EIS RFP Section F DRAFT



Enterprise Infrastructure Solutions (EIS)ContractSection FDeliveries or PerformanceIssued by:General Services AdministrationOffice of Information Technology Category1800 F St NWWashington, DC 20405November 2017January 2019Table of Contents TOC \h \z \t "Heading 1,1,Heading 2,2,Heading 3,3,Appendix 2,1,Appendix 3,2,Appendix 4,3" F.1FAR 52.252-2 Clauses Incorporated by Reference (FEB 1998) PAGEREF _Toc430013517 \h 1F.2Deliverables PAGEREF _Toc430013518 \h 1F.2.1Table of Deliverables PAGEREF _Toc430013519 \h 1FAR 52.252-2 Clauses Incorporated by Reference (FEB 1998)This contract incorporates one or more FAR clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer (CO) will make their full text available. The full text of a clause may be accessed electronically at this address: far.The clauses below apply at the contract and order levels, as applicable, depending upon the contract type of the order, or as specifically referenced in the applicable order.Clause No.FAR Clause No.Title and DateF.1.152.242-15Stop Work Order (AUG 1989)F.1.252.242-17Government Delay of Work (APR 1984)F.1.352.247-35F.O.B. Destination Within Consignee’sPremises (APR 1984)DeliverablesThe contractor shall ensure that all deliverables meet professional standards and the requirements set forth in the contract. The contractor shall be responsible for delivering all items (as required) in accordance with the Table of Deliverables below: Table of DeliverablesIDRequirement ReferenceDeliverable Description ReferenceDeliverable NameFrequencyDeliver ToB.1.1B.1.1Task Order Pricing TablesInitial: Included at task order (TO) awardUpdate: As neededGSA Systems and agencyB.1.2.9B.1.2.9Price VolumeInitial: With the proposalUpdate: As neededGSA SystemsB.1.3B.1.3Online Catalog Initial: Within 30 days of contract awardUpdate: As neededWebsite – URL to be provided by contractorB.1.3B.1.3Catalog Pricing Tables (Section B)Initial: Included at TO awardUpdate: As neededGSA Systems and agencyC.2.8.4.5.4NIST SP 800-53 R4; PL-2System Security Plan (SSP)Initial: Within 30 days of Notice to Proceed (NTP)Update: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-37 R1Security Assessment Boundary and Scope Document (BSD)Initial: Within 15 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; CA-3Information System Interconnection Security Agreements (ISA)Initial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; AC-1GSA NIST 800-53 R4 Control Tailoring WorkbookInitial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; AC-1GSA NIST SP 800-53 R4 Control Summary TableInitial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; PL-4Rules of Behavior (RoB)Initial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; CM-8System InventoryInitial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; CP-2Contingency Plan (CP)Initial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; CP-4Contingency Plan Test Plan (CPTP)Initial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; CP-4Contingency Plan Test Report (CPTR)Initial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; AR-2, AR-3 and AR-4'Privacy Threshold Assessment (PTA)/Privacy Impact Analysis (PIA)Initial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; CM-9Configuration Management Plan (CMP)Initial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; IR-8Incident Response Plan (IRP)Initial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; IR-3Incident Response Test Report (IPTR)Initial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; SA-12 and NIST SP 800-161Supply Chain Risk Management Plan (SCRM)Initial: With the proposalUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOReservedReservedReservedReservedReservedC.2.8.4.5.4NIST SP 800-53 R4; CA-5Plan of Action and Milestones (POA&M)Initial: With the Security A&A packageUpdate: QuarterlyNote: Critical and High vulnerabilities shall be updated monthlyGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; CA-7 and RA-5Independent internal and external penetration tests and reportsInitial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; SA-11Code Review Report (If applicable)Initial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; CA-2Annual FISMA AssessmentAnnually on the first day of August and when significant changes occurGSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; CM-6SCAP Common Configuration Enumerations (CCE) ReportInitial: With the Security A&A packageUpdate: Monthly (end of month)GSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; CM-8SCAP Common Platform Enumeration (CPE) ReportInitial: With the Security A&A packageUpdate: Monthly (end of month)GSA COR/ISSOC.2.8.4.5.4NIST SP 800-53 R4; CM-8SCAP Common Vulnerabilities and Exposures (CVE)Initial: With the Security A&A packageUpdate: Monthly (end of month)GSA COR/ISSOC.2.9.1.1C.2.9.1.1Site Survey ReportAs neededOCOC.3.3.3C.3.3.3Inventory Summary of All Active ServicesInitial: 3 years prior to contract expirationUpdate: As requested by GSAGSA Transition ManagerC.3.3.3C.3.3.3Inventory Summary of Agency’s Active ServicesInitial: 3 years prior to contract expiration Update: As requested by agencyOCOC.3.3.4C.3.3.4Transition Inventory ReportInitial: 3 years prior to contract expiration Update: Weekly (end of week)GSA Transition ManagerC.3.3.4C.3.3.4Transition Status ReportInitial: 3 years prior to contract expiration Update: Monthly (end of month)GSA Transition ManagerC.4.2C.4.2Voluntary Product Accessibility TemplateInitial: 30 days after NTPUpdate: As neededContractor’s public websiteE.2.1.5.1E.2.1.5.1BSS Verification Test PlanDraft: With proposalUpdate: Final 30 days after NTP; others within 14 days of government requestGSA COReservedReservedReservedReservedReservedE.2.2.6E.2.2.6EIS Services Verification Test PlanInitial: With proposal Update: As neededGSA CORG.3.2.3.1G.3.2.3.1Fair Opportunity Notice of ProtestInitial: Within three business days of protestUpdate: As neededGSA COG.3.3.3.3G.3.3.3.3Task Order Project PlanInitial: TO awardUpdate: Plan changeOCOG.5.5G.5.5BSS Development & Implementation PlanInitial: With proposalUpdate: Plan changeGSA COG.5.5.1G.5.5.1BSS Change Control Notification30 days prior to BSS changes or emergency changesGSA COR/ISSO/ISSM G.5.6.4NIST SP 800-53 R4; CA-5NIST SP 800-53 R4; RA-5Plan of Action and Milestones (POA&M)Vulnerability scanning reports for Operating System, Web Application, and Database scans (as applicable)Initial: With the Security A&A packageUpdate: QuarterlyGSA COR/ISSOG.5.6.4 NIST SP 800-53 R4; PL-2BSS System Security Plan (SSP)Initial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOG.5.6.4 NIST SP 800-37 R1Security Assessment Boundary and Scope Document (BSD)Initial: Within 15 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; CA-3Information System Interconnection Security Agreements (ISA)Initial: With the Security A&A packageUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOG.5.6.4 NIST SP 800-53 R4; AC-1GSA NIST 800-53 R4 Control Tailoring WorkbookInitial: With the Security A&A packageUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOG.5.6.4 NIST SP 800-53 R4; AC-1GSA NIST SP 800-53 R4 Control Summary TableInitial: With the Security A&A packageUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOG.5.6.4 NIST SP 800-53 R4; PL-4Rules of Behavior (RoB)Initial: With the Security A&A packageUpdate: Annually from contract award and when significant changes occur.GSA COR/ISSOG.5.6.4NIST SP 800-53 R4; CM-8System InventoryInitial: With the Security A&A packageUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; CP-2Contingency Plan (CP)Initial: With the Security A&A packageUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; CP-4Contingency Plan Test Plan (CPTP)Initial: With the Security A&A packageUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; CP-4Contingency Plan Test Report (CPTR)Initial: With the Security A&A packageUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; AR-2, AR-3 and AR-4'Privacy Threshold Assessment (PTA)/Privacy Impact Analysis (PIA)Initial: With the Security A&A packageUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; CM-9Configuration Management Plan (CMP)Initial: With the Security A&A packageUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; IR-8Incident Response Plan (IRP)Initial: With the Security A&A packageUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; IR-3Incident Response Test Report (IRTR)Initial: With the Security A&A packageUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOReservedReservedReservedReservedReservedG.5.6.4NIST SP 800-53 R4; CA-7 and RA-5Independent internal and external penetration tests and reportsInitial: Within 30 days of NTPUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; SA-11Code Review Report (If applicable)Initial: Prior to placing the information system into productionUpdate: Annually from contract award and when significant changes occurGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; CA-2Annual FISMA Assessment'Annually on the first day of August and when significant changes occurGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; AC-1Access Control Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; AT-1Security Awareness and Training Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; AU-1Audit and Accountability Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; CA-1Security Assessment and Authorization Policies and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; CM-1Configuration and Management Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; CP-1Contingency Planning Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; IA-1Identification and Authentication Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; IR-1Incident Response Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; MA-1System Maintenance Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; MP-1Media Protection Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; PE-1Physical and Environmental Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; PL-1Security Planning Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; PS-1Personnel Security Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; RA-1Risk Assessment Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; SA-1Systems and Services Acquisition Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; SC-1System and Communication Protection Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.5.6.4NIST SP 800-53 R4; SI-1System and Information Integrity Policy and ProceduresInitial: Reviewed during Security A&AUpdate: Biennially from contract awardGSA COR/ISSOG.6.3.1G.6.3.1Supply Chain Risk Management (SCRM) PlanInitial: With proposalUpdate: Annually from contract awardCO/CORG.9.3G.9.3 Contractor Points of Contact List Initial: 30 days after NTPUpdate: As neededContractor’s public websiteG.9.4G.9.4Program Management Plan (PMP)Initial: With proposalUpdate: As neededGSA COG.9.5G.9.5Financial Status ReportInitial: 30 days after NTP;Update: 15th of each subsequent monthGSA PMOG.9.6.1G.9.6.1Quarterly Program Status ReportsInitial: 90 days after NTPUpdate: Quarterly (One business day prior to each Quarterly Meeting)GSA COG.10G.10Customer Training PlanDraft: With proposalUpdate: 15 days after government reviewGSA CORG.11G.11NS/EP Functional Requirements Implementation Plan Initial: With proposalUpdate: Annually from contract awardGSA CORG.12.1G.12.1Corporate Climate Risk Management PlansInitial: With proposal Update: As neededGSA CO, OCOG.12.2.1G.12.2.1Climate Change Adaptation, Sustainability, and Green Initiatives ReportInitial: By awardUpdate: Annually from contract awardGSA CO, GSA COR, OCOG.12.2.3G.12.2.3Power Utilization Efficiencies (PUE) ReportInitial: Task Order from ProposalUpdate: AnnuallyOCOH.7.3H.7.3Three Largest Comparable Multi-Service Contracts per Service30 days after request GSA CORH.7.3H.7.3Three Largest Comparable Single-Service Contracts per Service30 days after requestGSA CORH.9H.9Redacted ContractInitial: 30 days after awardUpdate: Post - No later than the 12th day of each month to reflect all contract mods from previous monthProvide: to GSA CO no later than 7 daysContractor’s public website (for posting redacted contract and mods);GSA CO (if requested) H.10.2H.10.2 Key Personnel Initial: With proposalUpdate: Within 15 days of change or 30 days if clearance to be obtainedGSA COH.10.3H.10.3Organizational StructureInitial: With proposalUpdate: Within 30 calendar days of changeGSA COH.14H.14State and Local TaxesReport semi-annually from the date of the NTP. Request to add new taxes 30 days prior to inclusion on an invoiceGSA CO H.23H.23Fees and SurchargesReport semi-annually from the date of the NTP. Request to add new fees and surcharges 30 days prior to inclusion on an invoiceGSA COH.25H.25Service Trials NotificationPrior to initiation of any trial program with the agencyGSA CO and OCOH.25H.25Service Trial Status ReportMonthly (first business day) until completion of each trialOCOH.33H.33ESI requests/searchesWithin 15 days of written requestGSA CO or OCOH.34H.34Tariff FilingsInitial: Within 60 days of NTPUpdate: New and/or revisions to existing tariffs at least 10 days in advance of intended filing dateGSA COH.36H.36Monitoring Information and eSRS ReportingMonitoring information and eSRS reporting April 30 and October 30 each year after NTPGSA COH.38H.38Force Majeure NotificationWithin 10 days of the cause that the contractor cites for Force MajeureOCOJ.2.3J.2.3.2J.2.10.2.3.1TO CLINs AwardedInitial: At TO awardUpdate: As requiredGSA SystemsJ.2.3J.2.3.2J.2.10.2.3.4TO Jurisdictions Awarded by ServiceInitial: At TO awardUpdate: As requiredGSA SystemsJ.2.3J.2.3.2J.2.10.2.3.7TO OfficialsInitial: At TO awardUpdate: As requiredGSA SystemsJ.2.3J.2.3.2J.2.10.2.3.2TO Customer Requirements Document SetInitial: At TO awardUpdate: As requiredGSA SystemsJ.2.3J.2.3.2J.2.10.2.3.3TO FinancialsInitial: At TO awardUpdate: As requiredGSA SystemsJ.2.3J.2.3.2J.2.10.2.3.5TO Key Performance IndicatorsInitial: At TO awardUpdate: As requiredGSA SystemsJ.2.3J.2.3.2J.2.10.2.3.6TO Locations Awarded by ServiceInitial: At TO awardUpdate: As requiredGSA SystemsJ.2.3J.2.3.2J.2.10.2.3.8TO Service AwardedInitial: At TO awardUpdate: As requiredGSA SystemsJ.2.3J.2.3.2J.2.10.2.1.8Direct Billed Agency Setup (DBAS)Initial: At TO awardUpdate: As requiredGSA ConexusReservedReservedReservedReservedReservedJ.2.4J.2.4.2J.2.10.2.1.16Service Order Acknowledgement (SOA)NLT one (1) business day after Service Order (SO)GSA Conexus and agency CORJ.2.4J.2.4.2J.2.10.2.1.20Service Order Rejection Notice (SORN)NLT 5 days after SOGSA Conexus and agency CORJ.2.4J.2.4.2J.2.10.2.1.19Service Order Confirmation (SOC)NLT 5 days after SOGSA Conexus and agency CORJ.2.4J.2.4.2J.2.10.2.1.11Firm Order Commitment Notice (FOCN)Local access subcontractor required: Within one (1) business day of receiving FOC dateLocal access subcontractor not required: NLT the earlier of:5 days after SOC, or10 days before the FOC dateGSA Conexus and agency CORJ.2.4J.2.4.2J.2.10.2.1.18Service Order Completion Notice (SOCN)NLT 3 days after service is installed and testedGSA Conexus and agency CORJ.2.4J.2.4.2J.2.10.2.1.17Service Order Administrative Change (SOAC)NLT 7 days after Administrative Change OrderGSA Conexus and agency CORJ.2.4J.2.4.2J.2.10.2.1.21Service State Change Notice (SSCN)Cloud Services:Within 24 hours of state change.All other services:NLT 5 business days prior to submission of associated BI GSA Conexus and agency CORJ.2.5J.2.5.2J.2.10.2.1.5Billing Invoice (BI)Monthly, NLT 15th business dayGSA Conexus and agency CORJ.2.5J.2.5.2J.2.10.2.1.24Tax DetailMonthly, NLT 15th business dayGSA Conexus and agency CORJ.2.5J.2.5.2J.2.10.2.1.2AGF DetailMonthly, NLT 15th business dayGSA Conexus J.2.5J.2.5.2J.2.10.2.1.3AGF Electronic Funds Transfer Report (ATR)Monthly, NLT 15th business dayGSA Conexus J.2.5J.2.5.2J.2.10.2.1.13Monthly Billing Information MemorandumMonthly, NLT 15th business day (as needed)Agency CORJ.2.5J.2.6J.2.8J.2.5.2J.2.6.2J.2.8.2J.2.10.2.1.4Billing Adjustment (BA)Monthly, NLT 15th business day (as needed)GSA Conexus and agency CORReservedReserved ReservedReservedReservedJ.2.6J.2.6.2J.2.10.2.1.10Dispute Report (DR)Monthly, NLT 15th business day (as needed)GSA Conexus and agency CORJ.2.7J.2.7.2J.2.10.2.1.12Inventory ReconciliationMonthly, NLT 15th day of monthGSA Conexus J.2.8J.2.8.2J.2.10.2.1.14Service Level Agreement Report (SLAR)Monthly, NLT 15th day of monthGSA Conexus, OCO and agency CORJ.2.8J.2.8.2J.2.10.2.1.22SLA Credit Request ResponseWithin 30 days of SLA Credit RequestOCO and agency CORJ.2.8J.2.8.2J.2.10.2.1.25Trouble Management Performance Summary ReportQuarterly, NLT 15 days after the end of the FY quarterAgency CORJ.2.8J.2.8.2J.2.10.2.1.24Trouble Management Incident Performance ReportQuarterly, NLT 15 days after the end of the FY quarterAgency COR130? ? ? ? ??J.2.10.3.1.2J.2.10.3.1.2, row for adjustment_aggregated_tax??Adjustment Aggregated Tax AGF Inclusion Notice??Initial to GSA: NLT ATOInitial to Agency: At TO awardUpdates to GSA and Agency:?Upon approval of associated BSS change (See Section G.5.5.1)GSA CO, GSA COR, OCO and agency COR?? ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download