Enterprise Infrastructure Solutions (EIS)
Request for Proposals
Section F
Deliveries or Performance
Issued by:
General Services Administration
Office of Integrated Technology Services
1800 F St NW
Washington, DC 20405
October 2015
Table of Contents
F.1 FAR 52.252-2 Clauses Incorporated by Reference (FEB 1998)
F.1 FAR 52.252-2 Clauses Incorporated by Reference (FEB 1998)
This contract incorporates one or more FAR clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer (CO) will make their full text available. The full text of a clause may be accessed electronically at this address: www.acquisition.gov/far.
The clauses below apply at the contract and order levels, as applicable, depending upon the contract type of the order, or as specifically referenced in the applicable order.
Clause No. FAR Clause No. Title and Date
F.1.1 52.242-15 Stop Work Order (AUG 1989)
F.1.2 52.242-17 Government Delay of Work (APR 1984)
F.1.3 52.247-35 F.O.B. Destination Within Consignee’s Premises (APR 1984)
F.2 Deliverables
The contractor shall ensure that all deliverables meet professional standards and the requirements set forth in the contract. The contractor shall be responsible for delivering all items (as required) in accordance with the Table of Deliverables below:
F.2.1 Table of Deliverables
|
ID |
Requirement Reference |
Deliverable Description Reference |
Deliverable Name |
Frequency |
Deliver To |
|
|
1. |
Task Order Pricing Tables |
Initial: Included at task order (TO) award Update: As needed |
GSA Systems and agency |
|||
|
2. |
Price Volume |
Initial: With the proposal Update: As needed |
GSA Systems |
|||
|
3. |
Online Catalog |
Initial: Within 30 days of contract award Update: As needed |
Website – URL to be provided by contractor |
|||
|
4. |
Catalog Pricing Tables (Section B) |
Initial: Included at TO award Update: As needed |
GSA Systems and agency |
|||
|
5. |
NIST SP 800-53 R4; PL-2 |
System Security Plan (SSP) |
Initial: Within 30 days of Notice to Proceed (NTP) Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
6. |
NIST SP 800-37 R1 |
Security Assessment Boundary and Scope Document (BSD) |
Initial: Within 15 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
7. |
NIST SP 800-53 R4; CA-3 |
Information System Interconnection Security Agreements (ISA) |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
8. |
NIST SP 800-53 R4; AC-1 |
GSA NIST 800-53 R4 Control Tailoring Workbook |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
9. |
NIST SP 800-53 R4; AC-1 |
GSA NIST SP 800-53 R4 Control Summary Table |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
10. |
NIST SP 800-53 R4; PL-4 |
Rules of Behavior (RoB) |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
11. |
NIST SP 800-53 R4; CM-8 |
System Inventory |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
12. |
NIST SP 800-53 R4; CP-2 |
Contingency Plan (CP) |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
13. |
NIST SP 800-53 R4; CP-4 |
Contingency Plan Test Plan (CPTP) |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
14. |
NIST SP 800-53 R4; CP-4 |
Contingency Plan Test Report (CPTR) |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
15. |
NIST SP 800-53 R4; AR-2, AR-3 and AR-4 |
Privacy Impact Assessment (PIA) |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
16. |
NIST SP 800-53 R4; CM-9 |
Configuration Management Plan (CMP) |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
17. |
NIST SP 800-53 R4; IR-8 |
Incident Response Plan (IRP) |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
18. |
NIST SP 800-53 R4; IR-3 |
Incident Response Test Report (IPTR) |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
19. |
NIST SP 800-53 R4; SA-12 and NIST SP 800-161 |
Supply Chain Risk Management Plan (SCRM) |
Initial: With the proposal Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
20. |
NIST SP 800-53 R4; CA-7 |
Continuous Monitoring Plan |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
21. |
NIST SP 800-53 R4; CA-5 |
Plan of Action and Milestones (POA&M) |
Initial: With the Security A&A package Update: Quarterly Note: Critical and High vulnerabilities shall be updated monthly |
GSA COR/ISSO |
||
|
22. |
NIST SP 800-53 R4; CA-7 and RA-5 |
Independent internal and external penetration tests and reports |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
23. |
NIST SP 800-53 R4; SA-11 |
Code Review Report (If applicable) |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
24. |
NIST SP 800-53 R4; CA-2 |
Annual FISMA Assessment |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
||
|
25. |
NIST SP 800-53 R4; CM-6 |
SCAP Common Configuration Enumerations (CCE) Report |
Initial: With the Security A&A package Update: Monthly (end of month) |
GSA COR/ISSO |
||
|
26. |
NIST SP 800-53 R4; CM-8 |
SCAP Common Platform Enumeration (CPE) Report |
Initial: With the Security A&A package Update: Monthly (end of month) |
GSA COR/ISSO |
||
|
27. |
NIST SP 800-53 R4; CM-8 |
SCAP Common Vulnerabilities and Exposures (CVE) |
Initial: With the Security A&A package Update: Monthly (end of month) |
GSA COR/ISSO |
||
|
28. |
Site Survey Report |
As needed |
OCO |
|||
|
29. |
Inventory Summary of All Active Services |
Initial: 3 years prior to contract expiration Update: As requested by GSA |
GSA Transition Manager |
|||
|
30. |
Inventory Summary of Agency’s Active Services |
Initial: 3 years prior to contract expiration Update: As requested by agency |
OCO |
|||
|
31. |
Transition Inventory Report |
Initial: 3 years prior to contract expiration Update: Weekly (end of week) |
GSA Transition Manager |
|||
|
32. |
Transition Status Report |
Initial: 3 years prior to contract expiration Update: Monthly (end of month) |
GSA Transition Manager |
|||
|
33. |
Voluntary Product Accessibility Template |
Initial: 30 days after NTP Update: As needed |
Contractor’s public website |
|||
|
34. |
BSS Verification Test Plan |
Draft: With proposal Update: Final 30 days after NTP; others within 14 days of government request |
GSA CO |
|||
|
35. |
BSS Verification Test Results Report |
Initial: 7 days after test completion Update: As needed |
GSA CO |
|||
|
36. |
EIS Services Verification Test Plan |
Initial: With proposal Update: As needed |
GSA COR |
|||
|
37. |
Fair Opportunity Notice of Protest |
Initial: Within three business days of protest Update: As needed |
GSA CO |
||
|
38. |
Task Order Project Plan |
Initial: TO award Update: Plan change |
OCO |
||
|
39. |
BSS Development & Implementation Plan |
Initial: With proposal Update: Plan change |
GSA CO |
||
|
40. |
BSS Change Control Notification |
30 days prior to BSS changes or emergency changes |
GSA COR/ISSO/ISSM |
||
|
41. |
NIST SP 800-53 R4; CA-5 NIST SP 800-53 R4; RA-5 |
Plan of Action and Milestones (POA&M) Vulnerability scanning reports for Operating System, Web Application, and Database scans (as applicable) |
Initial: With the Security A&A package Update: Quarterly
|
GSA COR/ISSO |
|
|
42. |
NIST SP 800-53 R4; PL-2 |
BSS System Security Plan (SSP) |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
43. |
NIST SP 800-37 R1 |
Security Assessment Boundary and Scope Document (BSD) |
Initial: Within 15 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
44. |
NIST SP 800-53 R4; CA-3 |
Information System Interconnection Security Agreements (ISA) |
Initial: With the Security A&A package Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
45. |
NIST SP 800-53 R4; AC-1 |
GSA NIST 800-53 R4 Control Tailoring Workbook |
Initial: With the Security A&A package Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
46. |
NIST SP 800-53 R4; AC-1 |
GSA NIST SP 800-53 R4 Control Summary Table |
Initial: With the Security A&A package Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
47. |
NIST SP 800-53 R4; PL-4 |
Rules of Behavior (RoB) |
Initial: With the Security A&A package Update: Annually from contract award and when significant changes occur. |
GSA COR/ISSO |
|
|
48. |
NIST SP 800-53 R4; CM-8 |
System Inventory |
Initial: With the Security A&A package Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
49. |
NIST SP 800-53 R4; CP-2 |
Contingency Plan (CP) |
Initial: With the Security A&A package Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
50. |
NIST SP 800-53 R4; CP-4 |
Contingency Plan Test Plan (CPTP) |
Initial: With the Security A&A package Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
51. |
NIST SP 800-53 R4; CP-4 |
Contingency Plan Test Report (CPTR) |
Initial: With the Security A&A package Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
52. |
NIST SP 800-53 R4; AR-2, AR-3 and AR-4 |
Privacy Impact Assessment (PIA) |
Initial: With the Security A&A package Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
53. |
NIST SP 800-53 R4; CM-9 |
Configuration Management Plan (CMP) |
Initial: With the Security A&A package Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
54. |
NIST SP 800-53 R4; IR-8 |
Incident Response Plan (IRP) |
Initial: With the Security A&A package Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
55. |
NIST SP 800-53 R4; IR-3 |
Incident Response Test Report (IRTR) |
Initial: With the Security A&A package Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
56. |
NIST SP 800-53 R4; CA-7 |
Continuous Monitoring Plan |
Initial: With the Security A&A package Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
57. |
NIST SP 800-53 R4; CA-7 and RA-5 |
Independent internal and external penetration tests and reports |
Initial: Within 30 days of NTP Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
58. |
NIST SP 800-53 R4; SA-11 |
Code Review Report (If applicable) |
Initial: Prior to placing the information system into production Update: Annually from contract award and when significant changes occur |
GSA COR/ISSO |
|
|
59. |
NIST SP 800-53 R4; CA-2 |
Annual FISMA Assessment |
Annually from contract award |
GSA COR/ISSO |
|
|
60. |
NIST SP 800-53 R4; AC-1 |
Access Control Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
61. |
NIST SP 800-53 R4; AT-1 |
Security Awareness and Training Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
62. |
NIST SP 800-53 R4; AU-1 |
Audit and Accountability Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
63. |
NIST SP 800-53 R4; CA-1 |
Security Assessment and Authorization Policies and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
64. |
NIST SP 800-53 R4; CM-1 |
Configuration and Management Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
65. |
NIST SP 800-53 R4; CP-1 |
Contingency Planning Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
66. |
NIST SP 800-53 R4; IA-1 |
Identification and Authentication Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
67. |
NIST SP 800-53 R4; IR-1 |
Incident Response Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
68. |
NIST SP 800-53 R4; MA-1 |
System Maintenance Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
69. |
NIST SP 800-53 R4; MP-1 |
Media Protection Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
70. |
NIST SP 800-53 R4; PE-1 |
Physical and Environmental Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
71. |
NIST SP 800-53 R4; PL-1 |
Security Planning Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
72. |
NIST SP 800-53 R4; PS-1 |
Personnel Security Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
73. |
NIST SP 800-53 R4; RA-1 |
Risk Assessment Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
74. |
NIST SP 800-53 R4; SA-1 |
Systems and Services Acquisition Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
75. |
NIST SP 800-53 R4; SC-1 |
System and Communication Protection Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
76. |
NIST SP 800-53 R4; SI-1 |
System and Information Integrity Policy and Procedures |
Initial: Reviewed during Security A&A Update: Biennially from contract award |
GSA COR/ISSO |
|
|
77. |
Supply Chain Risk Management (SCRM) Plan |
Initial: With proposal Update: Annually from contract award |
CO/COR |
||
|
78. |
Contractor Points of Contact List |
Initial: 30 days after NTP Update: As needed |
Contractor’s public website |
||
|
79. |
Program Management Plan (PMP) |
Initial: With proposal Update: As needed |
GSA CO |
||
|
80. |
Financial Status Report |
Initial: 30 days after NTP; Update: 15th of each subsequent month |
GSA PMO |
||
|
81. |
Quarterly Program Status Reports |
Initial: 90 days after NTP Update: Quarterly (One business day prior to each Quarterly Meeting) |
GSA CO |
||
|
82. |
Customer Training Plan |
Draft: With proposal Update: 15 days after government review |
GSA COR |
||
|
83. |
NS/EP Functional Requirements Implementation Plan |
Initial: With proposal Update: Annually from contract award |
GSA COR |
||
|
84. |
Corporate Climate Risk Management Plans |
Initial: With proposal Update: As needed |
GSA CO, OCO |
||
|
85. |
Climate Change Adaptation, Sustainability, and Green Initiatives Report |
Initial: By award Update: Annually from contract award |
GSA CO, GSA COR, OCO |
||
|
86. |
Power Utilization Efficiencies (PUE) Report |
Initial: Task Order from Proposal Update: Annually |
OCO |
||
|
87. |
Three Largest Comparable Multi-Service Contracts per Service |
30 days after request |
GSA COR |
||
|
88. |
Three Largest Comparable Single-Service Contracts per Service |
30 days after request |
GSA COR |
||
|
89. |
Redacted Contract |
Initial: 30 days after award Update: Post - No later than the 12th day of each month to reflect all contract mods from previous month Provide: to GSA CO no later than 7 days |
Contractor’s public website (for posting redacted contract and mods); GSA CO (if requested) |
||
|
90. |
Key Personnel |
Initial: With proposal Update: Within 15 days of change or 30 days if clearance to be obtained |
GSA CO |
||
|
91. |
Organizational Structure |
Initial: With proposal Update: Within 30 calendar days of change |
GSA CO |
||
|
92. |
State and Local Taxes |
Report semi-annually from the date of the NTP. Request to add new taxes 30 days prior to inclusion on an invoice |
GSA CO |
||
|
93. |
Fees and Surcharges |
Report semi-annually from the date of the NTP. Request to add new fees and surcharges 30 days prior to inclusion on an invoice |
GSA CO |
||
|
94. |
Service Trials Notification |
Prior to initiation of any trial program with the agency |
GSA CO and OCO |
||
|
95. |
Service Trial Status Report |
Monthly (first business day) until completion of each trial |
OCO |
||
|
96. |
ESI requests/searches |
Within 15 days of written request |
GSA CO or OCO |
||
|
97. |
Tariff Filings |
Initial: Within 60 days of NTP Update: New and/or revisions to existing tariffs at least 10 days in advance of intended filing date |
GSA CO |
||
|
98. |
Monitoring Information and eSRS Reporting |
Monitoring information and eSRS reporting April 30 and October 30 each year after NTP |
GSA CO |
||
|
99. |
Force Majeure Notification |
Within 10 days of the cause that the contractor cites for Force Majeure |
OCO |
||
|
100. |
TO CLINs Awarded |
Initial: At TO award Update: As required |
GSA Systems |
||
|
101. |
TO Jurisdictions Awarded by Service |
Initial: At TO award Update: As required |
GSA Systems |
||
|
102. |
TO Officials |
Initial: At TO award Update: As required |
GSA Systems |
||
|
103. |
TO Customer Requirements Document Set |
Initial: At TO award Update: As required |
GSA Systems |
||
|
104. |
TO Financials |
Initial: At TO award Update: As required |
GSA Systems |
||
|
105. |
TO Key Performance Indicators |
Initial: At TO award Update: As required |
GSA Systems |
||
|
106. |
TO Locations Awarded by Service |
Initial: At TO award Update: As required |
GSA Systems |
||
|
107. |
TO Service Awarded |
Initial: At TO award Update: As required |
GSA Systems |
||
|
108. |
Direct Billed Agency Setup (DBAS) |
Initial: At TO award Update: As required |
GSA Conexus |
||
|
109. |
ReservedJ.2.3 |
ReservedJ.2.3.2 |
ReservedCentral Billed Agency Setup Reply (CBASR) |
ReservedNot later than (NLT) one (1) business day after receipt of the Central Billed Agency Setup (CBAS) |
ReservedGSA Conexus |
|
110. |
Service Order Acknowledgement (SOA) |
NLT one (1) business day after Service Order (SO) |
GSA Conexus and agency COR |
||
|
111. |
Service Order Rejection Notice (SORN) |
NLT 5 days after SO |
GSA Conexus and agency COR |
||
|
112. |
Service Order Confirmation (SOC) |
NLT 5 days after SO |
GSA Conexus and agency COR |
||
|
113. |
Firm Order Commitment Notice (FOCN) |
Local access subcontractor required: · Within one (1) business day of receiving FOC date Local access subcontractor not required: NLT the earlier of: · 5 days after SOC, or · 10 days before the FOC date |
GSA Conexus and agency COR |
||
|
114. |
Service Order Completion Notice (SOCN) |
NLT 3 days after service is installed and tested |
GSA Conexus and agency COR |
||
|
115. |
Service Order Administrative Change (SOAC) |
NLT 7 days after Administrative Change Order |
GSA Conexus and agency COR |
||
|
116. |
Service State Change Notice (SSCN) |
Within 24 hours of state change |
GSA Conexus and agency COR |
||
|
117. |
Billing Invoice (BI) |
Monthly, NLT 15th business day |
GSA Conexus and agency COR |
||
|
118. |
Tax Detail |
Monthly, NLT 15th business day |
GSA Conexus and agency COR |
||
|
119. |
AGF Detail |
Monthly, NLT 15th business day |
GSA Conexus |
||
|
120. |
AGF Electronic Funds Transfer Report (ATR) |
Monthly, NLT 15th business day |
GSA Conexus |
||
|
121. |
Monthly Billing Information Memorandum |
Monthly, NLT 15th business day (as needed) |
Agency COR |
||
|
122. |
Billing Adjustment (BA) |
Monthly, NLT 15th business day (as needed) |
GSA Conexus and agency COR |
||
|
123. |
Dispute (D) |
As needed |
GSA Conexus and agency COR |
||
|
124. |
Dispute Report (DR) |
Monthly, NLT 15th business day (as needed) |
GSA Conexus and agency COR |
||
|
125. |
Inventory Reconciliation |
Monthly, NLT 15th day of month |
GSA Conexus |
||
|
126. |
Service Level Agreement Report (SLAR) |
Monthly, NLT 15th day of month |
GSA Conexus, OCO and agency COR |
||
|
127. |
SLA Credit Request Response |
Within 30 days of SLA Credit Request |
OCO and agency COR |
||
|
128. |
Trouble Management Performance Summary Report |
Quarterly, NLT 15 days after the end of the FY quarter |
Agency COR |
||
|
129. |
Trouble Management Incident Performance Report |
Quarterly, NLT 15 days after the end of the FY quarter |
Agency COR |
||