Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF FEBRUARY 09, 2011 FBO #3364
SOLICITATION NOTICE

70 -- Computer IT Products

Notice Date
2/7/2011
 
Notice Type
Combined Synopsis/Solicitation
 
NAICS
334111 — Electronic Computer Manufacturing
 
Contracting Office
Department of Health and Human Services, National Institutes of Health, Clinical Center/Office of Purchasing & Contracts, 6707 Democracy Blvd, Suite 106, MSC 5480, Bethesda, Maryland, 20892-5480
 
ZIP Code
20892-5480
 
Solicitation Number
185671
 
Point of Contact
Lynda Johnson, Phone: 301-594-311
 
E-Mail Address
lynda_johnson@nih.gov
(lynda_johnson@nih.gov)
 
Small Business Set-Aside
N/A
 
Description
Please Email all quotes to ljohnson@cc.nih.gov Background The NIH Clinical Center (CC) is a 250-bed research hospital providing all medical services for subjects participating in human research protocols at the National Institutes of Health (NIH). The Clinical Center provides patient facilities; and services for clinical investigations conducted by the NIH institutes, research in related areas; and supervise residency and other training programs. The Clinical Center, Departments of Nuclear Medicine (NM) and Positron Emission Tomography (PET) are responsible for the maintenance and management of all IT systems supporting the clinical and research image processing needs of the NM and PET Departments. The NM and PET Departments currently support four Sun Fire servers that support three Sun StorgeEdge 3100s disk arrays. The 3100s, which were purchased in 2004 and 2005, are over 6 years old and are full to capacity. The NM and PET Departments are currently adding two new PET/CT scanners to the departmental scanner inventory. One scanner is replacing an exiting older PET/CT and one is replacing an older PET-only scanner. These new scanners will significantly increase the future image storage and image processing needs of the departments. Purpose The purpose of this statement of work is to purchase a new Sun Storage 7120 ZFS Appliance. The new Sun Storage 7120 would replace two or three of the 3100s, two of Sun Fire severs and add approximately 20TB of disk storage space for use by the departments. The addition of this appliance, will not only add capacity for image storage but it will also consolidate the number of servers and disk arrays currently supported by the departments. Scope To provide a Sun Storage 7120 ZFS Appliance with 24TB of disk storage Configuration: One S7120 with a single CPU,24GB of memory and 24TB of disk storage (Oracle/Sun Part #TA7120-24TB) include power cords and one-year on-site service. Qty (1) Sun Storage 7120, 1 processor, 24GB memory 12 2TB 7200 RPM 3.5 "SAS HDDS Qty (1) PREM-SPRT-SYS Oracle Premier Support for systems for 1 year Qty (2) 333A-25-15-NEMA Power Cord Qty (2) PREM-SPRT-SYS Oracle Premier Support for systems Qty (2) ALW_10_7120 Trade in of 2 3100 Storedge disk arrays Section 508 Compliance Section 508 applies to this requirement. All Electronic and Information Technology (EIT) procured through this procurement must meet the applicable accessibility standards at 36 CFR 1194, unless an agency exception to this requirement exists. 36 CFR 1194 implements Section 508 of the Rehabilitation Act of 1973, as amended, and is viewable at http://accessboard.gov/sec508/508standards.htm Part 1194. Contractors are now responsible for indicating on each line item in the procurement whether products or services are compliant or noncompliant with the accessibility standards at 36 CFR 1194 Period of Performance February 1, 2011 - February 28, 2011 desired delivery dates. Delivery Schedule The items listed in the scope of this document must be delivered within 15 days from the date of PO award. The delivery must be noted as an inside delivery to the address listed below. Sue Powell C/O NIH Clinical Center 10 Center Drive Bld 10 Room 1C400 Bethesda, MD 20892 Security This purchase is for a computer server and must abide by the NIH Clinical Center terms for IT equipment security. All IT equipment procurement requests (servers, desktops, laptops, Blackberries, PDAs, data storage devices, and all information processing equipment) must be reviewed by the IC CIO or designee to insure that they conform to HHS, NIH, and Institute and Center (IC) standards before procurement approval is granted. NIH Initial Security Configuration Policy http://irm.cit.nih.gov/security/sec_policy.html#Acq Introduction Section 508 of the amended Rehabilitation Act ("Section 508") was enacted to eliminate barriers that might interfere with the ability of individuals with disabilities to fully access Web-delivered information and fully utilize Web-based tools and services. Section 508 requirements apply to Web sites, including all forms of information and posted content, as well as any associated applications including Web or media. This interim acquisition policy provides language applicable to Statements of Work (SOW) or Performance Work Statements (PWS) generated by the Department of Health and Human Services (HHS) that require a contractor or consultant to (1) produce content in any format that could be placed on a Department-owned or Department-funded Web site; or (2) write, create or produce any communications materials intended for public or internal use - to include reports, documents, charts, posters, presentations (such as Microsoft PowerPoint) or video material that could be placed on a Department-owned or Department-funded Web site. The project officer (also known as the contracting officer's technical representative) must ensure that communications products produced or delivered by contractors or consultants meet applicable Section 508 accessibility standards and are suitable for posting to an HHS Web site. Discussion and Analysis This policy applies to: 1. HHS Operating Divisions and Staff Divisions (OPDIVs/STAFFDIVs) and to their contractors and consultants that produce new reports, brochures, and other text or graphical communications products, or produce new multimedia products, such as videotapes and Webcasts, or provide computer based training materials or products. 2. HHS OPDIVs/STAFFDIVs and to their contractors and consultants that provide new Web-based product support documentation to end-users. This interim acquisition guidance does not apply to those systems covered by the specific Health and Human Services Acquisition Regulation (HHSAR) guidance (dated January 16, 2008) for the acquisition of Electronic and Information Technology (EIT) (including Web-based applications, software packages deployed through the Web and script-based interactive sites). This interim acquisition guidance is effective upon issuance for all new acquisitions. US Department of Health and Human Services (HHS) Acquisition of Communications Products Interim Acquisition Guidance 2 Responsibilities The Assistant Secretary for Resources and Technology (ASRT) shall: Provide policy and procedural support with respect to establishing, implementing, operating and maintaining Web sites or producing communication products and services. The Assistant Secretary for Public Affairs (ASPA) shall: Propose Section 508-compliant performance standards, provide guidance for their implementation, and ensure that HHS-funded or HHS-managed Web sites are in compliance with Section 508. Guidance and training is available at http://www.hhs.gov/web/policies/index.html#508. Develop training and technical assistance materials to support OPDIVs/STAFFDIVs in the use of this guidance. Appoint a representative to the HHS Section 508 Program Team to ensure alignment with ongoing Departmental Section 508 activities. The Director of the Office on Disabilities (OD) shall: Approve and interpret Section 508-compliant performance standards. Disseminate updated guidance and policy interpretations through http://508.hhs.gov/. Provide technical support to OPDIVs/STAFFDIVs in determining the application of Section 508. Share best practices through the Section 508 Program Team. Review lessons learned and coordinate with ASPA necessary updates to Section 508 guidance. The Deputy Assistant Secretary for Acquisition Management and Policy (DASAMP) shall: Ensure the HHS Acquisition Regulation (HHSAR) is modified to incorporate the interim Section 508 guidance provided in this document and ensure that it enhances and supports existing Section 508 guidance. OPDIVs/STAFFDIVs shall: Ensure that HHS-funded or HHS-managed Web sites are in compliance with Section 508. Ensure that the staff receives training and technical assistance regarding Section 508.US Department of Health and Human Services (HHS) Acquisition of Communications Products Interim Acquisition Guidance 3 Interim Acquisition Guidance For new actions, while developing or amending a SOW or PWS in accordance with HHSAR 307.7106 (renumbered HHSAR 307.7108) and FAR 37.602, project officers must address communications products and services in the HHS Acquisition Plan. In addition to the acquisition planning requirements under HHSAR Part 307, project officers must address Section 508 compliance requirements for documents generated for and by HHS that require a contractor or consultant to produce content in any format that could be placed on a Department-owned or Department-funded Web site. For those acquisitions of communications products and services not requiring an Acquisition Plan, the Project Officer must include all documentation pursuant to HHSAR 307.7101(c). The assigned project officer (contracting officer's technical representative) will ensure communication products are provided to the end-users in a Section 508- compliant format. The project officer must list the applicable provisions of the Access Board Final (36 CFR Part 1194) in the SOW/PWS - e.g., "36 CFR 1194(a)-(j)". Most Web-based text and communication will need to meet 36 CFR Part 1194.22, "Web-Based Intranet and Internet Information and Applications". Additionally, 36 CFR Part 1194.41, "Information, Documentation and Support," and 36 CFR Part 1194.24 "Video and Multimedia Products" are of particular importance with regard to all written, graphical or broadcast, video materials or products produced for HHS (to include training). 36 CFR Part 1194.41 outlines the requirements supporting services for products accommodating the communication needs of end-users with disabilities. Contact your OPDIV/STAFFDIV Section 508 Coordinator for additional assistance in determining the applicable provisions. The Project Officer (the Contracting Officer's Technical Representative), in consultation with ASPA/Web Communications Division, will make a Section 508-compliance determination prior to posting to a Department-owned or Department-funded Web site. The project officer shall include the attached "Section C.A. Section 508" language in Statements of Work (SOWs) or Performance Work Statements (PWS) generated by the Department of Health and Human Services (HHS) for communication products and services that could be placed on a Department-owned or Department-funded Web site. US Department of Health and Human Services (HHS) Acquisition of Communications Products Interim Acquisition Guidance 4 C.A. Section 508 This language is applicable to Statements of Work (SOW) or Performance Work Statements (PWS) generated by the Department of Health and Human Services (HHS) that require a contractor or consultant to (1) produce content in any format that could be placed on a Department-owned or Department-funded Web site; or (2) write, create or produce any communications materials intended for public or internal use; to include reports, documents, charts, posters, presentations (such as Microsoft PowerPoint) or video material that could be placed on a Department-owned or Department-funded Web site. Section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d) requires Federal agencies to purchase electronic and information technologies (EIT) that meet specific accessibility standards. This law helps to ensure that federal employees with disabilities have access to, and use of, the information and data they need to do their jobs. Furthermore, this law ensures that members of the public with disabilities have the ability to access government information and services. There are three regulations addressing the requirements detailed in Section 508. The Section 508 technical and functional standards are codified at 36 CFR Part 1194 and may be accessed through the Access Board's Web site at http://www.access-board.gov. The second regulation issued to implement Section 508 is the Federal Acquisition Regulation (FAR). FAR Part 39.2 requires that agency acquisitions of Electronic and Information Technology (EIT) comply with the Access Board's standards. The entire FAR is found at Chapter 1 of the Code of Federal Register (CFR) Title 48, located at http://www.acquisition.gov. The FAR rule implementing Section 508 can be found at http://www.section508.gov. The third applicable regulation is the HHS Acquisition Regulation (HHSAR). Regardless of format, all Web content or communications materials produced for publication on or delivery via HHS Web sites - including text, audio or video - must conform to applicable Section 508 standards to allow federal employees and members of the public with disabilities to access information that is comparable to information provided to persons without disabilities. All contractors (including subcontractors1) or consultants responsible for preparing or posting content intended for use on an HHS-funded or HHS-managed Web site must comply with applicable Section 508 accessibility standards, and where applicable, those set forth in the referenced policy or standards documents below. Remediation of any materials that do not comply with the applicable provisions of 36 CFR Part 1194 as set forth in the SOW or PWS, shall be the responsibility of the contractor or consultant retained to produce the Web-suitable content or communications material. 1 Prime contractors may enter into subcontracts in the performance of a Federal contract, but the prime remains obligated to deliver what is called for under the contract. US Department of Health and Human Services (HHS) Acquisition of Communications Products Interim Acquisition Guidance 5 The following Section 508 provisions apply to the content or communications material identified in this SOW or PWS: [Project Officer must list the applicable provisions of the Access Board Final Rule (36 CFR Part 1194) - e.g., "36 CFR 1194.21(a)-(j)"] References: HHS Policy for Section 508 Electronic and Information Technology (E&IT) (January 2005): http://www.hhs.gov/od/Final_Section_508_Policy.html HHS Section 508 Web site: http://508.hhs.gov/ HHS ASPA Web Communications Division Web site: http://www.hhs.gov/web/policies/index.html US General Services Administration (GSA) Section 508 Web site: http://www.section508.gov/index.cfm NIH/CC SECURITY - CONTRACT PROVISION September 29, 2009 (rev 12/22/2009) NIH INFORMATION SECURITY THE FOLLOWING MATERIAL IS APPLICABLE TO DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) TASK ORDERS FOR WHICH CONTRACTOR/SUBCONTRACTOR PERSONNEL WILL (1) DEVELOP, (2) HAVE THE ABILITY TO ACCESS, OR (3) HOST AND/OR MAINTAIN A FEDERAL INFORMATION SYSTEM(S). For more information, see HHS Information Security Program Policy at: http://www.hhs.gov/ocio/policy/2004-0002.001.html#intro. If the SOW requires Hardware the following must be included (1) IT equipment procurement requests (servers, desktops, laptops, Blackberries, PDAs, data storage devices, and all information processing equipment) For more information see: • All IT equipment procurement requests (servers, desktops, laptops, Blackberries, PDAs, data storage devices, and all information processing equipment) must be reviewed by the IC CIO or designee to insure that they conform to HHS, NIH, and Institute and Center (IC) standards before procurement approval is granted. NIH Initial Security Configuration Policy http://irm.cit.nih.gov/security/sec_policy.html#Acq