Oral History Services
Type of document: Contract Notice
Country: United States
Oral History Services
Corporation for National and Community Service
1201 New York Avenue, NW Washington DC 20525
Willie A. Marbury, Email firstname.lastname@example.org
Solicitation Number: CNSHQ17R0002
Notice Type: Combined Synopsis/Solicitation
This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will not be issued.
The solicitation number is CNSHQ17R0002 and is issued as a Request for Proposal (RFP). Under this requirement, the Corporation for National and Community Services-Office of Procurement Services (CNCS-OPS) intends to award a commercial, firm fixed price contract.
This solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-95. The applicable North American Industry Classification Standard (NAICS) code is 541611. The small business size standard is $15.0 million. This acquisition is unrestricted. CNCS-OPS intends to purchase the below contract line items:
Please see attached pricing sheet for CLIN Structure.
The period of performance shall be Twelve (12) months from the date of award.
The requirements of this combined synopsis/solicitation are for Oral History Project services for The Office of Research and Evaluation (OR&E) as stated in the Statement of Work.
The provision at FAR 52.212-1, Instructions to Offerors Commercial Items, applies to this acquisition and is incorporated by reference. FAR 52.212-2, Evaluation-Commercial Items, applies to this acquisition and paragraph (a) is completed as follows: The following factors shall be used to evaluate offers: Lowest Price Technically Acceptable (LPTA). Offerors shall include a completed copy of the provision at FAR 52.212-3, Offeror Representations and Certifications Commercial Items, with their offer. Also in accordance with the clause, all prospective offerors must be actively registered in the System for Awards Management (SAM) prior to award. The clause at FAR 52.212-4, Contract Terms and Conditions-Commercial Items applies to this acquisition and is incorporated by reference. The following clauses cited within FAR 52.212-5 Contract Terms and Conditions Required to Implement Statutes or Executive Orders–Commercial Items, apply:
CLAUSE NO CLAUSE TITLE DATE
52.233-4 Applicable Law for Breach of Contract Claim Oct-04
52.237-2 Protection of Government Buildings, Equipment, and Vegetation Apr-84
52.239-1 Privacy and Security Safeguards Aug-96
52.242-15 Stop Work Order Aug-89
52.217-8 Option to Extend Services Nov-99
52.249-8 Option to Extend the Term of the Contract
Contractor Employee Whistleblower Rights and Requirement to Inform Employees of Whistleblower Rights
Evaluation of Options
Termination for Convenience of the Government (Fixed-Price)
Default (Fixed-Price Supply and Service) Mar-00
Authorization to Use Government Supply Sources
System for Award Management.
Equal Opportunity Apr-84
The following local clauses will be inclusive of the Purchase Order, in full text:
a. CNS 4552.201-70- Contracting Officer’s Authority (April 2014);
The Contracting Officer is the only person authorized to make or approve any changes in any of the requirements of this contract and notwithstanding any provisions contained elsewhere in this contract, the said authority remains solely in the Contracting Officer. In the event the Contractor makes any changes at the direction of any person other than the Contracting Officer, the change will be considered to have been made without authority and no adjustment will be made in the contract terms and conditions, including price.
b. 1352.201-71 – Contracting Officer’s Representative (COR) (April 2014); and
a. The Contracting Officer’s Representative (COR) may be changed at any time by the Government without prior notice to the Contractor by a unilateral modification to the Contract.
b. The responsibilities and limitations of the COR are as follows:
(1) The COR is responsible for the technical aspects of the project and serves as technical liaison with the Contractor. The COR is also responsible for the final inspection and acceptance of all reports, and such other responsibilities as may be specified in the contract.
(2) The COR is not authorized to make any commitments or otherwise obligate the Government or authorize any changes which affect the Contract price, terms or conditions. Any Contractor request for changes shall be referred to the Contracting Officer directly or through the COR. No such changes shall be made without the expressed prior authorization of the Contracting Officer (CO.) The CO may designate assistant or alternate COR(s) to act for the COR by naming such assistant/alternate(s) in writing and transmitting a copy of such designation to the Contractor.
c. CNS 4552.232-001 Internet Payment Platform System (IPP) – IPP-001 (June 2013).
