Redport Information Assurance - Federal Supply ServiceRedport Information Assurance, LLC 814 W...
Transcript of Redport Information Assurance - Federal Supply ServiceRedport Information Assurance, LLC 814 W...
Page 1 of 36
Federal Supply Service
Authorized Federal Supply Schedule Price List On-line access to contract ordering information, terms and conditions, up-to-date pricing, and the option to create an
electronic delivery order are available through GSA Advantage! ®, a menu-driven database system. The INTERNET address GSA Advantage! ® is: GSAAdvantage.gov.
SPECIAL ITEM NUMBER 132-51 INFORMATION TECHNOLOGY (IT) PROFESSIONAL SERVICES SPECIAL ITEM NUMBER 132-45A PENETRATION TESTING SPECIAL ITEM NUMBER 132-45B INCIDENT RESPONSE SPECIAL ITEM NUMBER 132-45C CYBER HUNT SPECIAL ITEM NUMBER 132-45D RISK AND VULNERABILITY ASSESSMENT (RVA)
Redport Information Assurance, LLC
814 W Diamond Avenue. Ste. 370
Gaithersburg, MD 20878
Office: 703-229-6709
Fax: 703-229-6708
Contract Number: 47QTCA18D001N
Period Covered by Contract: October 30, 2017 through October 29, 2022
General Services Administration Federal Acquisition Service
For more information on ordering from Federal Supply Schedules click on the FSS Schedules button at fss.gsa.gov. Contract period Note 1: All non-professional labor categories must be incidental to and used solely to support hardware, software and/or professional services, and cannot be purchased separately. Note 2: Offerors and Agencies are advised that the Group 70 – Information Technology Schedule is not to be used as a means to procure services which properly fall under the Brooks Act. These services include, but are not limited to, architectural, engineering, mapping, cartographic production, remote sensing, geographic information systems, and related services. FAR 36.6 distinguishes between mapping services of an A/E nature and mapping services which are not connected nor incidental to the traditionally accepted A/E Services.
Note 3: This solicitation is not intended to solicit for the reselling of IT Professional Services, except for the provision of implementation, maintenance, integration, or training services in direct support of a product. Under such circumstances the services must be performance by the publisher or manufacturer or one of their authorized agents.
Page 2 of 36
Customer Information:
1a. Table of Awarded Special Item Number(s) with appropriate cross-reference to page numbers:
SIN Description 132-51 IT Professional Services
132-45A Penetration Testing 132-45B Incident Response 132-45C Cyber Hunt 132-45D Risk and Vulnerability Assessment (RVA)
1b. Identification of the lowest priced model number and lowest unit price for that model for each special
item number awarded in the contract. This price is the Government price based on a unit of one, exclusive of any quantity/dollar volume, prompt payment, or any other concession affecting price. Those contracts that have unit prices based on the geographic location of the customer, should show the range of the lowest price, and cite the areas to which the prices apply. See page 30
1c. If the Contractor is proposing hourly rates a description of all corresponding commercial job titles,
experience, functional responsibility and education for those types of employees or subcontractors who will perform services shall be provided. If hourly rates are not applicable, indicate “Not applicable” for this item. Starting on Page 14
2. Maximum Order: $500,000.00 3. Minimum Order: $100.00 4. Geographic Coverage (delivery Area): Domestic (48 States, DC) 5. Point(s) of production (city, county, and state or foreign country): N/A 6. Discount from list prices or statement of net price: Government net prices (discounts already deducted). 7. Quantity discounts: 1% on Sales over $250,000 8. Prompt payment terms: Net 30 days 9a. Notification that Government purchase cards are accepted up to the micro-purchase threshold: Yes 9b. Notification whether Government purchase cards are accepted or not accepted above the micro-purchase
threshold: will not accept over the micropurchase threshold 10. Foreign items (list items by country of origin): None 11a. Time of Delivery (Contractor insert number of days): Specified on the Task Order and shall deliver or
perform services in accordance with the terms negotiated in an agency’s order.
Page 3 of 36
11b. Expedited Delivery. The Contractor will insert the sentence “Items available for expedited delivery are
noted in this price list.” under this heading. The Contractor may use a symbol of its choosing to highlight items in its price list that have expedited delivery: Contact Contractor
11c. Overnight and 2-day delivery. The Contractor will indicate whether overnight and 2-day delivery are
available. Also, the Contractor will indicate that the schedule customer may contact the Contractor for rates for overnight and 2-day delivery: Contact Contractor
11d. Urgent Requirements. The Contractor will note in its price list the “Urgent Requirements” clause of its
contract and advise agencies that they can also contact the Contractor’s representative to effect a faster delivery: Contact Contractor
12. F.O.B Points(s): Destination 13a. Ordering Address(es): Redport Information Assurance, LLC 814 W Diamond Avenue. Ste. 370 Gaithersburg, MD 20878 13b. Ordering procedures: For supplies and services, the ordering procedures, information on Blanket
Purchase Agreements (BPA’s), and a sample BPA can be found at the GSA/FSS Schedule homepage (fss.gsa.gov/schedules).
14. Payment address(es): Redport Information Assurance, LLC 814 W Diamond Avenue. Ste. 370 Gaithersburg, MD 20878 15. Warranty provision.: Contractor’s standard commercial warranty. 16. Export Packing Charges (if applicable): N/A 17. Terms and conditions of Government purchase card acceptance (any thresholds above the micro-
purchase level): Contact Contractor 18. Terms and conditions of rental, maintenance, and repair (if applicable): N/A 19. Terms and conditions of installation (if applicable): N/A 20. Terms and conditions of repair parts indicating date of parts price lists and any discounts from list prices
(if applicable): N/A 20a. Terms and conditions for any other services (if applicable): N/A 21. List of service and distribution points (if applicable): N/A 22. List of participating dealers (if applicable): N/A
Page 4 of 36
23. Preventive maintenance (if applicable): N/A 24a. Environmental attributes, e.g., recycled content, energy efficiency, and/or reduced pollutants: N/A 24b. If applicable, indicate that Section 508 compliance information is available on Electronic and
Information Technology (EIT) supplies and services and show where full details can be found (e.g. contactor’s website or other location.) The EIT standards can be found at: www.Section508.gov/.
25. Data Universal Numbering System (DUNS) number: 966193638 26. Notification regarding registration in the System for Award Management (SAM) Database: Registered
TERMS AND CONDITIONS APPLICABLE TO HIGHLY ADAPTIVE CYBERSECURITY SERVICES (HACS)
(SPECIALITEMNUMBERS132-45A,132-45B,132-45Cand132-45D)
NOTE:TheTransactionalDataReporting(TDR)RulerequiresvendorstoelectronicallyreportthepricethefederalgovernmentpaidforanitemorservicepurchasedthroughGSAacquisitionvehicles.TheTDRPILOTDOESNOTAPPLYTOTHISSIN,EXCEPTifaTDR-coveredSIN(s)isproposedaspartofyourtotalofferingtoGSA(e.g.offer132-51and132-8).IfbothTDRandNONTDRSINsareoffered,thentheentirecontractissubjecttoTDRandthePriceReductionClause(PRC)andCommercialSalesPractice(CSP)requirementsareremovedfortheentirecontract."IfNONTDRSIN(s)areofferedonly,thentheofferingwillbesubjecttothePRCandCSP
VendorsuitabilityforofferingservicesthroughtheHighlyAdaptiveCybersecurityServices(HACS)SINsmustbeinaccordancewiththefollowinglawsandstandardswhenapplicabletothespecifictaskorders,includingbutnotlimitedto:
• FederalAcquisitionRegulation(FAR)Part52.204-21
• OMBMemorandumM-06-19-ReportingIncidentsInvolvingPersonallyIdentifiableInformationandIncorporatingtheCostforSecurityinAgencyInformationTechnologyInvestments
• OMBMemorandumM-07-16-SafeguardingAgainstandRespondingtotheBreachofPersonallyIdentifiableInformation
• OMBMemorandumM-16-03-FiscalYear2015-2016GuidanceonFederalInformationSecurityandPrivacyManagementRequirements
• OMBMemorandumM-16-04–CybersecurityImplementationPlan(CSIP)forFederalCivilianGovernment
• TheCybersecurityNationalActionPlan(CNAP)
• NISTSP800-14-GenerallyAcceptedPrinciplesandPracticesforSecuringInformationTechnologySystems
Page 5 of 36
• NISTSP800-27A-EngineeringPrinciplesforInformationTechnologySecurity(ABaselineforAchievingSecurity)
• NISTSP800-30-GuideforConductingRiskAssessments
• NISTSP800-35-GuidetoInformationTechnologySecurityServices
• NISTSP800-37-GuideforApplyingtheRiskManagementFrameworktoFederalInformationSystems:ASecurityLifeCycleApproach
• NISTSP800-39-ManagingInformationSecurityRisk:Organization,Mission,andInformationSystemView
• NISTSP800-44-GuidelinesonSecuringPublicWebServers
• NISTSP800-48-GuidetoSecuringLegacyIEEE802.11WirelessNetworks
• NISTSP800-53–SecurityandPrivacyControlsforFederalInformationSystemsandOrganizations
• NISTSP800-61-ComputerSecurityIncidentHandlingGuide
• NISTSP800-64-SecurityConsiderationsintheSystemDevelopmentLifeCycle
• NISTSP800-82-GuidetoIndustrialControlSystems(ICS)Security
• NISTSP800-86-GuidetoIntegratingForensicTechniquesintoIncidentResponse
• NISTSP800-115-TechnicalGuidetoInformationSecurityTestingandAssessment
• NISTSP800-128-GuideforSecurity-FocusedConfigurationManagementofInformationSystems
• NISTSP800-137-InformationSecurityContinuousMonitoring(ISCM)forFederalInformationSystemsandOrganizations
• NISTSP800-153-GuidelinesforSecuringWirelessLocalAreaNetworks(WLANs)
• NISTSP800-171-ProtectingControlledUnclassifiedInformationinnon-federalInformationSystemsandOrganizations
****NOTE:Allnon-professionallaborcategoriesmustbeincidentalto,andusedsolelytosupportHighlyAdaptiveCybersecurityServices,andcannotbepurchasedseparately.
****NOTE:AlllaborcategoriesundertheSpecialItemNumber132-51InformationTechnologyProfessionalServicesmayremainunderSIN132-51unlessthelaborcategoriesarespecifictotheHighlyAdaptiveCybersecurityServicesSINs.
1. SCOPE
a. Thelaborcategories,prices,termsandconditionsstatedunderSpecialItemNumbers132-45A,132-45B,132-45Cand132-45DHighAdaptiveCybersecurityServicesapplyexclusivelytoHighAdaptiveCybersecurityServiceswithinthescopeofthisInformationTechnologySchedule.
Page 6 of 36
b. ServicesundertheseSINsarelimitedtoHighlyAdaptiveCybersecurityServicesonly.SoftwareandhardwareproductsareunderdifferentSpecialItemNumbersonITSchedule70(e.g.132-32,132¬33,132-8),andmaybequotedalongwithservicestoprovideatotalsolution.
c. TheseSINsprovideorderingactivitieswithaccesstoHighlyAdaptiveCybersecurityservicesonly.
d. HighlyAdaptiveCybersecurityServicesprovidedundertheseSINsshallcomplywithallCybersecuritycertificationsandindustrystandardsasapplicablepertainingtothetypeofservicesasspecifiedbyorderingagency.
e. TheContractorshallprovideservicesattheContractor’sfacilityand/orattheorderingactivitylocation,asagreedtobytheContractorandtheorderingactivity.
2. ORDER
a. Agenciesmayusewrittenorders,ElectronicDataInterchange(EDI)orders,BlanketPurchaseAgreements,individualpurchaseorders,ortaskordersfororderingservicesunderthiscontract.BlanketPurchaseAgreementsshallnotextendbeyondtheendofthecontractperiod;allservicesanddeliveryshallbemadeandthecontracttermsandconditionsshallcontinueineffectuntilthecompletionoftheorder.OrdersfortaskswhichextendbeyondthefiscalyearforwhichfundsareavailableshallincludeFAR52.232-19(Deviation–May2003)AvailabilityofFundsfortheNextFiscalYear.Thepurchaseordershallspecifytheavailabilityoffundsandtheperiodforwhichfundsareavailable.
b. Alltaskordersaresubjecttothetermsandconditionsofthecontract.Intheeventofconflictbetweenataskorderandthecontract,thecontractwilltakeprecedence.
3. PERFORMANCEOFSERVICES
a. TheContractorshallcommenceperformanceofservicesonthedateagreedtobytheContractorandtheorderingactivity.AllContractswillbefullyfunded.
b. TheContractoragreestorenderservicesduringnormalworkinghours,unlessotherwiseagreedtobytheContractorandtheorderingactivity.
c. TheorderingactivityshouldincludethecriteriaforsatisfactorycompletionforeachtaskintheStatementofWorkorDeliveryOrder.Servicesshallbecompletedinagoodandworkmanlikemanner.
d. AnyContractortravelrequiredintheperformanceofHighlyAdaptiveCybersecurityServicesmustcomplywiththeFederalTravelRegulationorJointTravelRegulations,asapplicable,ineffectonthedate(s)thetravelisperformed.EstablishedFederalGovernmentperdiemrateswillapplytoallContractortravel.ContractorscannotuseGSAcitypaircontracts.AlltravelwillbeagreeduponwiththeclientpriortotheContractor’stravel.
4. INSPECTIONOFSERVICES
Inspectionofservicesisinaccordancewith552.212-4-CONTRACTTERMSANDCONDITIONS–COMMERCIALITEMS(MAY2015)(ALTERNATEII–JUL2009)(FARDEVIATION–JUL2015)(TAILORED)forFirm-FixedPriceandTime-and-MaterialsandLabor-HourContractsordersplacedunderthiscontract.
Page 7 of 36
5. RESPONSIBILITIESOFTHECONTRACTOR
TheContractorshallcomplywithalllaws,ordinances,andregulations(Federal,State,City,orotherwise)coveringworkofthischaracter.Iftheendproductofataskorderissoftware,thenFAR52.227-14(MAY2014)RightsinData–General,mayapply.
TheContractorshallcomplywithcontractclause(52.204-21)totheFederalAcquisitionRegulation(FAR)forthebasicsafeguardingofcontractorinformationsystemsthatprocess,store,ortransmitFederaldatareceivedbythecontractinperformanceofthecontract.Thisincludescontractdocumentsandallinformationgeneratedintheperformanceofthecontract.
6. RESPONSIBILITIESOFTHEORDERINGACTIVITY
Subjecttotheorderingactivity’ssecurityregulations,theorderingactivityshallpermitContractoraccesstoallfacilitiesnecessarytoperformtherequisiteHighlyAdaptiveCybersecurityServices.
7. INDEPENDENTCONTRACTOR
AllHighlyAdaptiveCybersecurityServicesperformedbytheContractorunderthetermsofthiscontractshallbeasanindependentContractor,andnotasanagentoremployeeoftheorderingactivity.
8. ORGANIZATIONALCONFLICTSOFINTEREST
a.Definitions.
“Contractor”meanstheperson,firm,unincorporatedassociation,jointventure,partnership,orcorporationthatisaparty
tothiscontract.
“Contractoranditsaffiliates”and“Contractororitsaffiliates”referstotheContractor,itschiefexecutives,directors,officers,subsidiaries,affiliates,subcontractorsatanytier,andconsultantsandanyjointventureinvolvingtheContractor,anyentityintoorwithwhichtheContractorsubsequentlymergesoraffiliates,oranyothersuccessororassigneeoftheContractor.
An“Organizationalconflictofinterest”existswhenthenatureoftheworktobeperformedunderaproposedorderingactivitycontract,withoutsomerestrictiononorderingactivitiesbytheContractoranditsaffiliates,mayeither(i)resultinanunfaircompetitiveadvantagetotheContractororitsaffiliatesor(ii)impairtheContractor’soritsaffiliates’objectivityinperformingcontractwork.
b) Toavoidanorganizationalorfinancialconflictofinterestandtoavoidprejudicingthebestinterestsofthe
orderingactivity,orderingactivitiesmayplacerestrictionsontheContractors,itsaffiliates,chiefexecutives,
directors,subsidiariesandsubcontractorsatanytierwhenplacingordersagainstschedulecontracts.SuchrestrictionsshallbeconsistentwithFAR9.505andshallbedesignedtoavoid,neutralize,ormitigateorganizationalconflictsofinterestthatmightotherwiseexistinsituationsrelatedtoindividualorders
Page 8 of 36
placedagainsttheschedulecontract.Examplesofsituations,whichmayrequirerestrictions,areprovidedatFAR9.508.
9. INVOICES
TheContractor,uponcompletionoftheworkordered,shallsubmitinvoicesforHighlyAdaptiveCybersecurityServices.Progresspaymentsmaybeauthorizedbytheorderingactivityonindividualordersifappropriate.Progresspaymentsshallbebaseduponcompletionofdefinedmilestonesorinterimproducts.Invoicesshallbesubmittedmonthlyforrecurringservicesperformedduringtheprecedingmonth.
10. RESUMES
ResumesshallbeprovidedtotheGSAContractingOfficerortheuserorderingactivityuponrequest.
11. APPROVALOFSUBCONTRACTS
TheorderingactivitymayrequirethattheContractorreceive,fromtheorderingactivity'sContracting
Officer,writtenconsentbeforeplacinganysubcontractforfurnishinganyoftheworkcalledforinataskorder.
12. DESCRIPTIONOFHIGHLYADAPTIVECYBERSECURITYSERVICESANDPRICING
a. TheContractorshallprovideadescriptionofeachtypeofHighlyAdaptiveCybersecurityServiceofferedunderSpecialItemNumbers132-45A,132-45B,132-45Cand132-45DforHighlyAdaptiveCybersecurityServicesanditshouldbepresentedinthesamemannerastheContractorsellstoitscommercialandotherorderingactivitycustomers.IftheContractorisproposinghourlyrates,adescriptionofallcorrespondingcommercialjobtitles(laborcategories)forthoseindividualswhowillperformtheserviceshouldbeprovided.
b. PricingforallHighlyAdaptiveCybersecurityServicesshallbeinaccordancewiththeContractor’scustomarycommercialpractices;e.g.,hourlyrates,,minimumgeneralexperience
minimumeducation.
Thefollowingisanexampleofthemannerinwhichthedescriptionofacommercialjobtitleshouldbepresented(seeSCPFSS004)
EXAMPLE
CommercialJobTitle:ComputerNetworkDefenseAnalysis
Description:Usesdefensivemeasuresandinformationcollectedfromavarietyofsourcestoidentify,analyze,andreporteventsthatoccurormightoccurwithinthenetworkinordertoprotectinformation,informationsystems,andnetworksfromthreats.
Professionalsinvolvedinthisspecialtyperformthefollowingtasks:
• Providetimelydetection,identification,andalertingofpossibleattacks/intrusions,anomalousactivities,andmisuseactivitiesanddistinguishtheseincidentsandeventsfrombenignactivities
Page 9 of 36
• ProvidedailysummaryreportsofnetworkeventsandactivityrelevanttoComputerNetworkDefensepractices
• Monitorexternaldatasources(e.g.,ComputerNetworkDefensevendorsites,ComputerEmergencyResponseTeams,SANS,SecurityFocus)tomaintaincurrencyofComputerNetworkDefensethreatconditionanddeterminewhichsecurityissuesmayhaveanimpactontheenterprise.
Knowledge,SkillsandAbilities:Knowledgeofapplicablelaws(e.g.,ElectronicCommunicationsPrivacyAct,ForeignIntelligenceSurveillanceAct,ProtectAmericaAct,searchandseizurelaws,civillibertiesandprivacylaws,etc.),statutes(e.g.,inTitles10,18,32,50inU.S.Code),PresidentialDirectives,executivebranchguidelines,and/oradministrative/criminallegalguidelinesandproceduresrelevanttoworkperformed
MinimumExperience:5Years
MinimumEducationRequirements:abachelorsofsciencedegreewithaconcentrationincomputerscience,cybersecurityservices,managementinformationsystems(MIS),engineeringorinformationscienceisessential.
HighlyDesirable:OffensiveSecurityCertifiedProfessional(OSCP)orcommercialCybersecurityadvancedcertification(s).
TERMS AND CONDITIONS APPLICABLE TO INFORMATION TECHNOLOGY (IT) PROFESSIONAL SERVICES (SPECIAL ITEM NUMBER 132-51
1. SCOPE
a. The prices, terms and conditions stated under Special Item Number 132-51 InformationTechnologyProfessionalServicesapplyexclusivelytoITProfessionalServiceswithinthescopeofthisInformationTechnologySchedule.
b. TheContractor shallprovide servicesat theContractor’s facilityand/orat theorderingactivitylocation,asagreedtobytheContractorandtheorderingactivity.
2. PERFORMANCEINCENTIVESI-FSS-60PerformanceIncentives(April2000)
a. PerformanceincentivesmaybeagreeduponbetweentheContractorandtheorderingactivityonindividualfixedpriceordersorBlanketPurchaseAgreementsunderthiscontract.
b. Theorderingactivitymustestablishamaximumperformance incentiveprice for theseservicesand/ortotalsolutionsonindividualordersorBlanketPurchaseAgreements.
c. Incentives shouldbedesigned to relate resultsachievedby thecontractor to specified targets.To the maximum extent practicable, ordering activities shall consider establishing incentives
Page 10 of 36
where performance is critical to the ordering activity’s mission and incentives are likely tomotivatethecontractor.Incentivesshallbebasedonobjectivelymeasurabletasks.
3. ORDER
a. Agenciesmayusewrittenorders,EDIorders,blanketpurchaseagreements, individualpurchaseorders, or taskorders forordering servicesunder this contract. BlanketPurchaseAgreementsshallnotextendbeyondtheendof thecontractperiod;allservicesanddeliveryshallbemadeandthecontracttermsandconditionsshallcontinueineffectuntilthecompletionoftheorder.Ordersfortaskswhichextendbeyondthefiscalyearforwhichfundsareavailableshall includeFAR 52.232-19 (Deviation – May 2003) Availability of Funds for the Next Fiscal Year. Thepurchaseordershallspecifytheavailabilityoffundsandtheperiodforwhichfundsareavailable.
b. All taskordersaresubjecttothetermsandconditionsofthecontract. Intheeventofconflictbetweenataskorderandthecontract,thecontractwilltakeprecedence.
4. PERFORMANCEOFSERVICES
a. TheContractorshallcommenceperformanceofservicesonthedateagreedtobytheContractorandtheorderingactivity.
b. The Contractor agrees to render services only during normal working hours, unless otherwiseagreedtobytheContractorandtheorderingactivity.
c. Theorderingactivityshould includethecriteria forsatisfactorycompletion foreachtask in theStatementofWorkorDeliveryOrder. Services shallbecompleted inagoodandworkmanlikemanner.
d. AnyContractortravel required intheperformanceof ITServicesmustcomplywiththeFederalTravelRegulationorJointTravelRegulations,asapplicable, ineffectonthedate(s)thetravel isperformed. Established Federal Government per diem rateswill apply to all Contractor travel.ContractorscannotuseGSAcitypaircontracts.