Pursuant to Federal and HHS Information Security Program Policies the contractor and any subcontractor performing under this task order shall comply with the following requirements: a. Federal Information Security Management Act of 2002 (FISMA), Title III, E-Government Act of 2002, Pub. L. No. 107-347 (Dec. 17, 2002); http://csrc.nist.gov/drivers/documents/FISMA-final.pdf b. OMB Memorandum M-06-15, Safeguarding Personally Identifiable c. Information (05-22-06): http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf d. OMB Memorandum M-06-16, Protection of Sensitive Agency Information (06-23-06): e. http://www.whitehouse.gov/OMB/memoranda/fy2006/m06-16.pdf f. OMB Memorandum M-06-19, Safeguarding Against and Responding to the Breach of Personally Identifiable Information: http://www.whitehouse.gov/omb/memoranda/fy2006/m06-19.pdf g. Guide for Identifying Sensitive Information, including Information in Identifiable Form, http://ocio.nih.gov/security/NIH_Sensitive_Info_Guide.doc h. OMB Memorandum M-07-16, Protection of Sensitive Agency Information. http://www.whitehouse.gov/omb/assets/omb/memoranda/fy2007/m07-16.pdf i. Homeland Security Presidential Directive/HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors (08-27-04): http://www.whitehouse.gov/news/releases/2004/08/print/20040827-8.html j. OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 - Policy for a Common Identification Standard for Federal Employees and Contractors (08-05-05): http://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf k. Federal Information Processing Standards Publication (FIPS PUB) 201-1 (Updated June 26, 2006): http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf l. HHS Interim Policy: Contractual Implementation of Homeland Security Presidential Directive (HSPD) 12, Policy for a Common Identification Standard for Federal Employees and Contractors [Draft] Include Sections A through G in all contracts A. INFORMATION TYPE **** (NOTE: Based on information provided by the ISSO, PO, and Privacy Officer, select the appropriate general information type(s) below, and provide the specific type of information.) **** [ ] Administrative, Management and Support Information: **** (NOTE: If the above box is checked, the specific type(s) of information from NIST SP 800-60, Volume II: Appendices to Guide for Mapping Types of Information and Information Systems To Security Categories, APPENDIX C, Table 3, at http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V2-final.pdf must be inserted here. This information will be provided by the IC ISSO and/or Project Officer) **** [ X ] Mission Based Information: **** (NOTE: If the above box is checked, the specific type(s) of information from NIST SP 800-60, Volume II: Appendices to Guide For Mapping Types Of Information and Information Systems To Security Categories, APPENDIX D, Table 5, D.14.5 Health Care Research and Practitioner Education Information Type Health Care Research and Practitioner Education fosters advancement in health discovery and knowledge. This includes developing new strategies to handle diseases; promoting health knowledge advancement; identifying new means for delivery of services, methods, decision models and practices; making strides in quality improvement; managing clinical trials and research quality; and providing for practitioner education. B. SECURITY CATEGORIES AND LEVELS **** (NOTE: Based on information provided by the ISSO and Project Officer, select the Security Level for each Security Category. Select the Overall Security Level which is the highest level of the three factors (Confidentiality, Integrity and Availability). NIST SP 800-60, Volume II: Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories, Appendices C and D contain suggested Security Levels for Each Information Type at http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V2-final.pdf For additional information and assistance for completion of this item, see Table 1, Security Categorization of Federal Information and Information Systems at: http://irm.cit.nih.gov/security/table1.htm )**** Confidentiality Level: [X ] Low [ ] Moderate [ ] High Integrity Level: [ ] Low [ X ] Moderate [ ] High Availability Level: [ X ] Low [ ] Moderate [ ] High Overall Level: [ ] Low [ X ] Moderate [ ] High Include sections R through T in all contracts C. SPECIAL INFORMATION SECURITY REQUIREMENTS FOR FOREIGN CONTRACTORS/SUBCONTRACTORS When foreign contractors/subcontractors perform work under this acquisition at non-US Federal Government facilities, provisions of HSPD-12 do NOT apply. D. REFERENCES: INFORMATION SECURITY INCLUDING PERSONALLY IDENTIFIABLE INFORMATION (1) Federal Information Security Management Act of 2002 (FISMA), Title III, E-Government Act of 2002, Pub. L. No. 107-347 (Dec. 17, 2002); http://csrc.nist.gov/drivers/documents/FISMA-final.pdf (2) DHHS Personnel Security/Suitability Handbook: http://www.knownet.hhs.gov/acquisition/pssh.pdf (3) NIH Computer Security Awareness Course: http://irtsectraining.nih.gov/ (4) NIST Special Publication 800-16, Information Technology Security Training Requirements: http://csrc.nist.gov/publications/nistpubs/800-16/800-16.pdf Appendix A-D: http://csrc.nist.gov/publications/nistpubs/800-16/AppendixA-D.pdf (5) NIST SP 800-18, Guide for Developing Security Plans for Information Technology Systems: http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf (6) NIST SP 800-53, Revision 1, Recommended Security Controls for Federal Information Systems: http://www.csrc.nist.gov/publications/drafts/800-53-rev1-ipd-clean.pdf (7) NIST SP 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories, Volume I: http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V1-final.pdf; Volume II, Appendices to Guide For Mapping Types of Information and Information Systems To Security Categories, Appendix C at: http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V2-final.pdf and Appendix D at: http://csrc.nist.gov/publications/nistpubs/800-60/SP800-60V2-final.pdf. (8) NIST SP 800-64, Security Considerations in the Information System Development Life Cycle: http://csrc.nist.gov/publications/nistpubs/800-64/NIST-SP800-64.pdf (9) FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems: http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf (10) FIPS PUB 200, Minimum Security Requirements for Federal Information and Information Systems: http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf (11) OMB Memorandum M-06-15, Safeguarding Personally Identifiable Information (05-22-06): http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf (12) OMB Memorandum M-06-16, Protection of Sensitive Agency Information (06-23-06): http://www.whitehouse.gov/OMB/memoranda/fy2006/m06-16.pdf (13) OMB Memorandum M-06-19, Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments (07-12-06) http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-19.pdf (14) OMB Memorandum, Recommendations for Identity Theft Related Data Breach Notification (09-20-06) http://www.whitehouse.gov/omb/memoranda/fy2006/task_force_theft_memo.pdf (15) OMB Memorandum M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information (05-22-07) http://www.whitehouse.gov/omb/memoranda/fy2007/m07-16.pdf (16) OMB Memorandum M-07-18, Ensuring New Acquisitions Include Common Security Configurations (06-01-07) http://www.whitehouse.gov/omb/memoranda/fy2007/m07-18.pdf (17) Guide for Identifying Sensitive Information, including Information in Identifiable Form, at the NIH ( 04-18-2008) (http://irm.cit.nih.gov/security/NIH_Sensitive_Info_Guide.doc (18) HHS OCIO Policies http://www.hhs.gov/ocio/policy/index.html#Security (19) NIH Privacy Awareness Course: http://irtsectraining.nih.gov/ E. REFERENCES: PHYSICAL ACCESS SECURITY (1) HHS Information Security Program Policy: http://intranet.hhs.gov/infosec/docs/policies_guides/ISPP/Information_Security_Program_Policy.pdf (2) Homeland Security Presidential Directive/HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors (08-27-04): http://www.whitehouse.gov/news/releases/2004/08/print/20040827-8.html (3) OMB Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 - Policy for a Common Identification Standard for Federal Employees and Contractors (08-05-05): http://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf (4) OMB Memorandum M-07-06, Validating and Monitoring Agency Issuance of Personal Identity Verification Credentials (01-11-07): http://www.whitehouse.gov/omb/memoranda/fy2007/m07-06.pdf (5) Federal Information Processing Standards Publication (FIPS PUB) 201-1 (Updated June 26, 2006): http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf (6) HHS Interim Policy: Contractual Implementation of Homeland Security Presidential Directive (HSPD) 12, Policy for a Common Identification Standard for Federal Employees and Contractors [Draft] http://www.hhs.gov/oamp/policies/hspd12contractguide.doc (7) HHS Office of Security and Drug Testing, Personnel Security/Suitability Handbook (02-01-05): http://www.hhs.gov/oamp/policies/personnel_security_suitability_handbook.html (8) HHSAR 307.7106, Statement of Work (SOW); HHSAR 307.7108 in new coverage as of 02-01-07: http://knownet.hhs.gov/acquisition/hhsar/Default.htm (9) Federal Acquisition Regulation (FAR) 37.602, Performance Work Statement (PWS): http://acquisition.gov/far/current/html/Subpart%2037_6.html#wp1074648 (10) FAR Subpart 4.13, Personal Identity Verification of Contractor Personnel: http://acquisition.gov/far/current/html/Subpart%204_13.html#wp1074125 (11) FAR 52.204-9, Personal Identity Verification of Contractor Personnel [clause]: http://acquisition.gov/far/current/html/52_200_206.html#wp1139617 Include Section V in all acquisitions that require Hardware purchases F. Federal Desktop Core Configuration (FDCC) and Federal Information Processing 201 Security Requirements • The Contractor shall ensure new systems are configured with the applicable Federal Desktop Core Configuration (FDCC) (http://nvd.nist.gov/fdcc/download_fdcc.cfm)[1][1] and applicable configurations from http://checklists.nist.gov, as jointly identified by the OPDIV/STAFFDIV Contracting Officer's Technical Representative (COTR) and the CISO. • The Contractor shall ensure hardware and software installation, operation, maintenance, update, and/or patching will not alter the configuration settings specified in: (a) the FDCC (http://nvd.nist.gov/fdcc/index.cfm); and (b) other applicable configuration checklists as referenced above. • The Contractor shall ensure applications are fully functional and operate correctly on systems configured in accordance with the above configuration requirements. • The Contractor shall ensure applications designed for end users run in the standard user context without requiring elevated administrative privileges. • FIPS 201-compliant, Homeland Security Presidential Directive 12 (HSPD-12) card readers shall: (a) be included with the purchase of servers, desktops, and laptops; and (b) comply with FAR Subpart 4.13, Personal Identity Verification. In accordance with HHS-OCIO-2008-0004.001S "Standard Security Language Configuration in HHS Contracts", all NIH purchases of servers, desktops, and laptops shall include a Federal Information Processing Standard 201 (FIPS-201)-compliant smartcard reader. A list of approved FIPS-201 compliant devices may be found at http://www.idmanagement.gov/drilldown.cfm?action=gov_app_products. As standards-compliant smartcard readers may not be available from all sources, or may be more cheaply acquired and provisioned separately, IC information technology staff must review the status of emerging NIH standards for compliant peripheral devices, keyboards, card readers, etc. before making purchases. By 01/01/2011, all systems joined to the NIH network or otherwise brought into production use must be provisioned with a FIPS-201 compliant PIV card reader. • The Contractor shall ensure that all of its subcontractors (at all tiers) comply with the above requirements Include Section W in all acquisitions used in patient care or patient care settings G. Data and System Interoperability Compliance Standards Executive Order 13410 - Promoting Quality and Efficient Health Care in Federal Government Administered or Sponsored Health Care Programs http://www.whitehouse.gov/news/releases/2006/08/20060822.html requires that any system that is used in patient care or that are used in the patient care setting must comply with the CCHIT certification and that those standards are located at http://www.cchit.org. Include Section X in all IT contracts H. ELECTRONIC AND INFORMATION TECHNOLOGY ACCESSIBILITY (January2008) Pursuant to Section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d), as amended by the Workforce Investment Act of 1998, all electronic and information technology (EIT) products and services developed, acquired, maintained, and/or used under this contract/order must comply with the "Electronic and Information Technology Accessibility Provisions" set forth by the Architectural and Transportation Barriers Compliance Board (also referred to as the "Access Board") in 36 CFR part 1194. Information about Section 508 provisions is available at http://www.section508.gov The complete text of Section 508 Final provisions can be accessed at http://www.accessboard.gov/sec508/provisions.htm. The Section 508 standards applicable to this contract/order are identified in the Statement of Work. The contractor must provide a written Section 508 conformance certification due at the end of each order/contract exceeding $100,000 when the order/contract duration is one year or less. If it is determined By the Government that EIT products and services provided by the Contractor do not conform to the described accessibility in the Product Assessment Template, remediation of the products and/or services to the level of conformance specified in the vendor's Product Assessment Template will be the responsibility of the Contractor at its own expense. In the event of a modification(s) to the contract/order, which adds new EIT products and services or revised the type of, or specifications for, products and services the Contractor is to provide, including EIT deliverables such as electronic documents and reports, the Contracting Officer may require that the contractor submit a completed HHS Section 508 Product Assessment Template to assist the Government in determining that the EIT products and services support Section 508 accessibility requirements. Instructions for documenting accessibility via the HHS Section 508 Product Assessment Template may be found at http://508.hhs.gov. [(End of HHSAR 352.270-19(b)] Prior to the Contracting Officer exercising an option for a subsequent performance period/additional quantity or adding increment funding for a subsequent performance period under this contract, as applicable, the Contractor must provide a Section 508 Annual Report to the Contracting Officer and Contracting Officer's Technical Representative (also known as Project Officer or Contracting Officer's Representative). Unless otherwise directed by the Contracting Officer in writing, the Contractor shall provide the cited report in accordance with the following schedule. Instructions for completing the report are available at: http://508.hhs.gov. under the heading Vendor Information and Documents. The Contractor's failure to submit a timely and properly completed report may jeopardize the Contracting Officer's exercising an option or adding incremental funding, as applicable. Schedule for Contractor Submission of Section 508 Annual Report: [End of HHSAR 352.270-19(c)] 1) PRIVACY ACT- FAR 52.224-1 Privacy Act Notification (Apr 1984) The Contractor will be required to design, develop, or operate a system of records on individuals, to accomplish an agency function subject to the Privacy Act of 1974, Public Law 93-579, December 31, 1974 (5 U.S.C. 552a) and applicable agency regulations. Violation of the Act may involve the imposition of criminal penalties. FAR 52.224-2 Privacy Act (April 1984) (a) The Contractor agrees to- (1) Comply with the Privacy Act of 1974 (the Act) and the agency rules and regulations issued under the Act in the design, development, or operation of any system of records on individuals to accomplish an agency function when the contract specifically identifies- (i) The systems of records; and (ii) The design, development, or operation work that the contractor is to perform; (2) Include the Privacy Act notification contained in this contract in every solicitation and resulting subcontract and in every subcontract awarded without a solicitation, when the work statement in the proposed subcontract requires the redesign, development, or operation of a system of records on individuals that is subject to the Act; and (3) Include this clause, including this paragraph (3), in all subcontracts awarded under this contract which requires the design, development, or operation of such a system of records. (b) In the event of violations of the Act, a civil action may be brought against the agency involved when the violation concerns the design, development, or operation of a system of records on individuals to accomplish an agency function, and criminal penalties may be imposed upon the officers or employees of the agency when the violation concerns the operation of a system of records on individuals to accomplish an agency function. For purposes of the Act, when the contract is for the operation of a system of records on individuals to accomplish an agency function, the Contractor is considered to be an employee of the agency. (c)(1) "Operation of a system of records," as used in this clause, means performance of any of the activities associated with maintaining the system of records, including the collection, use, and dissemination of records. (2) "Record," as used in this clause, means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and that contains the person's name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a fingerprint or voiceprint or a photograph. (3) "System of records on individuals," as used in this clause, means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. 2) Personal Identity Verification of Contractor Personnel FAR 52.204-9 (SEPT 2007) (a) The Contractor shall comply with agency personal identity verification procedures identified in the contract that implement Homeland Security Presidential Directive-12 (HSPD-12), Office of Management and Budget (OMB) guidance M-05-24 and Federal Information Processing Standards Publication (FIPS PUB) Number 201. (b) The Contractor shall insert this clause in all subcontracts when the subcontractor is required to have routine physical access to a Federally-controlled facility and/or routine access to a Federally- controlled information system. 3) EMPLOYMENT ELIGIBILITY VERIFICATION FAR 52.222-54 (JAN 2009) (a) Definitions. As used in this clause- "Commercially available off-the-shelf (COTS) item"- (1) Means any item of supply that is- (i) A commercial item (as defined in paragraph (1) of the definition at 2.101); (ii) Sold in substantial quantities in the commercial marketplace; and (iii) Offered to the Government, without modification, in the same form in which it is sold in the commercial marketplace; and (2) Does not include bulk cargo, as defined in section 3 of the Shipping Act of 1984 (46 U.S.C. App. 1702), such as agricultural products and petroleum products. Per 46 CFR 525.1 (c)(2), "bulk cargo" means cargo that is loaded and carried in bulk onboard ship without mark or count, in a loose unpackaged form, having homogenous characteristics. Bulk cargo loaded into intermodal equipment, except LASH or Seabee barges, is subject to mark and count and, therefore, ceases to be bulk cargo. "Employee assigned to the contract" means an employee who was hired after November 6, 1986, who is directly performing work, in the United States, under a contract that is required to include the clause prescribed at 22.1803. An employee is not considered to be directly performing work under a contract if the employee- (1) Normally performs support work, such as indirect or overhead functions; and (2) Does not perform any substantial duties applicable to the contract. "Subcontract" means any contract, as defined in 2.101, entered into by a subcontractor to furnish supplies or services for performance of a prime contract or a subcontract. It includes but is not limited to purchase orders, and changes and modifications to purchase orders. "Subcontractor" means any supplier, distributor, vendor, or firm that furnishes supplies or services to or for a prime Contractor or another subcontractor. "United States", as defined in 8 U.S.C. 1101(a)(38), means the 50 States, the District of Columbia, Puerto Rico, Guam, and the U.S. Virgin Islands. (b) Enrollment and verification requirements. (1) If the Contractor is not enrolled as a Federal Contractor in E-Verify at time of contract award, the Contractor shall- (i) Enroll. Enroll as a Federal Contractor in the E-Verify program within 30 calendar days of contract award; (ii) Verify all new employees. Within 90 calendar days of enrollment in the E-Verify program, begin to use E-Verify to initiate verification of employment eligibility of all new hires of the Contractor, who are working in the United States, whether or not assigned to the contract, within 3 business days after the date of hire (but see paragraph (b)(3) of this section); and (iii) Verify employees assigned to the contract. For each employee assigned to the contract, initiate verification within 90 calendar days after date of enrollment or within 30 calendar days of the employee's assignment to the contract, whichever date is later (but see paragraph (b)(4) of this section). (2) If the Contractor is enrolled as a Federal Contractor in E-Verify at time of contract award, the Contractor shall use E-Verify to initiate verification of employment eligibility of- (i) All new employees. (A) Enrolled 90 calendar days or more. The Contractor shall initiate verification of all new hires of the Contractor, who are working in the United States, whether or not assigned to the contract, within 3 business days after the date of hire (but see paragraph (b)(3) of this section); or (B) Enrolled less than 90 calendar days. Within 90 calendar days after enrollment as a Federal Contractor in E-Verify, the Contractor shall initiate verification of all new hires of the Contractor, who are working in the United States, whether or not assigned to the contract, within 3 business days after the date of hire (but see paragraph (b)(3) of this section); or (ii) Employees assigned to the contract. For each employee assigned to the contract, the Contractor shall initiate verification within 90 calendar days after date of contract award or within 30 days after assignment to the contract, whichever date is later (but see paragraph (b)(4) of this section). (3) If the Contractor is an institution of higher education (as defined at 20 U.S.C. 1001(a)); a State or local government or the government of a Federally recognized Indian tribe; or a surety performing under a takeover agreement entered into with a Federal agency pursuant to a performance bond, the Contractor may choose to verify only employees assigned to the contract, whether existing employees or new hires. The Contractor shall follow the applicable verification requirements at (b)(1) or (b)(2) respectively, except that any requirement for verification of new employees applies only to new employees assigned to the contract. (4) Option to verify employment eligibility of all employees. The Contractor may elect to verify all existing employees hired after November 6, 1986, rather than just those employees assigned to the contract. The Contractor shall initiate verification for each existing employee working in the United States who was hired after November 6, 1986, within 180 calendar days of- (i) Enrollment in the E-Verify program; or (ii) Notification to E-Verify Operations of the Contractor's decision to exercise this option, using the contact information provided in the E-Verify program Memorandum of Understanding (MOU). (5) The Contractor shall comply, for the period of performance of this contract, with the requirements of the E-Verify program MOU. (i) The Department of Homeland Security (DHS) or the Social Security Administration (SSA) may terminate the Contractor's MOU and deny access to the E-Verify system in accordance with the terms of the MOU. In such case, the Contractor will be referred to a suspension or debarment official. (ii) During the period between termination of the MOU and a decision by the suspension or debarment official whether to suspend or debar, the Contractor is excused from its obligations under paragraph (b) of this clause. If the suspension or debarment official determines not to suspend or debar the Contractor, then the Contractor must reenroll in E-Verify. (c) Web site. Information on registration for and use of the E-Verify program can be obtained via the Internet at the Department of Homeland Security Web site: http://www.dhs.gov/E-Verify. (d) Individuals previously verified. The Contractor is not required by this clause to perform additional employment verification using E-Verify for any employee- (1) Whose employment eligibility was previously verified by the Contractor through the E-Verify program; (2) Who has been granted and holds an active U.S. Government security clearance for access to confidential, secret, or top secret information in accordance with the National Industrial Security Program Operating Manual; or (3) Who has undergone a completed background investigation and been issued credentials pursuant to Homeland Security Presidential Directive (HSPD)-12, Policy for a Common Identification Standard for Federal Employees and Contractors. (e) Subcontracts. The Contractor shall include the requirements of this clause, including this paragraph (e) (appropriately modified for identification of the parties), in each subcontract that- (1) Is for- (i) Commercial or noncommercial services (except for commercial services that are part of the purchase of a COTS item (or an item that would be a COTS item, but for minor modifications), performed by the COTS provider, and are normally provided for that COTS item); or (ii) Construction; (2) Has a value of more than $3,000; and (3) Includes work performed in the United States.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/HHS/NIH/CCOPC/185671/listing.html)
 
Record
SN02374496-W 20110209/110207234245-86046ceb6e49cdceb02b666426714e24 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.