Redport Information Assurance - Federal Supply ServiceRedport Information Assurance, LLC 814 W...

of 36

Federal Supply Service

Authorized Federal Supply Schedule Price List On-line access to contract ordering information, terms and conditions, up-to-date pricing, and the option to create an

electronic delivery order are available through GSA Advantage! ®, a menu-driven database system. The INTERNET address GSA Advantage! ® is: GSAAdvantage.gov.

SPECIAL ITEM NUMBER 132-51 INFORMATION TECHNOLOGY (IT) PROFESSIONAL SERVICES SPECIAL ITEM NUMBER 132-45A PENETRATION TESTING SPECIAL ITEM NUMBER 132-45B INCIDENT RESPONSE SPECIAL ITEM NUMBER 132-45C CYBER HUNT SPECIAL ITEM NUMBER 132-45D RISK AND VULNERABILITY ASSESSMENT (RVA)

Redport Information Assurance, LLC

814 W Diamond Avenue. Ste. 370

Gaithersburg, MD 20878

Office: 703-229-6709

Fax: 703-229-6708

Contract Number: 47QTCA18D001N

Period Covered by Contract: October 30, 2017 through October 29, 2022

General Services Administration Federal Acquisition Service

For more information on ordering from Federal Supply Schedules click on the FSS Schedules button at fss.gsa.gov. Contract period Note 1: All non-professional labor categories must be incidental to and used solely to support hardware, software and/or professional services, and cannot be purchased separately. Note 2: Offerors and Agencies are advised that the Group 70 – Information Technology Schedule is not to be used as a means to procure services which properly fall under the Brooks Act. These services include, but are not limited to, architectural, engineering, mapping, cartographic production, remote sensing, geographic information systems, and related services. FAR 36.6 distinguishes between mapping services of an A/E nature and mapping services which are not connected nor incidental to the traditionally accepted A/E Services.

Note 3: This solicitation is not intended to solicit for the reselling of IT Professional Services, except for the provision of implementation, maintenance, integration, or training services in direct support of a product. Under such circumstances the services must be performance by the publisher or manufacturer or one of their authorized agents.

of 36

Customer Information:

1a. Table of Awarded Special Item Number(s) with appropriate cross-reference to page numbers:

SIN Description 132-51 IT Professional Services

132-45A Penetration Testing 132-45B Incident Response 132-45C Cyber Hunt 132-45D Risk and Vulnerability Assessment (RVA)

1b. Identification of the lowest priced model number and lowest unit price for that model for each special

item number awarded in the contract. This price is the Government price based on a unit of one, exclusive of any quantity/dollar volume, prompt payment, or any other concession affecting price. Those contracts that have unit prices based on the geographic location of the customer, should show the range of the lowest price, and cite the areas to which the prices apply. See page 30

1c. If the Contractor is proposing hourly rates a description of all corresponding commercial job titles,

experience, functional responsibility and education for those types of employees or subcontractors who will perform services shall be provided. If hourly rates are not applicable, indicate “Not applicable” for this item. Starting on Page 14

2. Maximum Order: $500,000.00 3. Minimum Order: $100.00 4. Geographic Coverage (delivery Area): Domestic (48 States, DC) 5. Point(s) of production (city, county, and state or foreign country): N/A 6. Discount from list prices or statement of net price: Government net prices (discounts already deducted). 7. Quantity discounts: 1% on Sales over $250,000 8. Prompt payment terms: Net 30 days 9a. Notification that Government purchase cards are accepted up to the micro-purchase threshold: Yes 9b. Notification whether Government purchase cards are accepted or not accepted above the micro-purchase

threshold: will not accept over the micropurchase threshold 10. Foreign items (list items by country of origin): None 11a. Time of Delivery (Contractor insert number of days): Specified on the Task Order and shall deliver or

perform services in accordance with the terms negotiated in an agency’s order.

of 36

11b. Expedited Delivery. The Contractor will insert the sentence “Items available for expedited delivery are

noted in this price list.” under this heading. The Contractor may use a symbol of its choosing to highlight items in its price list that have expedited delivery: Contact Contractor

11c. Overnight and 2-day delivery. The Contractor will indicate whether overnight and 2-day delivery are

available. Also, the Contractor will indicate that the schedule customer may contact the Contractor for rates for overnight and 2-day delivery: Contact Contractor

11d. Urgent Requirements. The Contractor will note in its price list the “Urgent Requirements” clause of its

contract and advise agencies that they can also contact the Contractor’s representative to effect a faster delivery: Contact Contractor

12. F.O.B Points(s): Destination 13a. Ordering Address(es): Redport Information Assurance, LLC 814 W Diamond Avenue. Ste. 370 Gaithersburg, MD 20878 13b. Ordering procedures: For supplies and services, the ordering procedures, information on Blanket

Purchase Agreements (BPA’s), and a sample BPA can be found at the GSA/FSS Schedule homepage (fss.gsa.gov/schedules).

14. Payment address(es): Redport Information Assurance, LLC 814 W Diamond Avenue. Ste. 370 Gaithersburg, MD 20878 15. Warranty provision.: Contractor’s standard commercial warranty. 16. Export Packing Charges (if applicable): N/A 17. Terms and conditions of Government purchase card acceptance (any thresholds above the micro-

purchase level): Contact Contractor 18. Terms and conditions of rental, maintenance, and repair (if applicable): N/A 19. Terms and conditions of installation (if applicable): N/A 20. Terms and conditions of repair parts indicating date of parts price lists and any discounts from list prices

(if applicable): N/A 20a. Terms and conditions for any other services (if applicable): N/A 21. List of service and distribution points (if applicable): N/A 22. List of participating dealers (if applicable): N/A

of 36

23. Preventive maintenance (if applicable): N/A 24a. Environmental attributes, e.g., recycled content, energy efficiency, and/or reduced pollutants: N/A 24b. If applicable, indicate that Section 508 compliance information is available on Electronic and

Information Technology (EIT) supplies and services and show where full details can be found (e.g. contactor’s website or other location.) The EIT standards can be found at: www.Section508.gov/.

25. Data Universal Numbering System (DUNS) number: 966193638 26. Notification regarding registration in the System for Award Management (SAM) Database: Registered

TERMS AND CONDITIONS APPLICABLE TO HIGHLY ADAPTIVE CYBERSECURITY SERVICES (HACS)

(SPECIALITEMNUMBERS132-45A,132-45B,132-45Cand132-45D)

NOTE:TheTransactionalDataReporting(TDR)RulerequiresvendorstoelectronicallyreportthepricethefederalgovernmentpaidforanitemorservicepurchasedthroughGSAacquisitionvehicles.TheTDRPILOTDOESNOTAPPLYTOTHISSIN,EXCEPTifaTDR-coveredSIN(s)isproposedaspartofyourtotalofferingtoGSA(e.g.offer132-51and132-8).IfbothTDRandNONTDRSINsareoffered,thentheentirecontractissubjecttoTDRandthePriceReductionClause(PRC)andCommercialSalesPractice(CSP)requirementsareremovedfortheentirecontract."IfNONTDRSIN(s)areofferedonly,thentheofferingwillbesubjecttothePRCandCSP

VendorsuitabilityforofferingservicesthroughtheHighlyAdaptiveCybersecurityServices(HACS)SINsmustbeinaccordancewiththefollowinglawsandstandardswhenapplicabletothespecifictaskorders,includingbutnotlimitedto:

• FederalAcquisitionRegulation(FAR)Part52.204-21

• OMBMemorandumM-06-19-ReportingIncidentsInvolvingPersonallyIdentifiableInformationandIncorporatingtheCostforSecurityinAgencyInformationTechnologyInvestments

• OMBMemorandumM-07-16-SafeguardingAgainstandRespondingtotheBreachofPersonallyIdentifiableInformation

• OMBMemorandumM-16-03-FiscalYear2015-2016GuidanceonFederalInformationSecurityandPrivacyManagementRequirements

• OMBMemorandumM-16-04–CybersecurityImplementationPlan(CSIP)forFederalCivilianGovernment

• TheCybersecurityNationalActionPlan(CNAP)

• NISTSP800-14-GenerallyAcceptedPrinciplesandPracticesforSecuringInformationTechnologySystems

of 36

• NISTSP800-27A-EngineeringPrinciplesforInformationTechnologySecurity(ABaselineforAchievingSecurity)

• NISTSP800-30-GuideforConductingRiskAssessments

• NISTSP800-35-GuidetoInformationTechnologySecurityServices

• NISTSP800-37-GuideforApplyingtheRiskManagementFrameworktoFederalInformationSystems:ASecurityLifeCycleApproach

• NISTSP800-39-ManagingInformationSecurityRisk:Organization,Mission,andInformationSystemView

• NISTSP800-44-GuidelinesonSecuringPublicWebServers

• NISTSP800-48-GuidetoSecuringLegacyIEEE802.11WirelessNetworks

• NISTSP800-53–SecurityandPrivacyControlsforFederalInformationSystemsandOrganizations

• NISTSP800-61-ComputerSecurityIncidentHandlingGuide

• NISTSP800-64-SecurityConsiderationsintheSystemDevelopmentLifeCycle

• NISTSP800-82-GuidetoIndustrialControlSystems(ICS)Security

• NISTSP800-86-GuidetoIntegratingForensicTechniquesintoIncidentResponse

• NISTSP800-115-TechnicalGuidetoInformationSecurityTestingandAssessment

• NISTSP800-128-GuideforSecurity-FocusedConfigurationManagementofInformationSystems

• NISTSP800-137-InformationSecurityContinuousMonitoring(ISCM)forFederalInformationSystemsandOrganizations

• NISTSP800-153-GuidelinesforSecuringWirelessLocalAreaNetworks(WLANs)

• NISTSP800-171-ProtectingControlledUnclassifiedInformationinnon-federalInformationSystemsandOrganizations

****NOTE:Allnon-professionallaborcategoriesmustbeincidentalto,andusedsolelytosupportHighlyAdaptiveCybersecurityServices,andcannotbepurchasedseparately.

****NOTE:AlllaborcategoriesundertheSpecialItemNumber132-51InformationTechnologyProfessionalServicesmayremainunderSIN132-51unlessthelaborcategoriesarespecifictotheHighlyAdaptiveCybersecurityServicesSINs.

1. SCOPE

a. Thelaborcategories,prices,termsandconditionsstatedunderSpecialItemNumbers132-45A,132-45B,132-45Cand132-45DHighAdaptiveCybersecurityServicesapplyexclusivelytoHighAdaptiveCybersecurityServiceswithinthescopeofthisInformationTechnologySchedule.

of 36

b. ServicesundertheseSINsarelimitedtoHighlyAdaptiveCybersecurityServicesonly.SoftwareandhardwareproductsareunderdifferentSpecialItemNumbersonITSchedule70(e.g.132-32,132¬33,132-8),andmaybequotedalongwithservicestoprovideatotalsolution.

c. TheseSINsprovideorderingactivitieswithaccesstoHighlyAdaptiveCybersecurityservicesonly.

d. HighlyAdaptiveCybersecurityServicesprovidedundertheseSINsshallcomplywithallCybersecuritycertificationsandindustrystandardsasapplicablepertainingtothetypeofservicesasspecifiedbyorderingagency.

e. TheContractorshallprovideservicesattheContractor’sfacilityand/orattheorderingactivitylocation,asagreedtobytheContractorandtheorderingactivity.

2. ORDER

a. Agenciesmayusewrittenorders,ElectronicDataInterchange(EDI)orders,BlanketPurchaseAgreements,individualpurchaseorders,ortaskordersfororderingservicesunderthiscontract.BlanketPurchaseAgreementsshallnotextendbeyondtheendofthecontractperiod;allservicesanddeliveryshallbemadeandthecontracttermsandconditionsshallcontinueineffectuntilthecompletionoftheorder.OrdersfortaskswhichextendbeyondthefiscalyearforwhichfundsareavailableshallincludeFAR52.232-19(Deviation–May2003)AvailabilityofFundsfortheNextFiscalYear.Thepurchaseordershallspecifytheavailabilityoffundsandtheperiodforwhichfundsareavailable.

b. Alltaskordersaresubjecttothetermsandconditionsofthecontract.Intheeventofconflictbetweenataskorderandthecontract,thecontractwilltakeprecedence.

3. PERFORMANCEOFSERVICES

a. TheContractorshallcommenceperformanceofservicesonthedateagreedtobytheContractorandtheorderingactivity.AllContractswillbefullyfunded.

b. TheContractoragreestorenderservicesduringnormalworkinghours,unlessotherwiseagreedtobytheContractorandtheorderingactivity.

c. TheorderingactivityshouldincludethecriteriaforsatisfactorycompletionforeachtaskintheStatementofWorkorDeliveryOrder.Servicesshallbecompletedinagoodandworkmanlikemanner.

d. AnyContractortravelrequiredintheperformanceofHighlyAdaptiveCybersecurityServicesmustcomplywiththeFederalTravelRegulationorJointTravelRegulations,asapplicable,ineffectonthedate(s)thetravelisperformed.EstablishedFederalGovernmentperdiemrateswillapplytoallContractortravel.ContractorscannotuseGSAcitypaircontracts.AlltravelwillbeagreeduponwiththeclientpriortotheContractor’stravel.

4. INSPECTIONOFSERVICES

Inspectionofservicesisinaccordancewith552.212-4-CONTRACTTERMSANDCONDITIONS–COMMERCIALITEMS(MAY2015)(ALTERNATEII–JUL2009)(FARDEVIATION–JUL2015)(TAILORED)forFirm-FixedPriceandTime-and-MaterialsandLabor-HourContractsordersplacedunderthiscontract.

of 36

5. RESPONSIBILITIESOFTHECONTRACTOR

TheContractorshallcomplywithalllaws,ordinances,andregulations(Federal,State,City,orotherwise)coveringworkofthischaracter.Iftheendproductofataskorderissoftware,thenFAR52.227-14(MAY2014)RightsinData–General,mayapply.

TheContractorshallcomplywithcontractclause(52.204-21)totheFederalAcquisitionRegulation(FAR)forthebasicsafeguardingofcontractorinformationsystemsthatprocess,store,ortransmitFederaldatareceivedbythecontractinperformanceofthecontract.Thisincludescontractdocumentsandallinformationgeneratedintheperformanceofthecontract.

6. RESPONSIBILITIESOFTHEORDERINGACTIVITY

Subjecttotheorderingactivity’ssecurityregulations,theorderingactivityshallpermitContractoraccesstoallfacilitiesnecessarytoperformtherequisiteHighlyAdaptiveCybersecurityServices.

7. INDEPENDENTCONTRACTOR

AllHighlyAdaptiveCybersecurityServicesperformedbytheContractorunderthetermsofthiscontractshallbeasanindependentContractor,andnotasanagentoremployeeoftheorderingactivity.

8. ORGANIZATIONALCONFLICTSOFINTEREST

a.Definitions.

“Contractor”meanstheperson,firm,unincorporatedassociation,jointventure,partnership,orcorporationthatisaparty

tothiscontract.

“Contractoranditsaffiliates”and“Contractororitsaffiliates”referstotheContractor,itschiefexecutives,directors,officers,subsidiaries,affiliates,subcontractorsatanytier,andconsultantsandanyjointventureinvolvingtheContractor,anyentityintoorwithwhichtheContractorsubsequentlymergesoraffiliates,oranyothersuccessororassigneeoftheContractor.

An“Organizationalconflictofinterest”existswhenthenatureoftheworktobeperformedunderaproposedorderingactivitycontract,withoutsomerestrictiononorderingactivitiesbytheContractoranditsaffiliates,mayeither(i)resultinanunfaircompetitiveadvantagetotheContractororitsaffiliatesor(ii)impairtheContractor’soritsaffiliates’objectivityinperformingcontractwork.

b) Toavoidanorganizationalorfinancialconflictofinterestandtoavoidprejudicingthebestinterestsofthe

orderingactivity,orderingactivitiesmayplacerestrictionsontheContractors,itsaffiliates,chiefexecutives,

directors,subsidiariesandsubcontractorsatanytierwhenplacingordersagainstschedulecontracts.SuchrestrictionsshallbeconsistentwithFAR9.505andshallbedesignedtoavoid,neutralize,ormitigateorganizationalconflictsofinterestthatmightotherwiseexistinsituationsrelatedtoindividualorders

of 36

placedagainsttheschedulecontract.Examplesofsituations,whichmayrequirerestrictions,areprovidedatFAR9.508.

9. INVOICES

TheContractor,uponcompletionoftheworkordered,shallsubmitinvoicesforHighlyAdaptiveCybersecurityServices.Progresspaymentsmaybeauthorizedbytheorderingactivityonindividualordersifappropriate.Progresspaymentsshallbebaseduponcompletionofdefinedmilestonesorinterimproducts.Invoicesshallbesubmittedmonthlyforrecurringservicesperformedduringtheprecedingmonth.

10. RESUMES

ResumesshallbeprovidedtotheGSAContractingOfficerortheuserorderingactivityuponrequest.

11. APPROVALOFSUBCONTRACTS

TheorderingactivitymayrequirethattheContractorreceive,fromtheorderingactivity'sContracting

Officer,writtenconsentbeforeplacinganysubcontractforfurnishinganyoftheworkcalledforinataskorder.

12. DESCRIPTIONOFHIGHLYADAPTIVECYBERSECURITYSERVICESANDPRICING

a. TheContractorshallprovideadescriptionofeachtypeofHighlyAdaptiveCybersecurityServiceofferedunderSpecialItemNumbers132-45A,132-45B,132-45Cand132-45DforHighlyAdaptiveCybersecurityServicesanditshouldbepresentedinthesamemannerastheContractorsellstoitscommercialandotherorderingactivitycustomers.IftheContractorisproposinghourlyrates,adescriptionofallcorrespondingcommercialjobtitles(laborcategories)forthoseindividualswhowillperformtheserviceshouldbeprovided.

b. PricingforallHighlyAdaptiveCybersecurityServicesshallbeinaccordancewiththeContractor’scustomarycommercialpractices;e.g.,hourlyrates,,minimumgeneralexperience

minimumeducation.

Thefollowingisanexampleofthemannerinwhichthedescriptionofacommercialjobtitleshouldbepresented(seeSCPFSS004)

EXAMPLE

CommercialJobTitle:ComputerNetworkDefenseAnalysis

Description:Usesdefensivemeasuresandinformationcollectedfromavarietyofsourcestoidentify,analyze,andreporteventsthatoccurormightoccurwithinthenetworkinordertoprotectinformation,informationsystems,andnetworksfromthreats.

Professionalsinvolvedinthisspecialtyperformthefollowingtasks:

• Providetimelydetection,identification,andalertingofpossibleattacks/intrusions,anomalousactivities,andmisuseactivitiesanddistinguishtheseincidentsandeventsfrombenignactivities

of 36

• ProvidedailysummaryreportsofnetworkeventsandactivityrelevanttoComputerNetworkDefensepractices

• Monitorexternaldatasources(e.g.,ComputerNetworkDefensevendorsites,ComputerEmergencyResponseTeams,SANS,SecurityFocus)tomaintaincurrencyofComputerNetworkDefensethreatconditionanddeterminewhichsecurityissuesmayhaveanimpactontheenterprise.

Knowledge,SkillsandAbilities:Knowledgeofapplicablelaws(e.g.,ElectronicCommunicationsPrivacyAct,ForeignIntelligenceSurveillanceAct,ProtectAmericaAct,searchandseizurelaws,civillibertiesandprivacylaws,etc.),statutes(e.g.,inTitles10,18,32,50inU.S.Code),PresidentialDirectives,executivebranchguidelines,and/oradministrative/criminallegalguidelinesandproceduresrelevanttoworkperformed

MinimumExperience:5Years

MinimumEducationRequirements:abachelorsofsciencedegreewithaconcentrationincomputerscience,cybersecurityservices,managementinformationsystems(MIS),engineeringorinformationscienceisessential.

HighlyDesirable:OffensiveSecurityCertifiedProfessional(OSCP)orcommercialCybersecurityadvancedcertification(s).

TERMS AND CONDITIONS APPLICABLE TO INFORMATION TECHNOLOGY (IT) PROFESSIONAL SERVICES (SPECIAL ITEM NUMBER 132-51

1. SCOPE

a. The prices, terms and conditions stated under Special Item Number 132-51 InformationTechnologyProfessionalServicesapplyexclusivelytoITProfessionalServiceswithinthescopeofthisInformationTechnologySchedule.

b. TheContractor shallprovide servicesat theContractor’s facilityand/orat theorderingactivitylocation,asagreedtobytheContractorandtheorderingactivity.

2. PERFORMANCEINCENTIVESI-FSS-60PerformanceIncentives(April2000)

a. PerformanceincentivesmaybeagreeduponbetweentheContractorandtheorderingactivityonindividualfixedpriceordersorBlanketPurchaseAgreementsunderthiscontract.

b. Theorderingactivitymustestablishamaximumperformance incentiveprice for theseservicesand/ortotalsolutionsonindividualordersorBlanketPurchaseAgreements.

c. Incentives shouldbedesigned to relate resultsachievedby thecontractor to specified targets.To the maximum extent practicable, ordering activities shall consider establishing incentives

of 36

where performance is critical to the ordering activity’s mission and incentives are likely tomotivatethecontractor.Incentivesshallbebasedonobjectivelymeasurabletasks.

3. ORDER

a. Agenciesmayusewrittenorders,EDIorders,blanketpurchaseagreements, individualpurchaseorders, or taskorders forordering servicesunder this contract. BlanketPurchaseAgreementsshallnotextendbeyondtheendof thecontractperiod;allservicesanddeliveryshallbemadeandthecontracttermsandconditionsshallcontinueineffectuntilthecompletionoftheorder.Ordersfortaskswhichextendbeyondthefiscalyearforwhichfundsareavailableshall includeFAR 52.232-19 (Deviation – May 2003) Availability of Funds for the Next Fiscal Year. Thepurchaseordershallspecifytheavailabilityoffundsandtheperiodforwhichfundsareavailable.

b. All taskordersaresubjecttothetermsandconditionsofthecontract. Intheeventofconflictbetweenataskorderandthecontract,thecontractwilltakeprecedence.

4. PERFORMANCEOFSERVICES

a. TheContractorshallcommenceperformanceofservicesonthedateagreedtobytheContractorandtheorderingactivity.

b. The Contractor agrees to render services only during normal working hours, unless otherwiseagreedtobytheContractorandtheorderingactivity.

c. Theorderingactivityshould includethecriteria forsatisfactorycompletion foreachtask in theStatementofWorkorDeliveryOrder. Services shallbecompleted inagoodandworkmanlikemanner.

d. AnyContractortravel required intheperformanceof ITServicesmustcomplywiththeFederalTravelRegulationorJointTravelRegulations,asapplicable, ineffectonthedate(s)thetravel isperformed. Established Federal Government per diem rateswill apply to all Contractor travel.ContractorscannotuseGSAcitypaircontracts.

5. STOP-WORKORDER(FAR52.242-15)(AUG1989)

(a) The Contracting Officer may, at any time, by written order to the Contractor, require theContractortostopall,oranypart,oftheworkcalledforbythiscontractforaperiodof90daysaftertheorderisdeliveredtotheContractor,andforanyfurtherperiodtowhichthepartiesmayagree. The order shall be specifically identified as a stop-work order issued under this clause.Upon receiptof theorder, theContractor shall immediatelycomplywith its termsand takeallreasonablestepstominimizetheincurrenceofcostsallocabletotheworkcoveredbytheorderduringtheperiodofworkstoppage.Withinaperiodof90daysafterastop-workisdeliveredtotheContractor,orwithinanyextensionofthatperiodtowhichthepartiesshallhaveagreed,theContractingOfficershalleither-

(1) Cancelthestop-workorder;or

(2) TerminatetheworkcoveredbytheorderasprovidedintheDefault,ortheTerminationforConvenienceoftheGovernment,clauseofthiscontract.

of 36

(b) If a stop-work order issued under this clause is canceled or the period of the order or anyextensionthereofexpires,theContractorshallresumework.TheContractingOfficershallmakeanequitableadjustmentinthedeliveryscheduleorcontractprice,orboth,andthecontractshallbemodified,inwriting,accordingly,if-

(1) Thestop-workorderresultsinanincreaseinthetimerequiredfor,orintheContractor'scostproperlyallocableto,theperformanceofanypartofthiscontract;and

(2)TheContractorassertsitsrighttotheadjustmentwithin30daysaftertheendoftheperiodof work stoppage; provided, that, if the Contracting Officer decides the facts justify theaction, the ContractingOfficermay receive and act upon the claim submitted at any timebeforefinalpaymentunderthiscontract.

(c) If a stop-work order is not canceled and thework covered by the order is terminated for theconvenience of theGovernment, the ContractingOfficer shall allow reasonable costs resultingfromthestop-workorderinarrivingattheterminationsettlement.

(d)Ifastop-workorderisnotcanceledandtheworkcoveredbytheorderisterminatedfordefault,the Contracting Officer shall allow, by equitable adjustment or otherwise, reasonable costsresultingfromthestop-workorder.

6. INSPECTIONOFSERVICES

TheInspectionofServices–FixedPrice(AUG1996)(Deviation–May2003)clauseatFAR52.246-4appliestofirm-fixedpriceordersplacedunderthiscontract.TheInspection–Time-and-MaterialsandLabor-Hour(MAY2001)(Deviation–May2003)clauseatFAR52.246-6appliestotime-and-materialsandlabor-hourordersplacedunderthiscontract.

7. RESPONSIBILITIESOFTHECONTRACTOR

The Contractor shall comply with all laws, ordinances, and regulations (Federal, State, City, orotherwise)coveringworkofthischaracter.Iftheendproductofataskorderissoftware,thenFAR52.227-14(Dec2007)RightsinData–General,mayapply.

8. RESPONSIBILITIESOFTHEORDERINGACTIVITY

Subject to security regulations, the ordering activity shall permit Contractor access to all facilitiesnecessarytoperformtherequisiteITProfessionalServices.

9. INDEPENDENTCONTRACTOR

AllITProfessionalServicesperformedbytheContractorunderthetermsofthiscontractshallbeasanindependentContractor,andnotasanagentoremployeeoftheorderingactivity.

10.ORGANIZATIONALCONFLICTSOFINTEREST

a. Definitions.

“Contractor”meanstheperson, firm,unincorporatedassociation, jointventure,partnership,orcorporationthatisapartytothiscontract.

of 36

“Contractoranditsaffiliates”and“Contractoror itsaffiliates”referstotheContractor, itschiefexecutives,directors,officers,subsidiaries,affiliates,subcontractorsatanytier,andconsultantsand any joint venture involving the Contractor, any entity into or with which the Contractorsubsequentlymergesoraffiliates,oranyothersuccessororassigneeoftheContractor.

An “Organizational conflict of interest” exists when the nature of the work to be performedunder a proposedordering activity contract,without some restrictiononordering activities bytheContractorand itsaffiliates,mayeither (i) result inanunfair competitiveadvantage to theContractororitsaffiliatesor(ii)impairtheContractor’soritsaffiliates’objectivityinperformingcontractwork.

b. To avoid an organizational or financial conflict of interest and to avoid prejudicing the bestinterestsoftheorderingactivity,orderingactivitiesmayplacerestrictionsontheContractors,itsaffiliates, chief executives, directors, subsidiaries and subcontractors at any tier when placingordersagainstschedulecontracts.SuchrestrictionsshallbeconsistentwithFAR9.505andshallbe designed to avoid, neutralize, or mitigate organizational conflicts of interest that mightotherwise exist in situations related to individual orders placed against the schedule contract.Examplesofsituations,whichmayrequirerestrictions,areprovidedatFAR9.508.

11. INVOICES

The Contractor, upon completion of the work ordered, shall submit invoices for IT Professionalservices. Progress payments may be authorized by the ordering activity on individual orders ifappropriate. Progress payments shall be basedupon completionof definedmilestonesor interimproducts.Invoicesshallbesubmittedmonthlyforrecurringservicesperformedduringtheprecedingmonth.

12. PAYMENTS

Forfirm-fixedpriceorderstheorderingactivityshallpaytheContractor,uponsubmissionofproperinvoices or vouchers, the prices stipulated in this contract for service rendered and accepted.Progresspaymentsshallbemadeonlywhenauthorizedbytheorder.Fortime-and-materialsorders,the Payments under Time-and-Materials and Labor-Hour Contracts at FAR 52.212-4 (MAR 2009)(ALTERNATE I – OCT 2008) (DEVIATION I – FEB 2007) applies to time-and-materials orders placedunderthiscontract. For labor-hourorders,thePaymentunderTime-and-MaterialsandLabor-HourContractsatFAR52.212-4(MAR2009)(ALTERNATEI–OCT2008)(DEVIATIONI–FEB2007)appliestolabor-hourordersplacedunder this contract. 52.216-31(Feb2007)Time-and-Materials/Labor-HourProposal Requirements—Commercial Item Acquisition. As prescribed in 16.601(e)(3), insert thefollowingprovision:

(a) The Government contemplates award of a Time-and-Materials or Labor-Hour type of contractresultingfromthissolicitation.

(b)Theofferormustspecifyfixedhourlyratesinitsofferthatincludewages,overhead,generalandadministrativeexpenses,andprofit.Theofferormust specifywhether the fixedhourly rate foreachlaborcategoryappliestolaborperformedby—

(1) Theofferor;

of 36

(2) Subcontractors;and/or

(3) Divisions,subsidiaries,oraffiliatesoftheofferorunderacommoncontrol.

13. RESUMES

ResumesshallbeprovidedtotheGSAContractingOfficerortheuserorderingactivityuponrequest.

14. INCIDENTALSUPPORTCOSTS

Incidentalsupportcostsareavailableoutsidethescopeofthiscontract.ThecostswillbenegotiatedseparatelywiththeorderingactivityinaccordancewiththeguidelinessetforthintheFAR.

15.APPROVALOFSUBCONTRACTS

TheorderingactivitymayrequirethattheContractorreceive,fromtheorderingactivity'sContractingOfficer,writtenconsentbeforeplacinganysubcontractforfurnishinganyoftheworkcalledforinataskorder.

16.DESCRIPTIONOFITPROFESSIONALSERVICESANDPRICING

a. TheContractorshallprovideadescriptionofeachtypeof ITServiceofferedunderSpecial ItemNumbers 132-51 IT Professional Services should be presented in the same manner as theContractor sells to its commercial and other ordering activity customers. If the Contractor isproposinghourlyrates,adescriptionofallcorrespondingcommercialjobtitles(laborcategories)forthoseindividualswhowillperformtheserviceshouldbeprovided.

b. Pricing for all IT Professional Services shall be in accordance with the Contractor’s customarycommercialpractices;e.g.,hourlyrates,monthlyrates,termrates,and/orfixedprices,minimumgeneralexperienceandminimumeducation.

The following is an example of themanner inwhich the description of a commercial job titleshouldbepresented:

EXAMPLE:CommercialJobTitle:SystemEngineer

Minimum/General Experience: Three (3) years of technical experience which applies tosystems analysis and design techniques for complex computer systems. Requirescompetence in all phases of systems analysis techniques, concepts and methods; alsorequiresknowledgeofavailablehardware,systemsoftware,input/outputdevices,structureandmanagementpractices.

Functional Responsibility: Guides users in formulating requirements, advises alternativeapproaches,conductsfeasibilitystudies.

MinimumEducation:Bachelor’sDegreeinComputerScience

of 36

LABOR CATEGORY DESCRIPTIONS (132-51)

LaborCategory FunctionalResponsibility EducationYears

Experience

C&A/A&AAnalyst

ProvidessupportinallfacetsoftheC&Aprocessrelativetobothclassifiedandunclassifiednetworksininafastpaced,dynamicenvironment.Hascomprehensiveknowledgeofinformationsecurityprinciplesasitappliestomilitarynetworks,standards,andsystems.ServeasInformationAssurancepointofcontactforpromotional,test,new,replacementand/orContractorequipmentbeingbroughtintothepurviewoftheaccreditationboundary.Ensurethesystem/programmanagersprovideproperaccreditationdocumentationandmakenecessarychanges/additionstotheDIACAPpackages.PrepareandmaintainDIACAPartifacts/packages(e.g.ConfigurationManagementPlan,VulnerabilityManagementPlan,SystemPlanofActionandMilestones,ITContinuityPlan,SecurityDesignManagementProcess,SecurityRequirementsTraceabilityMatrixandotherdocumentationtosatisfyIAcontrols).

Associates 2

of 36

C&A/A&AEngineer


Bachelors 4

DigitalForensicsEngineer

Preserves,harvests,andprocesseselectronicdataaccordingtopoliciesandpractices.Performsforensicanalysisandhasanunderstandingandinterestinperformingdigitalforensicsinacloudenvironment.Providescreativeandinnovativesolutionsforclientmatters.Formsandarticulatesexpertopinionsbasedonanalysisanddraftsexportreports,affidavits,andotherexperttestimony.

Bachelors 4

of 36

PenetrationTester

Conductsformaltestsonweb-basedapplications,networks,andothertypesofcomputersystemsonaregularbasis.Expectedtoworkonphysicalsecurityassessmentsofservers,computersystems,andnetworks.Conductingregularsecurityauditsfrombothalogical/theoreticalstandpointandatechnical/hands-onstandpoint.Expectedtoworkonthesecurityofwirelessnetworks,databases,softwaredevelopment,and/orcompanysecrets.

Bachelors 6

SecuritySME

Performsassessmentofpresentlevelsofcybersecurity,definesacceptablelevelsofrisk,trainsallpersonnelinpropercyberhygieneandestablishesformalmaintenanceprocedures.PerformsprivacyimpactassessmentsandprovidesPIIdatasecurityandmonitoring,andmigrationstrategies.Identifiespotentialvulnerabilitiestocyberandinformationsecurityusingpenetrationtestingandredteams.Providestechnologiesforidentification,modeling,andpredictiveanalysisofcyberthreats.

Bachelors 8

TechnicalWriter

Assistsincollectingandorganizinginformationrequiredforpreparationofuser’smanuals,trainingmaterials,installationguides,proposals,andreports.Editsfunctionaldescriptions,systemspecifications,user’smanuals,specialreports,oranyothercustomerdeliverablesanddocuments.

Associates 2

of 36

CyberSecurityEngineerII

Installs,configuresandmaintainsorganization'soperatingsystems.Analyzesandresolvesproblemsassociatedwithserverhardwareandapplicationssoftware.Detects,diagnoses,andreportsrelatedproblemsonbothserveranddesktopsystems.Performsawidevarietyoftasksinsoftware/hardwaremaintenanceandoperationalsupportofserversystems.Analyzesgeneralinformationassurance-relatedtechnicalproblemsandprovidesbasicengineeringandtechnicalsupportinsolvingtheseproblems.Designs,develops,engineers,andimplementssolutionsthatmeetnetworksecurityrequirements.Performsvulnerability/riskanalysesofcomputersystemsandapplicationsduringallphasesofthesystemdevelopmentlifecycle.

Bachelors 4

InformationAssuranceSpecialist

Providestechnicalsupportintheareasofvulnerabilityassessment,riskassessment,networksecurity,productevaluation,andsecurityimplementation.Analyzestheclientsystemsecurity,conductsgapanalysis,determinesenterpriseinformationsecuritystandards,anddevelopsandimplementsinformationsecuritystandardsandprocedures.Responsiblefordesigningandimplementingsolutionsforprotectingtheconfidentiality,integrityandavailabilityofsensitiveinformation.Ensuresthatallinformationsystemsarefunctionalandsecure.Providestechnicalevaluationsofcustomersystemsandassistswithmakingsecurityimprovements.Participatesindesignof

Bachelors 6

of 36

informationsystemcontingencyplansthatmaintainappropriatelevelsofprotectionandmeettimerequirementsforminimizingoperationsimpacttocustomerorganization.Conductssecurityproductevaluations,andrecommendsproducts,technologiesandupgradestoimprovethecustomer’ssecurityposture.Conductstestingandauditlogreviewstoevaluatetheeffectivenessofcurrentsecuritymeasures.

CyberSecurity/InformationAssuranceAuditor

Providesanauditofsecuritysystemsused.Providesadetailedreportofinformationsystemsthatoutlinewhetherthesystemrunsefficientlyoreffectively.Testspoliciestodeterminewhethertherearerisksassociatedwiththem.Reviewsorinterviewsmembersofthestafftolearnaboutanysecurityrisksorothercomplicationswithinthecompany.

Bachelors 6

CyberSecurityEngineerIII

Installs,configuresandmaintainsorganization'soperatingsystems.Analyzesandresolvesproblemsassociatedwithserverhardwareandapplicationssoftware.Detects,diagnoses,andreportsrelatedproblemsonbothserveranddesktopsystems.Performsawidevarietyoftasksinsoftware/hardwaremaintenanceandoperationalsupportofserversystems.Analyzesgeneralinformationassurance-relatedtechnicalproblemsandprovidesbasicengineeringandtechnicalsupportinsolvingtheseproblems.Designs,develops,engineers,andimplementssolutionsthatmeetnetworksecurityrequirements.Performsvulnerability/riskanalysesof

Bachelors 6

of 36

computersystemsandapplicationsduringallphasesofthesystemdevelopmentlifecycle.

SecuritySoftwareEngineerTeamLead

Performsdesign,programming,documentation,andimplementationofapplicationsthatrequireknowledgeofinformationsystemsandrelatedsystemsconceptsforeffectivedevelopmentanddeploymentofsoftwaremodules.Participatesinallphasesofsoftwaredevelopmentwithemphasisonthedesign,coding,testing,documentation,andacceptancephases.Designsandpreparestechnicalreportsandrelateddocumentation.Performastheprimarysoftwareengineeringexpertonamajorautomatedinformationsystemdevelopmentproject.Analyzeandstudycomplexsystemrequirements.Designsoftwaretoolsandsubsystemstosupportandmanagetheirimplementation.Managesoftwaredevelopmentandsupportusingformalspecifications,dataflowdiagrams,otheraccepteddesigntechniquesandComputerAidedSoftwareEngineering(CASE)tools.Estimatesoftwaredevelopmentcostsandschedules.Reviewexistingprogramsandassistinmakingrefinements,reducingoperatingtime,andimprovingcurrentdevelopmentmethods.Establishandmanagesoftwareconfiguration.

Bachelors 6

of 36

IncidentResponseLead

Familiarwithindustrystandardmalwarereverseanalysismethodologies.Possessknowledgeofvariousmalwareencryptionandcompression/packingmethodologiesandprotectiveencryptionweaknesses.Abilitytoprovidemalwarethreatresearchonnewattacksandexploits.Abilitytoscript(ex.Pythonand/orPERL)andautomatetasksandbeabletodiscernmalwarebasedcovertchannelandcommandandcontrolprotocolanalysis.Applythepropertechniquesandprocedurestotheidentification,collection,examinationandanalysisofdatawhilepreservingtheintegrityoftheinformationandmaintainingastrictchainofcustodyforthedata.

Bachelors 6

NetworkSecurityEngineerIII

Responsiblefortheimplementation,maintenance,andintegrationofWAN,LAN,andserverarchitecture.Responsibleforimplementationandadministrationofnetworksecurityhardwareandsoftware,enforcingthenetworksecuritypolicyandcomplyingwithrequirementsofexternalsecurityauditsandrecommendations.Performsanalysisofnetworksecurityneedsandcontributestodesign,integration,andinstallationofhardwareandsoftware.Analyzes,troubleshootsandcorrectsnetworkproblemsremotelyandon-site.Maintainsandadministersperimetersecuritysystemssuchasfirewallsandintrusiondetectionsystems.

Bachelors 6

of 36

CyberSecurityProgram/ProjectManager

Managesmorethanonefunctionalareaininformationsystemsdesign,development,andanalysisencompassingoneormoreofthefollowingareasoftechnicalexpertise:programming,computerapplicationanalysis,softwaredevelopment,systemsintegration,andrelateddisciplines.Responsibleforcoordinatingsubordinateemployeerecruitment,selectionandtraining,performanceassessment,workassignments,salary,andrecognition/disciplinaryactions.

Bachelors 8

SecurityAdministrator

Teachesothersaboutcomputersecurity,checksforsecurityviolations,installsprotectionsoftwareandtakesactionagainstcyberattacks.Providesevidenceofacyberattacktoprosecuteindividualsforbreachingsecurity.Musthaveexcellentcommunicationskills,aswelltheabilitytodetectandanalyzeproblems.Expectedtoquicklyandaccuratelyfindasolution.

Associates 2

CyberSecurityEngineerI

Installs,configuresandmaintainsorganization'soperatingsystems.Analyzesandresolvesproblemsassociatedwithserverhardwareandapplicationssoftware.Detects,diagnoses,andreportsrelatedproblemsonbothserveranddesktopsystems.Performsawidevarietyoftasksinsoftware/hardwaremaintenanceandoperationalsupportofserversystems.Analyzesgeneralinformationassurance-relatedtechnicalproblemsandprovidesbasicengineeringandtechnicalsupportinsolvingtheseproblems.Designs,develops,engineers,andimplementssolutionsthatmeetnetwork

Associates 2

of 36

securityrequirements.Performsvulnerability/riskanalysesofcomputersystemsandapplicationsduringallphasesofthesystemdevelopmentlifecycle.

LABOR CATEGORY DESCRIPTIONS (132-45A, 132-45B, 132-45C, AND 132-45D)

LaborCategory FunctionalResponsibility Education YearsExperience

C&A/A&AAnalyst


Associates 2

of 36

C&A/A&AEngineer


Bachelors 4

DigitalForensicsEngineer

Preserves,harvests,andprocesseselectronicdataaccordingtopoliciesandpractices.Performsforensicanalysisandhasanunderstandingandinterestinperformingdigitalforensicsinacloudenvironment.Providescreativeandinnovativesolutionsforclientmatters.Formsandarticulatesexpertopinionsbasedonanalysisanddraftsexportreports,affidavits,andotherexperttestimony.

Bachelors 4

of 36

PenetrationTester

Conductsformaltestsonweb-basedapplications,networks,andothertypesofcomputersystemsonaregularbasis.Expectedtoworkonphysicalsecurityassessmentsofservers,computersystems,andnetworks.Conductingregularsecurityauditsfrombothalogical/theoreticalstandpointandatechnical/hands-onstandpoint.Expectedtoworkonthesecurityofwirelessnetworks,databases,softwaredevelopment,and/orcompanysecrets.

Bachelors 6

SecuritySME

Performsassessmentofpresentlevelsofcybersecurity,definesacceptablelevelsofrisk,trainsallpersonnelinpropercyberhygieneandestablishesformalmaintenanceprocedures.PerformsprivacyimpactassessmentsandprovidesPIIdatasecurityandmonitoring,andmigrationstrategies.Identifiespotentialvulnerabilitiestocyberandinformationsecurityusingpenetrationtestingandredteams.Providestechnologiesforidentification,modeling,andpredictiveanalysisofcyberthreats.

Bachelors 8

CyberSecurityEngineerII

Installs,configuresandmaintainsorganization'soperatingsystems.Analyzesandresolvesproblemsassociatedwithserverhardwareandapplicationssoftware.Detects,diagnoses,andreportsrelatedproblemsonbothserveranddesktopsystems.Performsawidevarietyoftasksinsoftware/hardwaremaintenanceandoperationalsupportofserversystems.Analyzesgeneralinformationassurance-relatedtechnicalproblemsandprovidesbasicengineeringandtechnical

Bachelors 4

of 36

supportinsolvingtheseproblems.Designs,develops,engineers,andimplementssolutionsthatmeetnetworksecurityrequirements.Performsvulnerability/riskanalysesofcomputersystemsandapplicationsduringallphasesofthesystemdevelopmentlifecycle.

InformationAssuranceSpecialist

Providestechnicalsupportintheareasofvulnerabilityassessment,riskassessment,networksecurity,productevaluation,andsecurityimplementation.Analyzestheclientsystemsecurity,conductsgapanalysis,determinesenterpriseinformationsecuritystandards,anddevelopsandimplementsinformationsecuritystandardsandprocedures.Responsiblefordesigningandimplementingsolutionsforprotectingtheconfidentiality,integrityandavailabilityofsensitiveinformation.Ensuresthatallinformationsystemsarefunctionalandsecure.Providestechnicalevaluationsofcustomersystemsandassistswithmakingsecurityimprovements.Participatesindesignofinformationsystemcontingencyplansthatmaintainappropriatelevelsofprotectionandmeettimerequirementsforminimizingoperationsimpacttocustomerorganization.Conductssecurityproductevaluations,andrecommendsproducts,technologiesandupgradestoimprovethecustomer’ssecurityposture.Conductstestingandauditlogreviewstoevaluatetheeffectivenessofcurrentsecuritymeasures.

Bachelors 6

of 36

CyberSecurity/InformationAssuranceAuditor

Providesanauditofsecuritysystemsused.Providesadetailedreportofinformationsystemsthatoutlinewhetherthesystemrunsefficientlyoreffectively.Testspoliciestodeterminewhethertherearerisksassociatedwiththem.Reviewsorinterviewsmembersofthestafftolearnaboutanysecurityrisksorothercomplicationswithinthecompany.

Bachelors 6

CyberSecurityEngineerIII


Bachelors 6

of 36

SecuritySoftwareEngineerTeamLead

Performsdesign,programming,documentation,andimplementationofapplicationsthatrequireknowledgeofinformationsystemsandrelatedsystemsconceptsforeffectivedevelopmentanddeploymentofsoftwaremodules.Participatesinallphasesofsoftwaredevelopmentwithemphasisonthedesign,coding,testing,documentation,andacceptancephases.Designsandpreparestechnicalreportsandrelateddocumentation.Performastheprimarysoftwareengineeringexpertonamajorautomatedinformationsystemdevelopmentproject.Analyzeandstudycomplexsystemrequirements.Designsoftwaretoolsandsubsystemstosupportandmanagetheirimplementation.Managesoftwaredevelopmentandsupportusingformalspecifications,dataflowdiagrams,otheraccepteddesigntechniquesandComputerAidedSoftwareEngineering(CASE)tools.Estimatesoftwaredevelopmentcostsandschedules.Reviewexistingprogramsandassistinmakingrefinements,reducingoperatingtime,andimprovingcurrentdevelopmentmethods.Establishandmanagesoftwareconfiguration.

Bachelors 6

IncidentResponseLead

Familiarwithindustrystandardmalwarereverseanalysismethodologies.Possessknowledgeofvariousmalwareencryptionandcompression/packingmethodologiesandprotectiveencryptionweaknesses.Abilitytoprovidemalwarethreatresearchonnewattacksandexploits.Abilityto

Bachelors 6

of 36

script(ex.Pythonand/orPERL)andautomatetasksandbeabletodiscernmalwarebasedcovertchannelandcommandandcontrolprotocolanalysis.Applythepropertechniquesandprocedurestotheidentification,collection,examinationandanalysisofdatawhilepreservingtheintegrityoftheinformationandmaintainingastrictchainofcustodyforthedata.

NetworkSecurityEngineerIII

Responsiblefortheimplementation,maintenance,andintegrationofWAN,LAN,andserverarchitecture.Responsibleforimplementationandadministrationofnetworksecurityhardwareandsoftware,enforcingthenetworksecuritypolicyandcomplyingwithrequirementsofexternalsecurityauditsandrecommendations.Performsanalysisofnetworksecurityneedsandcontributestodesign,integration,andinstallationofhardwareandsoftware.Analyzes,troubleshootsandcorrectsnetworkproblemsremotelyandon-site.Maintainsandadministersperimetersecuritysystemssuchasfirewallsandintrusiondetectionsystems.

Bachelors 6

CyberSecurityProgram/ProjectManager

Managesmorethanonefunctionalareaininformationsystemsdesign,development,andanalysisencompassingoneormoreofthefollowingareasoftechnicalexpertise:programming,computerapplicationanalysis,softwaredevelopment,systemsintegration,andrelateddisciplines.Responsibleforcoordinatingsubordinateemployeerecruitment,selectionandtraining,performanceassessment,workassignments,

Bachelors 8

of 36

salary,andrecognition/disciplinaryactions.

SecurityAdministrator

Teachesothersaboutcomputersecurity,checksforsecurityviolations,installsprotectionsoftwareandtakesactionagainstcyberattacks.Providesevidenceofacyberattacktoprosecuteindividualsforbreachingsecurity.Musthaveexcellentcommunicationskills,aswelltheabilitytodetectandanalyzeproblems.Expectedtoquicklyandaccuratelyfindasolution.

Associates 2

CyberSecurityEngineerI


Associates 2

of 36

LABORCATEGORYRATES(SEESINSBELOW)-GSASCHEDULECONTRACTINFORMATION

TECHNOLOGY(IT)SERVICES(AllratesbelowincudeIFF)

SIN LCAT10/30/2017-10/29/2018

10/30/2018-10/29/2019

10/30/2019-10/29/2020

10/30/2020-10/29/2021

10/30/2021-10/29/2022

132-51, 132-45A, 132-45B, 132-45C, 132-45D

C&A/A&A Analyst

$90.49 $ 92.30 $ 94.15 $ 96.03 $ 97.95 132-51, 132-45A, 132-45B, 132-45C, 132-45D

C&A/A&A Engineer

$102.12 $ 104.16 $ 106.25 $ 108.37 $ 110.54 132-51, 132-45A, 132-45B, 132-45C, 132-45D

Digital Foresnsics Engineer

$146.17 $ 149.09 $ 152.08 $ 155.12 $ 158.22 132-51, 132-45A, 132-45B, 132-45C, 132-45D

Penetration Tester

$128.54 $ 131.11 $ 133.73 $ 136.41 $ 139.14 132-51, 132-45A, 132-45B, 132-45C, 132-45D

Security SME

$189.71 $ 193.50 $ 197.37 $ 201.32 $ 205.35 132-51 Technical Writer $62.61 $ 63.86 $ 65.14 $ 66.44 $ 67.77 132-51, 132-45A, 132-45B, 132-45C, 132-45D

Cyber Security Engineer II

$113.78 $ 116.06 $ 118.38 $ 120.74 $ 123.16 132-51, 132-45A, 132-45B, 132-45C, 132-45D

Information Assurance Specialist

$169.02 $ 172.40 $ 175.85 $ 179.37 $ 182.95

of 36

132-51, 132-45A, 132-45B, 132-45C, 132-45D

Cyber Security/Information Assurance Auditor

$131.58 $ 134.21 $ 136.90 $ 139.63 $ 142.43 132-51, 132-45A, 132-45B, 132-45C, 132-45D

Cyber Security Engineer III

$152.95 $ 156.01 $ 159.13 $ 162.31 $ 165.56 132-51, 132-45A, 132-45B, 132-45C, 132-45D

Security Software Engineer Team Lead

$165.16 $ 168.46 $ 171.83 $ 175.27 $ 178.77 132-51, 132-45A, 132-45B, 132-45C, 132-45D

Incident Response Lead

$141.53 $ 144.36 $ 147.25 $ 150.19 $ 153.20 132-51, 132-45A, 132-45B, 132-45C, 132-45D

Network Security Engineer III

$152.95 $ 156.01 $ 159.13 $ 162.31 $ 165.56 132-51, 132-45A, 132-45B, 132-45C, 132-45D

Cyber Security Program/Project Manager

$171.61 $ 175.04 $ 178.54 $ 182.11 $ 185.76 132-51, 132-45A, 132-45B, 132-45C, 132-45D

Security Administrator

$69.29 $ 70.68 $ 72.09 $ 73.53 $ 75.00 132-51, 132-45A, 132-45B, 132-45C, 132-45D

Cyber Security Engineer I

$90.47 $ 92.28 $ 94.12 $ 96.01 $ 97.93

USACOMMITMENTTOPROMOTESMALLBUSINESSPARTICIPATIONPROCUREMENTPROGRAMS

PREAMBLE

of 36

RedportInformationAssurance,LLCprovidescommercialproductsandservicestoorderingactivities.Weare committed to promoting participation of small, small disadvantaged and women-owned smallbusinesses in our contracts. We pledge to provide opportunities to the small business communitythrough reselling opportunities,mentor-protégé programs, joint ventures, teaming arrangements, andsubcontracting.

COMMITMENT

Toactivelyseekandpartnerwithsmallbusinesses.

Toidentify,qualify,mentoranddevelopsmall,smalldisadvantagedandwomen-ownedsmallbusinessesbypurchasingfromthesebusinesseswheneverpractical.

Todevelopandpromotecompanypolicyinitiativesthatdemonstrateoursupportforawardingcontractsandsubcontractstosmallbusinessconcerns.

To undertake significant efforts to determine the potential of small, small disadvantaged andwomen-ownedsmallbusinesstosupplyproductsandservicestoourcompany.

To insure procurement opportunities are designed to permit the maximum possible participation ofsmall,smalldisadvantaged,andwomen-ownedsmallbusinesses.

To attend business opportunity workshops, minority business enterprise seminars, trade fairs,procurementconferences,etc.,toidentifyandincreasesmallbusinesseswithwhomtopartner.

To publicize in our marketing publications our interest in meeting small businesses that may beinterestedinsubcontractingopportunities.

Wesignifyourcommitmenttowork inpartnershipwithsmall,smalldisadvantagedandwomen-ownedsmallbusinessestopromoteandincreasetheirparticipationinorderingactivitycontracts.Toacceleratepotentialopportunitiespleasecontactusat:

ContractsAdministrator

StevenReinkemeyer

President/CEO

703-229-6709

[email protected]

of 36

BEST VALUE BLANKET PURCHASE AGREEMENT

FEDERAL SUPPLY SCHEDULE

(Insert Customer Name)

In the spirit of the Federal Acquisition Streamlining Act (ordering activity) and (Contractor) enter into a cooperative agreement to further reduce the administrative costs of acquiring commercial items from the General Services Administration (GSA) Federal Supply Schedule Contract(s) ____________________.

Federal Supply Schedule contract BPAs eliminate contracting and open market costs such as: search for sources; the development of technical documents, solicitations and the evaluation of offers. Teaming Arrangements are permitted with Federal Supply Schedule Contractors in accordance with Federal Acquisition Regulation (FAR) 9.6.

This BPA will further decrease costs, reduce paperwork, and save time by eliminating the need for repetitive, individual purchases from the schedule contract. The end result is to create a purchasing mechanism for the ordering activity that works better and costs less.

Signatures

Ordering Activity Date Contractor Date

of 36

BPA NUMBER_____________

(CUSTOMER NAME) BLANKET PURCHASE AGREEMENT

Pursuant to GSA Federal Supply Schedule Contract Number(s)____________, Blanket Purchase Agreements, the Contractor agrees to the following terms of a Blanket Purchase Agreement (BPA) EXCLUSIVELY WITH (ordering activity):

(1) The following contract items can be ordered under this BPA. All orders placed against this BPA are subject to the terms and conditions of the contract, except as noted below:

MODEL NUMBER/PART NUMBER *SPECIAL BPA DISCOUNT/PRICE

(2) Delivery:

DESTINATION DELIVERY SCHEDULES / DATES

(3) The ordering activity estimates, but does not guarantee, that the volume of purchases through this agreement will be _________________________.

(4) This BPA does not obligate any funds.

(5) This BPA expires on _________________ or at the end of the contract period, whichever is earlier.

(6) The following office(s) is hereby authorized to place orders under this BPA:

OFFICE POINT OF CONTACT

(7) Orders will be placed against this BPA via Electronic Data Interchange (EDI), FAX, or paper.

(8) Unless otherwise agreed to, all deliveries under this BPA must be accompanied by delivery tickets or sales slips that must contain the following information as a minimum:

(a) Name of Contractor;

of 36

(b) Contract Number;

(c) BPA Number;

(d) Model Number or National Stock Number (NSN);

(e) Purchase Order Number;

(f) Date of Purchase;

(g) Quantity, Unit Price, and Extension of Each Item (unit prices and extensions need not be shown when incompatible with the use of automated systems; provided, that the invoice is itemized to show the information); and

(h) Date of Shipment.

(9) The requirements of a proper invoice are specified in the Federal Supply Schedule contract. Invoices will be submitted to the address specified within the purchase order transmission issued against this BPA.

(10) The terms and conditions included in this BPA apply to all purchases made pursuant to it. In the event of an inconsistency between the provisions of this BPA and the Contractor’s invoice, the provisions of this BPA will take precedence.

*******************************************************************************************

of 36

BASIC GUIDELINES FOR USING “CONTRACTOR TEAM ARRANGEMENTS”

Federal Supply Schedule Contractors may use “Contractor Team Arrangements” (see FAR 9.6) to provide solutions when responding to a ordering activity requirements.

These Team Arrangements can be included under a Blanket Purchase Agreement (BPA). BPAs are permitted under all Federal Supply Schedule contracts.

Orders under a Team Arrangement are subject to terms and conditions or the Federal Supply Schedule Contract.

Participation in a Team Arrangement is limited to Federal Supply Schedule Contractors.

Customers should refer to FAR 9.6 for specific details on Team Arrangements.

Here is a general outline on how it works:

• The customer identifies their requirements.

• Federal Supply Schedule Contractors may individually meet the customers needs, or -

• Federal Supply Schedule Contractors may individually submit a Schedules “Team Solution” to meet the customer’s requirement.

• Customers make a best value selection.

Redport Information Assurance - Federal Supply ServiceRedport Information Assurance, LLC 814 W...

Documents

Transcript of Redport Information Assurance - Federal Supply ServiceRedport Information Assurance, LLC 814 W...