The Contractor will be required to submit their invoice through the U.S. Department of Treasury’s Invoice Processing Platform (IPP) System.
Payment requests must be submitted electronically through the U.S. Department of the Treasury’s Invoice Processing Platform (IPP) System. “Payment request” means any request for contract financing payment or invoice payment by the Contractor. To constitute a proper invoice, the payment request must comply with the requirements identified in the applicable Prompt Payment clause included in the contract, or the clause 52.212-4 Contract Terms and Conditions – Commercial Items included in commercial item contracts. The IPP website address is
The Contractor must use the IPP website to enroll, access, and use IPP for submitting requests for payment. The Contractor Government Business Point of Contact (as listed in the System for Award Management [SAM]) will receive enrollment instructions via email from the Federal Reserve Bank of Boston (FRBB) within three to five business days of the contract award date. Contractor assistance with enrollment can be obtained by contacting the IPP Production Helpdesk via email email@example.com or phone (866) 973-3131. If the Contractor is unable to comply with the requirement to use IPP for submitting invoices for payment, the Contractor must submit a waiver request in writing to the Contracting Officer.
Prior to final invoice payment, the Contractor will be required to sign a Release of Claims document per FAR Part 52.232-7 (g) Assignment and Release of Claims. The Contractor, and each assignee under an assignment entered into under this contract and in effect at the time of final payment under this contract, shall execute and deliver, at the time of and as a condition precedent to final payment under this contract, a release discharging the Government, its officers, agents and employees of and from all liabilities, obligations, and claims arising out of or under this contract.
[END OF CLAUSES]
Section 508 Compliance:
CNCS is required by Section 508 of the Rehabilitation Act of 1973, as amended (29 U.S.C. 794d), to offer access to electronic and information technology for disabled individuals within its employ, and for disabled members or the public seeking information and services. This access must be comparable to that which is offered to similar individuals who do not have disabilities. Standards for complying with this law are prescribed by the US Access Board.
The current deliverable(s) must incorporate these standards, as well as any agency specific standards developed by CNCS. The attached technical description contains further information on how this is to be done. Your response to the solicitation should contain documentation of your compliance with these standards. However, the Contracting Officer may request additional technical documentation, if necessary, to make this determination.
The final work product must include documentation that the deliverable conforms with the Section 508 Standards promulgated by the US Access Board.
In the event of a dispute between you and CNCS, then CNCS’s assessment of the Section 508 compliance will control and you will need to make any additional changes needed to conform with CNCS’s assessment, at no additional charge to CNCS.
If you need more information about Section 508 Compliance: Reference the following link for detailed information
Safeguarding of Sensitive Data:
Vendor will maintain Personal Identifiable Information in a secure manner throughout the period of performance, then pass on to designated CNCS staff at the time of the final report, and destroy it in a secure manner at the end of the period of performance.
R. Intellectual Property:
All quoters developed processes, procedures, data sets and other forms of intellectual property created during this contract shall be the property of the Government. All publication rights shall remain with the Government.
• All documentation and electronic data and information collected by the Quoter and generated in support of this contract shall be Government property, and shall be returned to the Government at the end of the performance period or when specified in the Task order.
SECURITY REQUIREMENTS, Version 9.0, April 2016:
1. PERSONNEL SECURITY AND PRIVACY REQUIREMENTS
PERSONNEL SECURITY REQUIREMENTS
The Government anticipates that the work to be performed under this contract will involve access to sensitive but unclassified materials (now known as “Controlled Unclassified Information” (CUI) in accordance with Executive Order 13556, 2010-28360) and non-sensitive materials. CUI may include, but is not limited to, computer systems and information, Privacy Act protected information, Personally Identifiable Information (PII), and CNCS proprietary information. The Contractor is responsible for complying with all CNCS policies and procedures, 5 U.S.C. § 552a (The Privacy Act of 1974), and all laws; directives; requirements; Executive Orders and Office of Management and Budget (OMB) Memoranda; and guidance for Federal information systems; and must ensure that its subcontractors (at all tiers) comply.
Prior to gaining access to CNCS’s information, systems, or secured physical space, individuals must meet CNCS Personnel Security background investigation requirements. Depending on position risk, as determined by CNCS, these requirements may include the following:
(1) A background investigation (initiated by CNCS);
(2) A commercial background investigation (initiated by CNCS or the individual’s company to CNCS’s standards);
(3) Criminal history record information via a fingerprint check; and
(4) Drug Testing
These requirements may change at the discretion of CNCS, and access to individuals may be denied at any point.
The Contractor will bear the cost of obtaining and sustaining the background investigations. The Contractor must state within the proposal the number of individuals who will be assigned to this effort, with the type of completed background investigation they hold. It is the responsibility of the Contractor to provide the individuals with the required background investigation needed to complete the work.
The fact that the Government performs security investigations for contractor employees shall not in any manner relieve the Contractor of its responsibility to ensure that all personnel furnished are reliable and of reputable background and sound character.
In addition, all individuals must complete security/privacy awareness training and any other trainings applicable and specified by CNCS before access to CNCS information or information systems is granted. Individuals must provide signed approval of the related Rules of Behavior as validation of required training completion.
This privacy clause must be included in Statements of Work that include the design, development, or operation of a system of records that receives, processes, transmits, or retains PII. The Contractor must ensure that its subcontractors (at all tiers) performing work under this contract comply with all privacy requirements.
a. The Contractor will be required to design, develop, or operate a system of records to accomplish a CNCS function subject to requirements/recommendations 0including 5 U.S.C. § 552a (The Privacy Act of 1974); all applicable CNCS policies and procedures; Executive Orders and Office of Management and Budget (OMB) Memoranda; and laws, directives, requirements, and guidance for Federal information systems. Violation of 5 U.S.C. § 552a (The Privacy Act of 1974) may involve the imposition of criminal penalties.
b. The Contractor must state within the proposal how it will protect privacy information.
c. The Contractor agrees to:
(1) Comply with all requirements in item (a) above in the design, development, or operation of any system of records to accomplish an agency function when the contract specifically identifies:
(i) the systems of records; or
(ii) the design, development, or operation a contractor is to perform which involves a system of records
(2) Include the Privacy Act notification contained in this contract in every solicitation and resulting subcontract and in every subcontract awarded without a solicitation, when the work statement in the proposed subcontract requires the design, development, or operation of a system of records that is subject to all requirements in item 1.2(a) above; and
(3) Include this clause – including this subparagraph (3) – in all subcontracts awarded under this contract which require the design, development, or operation of such a system of records.
d. In the event of violations of all requirements in item (a) above, a civil action may be brought against the Contractor when the violation concerns the design, development, or operation of a system of records to accomplish a CNCS function, and criminal penalties may be imposed upon the officers or employees of CNCS when the violation concerns the operation of a system of records to accomplish a CNCS function. When the contract is for the operation of a system of records to accomplish a CNCS function or when the contract involves the protection of any PII, the Contractor and any employee of the Contractor is considered to be an employee of CNCS.
DEFINITIONS. AS USED IN THIS PROVISION:
(1) “Operation of a system of records” means performance of any of the activities associated with maintaining the system of records, including the collection, use, and dissemination of records.
(2) “Record” means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history that contains the person’s name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a fingerprint or voiceprint or a photograph.
(3) “System of records” is an information system from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.
2. SYSTEM SECURITY REQUIREMENTS
The Contractor shall be responsible for information technology (IT) security based on requirements/recommendations including 5 U.S.C. § 552a (The Privacy Act of 1974); all applicable CNCS policies and procedures; Executive Orders and Office of Management and Budget (OMB) Memoranda; and laws, directives, requirements, and guidance for Federal information systems. This clause is applicable to CNCS information and information systems that support the mission of CNCS.
The Contractor is responsible for complying with all CNCS policies and procedures and all laws; directives; requirements; Executive Orders and Office of Management and Budget (OMB) Memoranda; and guidance for Federal information systems and shall ensure that its subcontractors (at all tiers) performing work under this contract comply with all security requirements.
a. Information System Security Officer (ISSO). The Contractor is responsible for providing an individual to be appointed as the ISSO. The ISSO must have expertise including system security, continuous monitoring, and security assessments.
b. Configuration Baselines/Security Configurations. The Contractor must configure its systems that contain CNCS data in accordance with configuration requirements including the applicable United States Government Configuration Baseline (USGCB) and security configurations available from the National Institute of Standards and Technology’s (NIST) National Checklist Program Repository. In addition, the Contractor must ensure implementation and maintenance of the latest updates/patches; anti-virus and vulnerability information/signatures; and other flaw and security issue remediation.
c. Cryptographic Modules. The Contractor must use Federal Information Processing Standard (FIPS) compliant encryption to protect data and information systems.
d. Statutory and Regulatory Requirements – The Contractor must comply with all requirements in the paragraph above including the CNCS Cybersecurity Policy, which lists in detail the requirements for Federal information systems.
e. Reporting Requirements. The contractor shall immediately report and handle, as tasked, any threats, incidents, potential incidents/events, and any other hazards to the integrity, availability, and confidentiality of CNCS data and/or information systems and in compliance with requirements and procedures defined in the CNCS Incident Response Plan and any other relevant system documentation.
f. Non-Disclosure. The Contractor and any subcontractor must not publish or disclose in any manner the data/information to which the Contractor will have access as a result of this contract, as this is the sole property of CNCS. Contractors/subcontractors may be held responsible for any violations of confidentiality.
g. Access. The Contractor must provide CNCS, including CNCS’s Office of Inspector General, with access to the Contractor’s and Subcontractors’ facilities, installations, operations, documentation, databases, and personnel used in the performance of the contract.
h. Data Compartmentalization, Protection, and Retention. To maintain and protect the confidentiality, integrity, and availability of CNCS information, the Contractor shall ensure appropriate and required security and privacy controls for CNCS data/information including compartmentalization; FIPS-compliant encryption; and retention, in accordance with approved retention schedule(s).
i. Employee Termination. The Contractor shall immediately notify the COR when an employee plans to terminate employment or an employee is removed from the contract. The proper exit forms must be completed by the Contractor or the COR before the employee stops working on the contract.
j. Contract Termination. Failure on the part of the Contractor to comply with the terms of this clause may result in termination of this contract.
3. APPLICATION DEVELOPMENT SECURITY REQUIREMENTS
The Contractor shall be responsible for information technology (IT) security and for complying with requirements/recommendations including 5 U.S.C. § 552a (The Privacy Act of 1974); all applicable CNCS policies and procedures; Executive Orders and Office of Management and Budget (OMB) Memoranda; and laws, directives, requirements, and guidance for Federal information systems. This clause is added when design or application development is included in the Statement of Work.
The Contractor must state within the proposal a plan of how it will support the application security requirements associated with this contract and shall ensure that its subcontractors (at all tiers) that perform work under this contract comply with all security requirements. For any application developed under this contract, the Contractor must comply with the following:
a. Secure Coding. Identify the tools to be used in its software development environment to enforce secure coding. The Contractor must provide and follow a set of written secure coding guidelines that, at a minimum, indicate how code will be formatted, structured, documented, and tested and otherwise comply with CNCS Software/System Development Lifecycle (SDLC) and change management policy and procedures.
b. Configuration Management. Document in writing and via the implemented CNCS tool(s) all changes to the application baseline and all related configuration and build files. Comply with CNCS configuration management policies and procedures. Provide written secure configuration guidelines that fully describe:
(i) all security relevant configuration options and their implications for the overall security of the application
(ii) the dependencies on the supporting platform, including, but not limited to, the operating system, web server, and application server
(iii) how the options should be configured to maximize security, provided that the “pre-set” configuration of the application must be secure.
c. Distribution. Document, in writing, a build process that reliably builds a complete distribution from source. This process shall include a method for verifying the integrity of the application delivered to CNCS.
d. Disclosure. Document, in writing, any third-party software used in the application, including all libraries, frameworks, components, system privileges, and other products, whether commercial, free, open-source, or closed-source and ensure that use of such software has been formally approved by CNCS.
e. Security Controls. Comply with all requirements in the paragraph above, including the standards defined by National Institute of Standards and Technology (NIST).
(1) Implement a security test plan and provide the test results to CNCS.
(2) Document, in writing, the procedures and the framework used to conduct code security review during the application development life cycle.
(3) To the extent that such testing discloses vulnerabilities or other security issues, submit new items for inclusion in the Plan of Action and Milestones (POAM) and remediate new and existing POAM items to resolve vulnerabilities or other issues before the application is deployed in the production environment.
(4) Provide a written certification, signed by the Information Security Lead, that:
(i) the application meets the security requirements of the Contract;
(ii) all services were performed in accordance with the standard identified in the section above; and
(iii) all security issues were identified, documented in the System Security Plan (SSP) and POAM, and critical and high security issues are resolved prior to delivery.
g. Delivery and Acceptance of the Application. Once the testing required under the provisions above have been completed, the Contractor shall:
(1) Provide security documentation (created during the development process) that includes evidence that the requirements for design, implementation, and testing were properly completed;
(2) Provide written warranty that the application does not contain any code that does not support a necessary function of the application or that weakens the security of the application, including computer viruses, worms, time bombs, back doors, Trojan horses, Easter eggs, and all other forms of malicious code;
(3) Ensure the SSP is complete and updated;
(4) Participate cooperatively and fully with the required Security Assessment and Authorization (SA&A) process in accordance with NIST and CNCS requirements.
(1) Investigating Security Issues
For a period of one year after acceptance of the application, if a vulnerability or other security issue is discovered or suspected by the CNCS, or a vulnerability or other security issue comes to the attention of the Contractor by other means, the Contractor shall assist CNCS in performing an investigation to determine the nature of the vulnerability or other issue. Based on this investigation, the Contractor shall advise CNCS on the appropriate steps to mitigate the risk posed by the vulnerability or other issue.
(2) Patches and Updates
For a period of one year after acceptance of the application, the Contractor shall provide to CNCS error corrections, updates, patches, revisions, fixes, upgrades, and new releases of software included in the application. The Contractor shall warrant that: (i) all corrections, updates, patches, revisions, fixes, upgrades and new releases have been tested and validated on a test version of the application prior to distribution to CNCS; and (ii) it has verified the continued functionality of the application based on the testing and validation.
The Contractor shall ensure with CNCS approval that they are using the most current hardware/software available to support the application and/or system of record. The Contractor shall verify prior to delivery that the hardware/software listed in the SSP have not been identified by the vendor as being non-supported within one year of delivery.
(End of Provision)
The Government intends to award a firm fixed price contract resulting from this combined synopsis/solicitation. All offerors must be registered in the System for Award Management (SAM) prior to award (www.sam.gov). Quotes are being requested and a written solicitation will not be issued. Paper copies of this solicitation will not be issued and telephone requests or fax requests for the solicitation will not be accepted.
Quotes must include company name, company DUNS number, and point of contact information see attached Cover Page.
The Defense Priorities and Allocation System (DPAS) do not apply to this acquisition.
QUESTION DUE DATE: All questions shall be submitted no later than 1:00 p.m. Eastern Standard Time (EST) on Thursday, March 30, 2017 via email to Willie Marbury at firstname.lastname@example.org. Questions submitted after this date and time shall not be answered.
Proposals are due no later than 1:00 p.m. Eastern Standard Time (EST) on Monday, April 10, 2017 via email to Willie Marbury at email@example.com. Responses received after this date and time will be considered non-responsive.
Further details regarding the requirement can be found in the attachments labeled “Statement of Work, Pricing Sheet, and Evaluation Factors, and Cover Page”.