ML21189A280

From kanterella
Jump to navigation Jump to search
Task Order No. 31310021F0039 Under Contract No. 31310020A0003 - Redacted
ML21189A280
Person / Time
Issue date: 07/02/2021
From: Rasmey Robinson
Acquisition Management Division
To: Hyland M
AEGIS.net
References
31310020A0003
Download: ML21189A280 (27)
v  d  e


Text

1. REQUISITION NUMBER PAGE OF SOLICITATION/CONTRACT/ORDER FOR COMMERCIAL ITEMS OFFEROR TO COMPLETE BLOCKS 12, 17, 23, 24, & 30 OCIO-21-0076 1 27

2. CONTRACT NO. 3. AWARD/ 4. ORDER NUMBER 5. SOLICITATION NUMBER 6. SOLICITATION 31310020A0003 EFFECTIVE DATE 31310021Q0048 ISSUE DATE 31310021F0039 05/10/2021
7. FOR SOLICITATION a. NAME b. TELEPHONE NUMBER (No collect calls) 8. OFFER DUE DATE/LOCAL TIME INFORMATION CALL: BANU GOLDFEIZ ET
9. ISSUED BY CODE NRCHQ 10. THIS ACQUISITION IS X UNRESTRICTED OR SET ASIDE:  % FOR:

WOMEN-OWNED SMALL BUSINESS U.S. NRC - HQ SMALL BUSINESS (WOSB) ELIGIBLE UNDER THE WOMEN-OWNED Acquisition Management Division HUBZONE SMALL SMALL BUSINESS PROGRAM NAICS: 541519 BUSINESS EDWOSB Mail Stop: TWFN-07B20M SERVICE-DISABLED Washington DC 20555-0001 VETERAN-OWNED 8(A)

SIZE STANDARD: $150.00 SMALL BUSINESS

11. DELIVERY FOR FOB DESTINA- 12. DISCOUNT TERMS 13b. RATING TION UNLESS BLOCK IS 13a. THIS CONTRACT IS A MARKED 30 RATED ORDER UNDER
14. METHOD OF SOLICITATION SEE SCHEDULE DPAS (15 CFR 700)

X RFQ IFB RFP

15. DELIVER TO CODE NRCHQ 16. ADMINISTERED BY CODE NRCHQ Nuclear Regulatory Commission U.S. NRC - HQ Nuclear Regulatory Commission Acquisition Management Division Washington DC 20555-0001 Mail Stop: TWFN-07B20M Washington DC 20555-0001 17a. CONTRACTOR/ CODE 152858358 FACILITY 18a. PAYMENT WILL BE MADE BY CODE OFFEROR CODE AEGIS.NET INC Multiple Attn: Mario Hyland P.O. BOX 3897 MERRIFIELD VA 221163897 TELEPHONE NO. 7038936020707 17b. CHECK IF REMITTANCE IS DIFFERENT AND PUT SUCH ADDRESS IN OFFER 18b. SUBMIT INVOICES TO ADDRESS SHOWN IN BLOCK 18a UNLESS BLOCK BELOW IS CHECKED SEE ADDENDUM
19. 20. 21. 22. 23. 24.

ITEM NO. SCHEDULE OF SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT GSA Contract #: GS35F0125S OCIO SENIOR INFORMATION TECHNOLOGY OFFICER SUPPORT SERVICES (SITSOSS) UNDER INDEPENDENT VERIFICATION AND VALIDATION (IV&V) SUPPORT SERVICES (IV&V)

SUMMARY

Base and All Options (Ceiling):$1,784,906.3 Period of Performance: 07/25/2021 to 07/24/2022 Continued ...

(Use Reverse and/or Attach Additional Sheets as Necessary)

25. ACCOUNTING AND APPROPRIATION DATA 26. TOTAL AWARD AMOUNT (For Govt. Use Only)

See schedule $1,784,906.39 27a. SOLICITATION INCORPORATES BY REFERENCE FAR 52.212-1, 52.212-4. FAR 52.212-3 AND 52.212-5 ARE ATTACHED. ADDENDA ARE ARE NOT ATTACHED.

X 27b. CONTRACT/PURCHASE ORDER INCORPORATES BY REFERENCE FAR 52.212-4. FAR 52.212-5 IS ATTACHED. ADDENDA X ARE ARE NOT ATTACHED.

28. CONTRACTOR IS REQUIRED TO SIGN THIS DOCUMENT AND RETURN X 29. AWARD OF CONTRACT: OFFER COPIES TO ISSUING OFFICE. CONTRACTOR AGREES TO FURNISH AND DELIVER REF.

DATED . YOUR OFFER ON SOLICITATION (BLOCK 5),

ALL ITEMS SET FORTH OR OTHERWISE IDENTIFIED ABOVE AND ON ANY ADDITIONAL INCLUDING ANY ADDITIONS OR CHANGES WHICH ARE SET FORTH SHEETS SUBJECT TO THE TERMS AND CONDITIONS SPECIFIED. HEREIN, IS ACCEPTED AS TO ITEMS:

30a. SIGNATURE OF OFFEROR/CONTRACTOR 30b. NAME AND TITLE OF SIGNER (Type or print) 30c. DATE SIGNED 31b. NAME OF CONTRACTING OFFICER (Type or print) 31c. DATE SIGNED RICHARD W. ROBINSON 07/02/2021 AUTHORIZED FOR LOCAL REPRODUCTION STANDARD FORM 1449 (REV. 2/2012)

PREVIOUS EDITION IS NOT USABLE Prescribed by GSA - FAR (48 CFR) 53.212

2 of 27

19. 20. 21. 22. 23. 24.

ITEM NO. SCHEDULE OF SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT 32a. QUANTITY IN COLUMN 21 HAS BEEN RECEIVED INSPECTED ACCEPTED, AND CONFORMS TO THE CONTRACT, EXCEPT AS NOTED:

32b. SIGNATURE OF AUTHORIZED GOVERNMENT REPRESENTATIVE 32c. DATE 32d. PRINTED NAME AND TITLE OF AUTHORIZED GOVERNMENT REPRESENTATIVE 32e. MAILING ADDRESS OF AUTHORIZED GOVERNMENT REPRESENTATIVE 32f. TELEPHONE NUMBER OF AUTHORIZED GOVERNMENT REPRESENTATIVE 32g. E-MAIL OF AUTHORIZED GOVERNMENT REPRESENTATIVE

33. SHIP NUMBER 34. VOUCHER NUMBER 35. AMOUNT VERIFIED 36. PAYMENT 37. CHECK NUMBER CORRECT FOR COMPLETE PARTIAL FINAL PARTIAL FINAL
38. S/R ACCOUNT NUMBER 39. S/R VOUCHER NUMBER 40. PAID BY 41a. I CERTIFY THIS ACCOUNT IS CORRECT AND PROPER FOR PAYMENT 42a. RECEIVED BY (Print) 41b. SIGNATURE AND TITLE OF CERTIFYING OFFICER 41c. DATE 42b. RECEIVED AT (Location) 42c. DATE REC'D (YY/MM/DD) 42d. TOTAL CONTAINERS STANDARD FORM 1449 (REV. 2/2012) BACK

31310020A0003/31310021F0039 Page 3

31310020A0003/31310021F0039 B - Supplies or Services/Prices B.1 BRIEF PROJECT TITLE AND WORK DESCRIPTION The title of this project is: Senior Information Technology Officer Support Services (SITSOSS) Under Independent Verification and Validation (IV&V) Support B.2 TYPE OF CONTRACT (JULY 2020)

The contract type for this award is Labor-Hour.

B.3 CONSIDERATION AND OBLIGATION- LABOR-HOUR CONTRACT (a) The ceiling price to the Government for full performance under this contract is

$1,784,908.69.

(b) The contract includes direct labor hours at specified fixed hourly rates, inclusive of wages, fringe, overhead, general and administrative expenses, and profit.

(c) It is estimated that the amount currently obligated will cover performance through November, 2021.

(d) This is an incrementally-funded contract and FAR 52.232 Limitation of Funds applies.

Page 4

31310020A0003/31310021F0039 C - Description/Specifications C.1 Statement of Work C.1 Background The NRC Chief Information Officer (CIO) and Chief Information Security Officer (CISO) are responsible for planning, directing, and overseeing the implementation of a comprehensive, coordinated, integrated and cost-effective NRC Cybersecurity Program, consistent with applicable laws, regulations, management initiatives and policies, and Commission and Executive Director for Operations direction.

The NRC CISO ensures appropriate, effective, and efficient NRC-wide integration, direction and coordination of cybersecurity planning and performance within the framework of the NRC Cybersecurity Program and with related CIO activities. The CISO provides Agency-level liaison with external entities on mutual cybersecurity interests; formulates and oversees a cybersecurity program budget; proposes and successfully advocates appropriate Agency-level cybersecurity guidelines. Additionally, the CISO provides vision, leadership, and oversight in developing and promulgating an end-to-end, comprehensive cybersecurity architecture, which is integrated with NRC's enterprise architecture. The CISO provides credible, cogent, and timely advice and counsel to the Chairman, Commission, and NRC senior management on programmatic, infrastructure, and administrative aspects of cybersecurity. The CISO guides security process maturity within the NRC; advocates these concepts to NRC organizations; and makes necessary adjustments to components of the cybersecurity program to counter the evolving threat to information technology.

C.2 Objective In alignment with National Institute of Standards and Technology (NIST) guidance, Office of Management and Budget (OMB) directives, the Federal Information Systems Management Act (FISMA), and Department of Homeland Security (DHS) policy, directives, instructions, and guidance, this BPA Call is intended to support the NRC CIO and CISO with support on:

- independent verification and validation (IV&V) of cybersecurity deliverables;

- formulating, monitoring and projecting system and agency-wide cybersecurity performance metrics such as the FISMA continuous monitoring percentage, AW-IT-01 (Cybersecurity Performance Index (CPI)), and ITIM-OCIO-62 (Agency-wide CPI) on an annual, quarterly, monthly and continuous (daily) basis for all 26 NRC Offices and the Executive Director of Operations (EDO);

- performance of cybersecurity risk assessments and IV&V of cybersecurity data and deliverables;

- daily execution of risk model updates and maintenance of cybersecurity risk data feeds and file links between complex Excel spreadsheets, the AnyChart-based Cybersecurity Risk Dashboard (CRDB), the Risk and Continuous Authorization Tracking System (in RSA Archer),

POAM Management Status Report models, Continuous Monitoring Status Report models, and SharePoint FISMA Inventory database, the Risk Management Activities Tracking System (RMATS);

- analyses and recommendations based upon cybersecurity Continuous Monitoring metrics, as well as their formulation, supporting data collection, calculation and display;

- maintain the agency-wide Cybersecurity Risk Dashboard and other reports, calculations Page 5

31310020A0003/31310021F0039 and displays which provide metrics to senior executives and cybersecurity staff on how well NRC information systems are meeting federally mandated and NRC defined cybersecurity requirements.

A diagram of the interrelationships between the above-mentioned components of the NRC cybersecurity continuous monitoring environment can be found in Attachment A.

C.3 Scope of Work Agency-wide Metrics and Continuous Monitoring Support The Contractor shall provide support services for activities related to system assessment and authorization, continuous monitoring, cybersecurity risk management, cybersecurity metrics creation and presentation, and sophisticated risk scoring, calculation, and tracking. If necessary, the Contractor shall provide subject matter expertise and consultative support to assist NRCs system security personnel and information assurance support contractors in understanding existing or proposed system architectures, cybersecurity metrics and other technical concerns. Contractor staff shall communicate with NRC subject matter experts and independent assessors to ensure common understanding and optimal outcomes. Support provided under this BPA Call may include, but may not be limited to:

  • Providing daily continuous monitoring updates for the CIO morning situational awareness briefing, including updated continuous monitoring statuses, displays, and graphical data representations of FISMA requirements, training status displays, and NRC cybersecurity metrics;
  • Monitoring, researching, and developing documentation and automated reports detailing what impact new Federal cybersecurity regulations, DHS guidance, and OMB requirements may have on the NRC, and providing recommendations on how to best implement such externally mandated requirements;
  • Providing independent reviews, analyses, summaries and recommendations of Authorization packages and FISMA related continuous monitoring deliverables (e.g.,

Contingency Plans, Contingency Test Reports, Plans of Action & Milestones (POA&M) Reports, etc.) of unclassified systems according to Federal and NRC regulations, guidelines, and standards.

  • Daily IV&V review and exception reporting of the Risk and Continuous Authorization Tracking System (RCATS) access logs;
  • Providing detailed quarterly AW-IT-01 risk scores for all 26 offices and mitigation strategies for input into the NRC Quarterly Performance Review (QPR);
  • Identifying and updating cybersecurity risk metrics, investigating best practices of communicating this information to NRC executives and staff, performing daily tracking and updates of security metrics, and updating numerical models such as the NRC cybersecurity performance index (AW-IT-01) and other quantitative cybersecurity risk scoring;
  • Performing reviews of test plans to ensure that proposed assessment scope address security controls as specified in National Institute of Standards (NIST) Special Publications;
  • Performing independent reviews of cybersecurity risk indicators, quantifying, documenting and communicating their magnitude to the NRC CIO, CISO, Office Directors and staff, and suggesting risk reduction strategies and appropriate weightings and distributions of risk across all NRC systems and offices;
  • Operations & Maintenance (O&M) and daily IV&V of the Cyber Role-based Training Page 6

31310020A0003/31310021F0039 (CRBT) tracking system spreadsheet calculations, metrics and monthly reporting to all offices and the CIO daily report;

  • O&M and daily IV&V of complex POAM Management Status Reporting (PMSR) and Continuous Monitoring Status Reporting (CMSR) calculations using advanced Excel/database/statistical methods;
  • O&M and daily IV&V of complex POAM Management Status Reporting (PMSR) calculations using advanced reporting within RSA Archer (RCATS);
  • O&M and daily IV&V of CRDB master datafiles, cybersecurity risk calculations, spreadsheets, and daily execution of CRDB model (Excel/Sharepoint/AnyChart/Archer) updates with current data;
  • Maintenance of CRDB access roles and file permissions of display objects, datafiles, and calculation models in Sharepoint;
  • O&M and daily IV&V of CRDB dashboard reports and displays at the system, office and agency levels;
  • Updating the existing suite of Excel spreadsheets, Sharepoint, and AnyChart graphical displays comprising the cybersecurity risk dashboard (CRDB) used to calculate the NRC Cyber Security Performance Index (CPI/AW-IT-01) upon any changes to the number of NRC FISMA systems, their organizational alignment, or changes in the CPI mathematical basis;
  • Maintaining the CPI calculations (used in support of agency Quarterly Performance Reports), risk scoring, and continuous monitoring status spreadsheets and reports for all NRC FISMA systems and Offices;
  • Providing continuous updates and IV&V of inputs to the CPI and CRDB for disparate security centralized data sets including but not limited to: Phishing statistics; role-based training, computer security awareness training, cyber security incidents, and FISMA required continuous monitoring completion tracking and status determination;
  • Providing analyses and recommendations based upon cybersecurity continuous monitoring metrics, as well as their formulation, supporting data collection, calculation and display;
  • Providing documentation of calculations, processes, and data input/output from the CRDB;
  • Ranking risk according to severity of total impact and associated remediation resource costs, and generating reports to estimate the impact of exploited risks or events upon mission performance and NRC resources;
  • Creating evaluation criteria, metrics, templates, checklists and procedures for approval to ensure that systems are evaluated/scored in a similar manner from one review to the next;
  • Providing recommendations on NRC cybersecurity processes, standards, templates, and procedures to ensure federal regulations, guidelines, and standards are being met;
  • Assessing Business Area Risk Assessments (or their equivalents), quantitative estimation of risks in terms of resource metrics, tradeoff analyses of remediation and cyber defense options, and incorporating risk allocation amongst organizational entities and decision support for resource allocation and enhanced investment decisions;
  • Reviewing system documentation supporting proposed system change authorizations and providing recommendations and support to the cybersecurity coordination process and related processes and standards;
  • Assigning remediation costs to identified risks based on published data, historical data, and specific impact to NRC, allocating risk from a portfolio based on NRC-approved mathematical techniques amongst organizational entities in the NRC, and identifying and quantifying system specific and correlated inter-system risks;
  • Analyzing and documenting recommended cybersecurity best practices and how they can Page 7

31310020A0003/31310021F0039 be applied at NRC, and providing recommendations to BPA Call COR to be shared with CIO and CISO to better communicate and reduce cybersecurity risk to the NRC mission;

  • Performing sampled IV&V testing (e.g., vulnerability scanning, hardening verification, etc.)

based upon security best practices with NRC-approved tools and documenting the results in a formal report;

  • Providing recommendations to satisfy DHS data collection and reporting guidance to the BPA Call COR to be shared with CIO and CISO; and
  • Analyzing new technologies, methods and dashboards to determine, quantify, communicate and mitigate risk in the context of the NRC Cybersecurity Program.

C.4 REPORTING REQUIREMENTS and DELIVERABLES In addition to meeting the delivery schedule in the timely submission of any draft and final reports, summaries, data and documents that are created in the performance of this BPA Call, the Contractor shall comply with the directions of the NRC regarding the contents of the report, summaries, data and related documents to include correcting, deleting, editing, revising, modifying, formatting, and supplementing any of the information contained therein at no additional cost to the NRC. Performance under the BPA Call shall not be deemed accepted or completed until the Contractor complies with NRC's directions. Unless otherwise directed by the BPA Call COR, the reports, summaries, data and related documents shall be considered draft until approved by the NRC. The Contractor agrees that the direction, determinations, and decisions on approval or disapproval of reports, summaries, data and related documents created under this BPA Call remains solely within the discretion of the NRC. Additionally, all reports and deliverables shall be submitted via Fedconnect.

C.4.1 Monthly Letter Status Report (MLSR)

The contractor shall provide a Monthly Letter Status Report which consists of a technical progress report and financial status report. This report will be used by the Government to assess the adequacy of the resources proposed by the contractor to accomplish the work contained in this SOW and provide status of contractor progress in achieving activities and producing deliverables. The report shall include order summary information, work completed during the specified period, milestone schedule information, problem resolution, travel plans, and staff hour summary.

C.4.2 Final Report The contractor shall provide a final report summarizing the work performed and the results and conclusions under this order.

C.4.3 Deliverables and Delivery Schedule The assigned tasks shall be delivered (Draft and Final) to the NRC within the timeframes specified below. Compliance will be monitored by the BPA Call COR. Examples of deliverables and their required timeframes may include, but are not be limited to:

Section # Deliverable Due Date Format Submit to C.3 CRDB ConMon Daily Word Document BPA Call Page 8

31310020A0003/31310021F0039 status for all COR/ACOR via NRC FISMA email systems, and AW-IT-01 projections, and CRBT Training and Phishing %s for all offices C.3 Quarterly AW- Quarterly Excel BPA Call IT-01 risk COR/ACOR via scores and FedLink and email mitigation strategies for all 26 offices C.3 RCATS Daily Email BPA Call exception log COR/ACOR review C.4.1 MLSR Monthly Report 20th of the Word Document BPA Call following month CO/COR/ACOR via FedLink and email C.4.2 Final Final Report 30 days prior to Word Document BPA Call Report contract expiration CO/COR/ACOR via FedLink and email C.6.4.3 508 general When needed, as Word or Adobe BPA Call exceptions applicable. PDF Document CO/COR/ACOR via documentation email C.6.6.1 Accessibility When new or Word or Adobe BPA Call Conformance updated ICT PDF Document CO/COR/ACOR via Report (ACR) products, systems FedLink and email or applications are delivered, as applicable.

C.6.6.2 Supplemental When new or Word Document BPA Call Accessibility updated ICT CO/COR/ACOR via Report (SAR) products, systems FedLink and email or applications are delivered, as applicable.

C.6.6.3 ICT support When new or Word or Adobe BPA Call documentation updated ICT PDF Document CO/COR/ACOR via products, systems email or applications are delivered, as applicable.

C.6.6.4 ICT support Upon request, as Various, as BPA Call documentation applicable. specified in section CO/COR/ACOR via (alternate 602.4 of 36 CFR § email Page 9

31310020A0003/31310021F0039 formats) 1194.

C.6.6.5 Document When tested Word or Adobe BPA Call Accessibility documents are PDF Document CO/COR/ACOR via Checklist delivered, as email applicable.

C.6.6.6 Communication When needed, as In accommodation ICT users via email to ICT users applicable with the communication needs of individuals with disabilities C.5 Applicable Documents and Standards All work under this BPA Call shall comply with the latest version of all applicable guidance and standards. These standards include, but are not limited to, NRC Management Directive (MD) volume 12.5 Security, cybersecurity policies, including those issued via Yellow Announcements, National Institute of Standards and Technology (NIST) guidance and Federal Information Processing Standards (FIPS), and Committee on National Security Systems (CNSS) policy, directives, instructions, and guidance. This information is available at the following links:

  • NRC Policies, Procedures and Standards (CSO internal website):

https://usnrc.sharepoint.com/teams/OCIO-CSO/SitePages/Home.aspx

  • NRC Policy and Procedures for Handling, Marking and Protecting Sensitive Unclassified Non-Safeguards Information (SUNSI):

https://internalsearch.nrc.gov/texis/search/redir.html?query=sunsi+policy&pr=Drupal&prox=page

&rorder=500&rprox=500&rdfreq=500&rwfreq=500&rlead=500&rdepth=0&sufs=1&order=r&u=htt ps%3A//drupal.nrc.gov/sites/default/files/SUNSI-Policy-Procedures.pdf%23search%3Dsunsi%2520policy

  • NIST Special Publications and Federal Information Processing Standards (FIPS)

Publications documentation is located at: http://csrc.nist.gov/

  • Identification/ Marking of Sensitive and SAFEGUARDS Information: The decision, determination, or direction by the NRC that information constitutes sensitive or SAFEGUARDS information remains exclusively a matter within the authority of the NRC to make. In performing the contract, the Contractor shall clearly mark sensitive unclassified non-SAFEGUARDS information (SUNSI), sensitive, and SAFEGUARDS information to include for example Official Use Only and SAFEGUARDS Information on any reports, documents, designs, data, materials and written information as directed by the NRC. In addition to marking the information as directed by the NRC, the Contractor shall use the applicable NRC cover sheet forms (e.g. NRC Form 461 SAFEGUARDS Information and NRC Form 190B Official Use Only) in maintaining these records and documents. The Contractor shall ensure that sensitive and SAFEGUARDS information is handled appropriately, maintained and protected from unauthorized disclosure.

The Contractor shall comply with the requirements to mark, maintain and protect all information including documents, summaries, reports, data, designs, and materials in accordance with the provisions of Section 147 of the Atomic Energy Act of 1954 as amended, its implementing regulations (1 0 CFR 73.21 ), and NRC Management Directive and Handbook 12.6.

Page 10

31310020A0003/31310021F0039

  • Publication of Results: Prior to any dissemination, display, publication or release of articles, reports, summaries, data or related documents developed under the contract, the Contractor shall submit for review and approval by the NRC the proposed articles, reports, summaries, data and related documents that the Contractor intends to release, disseminate or publish to other persons, the public or any other entities. The Contractor shall not release, disseminate, display or publish articles, reports, summaries, data, and related documents or the contents therein that have not been reviewed and approved by the NRC for release, display, dissemination or publication. The Contractor agrees to conspicuously place any disclaimers, markings or notices directed by the NRC on any articles, reports, summaries, data and related documents that the Contractor intends to release, display, disseminate or publish to other persons, the public or any other entities. The Contractor agrees and grants a royalty free, nonexclusive, irrevocable world-wide license to the government to use, reproduce, modify, distribute, prepare derivative works, release, display or disclose the articles, reports, summaries, data and related documents developed under the contract, for any governmental purpose and to have or authorize others to do so.
  • Deliverable Reviews: Deliverable Reviews will be held to provide the Contractor with feedback related to improving the quality of deliverables, including feedback received from Customer Satisfaction Surveys. Such reviews will be coordinated by the BPA Call COR/ACOR as required to supplement written comments provided on deliverable submissions. The written minutes of all deliverable review meetings shall be prepared by the Contractor upon request.

Should the Government not concur with the minutes, the BPA Call COR shall so state any areas of non-concurrence in writing to the Contractor within ten calendar days of receipt of the minutes. Failure to correct and identify defects and integrate NRC comments into the deliverable may result in the issuance of a Contract Discrepancy Report (CDR) by the Contracting Officer. Upon issuance of a CDR, a meeting will be held.

C.6 Section 508 - Information and Communication Technology Accessibility C.6.1 Introduction In December 2000, the Architectural and Transportation Barriers Compliance Board (Access Board) pursuant to Section 508(2)(A) of the Rehabilitation Act Amendments of 1998, established electronic and information technology (EIT) accessibility standards for the federal government.

The Standards for Section 508 of the Rehabilitation Act (codified at 36 CFR § 1194) were revised by the Access Board, published on January 18, 2017 and minor corrections were made on January 22, 2018, effective March 23, 2018.

The Revised 508 Standards have replaced the term EIT with information and communication technology (ICT). ICT is information technology (as defined in 40 U.S.C. 11101(6)) and other equipment, systems, technologies, or processes, for which the principal function is the creation, manipulation, storage, display, receipt, or transmission of electronic data and information, as well as any associated content. Examples of ICT include, but are not limited to: Computers and peripheral equipment; information kiosks and transaction machines; telecommunications equipment; customer premises equipment; multifunction office machines; software; applications; Web sites; videos; and, electronic documents.

The text of the Revised 508 Standards can be found in 36 CFR § 1194.1 and in Appendices A, C and D of 36 CFR § 1194 (at https://www.ecfr.gov/cgi-bin/text-idx?SID=caeb8ddcea26ba5002c2eea047698e85&mc=true&tpl=/ecfrbrowse/Title36/36cfr1194_

Page 11

31310020A0003/31310021F0039 main_02.tpl).

C.6.2 General Requirements In order to help the NRC comply with Section 508 of the Rehabilitation Act of 1973, as amended (29 U.S.C. § 794d)(Section 508), the Contractor shall ensure that its deliverables (both products and services) within the scope of this contract/order are

1. in conformance with, and
2. support the requirements of the Standards for Section 508 of the Rehabilitation Act, as set forth in Appendices A, C and D of 36 CFR § 1194.

C.6.3 Applicable Provisions of the Revised 508 Standards The following is an outline of the Revised 508 Standards that identifies what provisions are always applicable and which ones may be applicable. If Maybe is stated in the table below, then those provisions are applicable only if they are within the scope of this acquisition.

Applicable to the Provision of 36 CFR Part 1194 Contract/Order?

1. Appendix A to Part 1194 - Section 508 of the Rehabilitation Act:

Yes Application and Scoping Requirements o Section 508 Chapter 1: Application and Administration - sets forth Yes general application and administration provisions o Section 508 Chapter 2: Scoping Requirements - containing scoping Yes requirements (which, in turn, prescribe which ICT - and, in some cases, how many - must comply with the technical specifications)

2. Appendix C to Part 1194 - Functional Performance Criteria and Maybe Technical Requirements o Chapter 3: Functional Performance Criteria - applies to ICT where required by 508 Chapter 2 (Scoping Requirements) and where Maybe otherwise referenced in any other chapter of the Revised 508 Standards Maybe o Chapter 4: Hardware Maybe o Chapter 5: Software o Chapter 6: Support Documentation and Services (applicable to, but not limited to, help desks, call centers, training services, and Maybe automated self-service technical support) (Always applies if Chapters 4 or 5 apply)

Yes o Chapter 7: Referenced Standards Maybe 3. Appendix D to Part 1194 - Electronic and Information Technology Accessibility Standards as Originally Published on December 21, 2000 Refer to Chapter 2 (Scoping Requirements) first to confirm what provisions in Appendix C apply in a particular case.

Section E203.2 applies only to the NRC, except as specified below.

C.6.4 Exceptions C.6.4.1 Legacy ICT Unless a deliverable of this contract/order is identified in this contract/order as Legacy ICT, use Page 12

31310020A0003/31310021F0039 by the Contractor of the Legacy ICT general exception (section E202.2 of 36 CFR § 1194) shall only be permitted on a case-by-case basis for applicable legacy ICT and with advance written approval from the COR.

C.6.4.2 Undue Burden The Undue Burden general exception (section E202.6 of 36 CFR § 1194) is not expected to be applicable to work performed by the Contractor. If there are questions about potential application of this exception please discuss with the CO.

C.6.4.3 Fundamental Alteration or Best Meets If the Contractor wishes to use the Fundamental Alteration (section E202.6 of 36 CFR § 1194) or Best Meets (section E202.7 of 36 CFR § 1194) general exceptions the Contractor shall do the following:

1. provide the COR with information necessary to support the agencys documentation requirements, as identified in sections E202.6.2 and E202.7.1 of 36 CFR § 1194, respectively
2. request and obtain written approval from the COR for development and/or use, as applicable to the scope of the contract/order, of an alternative means for providing individuals with disabilities access to and use of the information and data, as specified in sections E202.6.3 and E202.7.2 of 36 CFR § 1194, respectively.

C.6.4.4 National Security Systems Based on the definition at 40 U.S.C. 11103(a), the National Security Systems general exception (section E202.3 of 36 CFR § 1194) is not applicable to this contract/order.

C67.4.5 ICT Functions Located in Maintenance or Monitoring Spaces The Contractor shall confirm with the COR that an ICT deliverable of this contract/order will be located in maintenance or monitoring spaces before assuming that the ICT Functions Located in Maintenance or Monitoring Spaces general exception (section E202.5 of 36 CFR § 1194) applies.

Note that this exception does not apply to features of the ICT (such as Web interfaces) that can be accessed remotely, outside the maintenance or monitoring space where the ICT is located.

C.6.5 Additional Requirements C.6.5.1 Notification Due to Impact from NRC Policies, Procedures, Tools and/or ICT Infrastructure If and when 1) the Contractor is dependent upon NRC policies, procedures, tools and/or ICT infrastructure for Revised-508-Standards-conformant delivery of any of the products or services under this acquisition, and 2) the Contractor is aware that conformance of products or services will be negatively impacted by capability gaps in NRC policies, procedures, tools and/or ICT infrastructure, the Contractor shall inform the COR so that the NRC can both be aware and take corrective action.

C.6.5.2 Accessibility of Electronic Content For electronic content (as defined in section E103 of 36 CFR § 1194) deliverables of this contract/order:

Page 13

31310020A0003/31310021F0039

1. If a deliverable is in the form of an Adobe Portable Document Format (PDF) file and is either Public Facing or Agency Official Communication (as defined in sections E103 and E205.3 of 36 CFR § 1194, respectively) the Contractor shall ensure that it conforms to both section E205.4 of 36 CFR § 1194 and ISO 14289-1 (PDF/UA-1)
2. Unless the Contractor requests and obtains advance written approval from the COR for a specific deliverable or class of deliverables, the contractor shall ensure that
1. deliverables that are not Public Facing and not Agency Official Communication (as defined in sections E103 and E205.3 of 36 CFR § 1194, respectively) shall conform to section E205.4 of 36 CFR § 1194
2. deliverables that are in the form of PDF files, are not Public Facing and are not Agency Official Communication (as defined in sections E103 and E205.3 of 36 CFR § 1194, respectively) shall conform to section E205.4 of 36 CFR § 1194 and ISO 14289-1 (PDF/UA-1).

C.6.5.3 Other It is desirable that the Contractor address the applicable provisions of the Revised 508 Standards throughout product and service lifecycles rather than only performing a conformance check toward the end of a process.

If and when the Contractor provides custom ICT development services pursuant to this acquisition, the Contractor shall ensure the ICT products and services fully support the applicable provisions of the Revised 508 Standards prior to delivery and before final acceptance.

If and when the Contractor provides installation, configuration or integration services for ICT products (equipment and/or software) pursuant to this acquisition, the Contractor shall not install, configure or integrate the ICT equipment and software in a way that reduces the level of conformance with the applicable provisions of the Revised 508 Standards.

If and when the scope of this contract/order includes work by the Contractor to collect, directly from NRC employees or the Public, requirements for the procurement, development, maintenance or use of ICT the Contractor shall identify the needs of users with disabilities in conformance to section E203.2.

C.6.6 ICT Accessibility Deliverables The Contractor shall provide the following ICT accessibility deliverables, when within the scope of this contract/order.

C.6.6.1 Accessibility Conformance Report (ACR)

This report shall be submitted for ICT products, systems or application deliverables. A written ACR shall be based on the Voluntary Product Accessibility Template (VPAT), as specified at https://www.itic.org/policy/accessibility/vpat or provide equivalent information. This report has the purpose to document the state of conformance to the Revised 508 Standards for the subject product, system or application.

C.6.6.2 Supplemental Accessibility Report (SAR)

This report shall be submitted for ICT products, systems or application deliverables that have Page 14

31310020A0003/31310021F0039 been custom developed or integrated by the Contractor to meet contract/order requirements. A written SAR shall contain:

a) Description of evaluation methods used to produce the ACR, to demonstrate due diligence in supporting conformance claims; b) Information on core functions that cant be used by persons with disabilities; and, c) Information on how to configure and install the ICT item to support accessibility C.6.6.3 ICT Support Documentation This documentation shall be submitted for ICT products, systems or application deliverables.

The support documentation shall include:

a) Documentation of features that help achieve accessibility and compatibility with assistive technology for persons with disabilities (as required by section 602 of 36 CFR § 1194);

b) For authoring tools that generate content (documents, reports, videos, multimedia, web content, etc.): Information on how the tool enables the creation of accessible electronic content that conforms to the Revised 508 Standards (see section 504 of 36 CFR § 1194), including the range of accessible user interface elements the tool can create; c) For platform software (as defined in section E103.4 of 36 CFR § 1194) and software tools that are provided by a platform developer: Documentation on the set of accessibility services that support applications running on the platform to interoperate with assistive technology, as required by section 502.3 of 36 CFR § 1194.

C.6.6.4 ICT Support Documentation (Alternate Formats)

Upon request, alternate formats for non-electronic support documentation shall be provided (as required by section 602.4 of 36 CFR § 1194).

C.6.6.5 Document Accessibility Checklist This checklist shall be submitted for ICT electronic content deliverables that are documents (as defined in section E103 of 36 CFR § 1194), if the requirement is specified elsewhere in this acquisition that testing be performed. A completed checklist summarising the subject documents state of conformance to the applicable WCAG 2.0 Level A and AA Success Criteria (as referenced in section E205.4 and 702.10 of 36 CFR § 1194) and, for PDF files, ISO 14289-1 (PDF/UA-1).

C.6.6.6 Communication to ICT Users When the Contractor is providing ICT support services (including, but not limited to help desks, call centers, training services, and automated self-service technical support), any communication to ICT users shall accommodate the communication needs of individuals with disabilities (see section 603.3 of 36 CFR § 1194) and include information on accessibility and compatibility features (see 603.2 of 36 CFR § 1194).

Page 15

31310020A0003/31310021F0039 C.7 Place of Performance NRC does not require support staff be available on site. While the contractor may not rely on the availability of NRC office space, the NRC can accommodate support staff on site on an ad-hoc and occasional basis. The contractor shall provide office space for proposed staff and ensure that they are readily available by telephone and NRC email during hours billed.

C.8 Applicable Publications (Current Editions)

The contractor shall comply with the following applicable regulations, publications, manuals, and local policies and procedures:

1. Management Directive 12.5, Automated Information Security Program
2. NRC Sensitive Unclassified Non-Safeguards Information (SUNSI)
3. Cybersecurity Policy for Encryption of Data at Rest When Outside of Agency Facilities
4. Policy for Copying, Scanning, Printing, and Faxing SGI & Classified Information
5. Cybersecurity Information Protection Policy
6. Remote Access Policy
7. Use of Commercial Wireless Devices, Services and Technologies Policy
8. Laptop Security Policy
9. Cybersecurity Incident Response Policy
10. Other NRC Security Policies, including but not limited to those issued via NRC Yellow Announcements.

C.9 Government-Furnished Property The following GFP will be provided to the contractor:

(a) Contractor staff will be provided network access, email, and government laptops for secure remote access if deemed necessary by the BPA Call COR. The following GFP may be provided to any offsite contractor staff:

GFP Item Quantity Dateprovided Method of to contractor Shipment UponBPA Contractor to NRC standard laptop 2 Callaward pick up from NRC (b) Only the equipment/property listed above in the quantities shown will be provided by the Government. The contractor shall be responsible and accountable for all Government property provided under this contract and shall comply with the provisions of the FAR Government Property Clause under this contract and FAR Subpart 45.5, as in effect on the date of this contract. The contractor shall investigate and provide written notification to the NRC Contracting Officer (CO) and the NRC Division of Facilities and Security, Physical Security Branch of all cases of loss, damage, or destruction of Government property in its possession or control not later than 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> after discovery. The contractor must report stolen Government property to Page 16

31310020A0003/31310021F0039 the local police and a copy of the police report must be provided to the CO and to the Division of Facilities and Security, Office of Administration.

(c) All other equipment/property required in performance of the contract shall be furnished by the Contractor.

Page 17

31310020A0003/31310021F0039 D - Packaging and Marking D.1 PACKAGING AND MARKING (a) The Contractor shall package material for shipment to the NRC in such a manner that will ensure acceptance by common carrier and safe delivery at destination. Containers and closures shall comply with the Surface Transportation Board, Uniform Freight Classification Rules, or regulations of other carriers as applicable to the mode of transportation.

(b) On the front of the package, the Contractor shall clearly identify the contract number under which the product is being provided.

(c) Additional packaging and/or marking requirements are as follows: N/A.

D.2 BRANDING The Contractor is required to use the statement below in any publications, presentations, articles, products, or materials funded under this contract/order, to the extent practical, in order to provide NRC with recognition for its involvement in and contribution to the project. If the work performed is funded entirely with NRC funds, then the contractor must acknowledge that information in its documentation/presentation.

Work Supported by the U.S. Nuclear Regulatory Commission (NRC), Office of Chief Information Officer, under Contract/order number 31310020A0003/31310021F0039.

Page 18

31310020A0003/31310021F0039 E - Inspection and Acceptance E.1 INSPECTION AND ACCEPTANCE BY THE NRC (SEP 2013)

Inspection and acceptance of the deliverable items to be furnished hereunder shall be made by the NRC Contracting Officers Representative (COR) at the destination, accordance with FAR 52.247 F.o.b. Destination.

Contract Deliverables:

1. []
2. []
3. []
4. []
5. []

Page 19

31310020A0003/31310021F0039 F - Deliveries or Performance F.1 PLACE OF DELIVERY-REPORTS The items to be furnished hereunder shall be delivered, with all charges paid by the Contractor, to:

F.2 TASK/DELIVERY ORDER PERIOD OF PERFORMANCE (SEP 2013)

This order shall commence on 07/25/2021 and will expire on 07/24/2022. The term of this BPA Call may be extended at the option of the Government for a additional four (4) years, from 07/25/2022 to 07/24/2026.

Option Period 1: 07/25/2022-07/24/2023 Option Period 2: 07/25/2023-07/24/2024 Option Period 3: 07/25/2024-07/24/2025 Option Period 4: 07/25/2025-07/24/2026 Page 20

31310020A0003/31310021F0039 G - Contract Administration Data G.1 REGISTRATION IN FEDCONNECT (MAY 2021)

The Nuclear Regulatory Commission (NRC) uses Unison Software Inc.s secure and auditable two-way web portal, FedConnect, to communicate with vendors and contractors.

FedConnect provides bi-directional communication between the vendor/contractor and the NRC throughout pre-award, award, and post-award acquisition phases. Vendors/contractors shall use FedConnect for the submission of responses to solicitations, acknowledgment of receipt of award and modification documents; and may be required to submit monthly letter status reports and other deliverables through FedConnect as well. Please see Section C of this award for details regarding submission of deliverables.

Therefore, in order to do business with the NRC, vendors and contractors shall register to use FedConnect at https://www.fedconnect.net/FedConnect. The individual registering in FedConnect shall have authority to bind the vendor/contractor. There is no charge for using FedConnect. Assistance with FedConnect is provided by Unison, not the NRC. FedConnect contact and assistance information is provided on the FedConnect web site.

G.2 ELECTRONIC PAYMENT (DEC 2017)

The Debt Collection Improvement Act of 1996 requires that all payments except IRS tax refunds be made by Electronic Funds Transfer. Payment shall be made in accordance with FAR 52.232-33, entitled Payment by Electronic Funds Transfer-System for Award Management.

To receive payment, the contractor shall prepare invoices in accordance with NRCs Billing Instructions. Claims shall be submitted through the Invoice Processing Platform (IPP)

(https://www.ipp.gov/). Back up documentation shall be included as required by the NRCs Billing Instructions.

G.3 2052.215-71 CONTRACTING OFFICER REPRESENTATIVE AUTHORITY. (OCT 1999)

(a) The contracting officer's authorized representative (hereinafter referred to as the COR) for this contract is:

(b) Performance of the work under this contract is subject to the technical direction of the NRC COR. The term "technical direction" is defined to include the following:

(1) Technical direction to the contractor which shifts work emphasis between areas of work or tasks, authorizes travel which was unanticipated in the Schedule (i.e., travel not contemplated in the Statement of Work (SOW) or changes to specific travel identified in the SOW), fills in details, or otherwise serves to accomplish the contractual SOW.

Page 21

31310020A0003/31310021F0039 (2) Provide advice and guidance to the contractor in the preparation of drawings, specifications, or technical portions of the work description.

(3) Review and, where required by the contract, approval of technical reports, drawings, specifications, and technical information to be delivered by the contractor to the Government under the contract.

(c) Technical direction must be within the general statement of work stated in the contract. The COR does not have the authority to and may not issue any technical direction which:

(1) Constitutes an assignment of work outside the general scope of the contract.

(2) Constitutes a change as defined in the "Changes" clause of this contract.

(3) In any way causes an increase or decrease in the total estimated contract cost, the fixed fee, if any, or the time required for contract performance.

(4) Changes any of the expressed terms, conditions, or specifications of the contract.

(5) Terminates the contract, settles any claim or dispute arising under the contract, or issues any unilateral directive whatever.

(d) All technical directions must be issued in writing by the COR or must be confirmed by the COR in writing within ten (10) working days after verbal issuance. A copy of the written direction must be furnished to the contracting officer. A copy of NRC Form 445, Request for Approval of Official Foreign Travel, which has received final approval from the NRC must be furnished to the contracting officer.

(e) The contractor shall proceed promptly with the performance of technical directions duly issued by the COR in the manner prescribed by this clause and within the COR's authority under the provisions of this clause.

(f) If, in the opinion of the contractor, any instruction or direction issued by the COR is within one of the categories as defined in paragraph (c) of this section, the contractor may not proceed but shall notify the contracting officer in writing within five (5) working days after the receipt of any instruction or direction and shall request the contracting officer to modify the contract accordingly. Upon receiving the notification from the contractor, the contracting officer shall issue an appropriate contract modification or advise the contractor in writing that, in the contracting officer's opinion, the technical direction is within the scope of this article and does not constitute a change under the "Changes" clause.

(g) Any unauthorized commitment or direction issued by the COR may result in an unnecessary delay in the contractor's performance and may even result in the contractor expending funds for unallowable costs under the contract.

(h) A failure of the parties to agree upon the nature of the instruction or direction or upon the contract action to be taken with respect thereto is subject to 52.233 Disputes.

Page 22

31310020A0003/31310021F0039 (i) In addition to providing technical direction as defined in paragraph (b) of the section, the COR shall:

(1) Monitor the contractor's technical progress, including surveillance and assessment of performance, and recommend to the contracting officer changes in requirements.

(2) Assist the contractor in the resolution of technical problems encountered during performance.

(3) Review all costs requested for reimbursement by the contractor and submit to the contracting officer recommendations for approval, disapproval, or suspension of payment for supplies and services required under this contract.

(4) Assist the contractor in obtaining the badges for the contractor personnel.

(5) Immediately notify the Security Branch, Division of Facilities and Security (SB/DFS) (via e-mail) when a contractor employee no longer requires access authorization and return of any NRC issued badge to SB/DFS within three days after their termination.

(6) Ensure that all contractor employees that require access to classified Restricted Data or National Security Information or matter, access to sensitive unclassified information (Safeguards, Official Use Only, and Proprietary information) access to sensitive IT systems or data, unescorted access to NRC controlled buildings/space, or unescorted access to protected and vital areas of nuclear power plants receive approval of SB/DFS prior to access in accordance with Management Directive and Handbook 12.3.

(7) For contracts for the design, development, maintenance or operation of Privacy Act Systems of Records, obtain from the contractor as part of closeout procedures, written certification that the contractor has returned to NRC, transferred to the successor contractor, or destroyed at the end of the contract in accordance with instructions provided by the NRC Systems Manager for Privacy Act Systems of Records, all records (electronic or paper) which were created, compiled, obtained or maintained under the contract.

(End of Clause)

Page 23

31310020A0003/31310021F0039 H - Special Contract Requirements H.1 ANNUAL AND FINAL CONTRACTOR PERFORMANCE EVALUATIONS Annual and final evaluations of contractor performance under this contract will be prepared in accordance with FAR Subpart 42.15, "Contractor Performance Information," normally at or near the time the contractor is notified of the NRC's intent to exercise the contract option. If the multi-year contract does not have option years, then an annual evaluation will be prepared []. Final evaluations of contractor performance will be prepared at the expiration of the contract during the contract closeout process.

The Contracting Officer will transmit the NRC Contracting Officers Representatives (COR) annual and final contractor performance evaluations to the contractor's Project Manager, unless otherwise instructed by the contractor. The contractor will be permitted thirty days to review the document and submit comments, rebutting statements, or additional information.

Where a contractor concurs with, or takes no exception to an annual performance evaluation, the Contracting Officer will consider such evaluation final and releasable for source selection purposes. Disagreements between the parties regarding a performance evaluation will be referred to an individual one level above the Contracting Officer, whose decision will be final.

The Contracting Officer will send a copy of the completed evaluation report, marked "Source Selection Information, to the contractor's Project Manager for their records as soon as practicable after it has been finalized. The completed evaluation report also will be used as a tool to improve communications between the NRC and the contractor and to improve contract performance.

The completed annual performance evaluation will be used to support future award decisions in accordance with FAR 42.1502 and 42.1503. During the period the information is being used to provide source selection information, the completed annual performance evaluation will be released to only two parties - the Federal government personnel performing the source selection evaluation and the contractor under evaluation if the contractor does not have a copy of the report already.

H.2 AWARD NOTIFICATION AND COMMITMENT OF PUBLIC FUNDS (a) All offerors will receive preaward and postaward notices in accordance with FAR 15.503.

(b) It is also brought to your attention that the contracting officer is the only individual who can legally obligate funds or commit the NRC to the expenditure of public funds in connection with this procurement. This means that unless provided in a contract document or specifically authorized by the contracting officer, NRC technical personnel may not issue contract modifications, give formal contractual commitments, or otherwise bind, commit, or obligate the NRC contractually. Informal unauthorized commitments, which do not obligate the NRC and do not entitle the contractor to payment, may include:

(1) Encouraging a potential contractor to incur costs prior to receiving a contract; (2) Requesting or requiring a contractor to make changes under a contract without formal contract modifications; Page 24

31310020A0003/31310021F0039 (3) Encouraging a contractor to incur costs under a cost-reimbursable contract in excess of those costs contractually allowable; and (4) Committing the Government to a course of action with regard to a potential contract, contract change, claim, or dispute.

H.3 KEY PERSONNEL. (JAN 1993)

(a) The following individuals are considered to be essential to the successful performance of the work hereunder:

Doug Meyer, Functional Expert and Yared Almaw, Information Assurance Anayst

  • The contractor agrees that personnel may not be removed from the contract work or replaced without compliance with paragraphs (b) and (c) of this section.

(b) If one or more of the key personnel, for whatever reason, becomes, or is expected to become, unavailable for work under this contract for a continuous period exceeding 30 work days, or is expected to devote substantially less effort to the work than indicated in the proposal or initially anticipated, the contractor shall immediately notify the contracting officer and shall, subject to the concurrence of the contracting officer, promptly replace the personnel with personnel of at least substantially equal ability and qualifications.

(c) Each request for approval of substitutions must be in writing and contain a detailed explanation of the circumstances necessitating the proposed substitutions. The request must also contain a complete resume for the proposed substitute and other information requested or needed by the contracting officer to evaluate the proposed substitution. The contracting officer and the project officer shall evaluate the contractor's request and the contracting officer shall promptly notify the contractor of his or her decision in writing.

(d) If the contracting officer determines that suitable and timely replacement of key personnel who have been reassigned, terminated, or have otherwise become unavailable for the contract work is not reasonably forthcoming, or that the resultant reduction of productive effort would be so substantial as to impair the successful completion of the contract or the service order, the contract may be terminated by the contracting officer for default or for the convenience of the Government, as appropriate. If the contracting officer finds the contractor at fault for the condition, the contract price or fixed fee may be equitably adjusted downward to compensate the Government for any resultant delay, loss, or damage.

Page 25

31310020A0003/31310021F0039 I - Contract Clauses I.1 52.217-8 OPTION TO EXTEND SERVICES. (NOV 1999)

The Government may require continued performance of any services within the limits and at the rates specified in the contract. These rates may be adjusted only as a result of revisions to prevailing labor rates provided by the Secretary of Labor. The option provision may be exercised more than once, but the total extension of performance hereunder shall not exceed 6 months. The Contracting Officer may exercise the option by written notice to the Contractor within 1 day of the expiration of the contract.

(End of clause)

I.2 52.217-9 OPTION TO EXTEND THE TERM OF THE CONTRACT. (MAR 2000)

(a) The Government may extend the term of this contract by written notice to the Contractor within any time prior to the expiretation of the contract; provided that the Government gives the Contractor a preliminary written notice of its intent to extend at least 1 daydays before the contract expires. The preliminary notice does not commit the Government to an extension.

(b) If the Government exercises this option, the extended contract shall be considered to include this option clause.

(c) The total duration of this contract, including the exercise of any options under this clause, shall not exceed 5 years , 6 months.

(End of clause) 52.227-14 RIGHTS IN DATA-GENERAL. (MAY 2014)

I.3 52.232-19 AVAILABILITY OF FUNDS FOR THE NEXT FISCAL YEAR. (APR 1984)

Funds are not presently available for performance under this contract beyond [ ]. The Government's obligation for performance of this contract beyond that date is contingent upon the availability of appropriated funds from which payment for contract purposes can be made.

No legal liability on the part of the Government for any payment may arise for performance under this contract beyond [ ], until funds are made available to the Contracting Officer for performance and until the Contractor receives notice of availability, to be confirmed in writing by the Contracting Officer.

(End of clause) 52.237-3 CONTINUITY OF SERVICES. (JAN 1991)

Page 26

31310020A0003/31310021F0039 J - List of Documents, Exhibits and Other Attachments Attachment Title Date Number 1 Attachment A Scope and context 06/30/2021 2 SITSOSS PRICE SCHEDULE 06/30/2021 Page 27

Retrieved from "https://kanterella.com/w/index.php?title=ML21189A280&oldid=3408409"