5. STOP-WORKORDER(FAR52.242-15)(AUG1989)
(a) The Contracting Officer may, at any time, by written order to the Contractor, require theContractortostopall,oranypart,oftheworkcalledforbythiscontractforaperiodof90daysaftertheorderisdeliveredtotheContractor,andforanyfurtherperiodtowhichthepartiesmayagree. The order shall be specifically identified as a stop-work order issued under this clause.Upon receiptof theorder, theContractor shall immediatelycomplywith its termsand takeallreasonablestepstominimizetheincurrenceofcostsallocabletotheworkcoveredbytheorderduringtheperiodofworkstoppage.Withinaperiodof90daysafterastop-workisdeliveredtotheContractor,orwithinanyextensionofthatperiodtowhichthepartiesshallhaveagreed,theContractingOfficershalleither-
(1) Cancelthestop-workorder;or
(2) TerminatetheworkcoveredbytheorderasprovidedintheDefault,ortheTerminationforConvenienceoftheGovernment,clauseofthiscontract.
Page 11 of 36
(b) If a stop-work order issued under this clause is canceled or the period of the order or anyextensionthereofexpires,theContractorshallresumework.TheContractingOfficershallmakeanequitableadjustmentinthedeliveryscheduleorcontractprice,orboth,andthecontractshallbemodified,inwriting,accordingly,if-
(1) Thestop-workorderresultsinanincreaseinthetimerequiredfor,orintheContractor'scostproperlyallocableto,theperformanceofanypartofthiscontract;and
(2)TheContractorassertsitsrighttotheadjustmentwithin30daysaftertheendoftheperiodof work stoppage; provided, that, if the Contracting Officer decides the facts justify theaction, the ContractingOfficermay receive and act upon the claim submitted at any timebeforefinalpaymentunderthiscontract.
(c) If a stop-work order is not canceled and thework covered by the order is terminated for theconvenience of theGovernment, the ContractingOfficer shall allow reasonable costs resultingfromthestop-workorderinarrivingattheterminationsettlement.
(d)Ifastop-workorderisnotcanceledandtheworkcoveredbytheorderisterminatedfordefault,the Contracting Officer shall allow, by equitable adjustment or otherwise, reasonable costsresultingfromthestop-workorder.
6. INSPECTIONOFSERVICES
TheInspectionofServices–FixedPrice(AUG1996)(Deviation–May2003)clauseatFAR52.246-4appliestofirm-fixedpriceordersplacedunderthiscontract.TheInspection–Time-and-MaterialsandLabor-Hour(MAY2001)(Deviation–May2003)clauseatFAR52.246-6appliestotime-and-materialsandlabor-hourordersplacedunderthiscontract.
7. RESPONSIBILITIESOFTHECONTRACTOR
The Contractor shall comply with all laws, ordinances, and regulations (Federal, State, City, orotherwise)coveringworkofthischaracter.Iftheendproductofataskorderissoftware,thenFAR52.227-14(Dec2007)RightsinData–General,mayapply.
8. RESPONSIBILITIESOFTHEORDERINGACTIVITY
Subject to security regulations, the ordering activity shall permit Contractor access to all facilitiesnecessarytoperformtherequisiteITProfessionalServices.
9. INDEPENDENTCONTRACTOR
AllITProfessionalServicesperformedbytheContractorunderthetermsofthiscontractshallbeasanindependentContractor,andnotasanagentoremployeeoftheorderingactivity.
10.ORGANIZATIONALCONFLICTSOFINTEREST
a. Definitions.
“Contractor”meanstheperson, firm,unincorporatedassociation, jointventure,partnership,orcorporationthatisapartytothiscontract.
Page 12 of 36
“Contractoranditsaffiliates”and“Contractoror itsaffiliates”referstotheContractor, itschiefexecutives,directors,officers,subsidiaries,affiliates,subcontractorsatanytier,andconsultantsand any joint venture involving the Contractor, any entity into or with which the Contractorsubsequentlymergesoraffiliates,oranyothersuccessororassigneeoftheContractor.
An “Organizational conflict of interest” exists when the nature of the work to be performedunder a proposedordering activity contract,without some restrictiononordering activities bytheContractorand itsaffiliates,mayeither (i) result inanunfair competitiveadvantage to theContractororitsaffiliatesor(ii)impairtheContractor’soritsaffiliates’objectivityinperformingcontractwork.
b. To avoid an organizational or financial conflict of interest and to avoid prejudicing the bestinterestsoftheorderingactivity,orderingactivitiesmayplacerestrictionsontheContractors,itsaffiliates, chief executives, directors, subsidiaries and subcontractors at any tier when placingordersagainstschedulecontracts.SuchrestrictionsshallbeconsistentwithFAR9.505andshallbe designed to avoid, neutralize, or mitigate organizational conflicts of interest that mightotherwise exist in situations related to individual orders placed against the schedule contract.Examplesofsituations,whichmayrequirerestrictions,areprovidedatFAR9.508.
11. INVOICES
The Contractor, upon completion of the work ordered, shall submit invoices for IT Professionalservices. Progress payments may be authorized by the ordering activity on individual orders ifappropriate. Progress payments shall be basedupon completionof definedmilestonesor interimproducts.Invoicesshallbesubmittedmonthlyforrecurringservicesperformedduringtheprecedingmonth.
12. PAYMENTS
Forfirm-fixedpriceorderstheorderingactivityshallpaytheContractor,uponsubmissionofproperinvoices or vouchers, the prices stipulated in this contract for service rendered and accepted.Progresspaymentsshallbemadeonlywhenauthorizedbytheorder.Fortime-and-materialsorders,the Payments under Time-and-Materials and Labor-Hour Contracts at FAR 52.212-4 (MAR 2009)(ALTERNATE I – OCT 2008) (DEVIATION I – FEB 2007) applies to time-and-materials orders placedunderthiscontract. For labor-hourorders,thePaymentunderTime-and-MaterialsandLabor-HourContractsatFAR52.212-4(MAR2009)(ALTERNATEI–OCT2008)(DEVIATIONI–FEB2007)appliestolabor-hourordersplacedunder this contract. 52.216-31(Feb2007)Time-and-Materials/Labor-HourProposal Requirements—Commercial Item Acquisition. As prescribed in 16.601(e)(3), insert thefollowingprovision:
(a) The Government contemplates award of a Time-and-Materials or Labor-Hour type of contractresultingfromthissolicitation.
(b)Theofferormustspecifyfixedhourlyratesinitsofferthatincludewages,overhead,generalandadministrativeexpenses,andprofit.Theofferormust specifywhether the fixedhourly rate foreachlaborcategoryappliestolaborperformedby—
(1) Theofferor;
Page 13 of 36
(2) Subcontractors;and/or
(3) Divisions,subsidiaries,oraffiliatesoftheofferorunderacommoncontrol.
13. RESUMES
ResumesshallbeprovidedtotheGSAContractingOfficerortheuserorderingactivityuponrequest.
14. INCIDENTALSUPPORTCOSTS
Incidentalsupportcostsareavailableoutsidethescopeofthiscontract.ThecostswillbenegotiatedseparatelywiththeorderingactivityinaccordancewiththeguidelinessetforthintheFAR.
15.APPROVALOFSUBCONTRACTS
TheorderingactivitymayrequirethattheContractorreceive,fromtheorderingactivity'sContractingOfficer,writtenconsentbeforeplacinganysubcontractforfurnishinganyoftheworkcalledforinataskorder.
16.DESCRIPTIONOFITPROFESSIONALSERVICESANDPRICING
a. TheContractorshallprovideadescriptionofeachtypeof ITServiceofferedunderSpecial ItemNumbers 132-51 IT Professional Services should be presented in the same manner as theContractor sells to its commercial and other ordering activity customers. If the Contractor isproposinghourlyrates,adescriptionofallcorrespondingcommercialjobtitles(laborcategories)forthoseindividualswhowillperformtheserviceshouldbeprovided.
b. Pricing for all IT Professional Services shall be in accordance with the Contractor’s customarycommercialpractices;e.g.,hourlyrates,monthlyrates,termrates,and/orfixedprices,minimumgeneralexperienceandminimumeducation.
The following is an example of themanner inwhich the description of a commercial job titleshouldbepresented:
EXAMPLE:CommercialJobTitle:SystemEngineer
Minimum/General Experience: Three (3) years of technical experience which applies tosystems analysis and design techniques for complex computer systems. Requirescompetence in all phases of systems analysis techniques, concepts and methods; alsorequiresknowledgeofavailablehardware,systemsoftware,input/outputdevices,structureandmanagementpractices.
Functional Responsibility: Guides users in formulating requirements, advises alternativeapproaches,conductsfeasibilitystudies.
MinimumEducation:Bachelor’sDegreeinComputerScience
Page 14 of 36
LABOR CATEGORY DESCRIPTIONS (132-51)
LaborCategory FunctionalResponsibility EducationYears
Experience
C&A/A&AAnalyst
ProvidessupportinallfacetsoftheC&Aprocessrelativetobothclassifiedandunclassifiednetworksininafastpaced,dynamicenvironment.Hascomprehensiveknowledgeofinformationsecurityprinciplesasitappliestomilitarynetworks,standards,andsystems.ServeasInformationAssurancepointofcontactforpromotional,test,new,replacementand/orContractorequipmentbeingbroughtintothepurviewoftheaccreditationboundary.Ensurethesystem/programmanagersprovideproperaccreditationdocumentationandmakenecessarychanges/additionstotheDIACAPpackages.PrepareandmaintainDIACAPartifacts/packages(e.g.ConfigurationManagementPlan,VulnerabilityManagementPlan,SystemPlanofActionandMilestones,ITContinuityPlan,SecurityDesignManagementProcess,SecurityRequirementsTraceabilityMatrixandotherdocumentationtosatisfyIAcontrols).
Associates 2
Page 15 of 36
C&A/A&AEngineer
ProvidessupportinallfacetsoftheC&Aprocessrelativetobothclassifiedandunclassifiednetworksininafastpaced,dynamicenvironment.Hascomprehensiveknowledgeofinformationsecurityprinciplesasitappliestomilitarynetworks,standards,andsystems.ServeasInformationAssurancepointofcontactforpromotional,test,new,replacementand/orContractorequipmentbeingbroughtintothepurviewoftheaccreditationboundary.Ensurethesystem/programmanagersprovideproperaccreditationdocumentationandmakenecessarychanges/additionstotheDIACAPpackages.PrepareandmaintainDIACAPartifacts/packages(e.g.ConfigurationManagementPlan,VulnerabilityManagementPlan,SystemPlanofActionandMilestones,ITContinuityPlan,SecurityDesignManagementProcess,SecurityRequirementsTraceabilityMatrixandotherdocumentationtosatisfyIAcontrols).
Bachelors 4
DigitalForensicsEngineer
Preserves,harvests,andprocesseselectronicdataaccordingtopoliciesandpractices.Performsforensicanalysisandhasanunderstandingandinterestinperformingdigitalforensicsinacloudenvironment.Providescreativeandinnovativesolutionsforclientmatters.Formsandarticulatesexpertopinionsbasedonanalysisanddraftsexportreports,affidavits,andotherexperttestimony.
Bachelors 4
Page 16 of 36
PenetrationTester
Conductsformaltestsonweb-basedapplications,networks,andothertypesofcomputersystemsonaregularbasis.Expectedtoworkonphysicalsecurityassessmentsofservers,computersystems,andnetworks.Conductingregularsecurityauditsfrombothalogical/theoreticalstandpointandatechnical/hands-onstandpoint.Expectedtoworkonthesecurityofwirelessnetworks,databases,softwaredevelopment,and/orcompanysecrets.
Bachelors 6
SecuritySME
Performsassessmentofpresentlevelsofcybersecurity,definesacceptablelevelsofrisk,trainsallpersonnelinpropercyberhygieneandestablishesformalmaintenanceprocedures.PerformsprivacyimpactassessmentsandprovidesPIIdatasecurityandmonitoring,andmigrationstrategies.Identifiespotentialvulnerabilitiestocyberandinformationsecurityusingpenetrationtestingandredteams.Providestechnologiesforidentification,modeling,andpredictiveanalysisofcyberthreats.
Bachelors 8
TechnicalWriter
Assistsincollectingandorganizinginformationrequiredforpreparationofuser’smanuals,trainingmaterials,installationguides,proposals,andreports.Editsfunctionaldescriptions,systemspecifications,user’smanuals,specialreports,oranyothercustomerdeliverablesanddocuments.
Associates 2
Page 17 of 36
CyberSecurityEngineerII
Installs,configuresandmaintainsorganization'soperatingsystems.Analyzesandresolvesproblemsassociatedwithserverhardwareandapplicationssoftware.Detects,diagnoses,andreportsrelatedproblemsonbothserveranddesktopsystems.Performsawidevarietyoftasksinsoftware/hardwaremaintenanceandoperationalsupportofserversystems.Analyzesgeneralinformationassurance-relatedtechnicalproblemsandprovidesbasicengineeringandtechnicalsupportinsolvingtheseproblems.Designs,develops,engineers,andimplementssolutionsthatmeetnetworksecurityrequirements.Performsvulnerability/riskanalysesofcomputersystemsandapplicationsduringallphasesofthesystemdevelopmentlifecycle.
Bachelors 4
InformationAssuranceSpecialist
Providestechnicalsupportintheareasofvulnerabilityassessment,riskassessment,networksecurity,productevaluation,andsecurityimplementation.Analyzestheclientsystemsecurity,conductsgapanalysis,determinesenterpriseinformationsecuritystandards,anddevelopsandimplementsinformationsecuritystandardsandprocedures.Responsiblefordesigningandimplementingsolutionsforprotectingtheconfidentiality,integrityandavailabilityofsensitiveinformation.Ensuresthatallinformationsystemsarefunctionalandsecure.Providestechnicalevaluationsofcustomersystemsandassistswithmakingsecurityimprovements.Participatesindesignof
Bachelors 6
Page 18 of 36
informationsystemcontingencyplansthatmaintainappropriatelevelsofprotectionandmeettimerequirementsforminimizingoperationsimpacttocustomerorganization.Conductssecurityproductevaluations,andrecommendsproducts,technologiesandupgradestoimprovethecustomer’ssecurityposture.Conductstestingandauditlogreviewstoevaluatetheeffectivenessofcurrentsecuritymeasures.
CyberSecurity/InformationAssuranceAuditor
Providesanauditofsecuritysystemsused.Providesadetailedreportofinformationsystemsthatoutlinewhetherthesystemrunsefficientlyoreffectively.Testspoliciestodeterminewhethertherearerisksassociatedwiththem.Reviewsorinterviewsmembersofthestafftolearnaboutanysecurityrisksorothercomplicationswithinthecompany.
Bachelors 6
CyberSecurityEngineerIII
Installs,configuresandmaintainsorganization'soperatingsystems.Analyzesandresolvesproblemsassociatedwithserverhardwareandapplicationssoftware.Detects,diagnoses,andreportsrelatedproblemsonbothserveranddesktopsystems.Performsawidevarietyoftasksinsoftware/hardwaremaintenanceandoperationalsupportofserversystems.Analyzesgeneralinformationassurance-relatedtechnicalproblemsandprovidesbasicengineeringandtechnicalsupportinsolvingtheseproblems.Designs,develops,engineers,andimplementssolutionsthatmeetnetworksecurityrequirements.Performsvulnerability/riskanalysesof
Bachelors 6
Page 19 of 36
computersystemsandapplicationsduringallphasesofthesystemdevelopmentlifecycle.
SecuritySoftwareEngineerTeamLead
Performsdesign,programming,documentation,andimplementationofapplicationsthatrequireknowledgeofinformationsystemsandrelatedsystemsconceptsforeffectivedevelopmentanddeploymentofsoftwaremodules.Participatesinallphasesofsoftwaredevelopmentwithemphasisonthedesign,coding,testing,documentation,andacceptancephases.Designsandpreparestechnicalreportsandrelateddocumentation.Performastheprimarysoftwareengineeringexpertonamajorautomatedinformationsystemdevelopmentproject.Analyzeandstudycomplexsystemrequirements.Designsoftwaretoolsandsubsystemstosupportandmanagetheirimplementation.Managesoftwaredevelopmentandsupportusingformalspecifications,dataflowdiagrams,otheraccepteddesigntechniquesandComputerAidedSoftwareEngineering(CASE)tools.Estimatesoftwaredevelopmentcostsandschedules.Reviewexistingprogramsandassistinmakingrefinements,reducingoperatingtime,andimprovingcurrentdevelopmentmethods.Establishandmanagesoftwareconfiguration.
Bachelors 6
Page 20 of 36
IncidentResponseLead
Familiarwithindustrystandardmalwarereverseanalysismethodologies.Possessknowledgeofvariousmalwareencryptionandcompression/packingmethodologiesandprotectiveencryptionweaknesses.Abilitytoprovidemalwarethreatresearchonnewattacksandexploits.Abilitytoscript(ex.Pythonand/orPERL)andautomatetasksandbeabletodiscernmalwarebasedcovertchannelandcommandandcontrolprotocolanalysis.Applythepropertechniquesandprocedurestotheidentification,collection,examinationandanalysisofdatawhilepreservingtheintegrityoftheinformationandmaintainingastrictchainofcustodyforthedata.
Bachelors 6
NetworkSecurityEngineerIII
Responsiblefortheimplementation,maintenance,andintegrationofWAN,LAN,andserverarchitecture.Responsibleforimplementationandadministrationofnetworksecurityhardwareandsoftware,enforcingthenetworksecuritypolicyandcomplyingwithrequirementsofexternalsecurityauditsandrecommendations.Performsanalysisofnetworksecurityneedsandcontributestodesign,integration,andinstallationofhardwareandsoftware.Analyzes,troubleshootsandcorrectsnetworkproblemsremotelyandon-site.Maintainsandadministersperimetersecuritysystemssuchasfirewallsandintrusiondetectionsystems.
Bachelors 6
Page 21 of 36
CyberSecurityProgram/ProjectManager
Managesmorethanonefunctionalareaininformationsystemsdesign,development,andanalysisencompassingoneormoreofthefollowingareasoftechnicalexpertise:programming,computerapplicationanalysis,softwaredevelopment,systemsintegration,andrelateddisciplines.Responsibleforcoordinatingsubordinateemployeerecruitment,selectionandtraining,performanceassessment,workassignments,salary,andrecognition/disciplinaryactions.
Bachelors 8
SecurityAdministrator
Teachesothersaboutcomputersecurity,checksforsecurityviolations,installsprotectionsoftwareandtakesactionagainstcyberattacks.Providesevidenceofacyberattacktoprosecuteindividualsforbreachingsecurity.Musthaveexcellentcommunicationskills,aswelltheabilitytodetectandanalyzeproblems.Expectedtoquicklyandaccuratelyfindasolution.
Associates 2
CyberSecurityEngineerI
Installs,configuresandmaintainsorganization'soperatingsystems.Analyzesandresolvesproblemsassociatedwithserverhardwareandapplicationssoftware.Detects,diagnoses,andreportsrelatedproblemsonbothserveranddesktopsystems.Performsawidevarietyoftasksinsoftware/hardwaremaintenanceandoperationalsupportofserversystems.Analyzesgeneralinformationassurance-relatedtechnicalproblemsandprovidesbasicengineeringandtechnicalsupportinsolvingtheseproblems.Designs,develops,engineers,andimplementssolutionsthatmeetnetwork
Associates 2
Page 22 of 36
securityrequirements.Performsvulnerability/riskanalysesofcomputersystemsandapplicationsduringallphasesofthesystemdevelopmentlifecycle.
LABOR CATEGORY DESCRIPTIONS (132-45A, 132-45B, 132-45C, AND 132-45D)
LaborCategory FunctionalResponsibility Education YearsExperience
C&A/A&AAnalyst
ProvidessupportinallfacetsoftheC&Aprocessrelativetobothclassifiedandunclassifiednetworksininafastpaced,dynamicenvironment.Hascomprehensiveknowledgeofinformationsecurityprinciplesasitappliestomilitarynetworks,standards,andsystems.ServeasInformationAssurancepointofcontactforpromotional,test,new,replacementand/orContractorequipmentbeingbroughtintothepurviewoftheaccreditationboundary.Ensurethesystem/programmanagersprovideproperaccreditationdocumentationandmakenecessarychanges/additionstotheDIACAPpackages.PrepareandmaintainDIACAPartifacts/packages(e.g.ConfigurationManagementPlan,VulnerabilityManagementPlan,SystemPlanofActionandMilestones,ITContinuityPlan,SecurityDesignManagementProcess,SecurityRequirementsTraceabilityMatrixandotherdocumentationtosatisfyIAcontrols).
Associates 2
Page 23 of 36
C&A/A&AEngineer
ProvidessupportinallfacetsoftheC&Aprocessrelativetobothclassifiedandunclassifiednetworksininafastpaced,dynamicenvironment.Hascomprehensiveknowledgeofinformationsecurityprinciplesasitappliestomilitarynetworks,standards,andsystems.ServeasInformationAssurancepointofcontactforpromotional,test,new,replacementand/orContractorequipmentbeingbroughtintothepurviewoftheaccreditationboundary.Ensurethesystem/programmanagersprovideproperaccreditationdocumentationandmakenecessarychanges/additionstotheDIACAPpackages.PrepareandmaintainDIACAPartifacts/packages(e.g.ConfigurationManagementPlan,VulnerabilityManagementPlan,SystemPlanofActionandMilestones,ITContinuityPlan,SecurityDesignManagementProcess,SecurityRequirementsTraceabilityMatrixandotherdocumentationtosatisfyIAcontrols).
Bachelors 4
DigitalForensicsEngineer
Preserves,harvests,andprocesseselectronicdataaccordingtopoliciesandpractices.Performsforensicanalysisandhasanunderstandingandinterestinperformingdigitalforensicsinacloudenvironment.Providescreativeandinnovativesolutionsforclientmatters.Formsandarticulatesexpertopinionsbasedonanalysisanddraftsexportreports,affidavits,andotherexperttestimony.
Bachelors 4
Page 24 of 36
PenetrationTester
Conductsformaltestsonweb-basedapplications,networks,andothertypesofcomputersystemsonaregularbasis.Expectedtoworkonphysicalsecurityassessmentsofservers,computersystems,andnetworks.Conductingregularsecurityauditsfrombothalogical/theoreticalstandpointandatechnical/hands-onstandpoint.Expectedtoworkonthesecurityofwirelessnetworks,databases,softwaredevelopment,and/orcompanysecrets.
Bachelors 6
SecuritySME
Performsassessmentofpresentlevelsofcybersecurity,definesacceptablelevelsofrisk,trainsallpersonnelinpropercyberhygieneandestablishesformalmaintenanceprocedures.PerformsprivacyimpactassessmentsandprovidesPIIdatasecurityandmonitoring,andmigrationstrategies.Identifiespotentialvulnerabilitiestocyberandinformationsecurityusingpenetrationtestingandredteams.Providestechnologiesforidentification,modeling,andpredictiveanalysisofcyberthreats.
Bachelors 8
CyberSecurityEngineerII
Installs,configuresandmaintainsorganization'soperatingsystems.Analyzesandresolvesproblemsassociatedwithserverhardwareandapplicationssoftware.Detects,diagnoses,andreportsrelatedproblemsonbothserveranddesktopsystems.Performsawidevarietyoftasksinsoftware/hardwaremaintenanceandoperationalsupportofserversystems.Analyzesgeneralinformationassurance-relatedtechnicalproblemsandprovidesbasicengineeringandtechnical
Bachelors 4
Page 25 of 36
supportinsolvingtheseproblems.Designs,develops,engineers,andimplementssolutionsthatmeetnetworksecurityrequirements.Performsvulnerability/riskanalysesofcomputersystemsandapplicationsduringallphasesofthesystemdevelopmentlifecycle.
InformationAssuranceSpecialist
Providestechnicalsupportintheareasofvulnerabilityassessment,riskassessment,networksecurity,productevaluation,andsecurityimplementation.Analyzestheclientsystemsecurity,conductsgapanalysis,determinesenterpriseinformationsecuritystandards,anddevelopsandimplementsinformationsecuritystandardsandprocedures.Responsiblefordesigningandimplementingsolutionsforprotectingtheconfidentiality,integrityandavailabilityofsensitiveinformation.Ensuresthatallinformationsystemsarefunctionalandsecure.Providestechnicalevaluationsofcustomersystemsandassistswithmakingsecurityimprovements.Participatesindesignofinformationsystemcontingencyplansthatmaintainappropriatelevelsofprotectionandmeettimerequirementsforminimizingoperationsimpacttocustomerorganization.Conductssecurityproductevaluations,andrecommendsproducts,technologiesandupgradestoimprovethecustomer’ssecurityposture.Conductstestingandauditlogreviewstoevaluatetheeffectivenessofcurrentsecuritymeasures.
Bachelors 6
Page 26 of 36
CyberSecurity/InformationAssuranceAuditor
Providesanauditofsecuritysystemsused.Providesadetailedreportofinformationsystemsthatoutlinewhetherthesystemrunsefficientlyoreffectively.Testspoliciestodeterminewhethertherearerisksassociatedwiththem.Reviewsorinterviewsmembersofthestafftolearnaboutanysecurityrisksorothercomplicationswithinthecompany.
Bachelors 6
CyberSecurityEngineerIII
Installs,configuresandmaintainsorganization'soperatingsystems.Analyzesandresolvesproblemsassociatedwithserverhardwareandapplicationssoftware.Detects,diagnoses,andreportsrelatedproblemsonbothserveranddesktopsystems.Performsawidevarietyoftasksinsoftware/hardwaremaintenanceandoperationalsupportofserversystems.Analyzesgeneralinformationassurance-relatedtechnicalproblemsandprovidesbasicengineeringandtechnicalsupportinsolvingtheseproblems.Designs,develops,engineers,andimplementssolutionsthatmeetnetworksecurityrequirements.Performsvulnerability/riskanalysesofcomputersystemsandapplicationsduringallphasesofthesystemdevelopmentlifecycle.
Bachelors 6
Page 27 of 36
SecuritySoftwareEngineerTeamLead
Performsdesign,programming,documentation,andimplementationofapplicationsthatrequireknowledgeofinformationsystemsandrelatedsystemsconceptsforeffectivedevelopmentanddeploymentofsoftwaremodules.Participatesinallphasesofsoftwaredevelopmentwithemphasisonthedesign,coding,testing,documentation,andacceptancephases.Designsandpreparestechnicalreportsandrelateddocumentation.Performastheprimarysoftwareengineeringexpertonamajorautomatedinformationsystemdevelopmentproject.Analyzeandstudycomplexsystemrequirements.Designsoftwaretoolsandsubsystemstosupportandmanagetheirimplementation.Managesoftwaredevelopmentandsupportusingformalspecifications,dataflowdiagrams,otheraccepteddesigntechniquesandComputerAidedSoftwareEngineering(CASE)tools.Estimatesoftwaredevelopmentcostsandschedules.Reviewexistingprogramsandassistinmakingrefinements,reducingoperatingtime,andimprovingcurrentdevelopmentmethods.Establishandmanagesoftwareconfiguration.
Bachelors 6
IncidentResponseLead
Familiarwithindustrystandardmalwarereverseanalysismethodologies.Possessknowledgeofvariousmalwareencryptionandcompression/packingmethodologiesandprotectiveencryptionweaknesses.Abilitytoprovidemalwarethreatresearchonnewattacksandexploits.Abilityto
Bachelors 6
Page 28 of 36
script(ex.Pythonand/orPERL)andautomatetasksandbeabletodiscernmalwarebasedcovertchannelandcommandandcontrolprotocolanalysis.Applythepropertechniquesandprocedurestotheidentification,collection,examinationandanalysisofdatawhilepreservingtheintegrityoftheinformationandmaintainingastrictchainofcustodyforthedata.
NetworkSecurityEngineerIII
Responsiblefortheimplementation,maintenance,andintegrationofWAN,LAN,andserverarchitecture.Responsibleforimplementationandadministrationofnetworksecurityhardwareandsoftware,enforcingthenetworksecuritypolicyandcomplyingwithrequirementsofexternalsecurityauditsandrecommendations.Performsanalysisofnetworksecurityneedsandcontributestodesign,integration,andinstallationofhardwareandsoftware.Analyzes,troubleshootsandcorrectsnetworkproblemsremotelyandon-site.Maintainsandadministersperimetersecuritysystemssuchasfirewallsandintrusiondetectionsystems.
Bachelors 6
CyberSecurityProgram/ProjectManager
Managesmorethanonefunctionalareaininformationsystemsdesign,development,andanalysisencompassingoneormoreofthefollowingareasoftechnicalexpertise:programming,computerapplicationanalysis,softwaredevelopment,systemsintegration,andrelateddisciplines.Responsibleforcoordinatingsubordinateemployeerecruitment,selectionandtraining,performanceassessment,workassignments,
Bachelors 8
Page 29 of 36
salary,andrecognition/disciplinaryactions.
SecurityAdministrator
Teachesothersaboutcomputersecurity,checksforsecurityviolations,installsprotectionsoftwareandtakesactionagainstcyberattacks.Providesevidenceofacyberattacktoprosecuteindividualsforbreachingsecurity.Musthaveexcellentcommunicationskills,aswelltheabilitytodetectandanalyzeproblems.Expectedtoquicklyandaccuratelyfindasolution.
Associates 2
CyberSecurityEngineerI
Installs,configuresandmaintainsorganization'soperatingsystems.Analyzesandresolvesproblemsassociatedwithserverhardwareandapplicationssoftware.Detects,diagnoses,andreportsrelatedproblemsonbothserveranddesktopsystems.Performsawidevarietyoftasksinsoftware/hardwaremaintenanceandoperationalsupportofserversystems.Analyzesgeneralinformationassurance-relatedtechnicalproblemsandprovidesbasicengineeringandtechnicalsupportinsolvingtheseproblems.Designs,develops,engineers,andimplementssolutionsthatmeetnetworksecurityrequirements.Performsvulnerability/riskanalysesofcomputersystemsandapplicationsduringallphasesofthesystemdevelopmentlifecycle.
Associates 2
Page 30 of 36
LABORCATEGORYRATES(SEESINSBELOW)-GSASCHEDULECONTRACTINFORMATION
TECHNOLOGY(IT)SERVICES(AllratesbelowincudeIFF)
SIN LCAT10/30/2017-10/29/2018
10/30/2018-10/29/2019
10/30/2019-10/29/2020
10/30/2020-10/29/2021
10/30/2021-10/29/2022
132-51, 132-45A, 132-45B, 132-45C, 132-45D
C&A/A&A Analyst
$90.49 $ 92.30 $ 94.15 $ 96.03 $ 97.95 132-51, 132-45A, 132-45B, 132-45C, 132-45D
C&A/A&A Engineer
$102.12 $ 104.16 $ 106.25 $ 108.37 $ 110.54 132-51, 132-45A, 132-45B, 132-45C, 132-45D
Digital Foresnsics Engineer
$146.17 $ 149.09 $ 152.08 $ 155.12 $ 158.22 132-51, 132-45A, 132-45B, 132-45C, 132-45D
Penetration Tester
$128.54 $ 131.11 $ 133.73 $ 136.41 $ 139.14 132-51, 132-45A, 132-45B, 132-45C, 132-45D
Security SME
$189.71 $ 193.50 $ 197.37 $ 201.32 $ 205.35 132-51 Technical Writer $62.61 $ 63.86 $ 65.14 $ 66.44 $ 67.77 132-51, 132-45A, 132-45B, 132-45C, 132-45D
Cyber Security Engineer II
$113.78 $ 116.06 $ 118.38 $ 120.74 $ 123.16 132-51, 132-45A, 132-45B, 132-45C, 132-45D
Information Assurance Specialist
$169.02 $ 172.40 $ 175.85 $ 179.37 $ 182.95
Page 31 of 36
132-51, 132-45A, 132-45B, 132-45C, 132-45D
Cyber Security/Information Assurance Auditor
$131.58 $ 134.21 $ 136.90 $ 139.63 $ 142.43 132-51, 132-45A, 132-45B, 132-45C, 132-45D
Cyber Security Engineer III
$152.95 $ 156.01 $ 159.13 $ 162.31 $ 165.56 132-51, 132-45A, 132-45B, 132-45C, 132-45D
Security Software Engineer Team Lead
$165.16 $ 168.46 $ 171.83 $ 175.27 $ 178.77 132-51, 132-45A, 132-45B, 132-45C, 132-45D
Incident Response Lead
$141.53 $ 144.36 $ 147.25 $ 150.19 $ 153.20 132-51, 132-45A, 132-45B, 132-45C, 132-45D
Network Security Engineer III
$152.95 $ 156.01 $ 159.13 $ 162.31 $ 165.56 132-51, 132-45A, 132-45B, 132-45C, 132-45D
Cyber Security Program/Project Manager
$171.61 $ 175.04 $ 178.54 $ 182.11 $ 185.76 132-51, 132-45A, 132-45B, 132-45C, 132-45D
Security Administrator
$69.29 $ 70.68 $ 72.09 $ 73.53 $ 75.00 132-51, 132-45A, 132-45B, 132-45C, 132-45D
Cyber Security Engineer I
$90.47 $ 92.28 $ 94.12 $ 96.01 $ 97.93
USACOMMITMENTTOPROMOTESMALLBUSINESSPARTICIPATIONPROCUREMENTPROGRAMS
PREAMBLE
Page 32 of 36
RedportInformationAssurance,LLCprovidescommercialproductsandservicestoorderingactivities.Weare committed to promoting participation of small, small disadvantaged and women-owned smallbusinesses in our contracts. We pledge to provide opportunities to the small business communitythrough reselling opportunities,mentor-protégé programs, joint ventures, teaming arrangements, andsubcontracting.
COMMITMENT
Toactivelyseekandpartnerwithsmallbusinesses.
Toidentify,qualify,mentoranddevelopsmall,smalldisadvantagedandwomen-ownedsmallbusinessesbypurchasingfromthesebusinesseswheneverpractical.
Todevelopandpromotecompanypolicyinitiativesthatdemonstrateoursupportforawardingcontractsandsubcontractstosmallbusinessconcerns.
To undertake significant efforts to determine the potential of small, small disadvantaged andwomen-ownedsmallbusinesstosupplyproductsandservicestoourcompany.
To insure procurement opportunities are designed to permit the maximum possible participation ofsmall,smalldisadvantaged,andwomen-ownedsmallbusinesses.
To attend business opportunity workshops, minority business enterprise seminars, trade fairs,procurementconferences,etc.,toidentifyandincreasesmallbusinesseswithwhomtopartner.
To publicize in our marketing publications our interest in meeting small businesses that may beinterestedinsubcontractingopportunities.
Wesignifyourcommitmenttowork inpartnershipwithsmall,smalldisadvantagedandwomen-ownedsmallbusinessestopromoteandincreasetheirparticipationinorderingactivitycontracts.Toacceleratepotentialopportunitiespleasecontactusat:
ContractsAdministrator
StevenReinkemeyer
President/CEO
703-229-6709
Page 33 of 36
BEST VALUE BLANKET PURCHASE AGREEMENT
FEDERAL SUPPLY SCHEDULE
(Insert Customer Name)
In the spirit of the Federal Acquisition Streamlining Act (ordering activity) and (Contractor) enter into a cooperative agreement to further reduce the administrative costs of acquiring commercial items from the General Services Administration (GSA) Federal Supply Schedule Contract(s) ____________________.
Federal Supply Schedule contract BPAs eliminate contracting and open market costs such as: search for sources; the development of technical documents, solicitations and the evaluation of offers. Teaming Arrangements are permitted with Federal Supply Schedule Contractors in accordance with Federal Acquisition Regulation (FAR) 9.6.
This BPA will further decrease costs, reduce paperwork, and save time by eliminating the need for repetitive, individual purchases from the schedule contract. The end result is to create a purchasing mechanism for the ordering activity that works better and costs less.
Signatures
Ordering Activity Date Contractor Date
Page 34 of 36
BPA NUMBER_____________
(CUSTOMER NAME) BLANKET PURCHASE AGREEMENT
Pursuant to GSA Federal Supply Schedule Contract Number(s)____________, Blanket Purchase Agreements, the Contractor agrees to the following terms of a Blanket Purchase Agreement (BPA) EXCLUSIVELY WITH (ordering activity):
(1) The following contract items can be ordered under this BPA. All orders placed against this BPA are subject to the terms and conditions of the contract, except as noted below:
MODEL NUMBER/PART NUMBER *SPECIAL BPA DISCOUNT/PRICE
(2) Delivery:
DESTINATION DELIVERY SCHEDULES / DATES
(3) The ordering activity estimates, but does not guarantee, that the volume of purchases through this agreement will be _________________________.
(4) This BPA does not obligate any funds.
(5) This BPA expires on _________________ or at the end of the contract period, whichever is earlier.
(6) The following office(s) is hereby authorized to place orders under this BPA:
OFFICE POINT OF CONTACT
(7) Orders will be placed against this BPA via Electronic Data Interchange (EDI), FAX, or paper.
(8) Unless otherwise agreed to, all deliveries under this BPA must be accompanied by delivery tickets or sales slips that must contain the following information as a minimum:
(a) Name of Contractor;
Page 35 of 36
(b) Contract Number;
(c) BPA Number;
(d) Model Number or National Stock Number (NSN);
(e) Purchase Order Number;
(f) Date of Purchase;
(g) Quantity, Unit Price, and Extension of Each Item (unit prices and extensions need not be shown when incompatible with the use of automated systems; provided, that the invoice is itemized to show the information); and
(h) Date of Shipment.
(9) The requirements of a proper invoice are specified in the Federal Supply Schedule contract. Invoices will be submitted to the address specified within the purchase order transmission issued against this BPA.
(10) The terms and conditions included in this BPA apply to all purchases made pursuant to it. In the event of an inconsistency between the provisions of this BPA and the Contractor’s invoice, the provisions of this BPA will take precedence.
*******************************************************************************************
Page 36 of 36
BASIC GUIDELINES FOR USING “CONTRACTOR TEAM ARRANGEMENTS”
Federal Supply Schedule Contractors may use “Contractor Team Arrangements” (see FAR 9.6) to provide solutions when responding to a ordering activity requirements.
These Team Arrangements can be included under a Blanket Purchase Agreement (BPA). BPAs are permitted under all Federal Supply Schedule contracts.
Orders under a Team Arrangement are subject to terms and conditions or the Federal Supply Schedule Contract.
Participation in a Team Arrangement is limited to Federal Supply Schedule Contractors.
Customers should refer to FAR 9.6 for specific details on Team Arrangements.
Here is a general outline on how it works:
• The customer identifies their requirements.
• Federal Supply Schedule Contractors may individually meet the customers needs, or -
• Federal Supply Schedule Contractors may individually submit a Schedules “Team Solution” to meet the customer’s requirement.
• Customers make a best value selection.