Government data, equipment, etc. Information systems and services performing work on behalf of the Fiscal Service shall be located, operated and maintained within the U.S.; operations and maintenance of systems shall be conducted by personnel physically located within the U.S or its territories. "Operated" refers to carrying out administrator/privileged user functions, such as, database administration, patching, upgrades and maintenance. Administrator/ privileged access shall not be permitted from outside of the U.S. Foreign remote maintenance, systems monitoring, foreign "call service centers," "help desks," and the like are prohibited. Fiscal Service information shall be accessed only by personnel meeting or surpassing the Treasury citizenship requirements (as determined by Personnel Security, see section 8 below). Extra precautions should be in place for other types of access from foreign locations. Work shall be performed on systems secured at least at a FIPS 199 MODERATE security category level. Written approval by the Fiscal Service's Chief Information Officer (CIO), or designee, is required prior to the use or storage of Fiscal Service SBU information, or the sharing of Fiscal Service SBU Information by the Contractor with any subcontractor, person, or entity other than Fiscal Service. The Contractor must not remove SBU information from approved location(s), electronic device(s), or other container(s), without prior approval from the CIO or their designee. Contracts and/or task orders for the acquisition of information systems or services processing SBU information for Fiscal Service shall clearly specify the delivery date of an acceptable Security Assessment & Authorization (SA&A) or similar security assessment package as may be prescribed by Fiscal Service. The Contractor shall grant access to Fiscal Service to review any existing SA&A documentation. When needed per Fiscal Service direction, the Contractor and Fiscal Service officials shall prepare an Interconnection Security Agreement (ISA) prior to connecting to external information systems and in accordance with Fiscal Service processes. Any computer equipment used by or on behalf of the Fiscal Service shall support Transport Layer Security (TLS) v1.0 or greater and comply with NIST SP 800-52, Guidelines for Selection and Use of Transport Layer Security unless predetermined to be a standalone system. Cryptographic modules used to protect Fiscal Service information must be compliant with the current FIPS 140 version and validated by the Cryptographic Module Validation Program (CMVP). The Contractor must provide the validation certificate number to Fiscal Service for verification. Encryption is required to protect federal and contractor data when transmitting between systems. The Contractor shall be subject to periodic audits and reviews, as required by law. The Contractor shall provide reports with findings that result from audits and reviews to Fiscal Service within five business days of receipt. Within 15 business days, the Contractor shall propose a response and a plan of action with milestones. The Contractor shall resolve all findings prior to recurrence, and the contract shall include financial disincentives for repeat findings. The Contractor may be required to provide Fiscal Service access to, and information regarding systems the contractor operates on behalf of Fiscal Service as part of its responsibility to ensure compliance with security requirements. Fiscal Service access may include independent validation testing of controls, system penetration testing, FISMA reviews, monthly data feed requirements as coordinated by Fiscal Service, and access by agency Inspector General for its review. All information systems that input, store, process, and/or output Government information must be granted approval by the CIO, or designee for operation and/or use. The contractor must adhere to current Fiscal Service policies, procedures, and guidance for Security Assessment and Authorization (SA&A) activities. Prior to SA&A, a Privacy Threshold Analysis (PTA) for all systems must be completed and provided to the Fiscal Service Privacy Officer, or designate, for a determination. If determination is made that a Privacy Impact Assessment (PIA) is required, it must be completed in accordance with Fiscal Service requirements. The Contractor shall allow for physical inspection of facilities by Fiscal Service or representatives within 30 calendar days of a Fiscal Service request. The Contractor may propose to limit the number of physical inspection requests from Fiscal Service; the limit shall not be less than two times per calendar year. In addition to scheduled visits at the request of Fiscal Service, the Contractor shall allow scheduled physical inspections in support of Security Assessment & Authorization and physical inspections on demand in the event of a computer security incident. A computer security incident is defined as any adverse event that threatens computer security and may include but is not limited to: loss of data confidentiality, disruption to data or system integrity, and denial of availability. The Contractor shall report any suspected security incident by phone to the Fiscal Service IT Service Desk within one hour of identification of a suspected security incident: 304-480-7777. The Contractor shall destroy all SBU information, obtained under this contract, from contractor-owned information technology assets. Certification of data destruction will be performed by the contractor's Project Manager and written notification confirming certification will be delivered to the contracting officer within 15 days of termination/expiration of contractor work. 4 Federal Regulatory Requirements and Industry Standards The Contractor's performance and systems shall comply with applicable federal government laws, directives, executive orders, standards, guidelines, and other requirements for information security, personnel security, physical security, and data encryption. The Contractor's performance and systems shall comply with the most current versions of the following applicable Federal and industry information technology regulatory requirements and standards. The most relevant documents will be highlighted: • Federal Information Security Management Act of 2002 (FISMA) • FIPS 140-2, Security Requirements for Cryptographic Modules • FIPS 191, Guideline for the Analysis of Local Area Network Security • FIPS 199, Standards for Security Categorization of Federal Information and Information Systems • FIPS 200, Minimum Security Requirements for Federal Information and Information Systems • FIPS 201-1, Personal Identity Verification for Federal Employees and Contractors • Fiscal Service Baseline Security Requirements (BLSRs) • National Institute of Science and Technology (NIST) SP 800-12, An Introduction to Computer Security - The NIST Handbook • NIST SP 800-16, Information Technology Security Training Requirements: A Role and Performance Based Model • NIST SP 800-18, Guide for Developing Security Plans for Information Technology Systems • NIST SP 800-27, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A • NIST SP 800-28, Guidelines on Active Content and Mobile Code • NIST SP 800-30, Guide to Conducting Risk Assessments • NIST SP 800-34, Contingency Planning Guide for Federal Information Systems • NIST SP 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View • NIST SP 800-40, Procedures for Handling Security Patches • NIST SP 800-41, Guidelines on Firewalls and Firewall Policy • NIST SP 800-42, Guideline for Network Security Testing • NIST SP 800-45, Guidelines for Electronic Mail Security • NIST SP 800-46, Security for Telecommuting and Broadband Communications • NIST SP 800-47, Security Guide for Interconnecting Information Technology Systems • NIST SP 800-48, Wireless Network Security • NIST SP 800-50, Building an Information Technology Security Awareness and Training Program • NIST SP 800-52, Guidelines for Selection and Use of Transport Layer Security • NIST SP 800-53, Recommended Security Controls for Federal Information Systems and Organizations • NIST SP 800-53A, Guide for Assessing the Security Controls in Federal Information Systems and Organizations • NIST SP 800-55, Performance Measurement Guide for Information Security • NIST SP 800-58, Security Considerations for Voice Over IP Systems • NIST SP 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories • NIST SP 800-61, Computer Security Incident Handling Guide • NIST SP 800-63-1, Electronic Authentication Guideline • NIST SP 800-68, Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist • NIST SP 800-70, National Checklist Program for IT Products - Guidelines for Checklist Users and Developers • NIST SP 800-77, Guide to IPSec VPNs • NIST SP 800-81, Secure Domain Name System (DNS) Deployment Guide • NIST SP 800-83, Guide to Malware Incident Prevention and Handling • NIST SP 800-88, Media Sanitization Guide • NIST SP 800-94, Guide to Intrusion Detection and Prevention Systems (IDPS) • NIST SP 800-100, Information Security Handbook: A Guide for Managers • NIST SP 800-114, User's Guide to Securing External Devices for Telework and Remote Access • NIST SP 800-115, Technical Guide to Information Security Testing and Assessment • NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) • NIST SP 800-125, Guide to Security for Full Virtualization Technologies • NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems • NIST SP 800-137, Information Security Continuous Monitoring for Federal Information Systems and Organizations • NIST SP 800-144, Guidelines on Security and Privacy in Public Cloud Computing • NIST SP 800-145, A NIST Definition of Cloud Computing • NIST SP 800-147, Basic Input/Output System (BIOS) Protection Guidelines • NIST SP 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs) • Office of Management and Budget (OMB) Circular A-123, Management Accountability and Control • OMB Circular A-130, Management of Federal Information Resources • OMB Memorandum - Security Authorization of Information Systems in Cloud Computing Environments • OMB M-04-04, E-Authentication Guidance for Federal Agencies • OMB M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 - Policy for a Common Identification Standard for Federal Employees and Contractors • OMB M-06-16, Protection of Sensitive Agency Information • OMB M-07-11, Implementation of Commonly Accepted Security Configurations for Windows Operating Systems • OMB M-07-16, Safeguarding Against and Responding to the Breach of PII • OMB M-07-18, Ensuring New Acquisitions Include Common Security Configurations • OMB M-14-03, Enhancing the Security of Federal Information and Information Systems • OMB M-15-01, Fiscal Year 2014-2015 Guidance on Improving Federal Information Security and Privacy Management Practices • OMB M-99-20, Security of Federal Automated Information Resources • Public Law 93-579, The Privacy Act of 1974 • TD P 85-01 - Treasury Information Technology Security Program • TD P 15-71 - Department of the Treasury Security Manual New regulatory requirements and standards shall be adhered to as they are enacted or become effective, as applicable. The Contractor shall implement a process to support timely compliance with new requirements imposed by external authorities. The Contractor shall comply with both Fiscal Service and Treasury requirements that extend above federal government and industry information technology regulatory requirements and standards. For example, Treasury has implemented more stringent security requirements in the Treasury Security Manual, TD P 85-01, than are typical for the federal government or the general information technology community. There are approximately 100 additional security control extensions in a variety of areas that go beyond NIST SP 800-53 guidance. 4.1 Privacy Act Compliance (a) Contractors must comply with the Privacy Act's requirements in the design, development, or operation of any system of records containing PII developed or operated for Fiscal Service or to accomplish a Fiscal Service function for a System of Records (SOR). (b) In the event of violations of the Act, a civil action may be brought against Fiscal Service when the violation concerns the design, development, or operation of a SOR on individuals to accomplish an Fiscal Service function, and criminal penalties may be imposed upon the officers or employees of Fiscal Service when the violation concerns the operation of a SOR on individuals to accomplish an Fiscal Service function. For purposes of the Act, when the contract is for the operation of a SOR on individuals to accomplish a Fiscal Service function, the Contractor is considered to be an employee of the agency. 5 Security and Privacy Awareness Training The Contractor and subcontractor personnel who require access to Fiscal Service information or information systems will be required to review and sign Rules of Behavior, and complete security awareness training prior to being granted access. For the first 60 days of user access, reviewing and signing the Rules of Behavior is adequate for meeting the security awareness training requirement. If the security awareness training requirement is not completed within the first 60 days, access may be revoked. Security and Privacy training will be required on a recurring annual basis, of all contractor and subcontractor staff performing work for Fiscal Service on a recurring annual basis, provided by Fiscal Service and/or by the contractor. Access may be revoked if the annual security training is not completed. When necessary, Contractors and subcontractors will be required to sign Non-disclosure agreements.. 6 Cloud and FedRAMP Requirements Cloud based systems or services shall comply with OMB Federal Risk and Authorization Management Program (FedRAMP) requirements, as well as, FedRAMP Privacy requirements. These requirements are in addition to U.S. Government, Department of the Treasury, and Fiscal Service requirements specified throughout this document. Cloud Service Providers shall have FedRAMP compliant security documentation sufficient to obtain a provisional authorization. Cloud based systems or services shall have a FedRAMP third party assessment organization (3PAO) security assessment. Contractor shall obtain this assessment service and coordinate completion of assessment at a FIPS 199 moderate security category level. Cloud Service Providers shall comply with FedRAMP guidance regarding continuous monitoring activities. Fiscal Service shall have access to ongoing continuous monitoring documentation, such as POA&M documentation. Contractors shall be responsible for the following privacy and security safeguards: 1. To the extent required to carry out the FedRAMP assessment and authorization process and FedRAMP continuous monitoring, to safeguard against threats and hazards to the security, integrity, and confidentiality of any non-public Government data collected and stored by the Contractor, the Contractor shall afford the Government access to the Contractor's facilities, installations, technical capabilities, operations, documentation, records, and databases. 2. If new or unanticipated threats or hazards are discovered by either the Government or the Contractor, or if existing safeguards have ceased to function, the discoverer shall immediately bring the situation to the attention of the other party. 3. The contractor shall also comply with any additional FedRAMP privacy requirements. 4. The Government has the right to perform manual or automated audits, scans, reviews, or other inspections of the vendor's IT environment being used to provide or facilitate services for the Government. In accordance with the Federal Acquisitions Regulations (FAR) clause 52.239-1, the contractor shall be responsible for the following privacy and security safeguards: (a) The Contractor shall not publish or disclose in any manner, without the Contracting Officer's written consent, the details of any safeguards either designed or developed by the Contractor under this contract or otherwise provided by the Government. Exception - Disclosure to a Consumer Agency for purposes of C&A verification. (b) To the extent required to carry out a program of inspection to safeguard against threats and hazards to the security, integrity, and confidentiality of Government data, the Contractor shall afford the Government access to the Contractor's facilities, installations, technical capabilities, operations, documentation, records, and databases. (c) If new or unanticipated threats or hazards are discovered by either the Government or the Contractor, or if existing safeguards have ceased to function, the discoverer shall immediately bring the situation to the attention of the other party. If the vendor chooses to run its own automated scans or audits, results from these scans may, at the Government's discretion, be accepted in lieu of Government performed vulnerability scans. In these cases, scanning tools and their configuration shall be approved by the Government. In addition, the results of vendor-conducted scans shall be provided, in full, to the Government. The government will retain unrestricted rights to government data. The government retains ownership of any user created/loaded data and applications hosted on vendor's infrastructure, as well as maintains the right to request full copies of these at any time. The data that is processed and stored by the various applications within the network infrastructure may contain financial data, as well as, PII. This data and PII shall be protected against unauthorized access, disclosure or modification, theft, or destruction. The contractor shall ensure that the facilities that house the network infrastructure are physically secure. Identified gaps between required Fiscal Service and FedRAMP Security Control Baselines and Continuous Monitoring controls, and the contractor's implementation, as documented in the Security Assessment Report, shall be tracked by the contractor for mitigation in a Plan of Action and Milestones (POA&M) document. Depending on the severity of the gaps, the Government may require them to be remediated before an authorization is granted. The contractor is responsible for mitigating all security risks found during SA&A, and continuous monitoring activities. All high-risk vulnerabilities must be mitigated within 30 days and all moderate risk vulnerabilities must be mitigated within 30 days from the date vulnerabilities are formally identified. The Government will determine the risk rating of vulnerabilities. Fiscal Service may choose to cancel the (Contract/award) and terminate any outstanding orders if the contractor has its provisional authorization revoked and/or the deficiencies are greater than agency risk tolerance thresholds. The vendor is advised to review the FedRAMP guidance documents to determine the level of effort that will be necessary to complete the requirements. All FedRAMP documents and templates are available at the FedRAMP website (http://cloud.cio.gov/fedramp). Maintenance of the FedRAMP Provisional Authorization will be through continuous monitoring and periodic audit of the operational controls within a contractor's system, environment, and processes to determine if the security controls in the information system continue to be effective over time in light of changes that occur in the system and environment. Through continuous monitoring, security controls and supporting deliverables are updated and submitted to the FedRAMP PMO as required by FedRAMP Requirements. The submitted deliverables (or lack thereof) provide a current understanding of the security state and risk posture of the information systems. The deliverables will allow the FedRAMP JAB to make credible risk-based decisions regarding the continued operations of the information systems and initiate appropriate responses as needed when changes occur. Contractors will be required to provide updated deliverables and automated data feeds as defined in the FedRAMP Continuous Monitoring Plan. Additional Stipulations: 1. The FedRAMP deliverables shall be labeled "SENSITIVE BUT UNCLASSIFIED" (SBU) or contractor selected designation per document sensitivity. External transmission/dissemination of FOUO and SBU to or from a Government computer must be encrypted. Certified encryption modules must be used in accordance with FIPS PUB 140-2, "Security requirements for Cryptographic Modules." 2. Federal Desktop Core Configuration & US Government Configuration Baseline: The contractor shall certify applications are fully functional and operate correctly as intended on systems using the Federal Desktop Core Configuration (FDCC) and US Government Configuration Baseline (USGCB). The standard installation, operation, maintenance, updates, and/or patching of software shall not alter the configuration settings from the approved FDCC/USGCB configuration. Offerings that require installation should follow OMB memorandum 07-18. Applications designed for normal end users shall run in the standard user context without elevated system administration privileges. The contractor shall use Security Content Automation Protocol (SCAP) validated tools with FDCC/USGCB Scanner capability to certify their products operate correctly with FDCC/USGCB configurations and do not alter FDCC/USGCB settings. 3. As prescribed in the Federal Acquisition Regulation (FAR) Part 24.104, if the system involves the design, development, or operation of a system of records on individuals, the contractor shall implement requirements in FAR clause 52.224-1, "Privacy Act Notification" and FAR clause 52.224-2, "Privacy Act." 4. The contractor shall cooperate in good faith in defining non-disclosure agreements that other third parties must sign when acting as the Federal government's agent. 7 Bureau of the Fiscal Service (Fiscal Service) Personnel Security and Suitability Requirements for Contractors and Subcontractors 7.1 GENERAL The Fiscal Service has determined that performance of this contract requires that the Contractor, subcontractor(s), and vendor(s) (herein known as Contractor), does not requires access to Sensitive but Unclassified (SBU) information (herein known as unclassified information) and the contract was evaluated as: "Limited Risk" All contractor personnel will be a U.S. citizen 8 Quotation Instructions 8.1 READING ROOM FOR SECURITY CONTROL REVIEW Prior to proposal submission, the offeror may schedule an appointment to review documentation for the security control requirements. Due to the security sensitive nature of this documentation, the Fiscal Service will not release this information as part of a Request for Proposals or other equivalent document. Appointments will be made for review of security control requirements documentation. Appointments will be scheduled for two (2) hour blocks based on Fiscal Service's representatives availability. Documentation reviews will be conducted in Hyattsville, MD in Treasury offices. To schedule a security control requirements documentation review, the offeror shall contact the Procurement Office at Purchasing@fiscal.treasury.gov Attn: ES/BW RFQ-ISS-34300204-204-15-024 before 4:00 PM Eastern Time on October 1, 2015 to schedule an appointment. The offeror shall be permitted to send a maximum of three (3) staff to review documentation. The offeror's staff performing documentation review shall be U.S. Citizens. The offeror shall provide the Fiscal Service with the full name, for each staff member the offeror plans to send to review documentation. A signed Fiscal Service Security Controls Rules of Behavior Agreement and a signed Non-disclosure Agreement is required prior to the review. This information shall be provided to SPRMB@Fiscal.Treasury.Gov prior to 1:00 PM Eastern Time at least five (5) Government business days prior to scheduled appointment. The offeror's staff members who have not supplied the requested information will not be permitted to review security control requirements documentation. The offeror's staff shall present a photo ID issued by a federal or state government organization when they arrive to review documentation. The name on the photo ID must match the name previously provided to Fiscal Service. The offeror staff will be escorted and will not be permitted to remove copies of any documentation. The offeror shall provide Fiscal Service with the full name, for each staff member, subcontractor, or others whom the offeror intends to grant access to information about security control requirements; the offeror shall provide this information to Fiscal Service at least five (5) Government business days prior to scheduled reading room access appointment. All persons provided access to information about security control requirements by offeror shall be US citizens. The offeror shall not permit any individuals of whom Fiscal Service does not approve to have access to security control requirements information. If the offeror intends to send staff with portable electronic devices (PEDs), the offeror shall provide Fiscal Service with the name of the encryption software product and the version number of the software at the time appointments are scheduled -- before 4:00 PM Eastern Time at least five (5) Government business days prior to scheduled reading room access appointment. Fiscal Service will not permit notes about security control requirements to be made using any unencrypted PED. Fiscal Service will confirm FIPS 140-2 validation and inspect PEDs. Should an offeror arrive with a PED that does not have FIPS 140-2 validated full disk encryption software in use, the Fiscal Service will not permit the PED to be used. 8.2 Additional Instructions The offeror shall explain in proposal how the offeror plans to secure Fiscal Service information in accordance with the requirements of this solicitation. The offeror is responsible for the proper handling and protection of Sensitive Information to prevent unauthorized disclosure. The offeror must produce policy documentation The offeror shall explain in proposal their process to support timely compliance with new security requirements and standards imposed by external authorities. If applicable, the offeror shall explain in proposal how the offeror plans on patching and maintaining software, operating systems and device firmware. Demonstrations Offeror demonstrations shall not be conducted using systems containing SBU, PII, or other sensitive information. For Cloud based systems or services being proposed, the offeror shall explain the following in proposal: What is the Cloud provider's deployment model (Public / Private)? What is the Cloud provider's service model (SaaS, PaaS, IaaS)? Has the Cloud provider been assessed for FISMA compliance? If so, at what FIPS 199 level? Has the cloud provider been granted a FedRAMP provisional or agency ATO for the systems or services being proposed? If so, please provide the package reference. If not, please indicate current status in relation to FedRAMP. Does the Cloud provider provide non-negotiable or negotiable SLAs? Does the Cloud provider adhere to mandatory Federal Laws and Regulations (Clinger-Cohen, OMB A-130, Privacy Act, E-Gov, FISMA, NARA, FOIA, etc.)? Are the Cloud provider's data centers and staff work locations where Fiscal Service work will be performed, or where any Fiscal Service data may be stored, processed or accessed, all located within the United States? Does the Cloud provider allow visibility into the security controls and processes? How does cloud provider address Treasury and Fiscal Service specific security control requirements found in the Fiscal Service Baseline Security Requirements? Does the Cloud provider grant access to logs to meet audit, incident response, and records management requirements? How will Identity and Access Management adhere to Treasury requirements? What data protection measures are followed (isolation, secured at rest/transit/in use, sanitization)? What are the Cloud provider's Incident Response procedures? Are the Cloud provider's employees who operate or have access to Fiscal Service information and the equipment processing and storing Fiscal Service information all U.S. Citizens? Does the Cloud provider rely on infrastructure or services from another cloud provider? If so, was the infrastructure and services from the other cloud provider included in the scope of the 3PAO security assessment? DEPARTMENT OF THE TREASURY BUREAU OF THE PUBLIC DEBT DATE: January 23, 2006 SUBJECT: Department of the Treasury (Treasury), Bureau of the Public Debt (Public Debt) Information Technology (IT) Security Rules of Behavior. PURPOSE: Pursuant to Treasury Directive 85-01, these rules ensure that "Public Debt IT system users" (USERS) are made aware of their security responsibilities before accessing Public Debt's IT resources. All USERS are required to read and sign these rules acknowledging their responsibilities in protecting Public Debt's IT systems and data. Noncompliance with these rules may result in termination of access privileges, administrative actions, and/or criminal prosecution if warranted. SCOPE: This standard is applicable to all USERS who access IT systems where Public Debt information is processed, transmitted, and stored. For the purpose of this document, USERS are defined as employees, contractors, FRB staff, or others who are granted access to Public Debt operated IT systems for performing work. At Public Debt's discretion, individuals who have access to Public Debt IT systems may not be considered USERS under this definition and as such may not be required to sign these Rules of Behavior. In addition to the rules and requirements contained within this document, USERS should note that other federal laws and regulations apply when accessing Public Debt IT resources (i.e., licensing agreements and copyright laws), but are considered outside the scope of this document. RULES OF BEHAVIOR: USERS MUST: ACCESS: • Not read, alter, insert, copy, or delete any Public Debt data except in accordance with assigned job responsibilities. Ability to access data does not equate to authority to manipulate data. In particular, USERS must not browse or search Public Debt data except in the performance of authorized duties. • Notify their Supervisor when access to IT resources is no longer required, and make no further attempts to access the resources. • Protect Public Debt IT systems and networks. Dial-in or other remote access to Public Debt systems and networks is prohibited, unless specifically authorized in a manner approved by the Network Security Officer (NSO). ACTIONS: • Not attempt to circumvent any Public Debt IT security control mechanisms. Reverse engineering or tampering with IT resources is prohibited. • Protect Public Debt equipment, software, and data from loss, theft, damage, and unauthorized use or disclosure. • Protect the confidentiality, integrity, and availability of all information. • Not view, send, retain, or reproduce content that is fraudulent, harassing, or obscene in nature. AWARENESS: • Understand that the use of Public Debt IT resources gives consent for monitoring and security testing to ensure proper security procedures and appropriate usage are being observed. • Complete IT security awareness, training, and education as required by Treasury and Public Debt policies. • Become knowledgeable about Public Debt IT policies and standards. As systems change, USERS are required to seek additional information from sources such as their Information System Security Representative (ISSR), the Information System Security Officer (ISSO) for specific systems, the Public Debt Information Technology Security Manual (ITSM), or the IT Security Zone on PDWeb in order to ensure current policies and procedures are followed. EMAIL: • Not access any external (non-Public Debt) email account from any Public Debt IT resource, except where the Network Security Officer (NSO) has approved a written request from the Division Director or higher level supervisor of the requestor. • Not subscribe to email lists that generate incoming non-work-related email such as "joke of the day" or "recipe of the day." Work related email newsletters are permitted. EQUIPMENT & SOFTWARE: • Understand that any unauthorized use of government owned or non-government owned hardware or software on any Public Debt IT resource (network, workstation, laptop, wireless devices, etc.) is prohibited. If the use of non-standard items is necessary, a written request from the Division Director or higher level management official must be approved by the Network Security Officer (NSO) before such items are used on Public Debt IT resources. • Report improper or suspicious use of Public Debt equipment (viruses, unauthorized access, theft, inappropriate use, etc.) and any known or suspected breaches of IT security to their supervisor and the Public Debt IT Service Desk at 304-480-7777 immediately after discovery of the occurrence. • Not use Public Debt IT resources (including but not limited to email, fax machines, and copiers) to produce chain letters. • Comply with guidance on limited personal use of Government office equipment. PASSWORDS: • Follow proper logon/logoff procedures: don't divulge account access procedures to any unauthorized user, don't disclose password to other people, don't allow someone else to watch as USERS enter passwords to logon, and logoff of systems. • Understand and follow the rules and recommendations for password protection as stated in the Public Debt IT Security Manual (Chapter 6) and the Department of the Treasury Security Program TD P 85-01 (5.1.1) and agree to use only the User-ID for which they are authorized. ACCEPTANCE I agree to follow the Public Debt information technology (IT) Security Rules of Behavior. By signing this Acceptance, I acknowledge that I have read and am aware of the security rules and regulations contained in this document. I understand that violation of these rules may be grounds for administrative and/or disciplinary action by Public Debt and may result in, actions up to and including, termination of employment or prosecution under federal law. User's Name: (printed) User's Name: (signed) Date: Bureau of the Fiscal Service Conditional Access to Sensitive but Unclassified Information Non-Disclosure Agreement I, ____________________________, hereby consent to the terms in this Agreement in consideration of my being granted conditional access to certain United States Government documents or material containing sensitive but unclassified information. I understand and agree to the following terms and conditions: 1. By being granted conditional access to sensitive but unclassified information, the United States Government has placed special confidence and trust in me and I am obligated to protect this information from unauthorized disclosure, in accordance with the terms of this Agreement. 2. As used in the Agreement, sensitive but unclassified information is any information the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of Federal programs, or the privacy to which individuals are entitled under Title 5 U.S.C. 522a, but which has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept secret in the interest of national defense or foreign policy. 3. I am being granted conditional access contingent upon my execution of this Agreement for the sole purpose of RMG Networks Symoncare Licenses & Maintenance. This approval will permit me conditional access to certain information, and/or to attend meetings in which such information is discussed or otherwise made available to me. 4. I will never divulge any sensitive but unclassified information that is provided to me pursuant to this Agreement to anyone unless I have been advised in writing by Bureau of the Fiscal Service or in the case of bureau sensitive but unclassified information released to the Office of Inspector General (OIG) or Treasury Inspector General for Tax Administration (TIGTA), in accordance with a written arrangement related to the official audit/investigative functions of the OIG or TIGTA for that particular matter). Should I desire to make use of any sensitive but unclassified information, I will do so in accordance with paragraph 6 of this Agreement. I will submit to Bureau of the Fiscal Service for security review, prior to any submissions for publication, any book, article, column or other written work for general publication that is based upon any knowledge I obtained during the course of my work on      to ensure that no Bureau of the Fiscal Service sensitive but unclassified information is disclosed. 5. I hereby assign to the United States Government all royalties, remunerations, and emoluments that have resulted, will result or may result from any disclosure, publication, or revelation of sensitive but unclassified information not consistent with the terms of this Agreement. 6. Upon signing this non-disclosure agreement, I will be permitted access to official Bureau of the Fiscal Service documents containing sensitive but unclassified information and understand that any copies shall be protected in the same manner as the originals. Any notes taken during the course of such access shall also be protected in the same manner as the originals. 7. If I violate the terms and conditions of this Agreement, I understand that the unauthorized disclosure of sensitive but unclassified information could compromise Bureau of the Fiscal Service security. 8. If I violate the terms and conditions of this Agreement, such violation may result in the cancellation of my conditional access to sensitive but unclassified information. This may serve as a basis for my being denied conditional access to Bureau of the Fiscal Service or other Treasury bureaus' information, both classified and sensitive but unclassified information in the future. If I violate the terms and conditions of this Agreement, the United States may institute a civil action for damages or any other appropriate relief. The willful disclosure of information to which I have agreed herein not to divulge may constitute a criminal offense. 9. Unless and until I am provided a written release by Bureau of the Fiscal Service from this Agreement or any portions of it, all conditions and obligations contained in this Agreement apply both during my period of conditional access, which shall terminate at the conclusion of my work, and at all times thereafter. 10. Each provision of this Agreement is severable. If a court should find any provisions of this Agreement unenforceable, all other provisions shall remain in full force and effect. 11. I understand that the United States Government may seek any remedy available to it to enforce this Agreement, including, but not limited to, application for a court order prohibiting disclosure of information in breach of this Agreement. 12. By granting me conditional access to information in this context, the United States Government does not waive any statutory or common law evidentiary privileges or protections that it may assert in any administrative or court proceeding to protect any sensitive but unclassified information to which I have been given conditional access under the terms of this Agreement. 13. These restrictions are consistent with and do not supersede, conflict with or otherwise alter the employee obligations, rights or liabilities created by Executive Order 12958, as amended; Section 7211 of Title 5, United States Code (governing disclosures to Congress); Section 1034 of Title 10, United States Code, as amended by the Military Whistleblower Protection Act (governing disclosure to Congress by members of the military); Section 2302(b)(8) of Title 5, United States Code, as amended by the Whistleblower Protection Act (governing disclosures of illegality, waste, fraud, abuse or public health or safety threats); the Intelligence Identities Protection Act of 1982 (50 USC 421 et seq.)(governing disclosures that could expose confidential Government agents), and the statutes that protect against disclosure that may compromise the national security, including Sections 641, 793, 794, 798, and 952 of Title 128, United States Code, and Section 4(b) of the Subversive Activities Act of 1950 (50 USC Section 783 (b)). The definitions, requirements, obligations, rights, sanctions and liabilities created by said Executive Order and listed statutes are incorporated into this Agreement and are controlling. 14. My execution of this Agreement shall not nullify or effect in any manner any other secrecy or nondisclosure Agreement which I have executed or may execute with the United States Government except within the Department of the Treasury as noted in item 8, above. 15. I make this Agreement in good faith, without mental reservation or purpose of evasion. _______________________________ _______________________ Name and Date _______________________________ Signature This Agreement was accepted by the undersigned on behalf of Bureau of the Fiscal Service as a prior condition on conditional access to sensitive but unclassified information. Further release to any other third party requires execution of a nondisclosure agreement. When information is shared with the Office of Inspector General or the Treasury Inspector General for Tax Administration, for official audit/investigative purposes, the following statement shall be added below the signature line. "This Agreement was accepted by the undersigned on behalf of Bureau of the Fiscal Service and (the Office of Inspector General or Treasury Inspector General for Tax Administration, as applicable) for conditional access to sensitive but unclassified information. Further release and dissemination of Bureau of the Fiscal Service sensitive but unclassified information under this non-disclosure agreement shall be in accordance with a written arrangement related to the official audit/investigative functions of the OIG or TIGTA for that particular matter. Further release to any other third party requires execution of a nondisclosure agreement." _______________________________ _______________________ Bureau of the Fiscal Service Official and Date _______________________________ _______________________ (When applicable OIG or TIGTA signatory) and Date Bureau of the Fiscal Service Security Controls Rules of Behavior Agreement I, ____________________________, hereby consent to the terms in this Agreement in consideration of my being granted conditional access to certain United States Government documents or material containing sensitive but unclassified information. I understand and agree to the following terms and conditions: Upon signing this Security Controls Rules of Behavior and a Non-Disclosure Agreement, I will be permitted access to official Bureau of the Fiscal Service documents containing sensitive but unclassified information related to security controls and understand that no copies may be made from the originals. Any notes I take during the course of such access shall be provided to Fiscal Service for review prior to my departure. I shall not allow any individuals access to security control requirements information without Fiscal Service's approval and the individual's signed ‘Security Controls Rules of Behavior' (this information includes notes Fiscal Service permits to leave the controlled Reading Room appointment area along with notes and working papers created after the review appointment) If I take any notes during the security control requirement documentation review using a portable electronic device (PED), such as but not limited to a laptop computer, the PED shall have FIPS 140-2 validated full disk encryption in use. At no time will I transmit, transport, process, or store information about security control requirements in any location located outside of the United States. I will return all paper copies of any notes about the security control requirements, including notes and working papers created after the security control requirement documentation review appointment, to Fiscal Service with my proposal or when I determine a proposal will not be submitted. I will destroy all electronic copies of any notes relating to security control requirements in accordance with NIST SP 800-12 and NIST SP 800-88. I will include in my proposal a notice to the Fiscal Service attesting to such file destruction; should I not make a proposal, I will send notice to the Fiscal Service attesting to the destruction of the files. I make this Agreement in good faith, without mental reservation or purpose of evasion. _______________________________ Printed Name _______________________________ _______________________ Signature Date
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/TREAS/BPD/DP/RFQ-ISS-34300204-15-024/listing.html)
- Place of Performance
- Address: Parkersburg, WV and Minneapolis, MN, United States
- Record
- SN03910051-W 20151002/150930235936-523eadc909a144a75901f4374d81ea31 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |