Loren Data's SAM Daily™

FBO DAILY ISSUE OF AUGUST 24, 2012 FBO #3926
SOLICITATION NOTICE

R -- PHASE 1 DEVELOPMENT AND IMPLEMENTATION OF THE NOAA OFFICE OF NATIONAL MARINE SANCTUARIES (ONMS) VESSEL INFORMATION MANAGEMENT SYSTEM (VIMS) AT MONTEREY BAY NATIONAL SANCTUARY (MBNMS) ABOARD THE NOAA RESEARCH VESSELS MANTA AND FULMAR.

Notice Date

8/22/2012
 

Notice Type

Combined Synopsis/Solicitation
 

NAICS

541490 — Other Specialized Design Services
 

Contracting Office

Department of Commerce, National Oceanic and Atmospheric Administration (NOAA), Western Acquisition Division-Boulder, 325 Broadway - MC3, Boulder, Colorado, 80305-3328, United States
 

ZIP Code

80305-3328
 

Solicitation Number

NCND6000-12-02997SRG
 

Archive Date

8/31/2012
 

Point of Contact

Suzanne A Romberg-Garrett, Phone: 303-497-5110
 

E-Mail Address

suzanne.garrett@noaa.gov
(suzanne.garrett@noaa.gov)
 

Small Business Set-Aside

Total Small Business
 

Description

COMBINED SYNOPSIS/SOLICITATION PHASE 1 DEVELOPMENT AND IMPLEMENTATION OF THE NOAA OFFICE OF NATIONAL MARINE SANCTUARIES (ONMS) VESSEL INFORMATION MANAGEMENT SYSTEM (VIMS) AT MONTEREY BAY NATIONAL SANCTUARY (MBNMS) ABOARD THE NOAA RESEARCH VESSELS MANTA AND FULMAR. (I) This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in FAR Subpart 12.6, as supplemented with additional information included in this notice and in accordance with the simplified acquisition procedures authorized in FAR Part 13. This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will not be issued. (II) This solicitation is issued as a request for quotation (RFQ). Submit written quotes on RFQ Number is NCND6000-12-02997SRG (III) The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-¬¬60. (IV) This solicitation is being issued as a Total Small Business Set-Aside. The associated NAICS code is 541490. The business size standard is $7.0 million. (V) This combined solicitation/synopsis is for purchase of the following commercial products: CLIN 0001 - PHASE 1 DEVELOPMENT AND IMPLEMENTATION OF THE NOAA ONMS FOR VIMS AT MONTEREY BAY NATIONAL SANCTUARY (MBNMS) ABOARD THE NOAA RESEARCH VESSELS MANTA AND FULMAR. (VI) Description of requirements is as follows: SEE STATEMENT OF WORK BELOW. (VII) Period of performance will be September 28, 2012 through September 27, 2013. (VIII) FAR 52.212-1, Instructions to Offerors -- Commercial Items (FEB 2012), applies to this acquisition. Inquiries (Apr 2010). Offerors must submit all questions concerning this solicitation in writing to Suzanne Romberg-Garrett either through email Suzanne.Garrett@NOAA.gov or faxed at 303-497-3163 no later than 4:00 p.m. MST, August 27, 2012. (IX) FAR 52.212-2, Evaluation - Commercial Items (Jan 1999), applies to this acquisition. Offers will be evaluated based on price and the factors set forth in paragraph (a), and award will be made to the firm offering the best value to the Government. Paragraph (a) is hereby completed as follows: Evaluation will be based on the Capability to meet the Statement of Work Requirements and Price Factors. 1) Capability (70%). The four subcategories below are used to evaluate capability to meet the requirements of the Statement of Work under SCOPE PARAGRAPH 3.2 System Development and support the minimum experience or background requirements of contractor personnel: a. Past Performance - Responsible work experience in a related field (20%). Please provide examples of work history in narrative with dates and times. This is evaluated poor (less than 1 years), good (1 to 5 years, outstanding (more than 5 years directly significant to the requirement) b. Experience - Responsible work experience tracking information about, or similar to, small boat operations, personnel, and maintenance (20%). This is evaluated as good (experience) or poor (no experience). c. Technical Knowledge (20%). Please provide examples of interface(s) that are designed to be easily used by a wide range of users and associated outputs. This is evaluated as good (relevant examples) or poor (examples not relevant). d. References (10%). Please provide 2 references including Contact name, Company, phone, and email. Minimum 2 provided and then the rating is Acceptable/Not Acceptable. 2) Price (30%). The Government intends to award a firm-fixed price purchase order on an all or none basis. (X) The offeror must submit a completed copy of the provision at FAR 52.212-3, Offeror Representations and Certifications - Commercial Items (APR 2012), with its quote. The offeror shall complete the annual representations and certifications electronically at SAM.GOV. (XI) The clause at FAR 52.212-4, Contract Terms and Conditions - Commercial Items (Feb 2012) applies to this acquisition. (XII) The clause at FAR 52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders - Commercial Items (JULY 2012) applies to this acquisition. The following clauses under subparagraph (b) apply: (4) 52.204-10, Reporting Executive Compensation and First-Tier Subcontract Awards (FEB 2012) (12)(i) 52.219-6, Notice of Total Small Business Set-Aside (NOV 2011) (15 U.S.C. 644). (26) 52.222-3, Convict Labor (June 2003) (E.O. 11755). (27) 52.222-19, Child Labor-Cooperation with Authorities and Remedies (MAY 2011) (E.O. 13126). (28) 52.222-21, Prohibition of Segregated Facilities (Feb 1999). (29) 52.222-26, Equal Opportunity (Mar 2007) (E.O. 11246). (31) 52.222-36, Affirmative Action for Workers with Disabilities (Oct 2010) (29 U.S.C. 793). (38) 52.223-18, Contractor Policy to Ban Text Messaging While Driving (AUG 2011) (E.O. 13513). (39) 52.225-1, Buy American Act-Supplies (Feb 2009) (41 U.S.C. 10a-10d). (47) 52.232-33, Payment by Electronic Funds Transfer-Central Contractor Registration (Oct 2003) (31 U.S.C. 3332). (XIII) The following clauses are also applicable to this acquisition: 52.252-1 Solicitation Provisions Incorporated by Reference (Feb 1998) 52.252-2 Clauses Incorporated By Reference (Feb 1998), This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this address: http://www.arnet.gov (End of Clause) 52.204-9, Personal Identity Verification of Contractor Personnel (Jan 2011) 52.214-34, Submission of Offers in the English Language (Apr 1991) 52.214-35, Submission of Offer in U.S. Currency (Apr 1991) 52.216-7, Allowable Cost and Payment (Jun 2011) 52.217-8, Option to Extend Services (Nov 1999) 52.242-15, Stop Work Order (Apr 1989) 52.246-16, Responsibilities For Supplies (Apr 1984) DEPARTMENT OF COMMERCE CLAUSES: 1352.201-70, CONTRACTING OFFICER'S AUTHORITY (APR. 2010). The Contracting Officer is the only person authorized to make or approve any changes in any of the requirements of this contract, and, notwithstanding any provisions contained elsewhere in this contract, the said authority remains solely in the Contracting Officer. In the event the contractor makes any changes at the direction of any person other than the Contracting Officer, the change will be considered to have been made without authority and no adjustment will be made in the contract terms and conditions, including price. (End of clause) 1352.209-73 COMPLIANCE WITH THE LAWS (APR 2010) The contractor shall comply with all applicable laws, rules and regulations which deal with or relate to performance in accord with the terms of the contract. (End of clause) 1352.201-72 CONTRACTING OFFICER'S REPRESENTATIVE (COR) (APR 2010) (a) TO BE PROVIDED is hereby designated as the Contracting Officer's Representative (COR). The COR may be changed at any time by the Government without prior notice to the contractor by a unilateral modification to the contract. The COR is located at: Phone Number: TO BE PROVIDED Email: TO BE PROVIDED (b) The responsibilities and limitations of the COR are as follows: (1) The COR is responsible for the technical aspects of the contract and serves as technical liaison with the contractor. The COR is also responsible for the final inspection and acceptance of all deliverables and such other responsibilities as may be specified in the contract. (2) The COR is not authorized to make any commitments or otherwise obligate the Government