Combine Solicitation – CCTV Ethernet
Notice Type: Combine Solicitation
Posted Date:
Office Address:
Subject: CCTV Ethernet
Classification Code: 60 - Fiber optics materials, components, assemblies & accessories
Solicitation Number: HSTS05-16-Q-HNL001
Contact:
Setaside: Total Small BusinessTotal Small Business
Place of Performance (address):
Place of Performance (zipcode): 69819
Place of Performance Country: US
Description:
Headquarters
1.0 General Requirement Information This is a Combined Synopsis/Solicitation for commercial items prepared in accordance with the information in FAR Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; firm fixed price quotes are being requested and a written solicitation will not be issued. HSTS05-16-Q-HNL001 is issued as a Request for Quote. This solicitation documents and incorporates provisions and clauses in effect through FAC 2005-85-1. This is a total small business set aside. The NAICS code is 517110 with a business size standard of 1500. The anticipated period of performance is one base year followed by an Option Year. The Government anticipates awarding a firm fixed price purchase order. 2.0 Description of Service TSA-HNL requires monthly connectivity service for CCTV-Ethernet transport with RJ-45 handoff. The contractor shall provide a minimum 3Mbps connectivity for the data lines. The connectivity shall support the CCTV real time coverage continuously. All services, hardware and/or software provided under this purchase order must be compliant with
Accessibility Requirements (Section 508) Section 508 of the Rehabilitation Act, as amended by the Workforce Investment Act of 1998 (P.L. 105-220) requires that when Federal agencies develop, procure, maintain, or use electronic and information technology (EIT), they must ensure that it is accessible to people with disabilities. Federal employees and members of the public who have disabilities must have equal access to and use of information and data that is comparable to that enjoyed by non-disabled Federal employees and members of the public. All EIT deliverables within this work statement shall comply with the applicable technical and functional performance criteria of Section 508 unless exempt. Specifically, the following applicable EIT accessibility standards have been identified: Section 508 Applicable EIT Accessibility Standards 36 CFR 1194.21 Software Applications and Operating Systems, applies to all EIT software applications and operating systems procured or developed under this work statement including but not limited to GOTS and COTS software. In addition, this standard is to be applied to Web-based applications when needed to fulfill the functional performance criteria. This standard also applies to some Web based applications as described within 36 CFR 1194.22. 36 CFR 1194.22 Web-based Intranet and Internet Information and Applications, applies to all Web-based deliverables, including documentation and reports procured or developed under this work statement. When any Web application uses a dynamic (non-static) interface, embeds custom user control(s), embeds video or multimedia, uses proprietary or technical approaches such as, but not limited to, Flash or Asynchronous Javascript and XML (AJAX) then 1194.21 Software standards also apply to fulfill functional performance criteria. 36 CFR 1194.24 Video and Multimedia Products, applies to all video and multimedia products that are procured or developed under this work statement. Any video or multimedia presentation shall also comply with the software standards (1194.21) when the presentation is through the use of a Web or Software application interface having user controls available. 36 CFR 1194.31 Functional Performance Criteria, applies to all EIT deliverables regardless of delivery method. All EIT deliverable shall use technical standards, regardless of technology, to fulfill the functional performance criteria. 36 CFR 1194.41 Information Documentation and Support, applies to all documents, reports, as well as help and support services. To ensure that documents and reports fulfill the required 1194.31 Functional Performance Criteria, they shall comply with the technical standard associated with Web-based Intranet and Internet Information and Applications at a minimum. In addition, any help or support provided in this work statement that offer telephone support, such as, but not limited to, a help desk shall have the ability to transmit and receive messages using TTY. Section 508 Applicable Exceptions Exceptions for this work statement have been determined by
iv. All solution architectures and services (Application, System, Network, Security, Information, etc.) shall be reviewed and approved by TSA EA as part of the TSA SELC review process and in accordance with all applicable
v. All IT hardware and software shall be compliant with the
iii. All
Sensitive Information Required Special Contract Terms (
(a) Applicability. This clause applies to [ENTITY NAME], its subcontractors, and Contractor employees (hereafter referred to collectively as "Contractor"). The Contractor shall insert the substance of this clause in all subcontracts.
(b) Definitions. As used in this clause- "Personally Identifiable Information (PII)" means information that can be used to distinguish or trace an individual's identity, such as name, social security number, or biometric records, either alone, or when combined with other personal or identifying information that is linked or linkable to a specific individual, such as date and place of birth, or mother's maiden name. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. In performing this assessment, it is important for an agency to recognize that non-personally identifiable information can become personally identifiable information whenever additional information is made publicly available-in any medium and from any source-that, combined with other available information, could be used to identify an individual.
PII is a subset of sensitive information. Examples of PII include, but are not limited to: name, date of birth, mailing address, telephone number,
"Sensitive Information" is defined in HSAR clause 3052.204-71, Contractor Employee Access, as any information, which if lost, misused, disclosed, or, without authorization is accessed, or modified, could adversely affect the national or homeland security interest, the conduct of Federal programs, or the privacy to which individuals are entitled under section 552a of Title 5, United States Code (the Privacy Act), but which has not been specifically authorized under criteria established by an Executive Order or an Act of
(1) Protected Critical Infrastructure Information (PCII) as set out in the Critical Infrastructure Information Act of 2002 (Title II, Subtitle B, of the Homeland Security Act, Public Law 107-296, 196 Stat. 2135), as amended, the implementing regulations thereto (Title 6, Code of Federal Regulations, Part 29) as amended, the applicable PCII Procedures Manual, as amended, and any supplementary guidance officially communicated by an authorized official of the
(2) Sensitive Security Information (SSI), as defined in Title 49, Code of Federal Regulations, Part 1520, as amended, "Policies and Procedures of Safeguarding and Control of SSI," as amended, and any supplementary guidance officially communicated by an authorized official of the
(3) Information designated as "For Official Use Only," which is unclassified information of a sensitive nature and the unauthorized disclosure of which could adversely impact a person's privacy or welfare, the conduct of Federal programs, or other programs or operations essential to the national or homeland security interest; and
(4) Any information that is designated "sensitive" or subject to other controls, safeguards or protections in accordance with subsequently adopted homeland security information handling procedures.
"Sensitive Information Incident" is an incident that includes the known, potential, or suspected exposure, loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or unauthorized access or attempted access of any Government system, Contractor system, or sensitive information.
"Sensitive Personally Identifiable Information (SPII)"a subset of PII, which if lost, compromised or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Some forms of PII are sensitive as stand-alone elements. Examples of such PII include:
(1) Truncated SSN (such as last 4 digits) (2) Date of birth (month, day, and year) (3) Citizenship or immigration status (4) Ethnic or religious affiliation (5) Sexual orientation (6) Criminal History (7) Medical Information (8) System authentication information such as mother's maiden name, account passwords or personal identification numbers (PIN)
Other PII may be "sensitive" depending on its context, such as a list of employees and their performance ratings or an unlisted home address or phone number. In contrast, a business card or public telephone directory of agency employees contains PII but is not sensitive.
(c) Authorities. The Contractor shall follow all current versions of Government policies and guidance accessible at http://www.dhs.gov/dhs-security-and-training-requirements-contractors, or available upon request from the Contracting Officer, including but not limited to:
(1) DHS Management Directive 11042.1 Safeguarding Sensitive But Unclassified (for Official Use Only) Information (2) DHS Sensitive Systems Policy Directive 4300A (3)
(1)
(2) The Contractor shall not use or redistribute any sensitive information processed, stored, and/or transmitted by the Contractor except as specified in the contract.
(3) All Contractor employees with access to sensitive information shall execute DHS Form 11000-6,
(4) The Contractor's invoicing, billing, and other recordkeeping systems maintained to support financial or other administrative functions shall not maintain SPII. It is acceptable to maintain in these systems the names, titles and contact information for the COR or other Government personnel associated with the administration of the contract, as needed.
(e) Authority to Operate. The Contractor shall not input, store, process, output, and/or transmit sensitive information within a Contractor IT system without an Authority to Operate (ATO) signed by the Headquarters or Component CIO, or designee, in consultation with the Headquarters or Component Privacy Officer. Unless otherwise specified in the ATO letter, the ATO is valid for three (3) years. The Contractor shall adhere to current Government policies, procedures, and guidance for the Security Authorization (SA) process as defined below.
(1) Complete the Security Authorization process. The SA process shall proceed according to the DHS Sensitive Systems Policy Directive 4300A (Version 11.0,
(2) Renewal of ATO. Unless otherwise specified in the ATO letter, the ATO shall be renewed every three (3) years. The Contractor is required to update its SA package as part of the ATO renewal process. The Contractor shall update its SA package by one of the following methods: (1) Updating the SA documentation in the
(3) Security Review. The Government may elect to conduct random periodic reviews to ensure that the security requirements contained in this contract are being implemented and enforced. The Contractor shall afford
(4) Continuous Monitoring. All Contractor-operated systems that input, store, process, output, and/or transmit sensitive information shall meet or exceed the continuous monitoring requirements identified in the Fiscal Year 2014 DHS Information Security Performance Plan, or successor publication. The plan is updated on an annual basis. The Contractor shall also store monthly continuous monitoring data at its location for a period not less than one year from the date the data is created. The data shall be encrypted in accordance with FIPS 140-2 Security Requirements for Cryptographic Modules and shall not be stored on systems that are shared with other commercial or Government entities. The Government may elect to perform continuous monitoring and IT security scanning of Contractor systems from Government tools and infrastructure.
(5) Revocation of ATO. In the event of a sensitive information incident, the Government may suspend or revoke an existing ATO (either in part or in whole). If an ATO is suspended or revoked in accordance with this provision, the Contracting Officer may direct the Contractor to take additional security measures to secure sensitive information. These measures may include restricting access to sensitive information on the Contractor IT system under this contract. Restricting access may include disconnecting the system processing, storing, or transmitting the sensitive information from the
(6) Federal Reporting Requirements. Contractors operating information systems on behalf of the Government or operating systems containing sensitive information shall comply with Federal reporting requirements. Annual and quarterly data collection will be coordinated by the Government. Contractors shall provide the COR with requested information within three (3) business days of receipt of the request. Reporting requirements are determined by the Government and are defined in the Fiscal Year 2014 DHS Information Security Performance Plan, or successor publication. The Contractor shall provide the Government with all information to fully satisfy Federal reporting requirements for Contractor systems.
(f) Sensitive Information Incident Reporting Requirements.
(1) All known or suspected sensitive information incidents shall be reported to the Headquarters or
(g) Sensitive Information Incident Response Requirements. (1) All determinations related to sensitive information incidents, including response activities, notifications to affected individuals and/or Federal agencies, and related services (e.g., credit monitoring) will be made in writing by the Contracting Officer in consultation with the Headquarters or Component CIO and Headquarters or Component Privacy Officer. (2) The Contractor shall provide full access and cooperation for all activities determined by the Government to be required to ensure an effective incident response, including providing all requested images, log files, and event information to facilitate rapid resolution of sensitive information incidents. (3) Incident response activities determined to be required by the Government may include, but are not limited to, the following: (i) Inspections, (ii) Investigations, (iii) Forensic reviews, and (iv) Data analyses and processing. (4) The Government, at its sole discretion, may obtain the assistance from other Federal agencies and/or third-party firms to aid in incident response activities.
(h) Additional PII and/or SPII Notification Requirements.
(1) The Contractor shall have in place procedures and the capability to notify any individual whose PII resided in the Contractor IT system at the time of the sensitive information incident not later than 5 business days after being directed to notify individuals, unless otherwise approved by the Contracting Officer. The method and content of any notification by the Contractor shall be coordinated with, and subject to prior written approval by the Contracting Officer, in consultation with the Headquarters or Component Privacy Officer, utilizing the DHS Privacy Incident Handling Guidance. The Contractor shall not proceed with notification unless the Contracting Officer, in consultation with the Headquarters or Component Privacy Officer, has determined in writing that notification is appropriate.
(2) Subject to Government analysis of the incident and the terms of its instructions to the Contractor regarding any resulting notification, the notification method may consist of letters to affected individuals sent by first class mail, electronic means, or general public notice, as approved by the Government. Notification may require the Contractor's use of address verification and/or address location services. At a minimum, the notification shall include: (i) A brief description of the incident; (ii) A description of the types of PII and SPII involved; (iii) A statement as to whether the PII or SPII was encrypted or protected by other means; (iv) Steps individuals may take to protect themselves; (v) What the Contractor and/or the Government are doing to investigate the incident, to mitigate the incident, and to protect against any future incidents; and (vi) Information identifying who individuals may contact for additional information. (i) Credit Monitoring Requirements. In the event that a sensitive information incident involves PII or SPII, the Contractor may be required to, as directed by the Contracting Officer: (1) Provide notification to affected individuals as described above; and/or (2) Provide credit monitoring services to individuals whose data was under the control of the Contractor or resided in the Contractor IT system at the time of the sensitive information incident for a period beginning the date of the incident and extending not less than 18 months from the date the individual is notified. Credit monitoring services shall be provided from a company with which the Contractor has no affiliation. At a minimum, credit monitoring services shall include:
(i) Triple credit bureau monitoring; (ii) Daily customer service; (iii) Alerts provided to the individual for changes and fraud; and (iv) Assistance to the individual with enrollment in the services and the use of fraud alerts; and/or (3) Establish a dedicated call center. Call center services shall include: (i) A dedicated telephone number to contact customer service within a fixed period; (ii) Information necessary for registrants/enrollees to access credit reports and credit scores; (iii) Weekly reports on call center volume, issue escalation (i.e., those calls that cannot be handled by call center staff and must be resolved by call center management or
B. General Security Responsibilities for Contract Performance B.1. The Contractor shall ensure that its employees follow all policies and procedures governing physical, environmental, and information security described in the various
C. Configuration Management (hardware/software) C.1. Hardware or software configuration changes shall be in accordance with the DHS Information Security Performance Plan (current year and any updates thereafter), the
D. Risk Management Framework D.1. The Security Authorization and Ongoing Authorization Process in accordance with NIST SP 800-37 and SP 800-137 (current versions) is a requirement for all TSA IT systems, including general support systems (e.g., standard
F. Program Performance F.1. The Contractor shall comply with requests to be audited and provide responses within three business days to requests for data, information, and analysis from the TSA Information Assurance and Cyber Security Division (IAD) and management, as directed by the Contracting Officer. F.2. The Contractor shall provide support during the Information Assurance and Cyber Security Division (IAD) audit activities and efforts. These audit activities may include, but are not limited to the following: requests for system access for penetration testing, vulnerability scanning, incident response and forensic review. F.3. Upon completion of monthly security scans, findings shall be documented and categorized as High, Medium, or Low based on their potential impact to the System IT Security posture. The Contractor shall provide
H. Information Assurance Policy H.1. All services, hardware and/or software provided under this task order must be compliant with
* * TSA MD 1400.3 Information Technology Security * TSA Information Assurance Handbook * TSA Technical Standards * DHS IT Security Architecture Guidance Volumes 1, 2 and 3 *
I. Data Stored/Processed at Contractor Site I.1. Unless otherwise directed by
J. Remote Access J.1. The Contractor remote access connection to
K. Interconnection Security Agreement If the service being supplied requires a connection to a non-
L. SBU Data Privacy and Protection L.1. The contractor must satisfy requirements to work with and safeguard Sensitive Security Information (SSI), and Personally Identifiable Information (PII). All support personnel must understand and rigorously follow
M. Disposition of Government Resources M.1 At the expiration of the contract, the contractor shall return all
N. Special Considerations and Circumstances (if applicable) Security Program Plan N.1 For major agency Information Technology (IT) infrastructure support ranging in the total estimated procurement value (TEPV) of about
Anticipated POP is from
2.1 Requirement Information
The prices shall be detailed in the following pricing table:
CLIN No. Location/Item Monthly Unit price Annual Price 00001 IP data line from
Firm fixed pricing to include all parts, labor, maintenance, fees, permits, applicable taxes to provide service.
3.0Contract Administration Data
3.1 G. 5200.243.001 CONTRACTING OFFICER (CO) (
The Contracting Officer is the only person authorized to make any changes, approve any changes in the requirements of this contract, issue orders, obligate funds and authorize the expenditure of funds, and notwithstanding any term contained elsewhere in this contract, such authority remains vested solely in the Contracting Officer. (For further information, the Contracting Officer is a federal government employee who is specifically authorized and appointed in writing under specified agency procedures and granted the authority to enter into, administer, and/or terminate contracts and make related determinations and findings.) In the event, the Contractor makes any changes at the direction of any person other than the Contracting Officer, the change will be considered to have been without authority and no adjustment will be made in the contract price to cover any increase in costs incurred as a result thereof. The following Primary Contracting Officer is assigned to this contract. Alternate Contracting Officers may be assigned:
TSA Contracting Officer:
3.2 G.5200.242.003 SUBMISSION OF INVOICES (
"SUBMISSION OF INVOICES"
(a) Background: The
(b) Invoice Submission Method: Invoices may be submitted via facsimile,
1) Facsimile number is: 757-413-7314
The facsimile number listed above shall be used by contractors for ORIGINAL invoice submission only. If facsimile submission is utilized, contractors shall not submit hard copies of invoices via the
2) United States Coast Guard Finance Center TSA Commercial Invoices P.O. Box 4111
([email protected] or www.fincen.uscg.mil)
(c) Invoice Process: Upon receipt of contractor invoices, FinCen will electronically route invoices to the appropriate
Note for discounts offered:
Discounts on invoices. If desired, the Contractor should offer discounts directly upon the invoice submitted, clearly specifying the terms of the discount. Contractors can structure discounted amounts for payment for any time period less than the usual thirty day payment period specified under Prompt Payment requirements; however the Contractor should not structure terms for payment of net amounts invoiced any sooner than the standard period required under FAR Subpart 32.9 regarding prompt payments for the specified deliverables under contract.
Discounts offered after invoice submission. If the Contractor should wish to offer a discount on a specific invoice after its submission for payment, the Contractor should submit a letter to the Finance Center identifying the specific invoice for which a discount is offered and specify the exact terms of the discount offered and what time period the Government should make payment by in order to receive the discount. The Contractor should clearly indicate the contract number, invoice number and date, and the specific terms of the discount offered. Contractors should not structure terms for net amount payments any sooner than the standard period required under FAR Subpart 32.9 regarding prompt payments for the specified deliverables under contract.
(d) Payment Status: Contractors may inquire on the payment status of an invoice by any of the following means:
(1) Via the internet: https://www.fincen.uscg.mil contacting the FinCen Customer Service Section via telephone at 1-800-564-5504 or (757) 523-6940 (Voice Option #1). The hours of operation for the Customer Service line are
(2) Via the Payment Inquiry Form: https://www.fincen.uscg.mil/secure/payment.htm
(e) Invoice Elements: Invoices will automatically be rejected if the information required in subparagraph (a)(2) of the Prompt Payment Clause, contained in this Section of the Contract, including EFT banking information, Taxpayer Identification Number (TIN), and DUNS number are not included in the invoice. All invoices must clearly correlate invoiced amounts to the corresponding contract line item number and funding citation. The Contractor shall work with the Government to mutually refine the format, content and method of delivery for all invoice submissions during the performance of the Contract.
(f) Supplemental Invoice Documentation: Contractors shall submit all supplemental invoice documentation (e.g. copies of subcontractor invoices, travel vouchers, etc.) necessary to approve an invoice along with the original invoice. The Contractor invoice must contain the information stated in the Prompt Payment Clause in order to be received and processed by FinCen. Supplemental invoice documentation required for review and approval of invoices may, at the written direction of the Contracting Officer, be submitted directly to either the Contracting Officer, or the Contracting Officer's Representative. Note for "time-and-material" type contracts: The Contractor must submit the following statement with each invoice for labor hours invoiced under a "time-and-materials" type contract, order, or contract line item: "The Contractor hereby certifies in accordance with paragraph (c) of FAR 52.232-7, that each labor hour has been performed by an employee (prime or subcontractor) who meets the contract's specified requirements for the labor category invoiced."
(g) Additional Invoice Preparation Instructions for Software Development and/or Hardware. The Contractor shall clearly include a separate breakdown (by
(h) Frequency of Invoice Submission. Once monthly in arrears.
4.0 TSA SPECIAL CONTRACT REQUIREMENTS
4.1 H.5200.204.002 PERSONNEL ACCESS (
All Contractor personnel requiring access to
4.2 H.5200.212.001 COMMERCIAL APPLICABILITY (
Information furnished by the Contractor under this contract may be subject to disclosure under the Freedom of Information Act (FOIA). Therefore, all items that are confidential to business, or contain trade secrets, proprietary, or personally-identifiable information must be clearly marked.
Any information made available to the Contractor by the Government must be used only for the purpose of carrying out the requirements of this contract and must not be divulged or made known in any manner to any person except as may be necessary in the performance of the contract.
In performance of this contract, the Contractor assumes responsibility for protection of the confidentiality of Government records and information and must ensure that all work performed by its Subcontractor(s) shall be under the supervision of the Contractor or the Contractor's employees. (End of clause)
4.4 H.5200.228.001 INSURANCE FOR CONTRACTOR PERFORMANCE AT THE AIRPORT (
5.1 L. 5200.233.001 AVAILABILITY OF INTERNAL APPEAL PROCESS PER FAR 33.103 (
In the event of receipt of the Contracting Officer's final decision of an agency-level protest in accordance with Federal Acquisition Regulation 33.103, the offeror is hereby advised that an appeal process is available from within the agency. The Assistant Administrator of the
6.0 Contract Clauses and Provisions
HSAR 3052.209-70 - Prohibition on contracts with corporate expatriates. (
HSAR 3052.215-70 KEY PERSONNEL OR FACILITIES (
HSAR 3052.242-71 Dissemination of contract information. (
The Contractor shall not publish, permit to be published, or distribute for public consumption, any information, oral or written, concerning the results or conclusions made pursuant to the performance of this contract, without the prior written consent of the Contracting Officer. An electronic or printed copy of any material proposed to be published or distributed shall be submitted to the Contracting Officer. (End of clause) FAR. 52.212-5 Contract Terms and Conditions Required to Implement Statutes or Executive Orders-Commercial Items (
FAR 52.212-4 Contract Terms and Conditions - Commercial Items (
7.0 Instructions
General:
This acquisition is being conducted under FAR Part 13, Simplified Acquisition Procedures. Contractors must be registered in the System for Award Management (SAM) prior to award. Registration is free. https://www.SAM.gov.
Questions on Request for Quote (RFQ):
If you have any questions regarding this RFQ, please e-mail the contract specialist at [email protected].
Quotation Submittal Instructions:
Due Date:
Link/URL: https://www.fbo.gov/spg/DHS/TSA/HQTSA/HSTS05-16-Q-HNL001/listing.html
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News