or authorize any changes which affect the contract price, terms or conditions. Any contractor request for changes shall be referred to the Contracting Officer directly or through the COR. No such changes shall be made without the express written prior authorization of the Contracting Officer. The Contracting Officer may designate assistant or alternate COR(s) to act for the COR by naming such assistant/alternate(s) in writing and transmitting a copy of such designation to the contractor. (End of clause) OBSERVANCE OF LEGAL HOLIDAYS AND SITE CLOSURE INFORMATION: The Contractor hereby agrees to observe the following Federal holidays, plus any other day off work designated by Federal Statute, by Executive Order, or by Presidential proclamation: New Year's Day Labor Day Martin Luther King's Birthday Columbus Day President's Day Veteran's Day Memorial Day Thanksgiving Day Independence Day Christmas Day When any holiday falls on a Saturday, the preceding Friday is observed; when any holiday falls on a Sunday, the following Monday is observed. All personnel assigned to this contract shall limit their observation of holidays to those set forth above. In each instance, the Contractor agrees to continue to provide sufficient personnel to perform requirements of any critical tasks already in operation or scheduled, and shall be guided by the instructions issued by the Contracting Officer or the MIC. In the event of a site dismissal or closure due to weather, emergency or other circumstances, the contractor is instructed to contact the Manager In Charge (MIC) or Alternate MIC for guidance. (End of provision) REPRESENTATION BY CORPORATIONS REGARDING AN UNPAID DELINQUENT TAX LIABILITY OR A FELONY CONVICTION UNDER ANY FEDERAL LAW (CLASS DEVIATION) (MARCH 2012) (1) In accordance with Sections 543 and 544 of Public Law 112-55 Commerce, Justice, Science, and Related Agencies Appropriations Act 2012, Title V (General Provisions) none of the funds made available by that Act may be used to enter into a contract with any corporation that- (a) Was convicted of a felony criminal violation under any Federal law within the preceding 24 months, unless the agency has considered suspension or debarment of the corporation and made a determination that this further action is not necessary to protect the interests of the Government. (b) Has any unpaid Federal tax liability that has been assessed, for which all judicial and administrative remedies have been exhausted or have lapsed, and that is not being paid in a timely manner pursuant to an agreement with the authority responsible for collecting the tax liability, unless the agency has considered suspension or debarment of the corporation and made a determination that this further action is not necessary to protect the interests of the Government. (2) The Offeror represents that, as of the date of this offer - (a) It is [ ] is not [ ] a corporation that was convicted of a felony criminal violation under a Federal law within the preceding 24 months. (b) It is [ ] is not [ ] a corporation that has any unpaid Federal tax liability that has been assessed, for which all judicial and administrative remedies have been exhausted or have lapsed, and that is not being paid in a timely manner pursuant to an agreements with the authority responsible for collecting the tax liability. (End of provision) (XIV) Defense Priorities and Allocations System (DPAS) and assigned rating do not apply. (XV) Quotes are required to be received in the contracting office no later than 4:00 P.M. Mountain Standard Time on MST, August 30, 2012. All quotes must be faxed or emailed to the attention of Suzanne Romberg-Garrett. The fax number is (303) 497-3163 and the email address is Suzanne.Garrett@noaa.gov. (XVI) Any questions regarding this solicitation should be directed to Suzanne Romberg-Garrett through the email address: Suzanne.Garrett@noaa.gov or fax (303) 497-3163. STATEMENT OF WORK FOR DEVELOPMENT OF AN ONMS VESSEL INFORMATION MANAGEMENT SYSTEM 1.0 BACKGROUND The NOAA Office of National Marine Sanctuaries (ONMS) has a fleet of small research and law enforcement boats (up to 100 feet overall length) located at various ONMS facilities throughout the United States and American Samoa. These small boats are critical elements of the ONMS research, law enforcement, education, and outreach missions/requirements efforts. Tracking and management of information relative to each vessel and assigned personnel is needed for missions/operations, maintenance and repair, personnel and vessel assignments, scheduling, budgeting, procurement and contract administration, equipment allocation, compliance and reporting requirements. Development of the ONMS Vessel Information Management System (VIMS) will be accomplished in two or more phases. Phase One will include development of the prototype VIMS, installation and operation aboard two ONMS research vessels. Full function on-line access to the system will also be provided at up to six additional locations for management review purposes. As a separate action(s), subsequent phases will incorporate lessons learned during preceding phases, improve the software application, and provide for installation and operation at additional National Marine Sanctuaries, National Marine Monuments, ONMS Regional Offices and ONMS Headquarters, and aboard all ONMS vessels. 2.0 SCOPE This Statement of Work (SOW) contains the Phase 1 requirements to develop the ONMS VIMS, install aboard two ONMS research vessels, and at up to 6 additional locations for ONMS management review during the development process, and to operate the VIMS for a period of one-year. Work can be accomplished at a Contractor's proposed facility subject to NOAA approval. The intent is to procure services to create and operate custom software used for management of Sanctuary vessels with a one-year base. 3.0 TASK REQUIREMENTS This section defines the minimum work and general requirements required by the ONMS in execution of this SOW. 3.1 General Requirements. During performance of this SOW, the Contractor shall adhere to the following requirements for all work efforts. • Any Contractor personnel designing, developing, installing, operating and maintaining the ONMS VIMS will be required to meet the appropriate levels of Commerce and NOAA IT Security requirements. Contractor will coordinate with ONMS IT Manager to meet requirements. • The Contractor shall provide all software and connectivity required to complete the ONMS VIMS Phase 1. • The Contractor will provide personnel who are qualified for the software applications and IT systems involved. • Appropriate use of video teleconferencing in lieu of travel is encouraged with approval and coordination with NOAA. 3.2 System Development and Support. System development and support will follow the steps below: 3.2.1 Conduct a project and database requirements review meeting to identify and prioritize initial Phase 1 requirements, working with ONMS. 3.2.2 Develop initial design of interface and reports (outputs). 3.2.3 Create database with integrated calendar (software) for two Sanctuaries and two vessels, and determine possibility of integrating with existing ONMS applications. 3.2.4 Conduct a project, database, interface and integration review meeting with ONMS. 3.2.5 Compile ONMS review comments and make revisions. 3.2.6 Provide a demonstration of the software to ONMS. 3.2.7 Compile ONMS demonstration review comments and make revisions. 3.2.8 Complete initial implementation roll-out at both sites and aboard two vessels, loading documents, testing and modifying, as necessary. 3.2.9 Provide a second demonstration of the software to ONMS. 3.2.10 Compile ONMS demonstration review comments and make revisions. 3.2.11 Deploy software and provide User Training, Software Documentation and Vendor Support. 3.2.12 Conduct a project, database, interface and integration review meeting with ONMS, after 3 months of operation. 3.2.13 Compile ONMS review comments with Vendor activities information and make VIMS revisions. 3.2.14 Conduct a third demonstration of the revised system and provide revised VIMS documentation. 3.2.15 Provide scoping estimate for Phase 2 deployment to additional designated sites and vessels. 3.2.16 Operate system and maintain help desk support through entire period of performance. 3.3 User Training. The Contractor shall provide User Training to personnel identified in the NOAA Functionality Requirements, Subsection 4.1.15 below. 4.0 GOVERNMENT FURNISHED INFORMATION/EQUIPMENT NOAA shall make available the two vessels as required, and provide a craft information book (CIB) or detailed inventory of each vessel, to support the tasks defined in this SOW. Additional information on the VIMS requirements is provided below, organized as NOAA functionality requirements, software features, database parameters and standard report types. 4.1 NOAA Functionality Requirements Functionality requirements are listed below. 4.1.1 System • Software must be installed centrally on a server platform without the need to manage virtual desktops for access. • Platform must be developed using current generation Microsoft software tools and programming languages. • Client software must be fully accessible using Microsoft Internet Explorer in a native fashion and not via third party products. • The system must be accessible without installation of client components on the desktop. • Must by fully supported in a Microsoft SQL Server 2008 Environment. • The system should allow for separate production, training, and pre-deployment environments without the need for additional licensing or hardware. • Solutions based on classical client server/machine architecture that requires software to be loaded on any client system will not be considered. 4.1.2 Security Administration • The system should require a standard internet connection and TCP/IP connection for all users with authorized access. • The system must be ActiveDirectory compliant and implement single sign on capabilities. • The system should provide access from outside of localized firewalls by authenticated users in accordance with accepted security standards. • The system must have implement role-based security that can be managed by business supervisors using integrated tools. • System security must manage permissions by user and user groups. • System should allow permissions to be applied using a hierarchical grouping of increasing functional detail to quickly modify or manage access groups. • For users without access to system functions menus, screen controls and data should not be visible to the user. • The system will meet Department of Commerce and NOAA Chief Information Officer security requirements. • The system will be password protected. • The system will have the capability to transition to Common Access Card (CAC) card readers for user access, per the phased approach. 4.1.3 Data Management • System data should be stored in a normalized relational database. • The system should provide data validation by providing messages and hints that allow users to correct invalid data upon entry. • The system should provide the capability to tailor and configure functions such as workflow changes, base coded fields, and software extensions. • System controlled values and coded fields should be provided using dropdown boxes or searchable popup windows. • Data should be searchable on a configurable variety of fields using wildcard searches. • Query results should be sortable on one or more fields or groups of fields. • The system should provide integrated tuning tools that keep data access performance and fragmentation from degrading over time. • The system should allow for daily scheduled backups from a centralized location. • When operated offline, the system should query for a backup if a daily scheduled backup has not been completed. • The system must support validation routines that ensure data integrity and clearly indicate violations to the end user. • Data presentation must make use of drill down/through capabilities for related information. • The system should maintain audit trails for data changes by login user and server date/time. 4.1.4 Vessel Asset Registry/Inventory • The software must track vessels from each sanctuary in a centralized database. • The software must implement a hierarchical structure for defining vessels and its components: o Overall Vessel; o System; o Sub-system; and o Components Note: All vessels have components. Not all vessels have sub-systems. The hierarchical structure must accommodate these differences. • When defining vessels the software must provide search, sort, and catalog features for the following vessel attributes: o Vessel Type; o NOAA Contract Number; o NOAA Hull Number; o Builder Hull Number; o CIB Issue Date, Specification, and Revision; o Overall Dimensions (length, beam); o Deck Dimensions (length, beam); and o Draft Dimensions (departure, arrival, and air). • The software must catalog vessel systems logically and be broken down into increasing detail for individual components. • The software must support work breakdown system (WBS) and ship work breakdown structure (SWBS) coding standards for each level of vessel definition. Note: Not all vessels have a craft information book (CIB), so this attribute will require selectable null descriptors, or will be an optional selection. 4.1.5 Documents • The system must allow schematics, drawings, documents, pictures, images, videos, url links, and technical orders, as electronic files, to be attached to each defined component of the vessel. o Documents (doc, txt, pdf...etc); o Images (jpg, png, bmp, tif, gif...etc); o Drawings (dwg, dxf, vsd, vdx...etc); and o Videos (asf, avi, mov, mp4, mpg, wmv...etc). • The system must provide a means for document configuration control. 4.1.6 Operations • The software must allow usage hours to be collected during maintenance activities, including: o Engine Run Hours; o Equipment Operation. • The software must remind user when operational meters have not been read or usage not tracked within a reasonable period of time. • Escalation procedures and functionality must be a systemic feature. • The software must allow individual systems to be separately tracked for usage. 4.1.7 Preventive Maintenance • The software must provide preventive maintenance (PM) schedules based upon calendar days, operational usage and/or both. PM schedules must automatically calculate based upon the completion of the last time the preventive maintenance task was performed. • The software must support an unlimited number of scheduled tasks for each vessel system based upon a mix of calendar days or operational usage. • The software must support maintenance tasks for one system or component that are based upon the operational usage of another system or component. • The software must support additional and deletion of portable equipment items [Items shared between boats, sites and regions] to and from a specific boat, but retain the information in the system for continuity of PM actions at other regions, sites or boats. • Visual display of schedules must be in calendar format similar to Microsoft calendar format. The visual display must list pending maintenance schedules, unscheduled maintenance tasks, and tasks already scheduled to allow operators to properly manipulate the schedule based upon availability of materials, crew, and equipment. • Calendars must be available that filter tasks based upon the sanctuary, vessel, crew supervisor, and individual based upon user login. For instance, a view should be provided that shows all tasks for a sanctuary and a view that allows a supervisor to manage their entire crew. • The software must allow assignment, cancellation, scheduling, deferring and completion functions directly from the calendar using a contextual, drag-and-drop user interface. • The software must allow, incorporate, and retain user notes input during the performance of any maintenance task. 4.1.8 Budgeting • The software must support task based budgets based upon projected costs for: o Labor; o Materials; o Equipment; and o Miscellaneous. • The software must use a cost center accounting model where maintenance costs are associated with each vessel and can be rolled up to each sanctuary and the respective region. • The software must support budgeted costs compared to actual costs for each task performed. • Task budgets should be standardized with adjustment factors to allow comparison between all fleet vessels. 4.1.9 Work Management • Work tasks must be broken up into activities that provide checklists for completion of the overall task. • Each task must maintain an operational log for the history of the task, including: o Scheduling/rescheduling; o Assignment/reassignment; and o Completion/reopen. • Software must support tasks and activities tied to specific vessel systems, components, and/or combination of both. • When an activity is performed the history must reflect on which components it was performed. • Software should support images and documents associated with the performance of a task. • Cost categories must include labor, material, equipment, and miscellaneous costs. • Costs are to be fully burdened. • When recording labor costs, software must support multiple discipline work and labor rates associated with the task. • Technician must be able to select all system components in which maintenance was performed when completing a task. • Tasks must be able to be partially completed while retaining history that there are remaining activities to be performed. • The system must allow manager to view all of their direct reports, work schedules, and assigned activities. 4.1.10 Reporting • All report generation will be viewable by individual/specific sanctuaries, regionally or nationally via a dashboard for users and management based on access and user control rights. • Reports must be available using industry standard 3rd party report writing tools. • Software must integrate with SQL Reporting Services for reporting directly from within the software. • Reports must be rendered to the following formats: o Portable Document Format (pdf); o Microsoft Word (doc); and o Microsoft Excel (xls) • Users with the appropriate access should be able to quickly create reports for on-screen viewing or export to Microsoft office products using an intuitive user interface that can be stored for easy retrieval based upon user access. 4.1.11 Software Lifecycle • The software must have a continual upgrade/enhancement release schedule to provide updates semi-annually with a Service and Maintenance Agreement, and provide for ongoing Microsoft compliance with future Server, SQL Server, and desktop OS product availability. • The software must have online, HTML based support and reference documentation available to the end user. • Provider must have experience managing multiple installations, software version controls, multiple release migrations, and a minimum of 5 years of product support. • Software updates and maintenance should be scheduled with the agency and remotely deployable after hours by the vendor. 4.1.12 Software Licensing The software must be licensed for the Agency in an unlimited, perpetual, enterprise fashion. (No incremental fees based upon increasing number of users.), and for multiple servers with the ability to install additional environments for training and pre-production. 4.1.13 Helpdesk Support • The Provider must provide and support: o Telephone support at least 5 days per week, 8-10 hours per day minimum; o The ability to ‘self-report' issues and problems and check status via a customer access web portal; o The ability for remote, real-time, collaborative support sessions to occur online; and o Trouble resolution/escalation procedures. 4.1.14 Vendor Past Performance Vendor shall have documented past performance in the successful deployment, support and maintenance of not less than 10 large scale enterprise-wide asset management projects or contracts. Past performance may include federal, state and local government agencies or commercial customers. Vendor shall have documented past performance providing high level help desk support with adequately trained personnel and the use of industry standard tools such as Remedy or equivalents that provide support for trouble tickets, call and issue logs, resolution and reporting for end customers. 4.1.15 Users • The VIMS will have capacity and capability for simultaneous multiple users at multiple sites, including: o Administrator(s) - technical leads (i.e., VIMS lead, IT lead); o Manager(s) of VIMS (sees all data) - non technical lead(s); o Regional lead(s) - non technical; o Site lead(s) - Site superintendent/deputy providing oversight (non-technical); and o Site vessel lead(s) - Vessel Operations Coordinator (VOC)/Other (data entry person for site). 4.1.16 Interface • The interface will be designed and developed with the following: o Ease of use for wide range of users (i.e., it is easily used by a wide range of non-technical staff); o Based on initial requirements identified by ONMS; o Capability to add additional features per phased approach; o Capability to transition to Cloud-based versus server-based, per phased approach; o On-line interface; o Off-line capability; and o Reconnectivity and alert when internet access or signal is restored 4.2 NOAA Software Features 4.2.1 VIMS Content • Content to include following types of information: o Inventory of vessels per region and site location; o Inventory of equipment, systems, and safety gear per vessel; o Maintenance tasks per equipment, system, and safety gear; o Scheduling on central calendar (maintenance, operations, inspections); o Track costs of Maintenance, Personnel, Operations (fuel) per vessel; o Track completion of maintenance tasks; o Document storage (e.g., engineering drawings, pictures, standardized forms, etc.); o Casualty reporting CASREPS; o Cruise plans (pre cruise); o Cruise reports (post cruise); o Equipment tracking, such as equipment that can be shared between boats (e.g., ROVs, dive equipment, sensors, etc.). 4.2.2 Users • The system will have the capability and capacity for multiple users at multiple sites, including: o Administrator(s) - technical leads (i.e., VIMS lead, IT lead); o Manager(s) of VIMS (sees all data) - non technical lead(s); o Regional lead(s) - non technical; o Site lead(s) - Site superintendent/deputy providing oversight (non-technical); and o Site lead(s) - VOC/Other (data entry person for site) 4.2.3 Interface • Interface attributes are as follows: o Ease of use for wide range of users (i.e., it is easily used by a wide range of non-technical staff); o Based on initial requirements identified by ONMS; o Capability to add additional features per phased approach; o On-line interface; and o Off-line capability. 4.2.4 Output • The design and development of attributes and functionality described below will be based upon the requirements in this SOW Section 4, and the results of consultations, meetings and system demonstrations described in SOW Section 3.0: o Report (e.g., reports/outputs for OP&M, maintenance records, maintenance scheduling, CASREPs, inspection reports, cruise plans, cruise reports, etc.); and o Query 4.2.5 Training and Installation • Training sessions for ONMS key users is required. • Installation of application will be required and means will be dependent on application. 4.3 Database Parameters 4.3.1 Operations, Personnel and Maintenance (OP&M) The OP&M costs for purposes of database parameters include costs for operations, personnel, maintenance and repair, as listed below. • Operations Costs: o Equipment- Life rafts, life vests, first aid kits, lights, emergency equipment, GPS, electronics, radios, charts, mooring lines, fenders, turn out gear, diapers; o Food- Food and drinks including potable water, bulk, bottled or packaged, filtration or treatment; o Fuel- Fuel/lubricants; o Mission costs- Scientific or mission-specific equipment, consumables - paper, specific manning, batteries, ice; o Slip fees, boat facilities- Slip fees, berthing, boat facilities lease - if these are annual costs please put the amount in the month when it is paid; and o Vehicle and trailer- All costs associated with vehicle and trailer specifically for small boat. • Personnel Costs: o Crew contracts- Salaries and overheads  This information can be obtained from labor estimates, contracts or memoranda of agreement (MOAs).  If these are annual costs, the respective amounts are to be posted in the month paid. o Training- Examples include the following:  First aid;  Cardiopulmonary resuscitation (CPR);  NOAA Component Course;  Fast Rescue;  Advanced Coxswain;  Standards of Training, Certification and Watch Keeping ( STCW);  Marine Mammal Ship Strike Avoidance;  Inspection;  Lifeboat; and  Travel costs specific to training. o Workshops and Focused Meetings. • Maintenance Costs: o Parts - Vessel parts and supplies, including paint, coatings and lubricants o Planned Services (contract or procurement) - Services for maintenance and repair. o Dry docking, Yard Packages- Dry dock fees and regular maintenance packages o Emergency Maintenance- For repairs or maintenance due to extenuating circumstances (emergency) that would not be normally done this year (Unprogrammed). o Engineering Changes- A change done to the vessel that was required to improve mission capabilities and was not required for the safe and effective operation of the vessel • External Funding. Funding is from sources other than from the NOAA Office of National Marine Sanctuaries. Sources may include universities, institutes, other NOAA Line or Program Offices, other federal, state or tribal agencies, Non-Governmental Organizations (NGOs), and partners (e.g., National Marine Sanctuary Foundation). External funding amounts may have already been included in the itemized OP&M above, but are separated here for tracking and reporting purposes. Funding is tracked by source, amount, date of receipt and any imposed conditions. • Days at Sea (DAS) Days at Sea includes Mission Days at Sea, Partner Days at Sea, Maintenance/Training Days at Sea, VIP or OCE Sanctuary Tours and Vessel Demonstrations, and Total Days at Sea. Days at Sea will either be recorded as whole days or partial days. Parameters are provided below. o Mission Days at Sea. Days actually on missions. For mission days not done or completed due to cost limitations, a deferred field needs to be developed, and the days (whole or partial) is put in the related deferred field. o Partner Days at Sea- Included within Mission Days at Sea. For separate tracking and reporting purposes, Partner Days at Sea includes those days utilized by Partners and others (e.g., universities, institutes, other NOAA Line or Program Offices, other federal, state or tribal agencies, NGOs). On a given voyage or mission day, joint with ONMS or without ONMS participation, there may be more than one partner and others aboard, so all are to be identified and relative mission precedence documented. o Maintenance Days at Sea. Maintenance Days at Sea includes days that the vessel is either in use (e.g., transiting to a boat yard) or out of service for maintenance and repair activities. o Training Days at Sea is only those days used and dedicated for training purposes. It does not included deadline time for when the crew is unavailable for other training purposes. o Outreach and Education Sanctuary Tours and Vessel Demonstrations Days at Sea - Included within Mission Days at Sea. For separate tracking and reporting purposes, Outreach and Education Days at Sea include those days so dedicated. Outreach and Education efforts may include federal, state, tribal and community leaders, representatives and members, as well as students, partners and other concerned citizens. Organizations and entities, as well as mission purpose, general voyage route, numbers of passengers and any special accommodations are to be included in the database. o Total Days at Sea. Sum of mission, maintenance and training DAS. • Cost Summary Parameters are provided below. o Total operations costs- Sum of operations costs; o Total personnel costs- Sum of personnel costs; o Total maintenance costs- Sum of maintenance costs; o Total OP&M costs- Sum of operations, personnel, and maintenance costs; and o OP&M Cost Per Day (DAS Only) - OP&M costs divided by total days at sea. 4.3.2 Maintenance - Maintenance database parameters are listed below. • Maintenance Procedure Lists - List of all procedures for each separate boat linked to the respective procedures documents. • Maintenance Procedure Documents - Includes approximately 20 to 200 documents per boat, standard form, annotatable by users. • CASREPs/CASCORs- Casualty report (CASREP) and casualty correction (CASCOR) documents (CASCOR), standard form. • ECRs- Engineering Change Requests (ECRs), Unique to circumstance or conditions aboard each boat, standard form • Configuration Item Lists- One per boat, standard form, Approximately 50 to 200 line items per boat. • Yard Lists and Estimates- List of recommended maintenance or repair actions with estimates generated from inspections, One per boat per year, drop in file. • Yard Statements of Work (SOWs) - SOW generated from yard lists and inspections, One per boat per year, drop in file. • Yard Summaries- One per boat per year, drop in file. • NSBP Inspection Reports & Responses- Requirement of the NOAA Small Boat Program (NSBP), One set each per boat per year, drop in file. • Lifting Gear Inspection and Test Reports - One per boat per year, drop in file. • Vessel Performance Test Reports - One per boat, drop in file. 4.3.3 Portable Equipment Tracking [Items shared between boats, sites and regions] - Parameters include: • Equipment Item- Name of the item; • Equipment Description- Describe the item; • Home Site- Home site for equipment item; • Status - Home-site, in-transit or on-loan; • Current User - Name of current user, tied to a pull-down menu. • Current Location - Name off current location, tied to a pull-down menu. 4.3.4 Document Storage - Parameters include: • Standard Forms - Location to access standard forms (e.g., configuration management, incident/accident reporting, letter to guests, vessel naming protocol, vessel sale procedures, training and certifications, excessing government property), total of 300MB in 300 files per boat, standard forms to be downloadable and either fillable or templates; • Ship Drawings - Ship drawings and related transmittal or descriptive documents, total of 150MB in 150 files per boat; • Ship Manuals - Approximately 150MB in 150 files per boat, drop in files; • Vessel Photographs - Digital pictures of ONMS boats, total of 300MB in 300 files per boat; • Vessel Videos - Digital movies of ONMS boats, total of 100MB in 50 files per boat; and • Vessel Fact Sheets - Total of 10MB in 10 files per boat. 4.3.5 Boat Scheduling / Cruise Plans / Cruise Reports • Task schedules are to be presented in graphic calendar form, allowing entry, editing, and deletion of items in pop-up tables. • Scheduled items can be revised by the drag-and-drop method. • Cruise plans will be created within the program in a standard format. • Cruise reports will be created within the program in a standard format derived from cruise plans. 4.4 Standard Report Types Standard report types are listed below. 4.4.1. Maintenance. Report actions, labor costs, and material costs for any user defined time frame grouped by the following parameters: • Component • System • Boat • Site • Region • ONMS 4.4.2. Drills Report actions for any user defined time frame grouped by the following parameters: • Type • Boat • Site • Region • ONMS 4.4.3 Inspections Report actions for any user defined time frame grouped by the following parameters: • Type • Boat • Site • Region • ONMS 4.4.4 Repairs Report actions, labor costs, and material costs for any user defined time frame grouped by the following parameters: • CASREP's and CASCOR's (emergency repairs) • Component (emergency and non-emergency repairs) • System • Boat • Site • Region • ONMS 4.4.5 Yard Work Report actions, labor costs, and material costs for any user defined time frame grouped by the following parameters: • Component • System • Boat • Site • Region • ONMS 4.4.6 Configuration Items 4.4.6.1 Boat Configuration Items. Report lists of boat configuration items arranged by SWBS and grouped by any or all of the following parameters: • Part number • Model number • Model name • Brand • Component type • Subsystem type • System type • Boat • Site • Region • ONMS 4.4.6.2 Portable Equipment Configuration Items [Items shared between boats, sites and regions]. Report lists of portable equipment configuration items arranged by SWBS and grouped by any or all of the following parameters: • Part number • Model number • Model name • Brand • Component type • Subsystem type • System type • Boat • Site • Region • ONMS 4.4.7 Crew Labor Report actions, labor costs for any user defined time frame grouped by the below listed parameters. • List of crewmembers: o Name or number o Position • Work performed by: o Component o Subsystem o System o Boat o Repair task o Site o Region o ONMS o Mission, underway o Mission, Mobilization and Demobilization o Maintenance task o Training 4.4.8 Fuel and Lubricating Oils Report material costs and source for any user defined time frame grouped by the following parameters: • Component (for oils only) • Boat • Site • Region • ONMS • Mission (This is provisional, but desired) 4.4.9 Consumable Materials Report material costs and source for any user defined time frame grouped by the following parameters: • Item, boat materials • Item, foodstuffs • Boat • Site • Region • ONMS • Mission (This is provisional, but desired) 4.4.10 Mooring Facilities Report costs and source for any user defined time frame grouped by the following parameters: • Permanent • Temporary • Mission • Boat • Site • Region • ONMS 4.4.11 Vessel Transportation Report costs and source for any user defined time frame grouped by the following parameters: • Trailer, towed • Truck • Temporary permits • Marine vessel, as cargo • Site • Region • ONMS 4.4.12 Operations (Corresponding to the graphic schedule) The operations will correspond to those inputted for visual display of schedules in calendar format. Report status for any user defined time frame grouped by the following parameters: • Maintenance • Repairs • Yard work • Mission, mobilization and demobilization • Mission, underway • Crew aboard • Boat • Site • Region • ONMS 5.0 DELIVERABLES The contractor shall deliver the following deliverables in accordance with the defined requirements for each deliverable. Deliverables shall be electronically submitted to the COR via email as Microsoft Word or PDF documents. The Contractor shall ensure any electronic files submitted to the COR are free of any viruses when sent. 5.1 Monthly Progress Report. No later than the 5th business day of each month, the Contractor shall deliver a Monthly Progress Report summarizing services provided, actual costs, and problems encountered. 5.2 Phase 2 Scoping Estimate. No later than 15 business days after completion of the Section 3.2.12 programmatic review meeting, provide a scoping estimate for installation and operation of the VIMS at all remaining National Marine Sanctuary Offices, National Marine Monuments Offices, ONMS Regional Offices and ONMS Headquarters, and aboard all ONMS vessels. 5.3 Final Report. The Contractor shall deliver a Final Report no later than 10 business days after completion of this SOW. The Final Report shall detail work completed, problems encountered, problem resolutions, and other information necessary for VIMS operation. 6.0 PLACE OF PERFORMANCE The Contractor shall determine the appropriate location for the work tasks subject to NOAA approval. The Contractor is responsible for obtaining access to any applicable NOAA sites. Work performed at Contractor facilities shall adhere to industry standards and NOAA regulations. Government facilities including ports may be used for staging the vessel as necessary by NOAA and approved by the COR. 7.0 PERIOD OF PERFORMANCE All work within this SOW must be completed by September 27, 2013. 8.0 TRAVEL Travel is required and authorized in support of this SOW. Travel will be scheduled and conducted in accordance with the applicable Federal Travel Regulations (FTR) administered by the General Services Agency (GSA). Travel expenses under this task order shall be in compliance with the FTR. Up to two one-person trips (installation and training) could be required. 9.0 INVOICING Invoicing will be submitted monthly to NOAA no later than the 15th calendar day of each month for the preceding month, or the first business day before the 15th. 10.0 IT SECURITY For mobile application, web application and/or software product development, appropriate planning needs to be included during the assessment of needs, requirements, development and testing. • The developer must select and document secure baseline/ checklist (see National Checklist Program below) for the application/ software being developed to address IT security issues. • The developer must document any deviations/exceptions from selected secure baseline. This secure baseline best practice must be implemented throughout development of product. • The developer must perform a full source code review and application code scanning for vulnerabilities must be conducted. Any identified source code review deficiencies or scanner identified vulnerabilities must be mitigated and any other generated supporting documentation including the raw vulnerability scanner reports must be provided. This applies to all source code updates which must undergo a full source code review, full source code scanning and mitigation of vulnerabilities with the appropriate documentation provided to the government for each update demonstrating this security requirement has been met. Source code must be provided to the government for each product update, enhancement and/or security flaw remediation. • If the solution includes a network operating system (i.e., Windows, Linux, etc) or web server (i.e., Apache, Microsoft IIS, etc) then all components (application, web server and network operating system) must have security checklist implemented and documented. System development lifecycle management of the application, web server and network operating system is expected. The government will provide, upon request, the current secure benchmarks being used for existing technologies to ensure compatibility. This applies to all updates must undergo vulnerability scanning, secure baseline compliance scanning and mitigation of vulnerabilities with the appropriate documentation provided to the government for each update demonstrating this requirement has been met. • The developer must ensure the solution doesn't contain in spyware, malicious software, coding flaws or programming backdoors to circumvent the application functionality or the security of the application as described by the government. The solution must not access data stored on the device or request end user information without following all government (including OMB) requirements. The solution must not transmit stored data from the installed device without clearly notifying, fully describing the required data being transmitted and receiving the government's approval. • More requirements identified below. For database development, appropriate planning needs to be included during the assessment of needs, requirements, development and testing. • The databases must implement secure baseline\ checklist (see National Checklist Program below) for each database and perform databases) vulnerability scanning for vulnerabilities. • The databases weaknesses as identified from any scanner identified vulnerabilities must be mitigated and any generated supporting documentation including raw vulnerability scanner reports and documented security checklist with deviations, if deviations exist, must be provided. This applies to all updates must undergo vulnerability scanning, secure baseline compliance scanning and mitigation of vulnerabilities with the appropriate documentation provided to the government for each update demonstrating this requirement has been met. • If the solution includes a network operating system (i.e., Windows, Linux, etc) then both (database and network operating system) must have security checklist implemented and documented. System development lifecycle management of the database and network operating system is expected. More requirements identified below. IT security issues for the application/ database/ network operating systems must ensure secure management of user credentials (storing, transmitting, authenticating of user password must be encrypted). If the contractor solutions is using a contractor developed or government furnished application/ database/ network operating systems, the contractor must: • The contractor is required to meet the DOC IT Security Program Policy (ITSPP) (http://home.commerce.gov/CIO/ITSITnew/IT_Security_Program_Documentation.html). This policy will be provided to the contractor at the start of the project. This is a confidential document and is restricted to only authorize personnel working on this activity. • The application/ database/ network operating system must implement password complexity as defined by DOC ITSPP CITR-009 Password Management (requirements provided to contractor at kickoff meeting). • This applies to all updates must undergo vulnerability scanning, secure baseline compliance scanning and mitigation of vulnerabilities and provide the appropriate documentation to the government for each update demonstrating this requirement has been met. Contractor personnel will receive NOAA email address accounts in order to communicate with ONMS personnel. These accounts will follow ONMS account management policies as outlined by the NOAA6602 System Security Plan (SSP) and supporting NOAA6602 NIST80053-Rev3 compliant Account Management Policies. Contractor personnel receiving accounts will be required to undergo yearly NOAA IT Security Awareness Training. All electronic provided information by the contractor must undergo malicious software scanning using a commercial anti-virus and anti-spyware software to ensure the information is free of known malicious software. The contractor must work with the COR prior to sending the information to establish a secure method for transfer. One option could be a file encrypted with a password using a product like WinZip. The contractor must encrypt any sensitive information that will be sent electronically (i.e., email), sensitive information includes but not limited to: • All information describing the implementation, configuration, settings, etc for solution being developed, • The source code and database schema, • The vulnerability scanning, secure baselines scanning, mitigation results, • The secure baseline deviations, • Internet Protocol, subnet mask and similar identification. National Checklist Program Repository (available: http://web.nvd.nist.gov/view/ncp/repository). The National Checklist Program (NCP), defined by the NIST SP 800-70 Rev. 1, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications (a variety of applications including but not limited to databases, web servers, networking devices, virtualization, etc). The contractor is required to implement a secure baseline for all technologies being implemented by their solution and any deviations to the standards that are required for their solution. The contractor must provide all supporting documentation (examples include: user and administrator manuals, readme, frequently asked questions, etc); secure baseline settings with deviations/exceptions or a reference to obtain the necessary material which describes the security capabilities, the design and development processes and the testing and evaluation procedures used by the product or services being provided for this acquisition. The contractor must provide all supporting documentation or a reference to obtain the necessary material which describes all product or service updates and enhancements as they are implemented. The contractor must provide all supporting documentation or a reference to obtain the necessary material which describes all product or service updates and enhancements as they are implemented. The Contractor must provide sufficient document demonstrating the software being provided complies with Office of Management and Budget Memorandum M-07-I8 entitled ensuring New Acquisitions Include Common Security Configurations. For Windows applications, the provider of information technology shall certify applications are fully functional and operate correctly as intended on systems using the Federal Desktop Core Configuration (FDCC). The standard installation, operation, maintenance, updates and/or patching of software shall not alter the configuration settings from the approval FDCC configuration. The information technology should also use the Windows Installer Service for installation to the default "program files" directory and should be able to silently install and uninstall. Applications designed for normal end users shall run in the standard user context without elevated system administration privileges. The contractor includes the necessary product support and supporting documentation for the hardware and/or software that allows the sanitization (following NIST Special Publications 800-88 Guidelines for Media Sanitization) of the hardware and/or software upon the disposal of the product. The contractor solution must provide the government with a method to fully remove all aspects of the software from any devices the software has been installed. The contractor must ensure that the product being purchased complies with the Homeland Security Presidential Directive 12 (HSPD-12) requirements from FAR 4.1302 stating: (a) In order to comply with FIPS PUB 201, agencies must purchase only approved personal identity verification products and services. (b) Agencies may acquire the approved products and services from the GSA, Federal Supply Schedule 70, Special Item Number (SIN) 132-62, HSPD-12 Product and Service Components, in accordance with ordering procedures outlined in FAR Subpart 8.4. The contractor must ensure that the product being purchased complies with Internet Protocol Version 6 (IPv6) requirements from FAR part 11.002 (g) stating: when acquiring information technology using Internet Protocol, the requirements documents must include reference to the appropriate technical capabilities defined in the USGv6 Profile (NIST Special Publication 500-267 - http://www.nist.gov/itl/antd/usgv6.cfm) and the corresponding declarations of conformance defined in the USGv6 Test Program (http://www-x.antd.nist.gov/usgv6/index.html). The applicability of IPv6 to agency networks, infrastructure, and applications specific to individual acquisitions will be in accordance with the agency's Enterprise Architecture (see OMB Memorandum M-05-22 dated August 2, 2005). Disclosure of the information/data, in whole or in part, by the contractor can only be made after the contractor receives prior written approval from the Contracting Officer. Whenever the contractor is uncertain with regard to the proper handling of information/data under the contract, the contractor shall obtain a written determination from the Contracting Officer. The contractor will only supply software, product license and will not require the use of any contractor owned equipment. The contractor will not have remote access to any government owned equipment. The contractor must provide all supporting documentation or a reference to obtain the necessary material which describes the security capabilities, the design and development processes and the testing and evaluation procedures used by the product or services being provided for this acquisition. The contractor must provide all supporting documentation or a reference to obtain the necessary material which describes all product or service updates and enhancements as they are implemented. The product or service supporting documentation could be the user and system administrator guides, which is documents the functional properties of the security controls employed to permit the analysis and testing of the security controls. The contractor shall complete an IT Security Questionnaire (titled: Information and Information Systems Security Requirements for Acquisitions) prior to this task order being awarded. The IT Security Questionnaire was developed following National Institute of Standards and Technology (NIST) Special Publications (SP) 800-53 Revision 3, "Recommended Security Controls for Federal Information Systems and Organizations". The government shall evaluate the contractor's response to the questions and determine the potential contractor's IT security risk to the Government. If the Government determines the IT Security risk to be acceptable, the Authorizing Official will document their acceptance in a risk acceptance memo. The risk acceptance memo is available upon request. The Certification and Accreditation (C&A) or Assessment and Authentication (A&A) requirements of Clause 48 CFR 1352.239-72 do not apply, and a Security Accreditation Package is not required. 1352.239-72 SECURITY REQUIREMENTS FOR INFORMATION TECHNOLOGY RESOURCES (APR 2010) (a) Applicability. This clause is applicable to all contracts that require contractor electronic access to Department of Commerce sensitive non-national security or national security information contained in systems, or administrative control of systems by a contractor that process or store information that directly supports the mission of the Agency. (b) Definitions. For purposes of this clause, the term "Sensitive" is defined by the guidance set forth in the Computer Security Act of 1987 (P.L. 100-235), including the following definition of the term: (1) Sensitive information is "... any information, the loss, misuse, or unauthorized access to, or modification of which could adversely affect the national interest or the, conduct of federal programs, or the privacy to which individuals are entitled under section 552a of title 5, United States Code (The Privacy Act), but which has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept secret in the interest of national defense or foreign policy." (2) For purposes of this clause, the term "National Security" is defined by the guidance set forth in: (i) The DOC IT Security Program Policy and Minimum Implementation Standards, Section 4.3. (ii) The DOC Security Manual, Chapter 18. (iii) Executive Order 12958, as amended, Classified National Security Information. Classified or national security information is information that has been specifically authorized to be protected from unauthorized disclosure in the interest of national defense or foreign policy under an Executive Order or Act of Congress. (3) Information technology resources include, but are not limited to, hardware, application software, system software, and information (data). Information technology services include, but are not limited to, the management, operation (including input, processing, transmission, and output), maintenance, programming, and system administration of computer systems, networks, and telecommunications systems. (c) The contractor shall be responsible for implementing sufficient Information Technology security, to reasonably prevent the compromise of DOC IT resources for all of the contractor's systems that are interconnected with a DOC network or DOC systems that are operated by the contractor. (d) All contractor personnel performing under this contract and contractor equipment used to process or store DOC data, or to connect to DOC networks, must comply with the requirements contained in the DOC Information Technology Management Handbook (see DOC, Office of the Chief Information Officer website), or equivalent/more specific agency or operating unit counsel guidance as specified immediately hereafter [insert agency or operating unit counsel specific guidance, if applicable]. (e) Contractor personnel requiring a user account for access to systems operated by the contractor for DOC or interconnected to a DOC network to perform contract services shall be screened at an appropriate level in accordance with Commerce Acquisition Manual 1337.70, Security Processing Requirements for Service Contracts. (f) Within 5 days after contract award, the contractor shall certify in writing to the COR that its employees, in performance of the contract, have completed initial IT security orientation training in DOC IT Security policies, procedures, computer ethics, and best practices, in accordance with DOC IT Security Program Policy, chapter 15, section 15.3. The COR will inform the contractor of any other available DOC training resources. Annually thereafter the contractor shall certify in writing to the COR that its employees, in performance of the contract, have completed annual refresher training as required by section 15.4 of the DOC IT Security Program Policy. (g) Within 5 days of contract award, the contractor shall provide the COR with signed acknowledgement of the provisions as contained in Commerce Acquisition Regulation (CAR), 1352.209-72, Restrictions Against Disclosures. (h) The contractor shall afford DOC, including the Office of Inspector General, access to the contractor's and subcontractor's facilities, installations, operations, documentation, databases, and personnel used in performance of the contract. Access shall be provided to the extent required to carry out a program of IT inspection, investigation, and audit to safeguard against threats and hazards to the integrity, availability, and confidentiality of DOC data or to the function of computer systems operated on behalf of DOC, and to preserve evidence of computer crime. (i) For all contractor-owned systems for which performance of the contract requires interconnection with a DOC network on which DOC data will be stored or processed, the contractor shall provide, implement, and maintain a System Accreditation Package in accordance with the DOC IT Security Program Policy. Specifically, the contractor shall: (1) Within 14 days after contract award, submit for DOC approval a System Certification Work Plan, including project management information (at a minimum the tasks, resources, and milestones) for the certification effort, in accordance with DOC IT Security Program Policy and [Insert agency or operating unit counsel specific guidance, if applicable]. The Certification Work Plan, approved by the COR, in consultation with the DOC IT Security Officer, or Agency/operating unit counsel IT Security Manager/Officer, shall be incorporated as part of the contract and used by the COR to monitor performance of certification activities by the contractor of the system that will process DOC data or connect to DOC networks. Failure to submit and receive approval of the Certification Work Plan may result in termination of the contract. (2) Upon approval, follow the work plan schedule to complete system certification activities in accordance with DOC IT Security Program Policy Section 6.2, and provide the COR with the completed System Security Plan and Certification Documentation Package portions of the System Accreditation Package for approval and system accreditation by an appointed DOC official. (3) Upon receipt of the Security Assessment Report and Authorizing Official's written accreditation decision from the COR, maintain the approved level of system security as documented in the Security Accreditation Package, and assist the COR in annual assessments of control effectiveness in accordance with DOC IT Security Program Policy, Section 6.3.1.1. (j) The contractor shall incorporate this clause in all subcontracts that meet the conditions in paragraph (a) of this clause. (End of clause)
 

Web Link

FBO.gov Permalink
(https://www.fbo.gov/spg/DOC/NOAA/MASC/NCND6000-12-02997SRG /listing.html)
 

Place of Performance

Address: MONTEREY BAY NATL MARINE SANC, 299 FOAM STREET, SUITE D, MONTEREY, California, 93940, United States

Zip Code: 93940
 

Record

SN02850203-W 20120824/120823000525-a6d0dd8334a6470962e62a2e0df11044 (fbodaily.com)
 

Source

FedBizOpps Link to This Notice
(may not be valid after Archive Date)

---

| FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |