ML21104A374: Difference between revisions

From kanterella
Jump to navigation Jump to search
(StriderTol Bot change)
(StriderTol Bot change)
 
Line 16: Line 16:


=Text=
=Text=
{{#Wiki_filter:}}
{{#Wiki_filter:1. REQUISITION NUMBER                                      PAGE    OF SOLICITATION/CONTRACT/ORDER FOR COMMERCIAL ITEMS OFFEROR TO COMPLETE BLOCKS 12, 17, 23, 24, & 30                            ADM-21-0002                                                    1          32
: 2. CONTRACT NO.                                          3. AWARD/          4. ORDER NUMBER                                        5. SOLICITATION NUMBER                            6. SOLICITATION 31310020A0003                                            EFFECTIVE DATE                                                            31310021Q0001                                    ISSUE DATE 31310021F0006                                                                                            11/16/2020
: 7.            FOR SOLICITATION              a. NAME                                                      b. TELEPHONE NUMBER              (No collect calls)  8. OFFER DUE DATE/LOCAL TIME INFORMATION CALL:              BANU GOLDFEIZ                                                                                                            ET
: 9. ISSUED BY                                                      CODE  NRCHQ                10. THIS ACQUISITION IS      X      UNRESTRICTED OR                SET ASIDE:                  % FOR:
WOMEN-OWNED SMALL BUSINESS U.S. NRC - HQ                                                                                    SMALL BUSINESS (WOSB) ELIGIBLE UNDER THE WOMEN-OWNED Acquisition Management Division                                                                  HUBZONE SMALL              SMALL BUSINESS PROGRAM NAICS: 541519 BUSINESS                  EDWOSB Mail Stop: TWFN-07B20M SERVICE-DISABLED Washington DC 20555-0001                                                                          VETERAN-OWNED 8(A)
SIZE STANDARD:      $150.00 SMALL BUSINESS
: 11. DELIVERY FOR FOB DESTINA-      12. DISCOUNT TERMS                                                                                13b. RATING TION UNLESS BLOCK IS                                                                      13a. THIS CONTRACT IS A MARKED 30                                              RATED ORDER UNDER
: 14. METHOD OF SOLICITATION SEE SCHEDULE                                                                                DPAS (15 CFR 700)
X RFQ            IFB          RFP
: 15. DELIVER TO                                      CODE NRCHQ                              16. ADMINISTERED BY                                                  CODE  NRCHQ Nuclear Regulatory Commission                                                                U.S. NRC - HQ Nuclear Regulatory Commission                                                                Acquisition Management Division Washington DC 20555-0001                                                                    Mail Stop: TWFN-07B20M Washington DC 20555-0001 17a. CONTRACTOR/            CODE    152858358                  FACILITY                      18a. PAYMENT WILL BE MADE BY                                        CODE NRCPAYMENTS OFFEROR                                                    CODE AEGIS.NET INC                                                                                Fiscal Accounting Program Attn: Mario Hyland                                                                          Admin & Training Group, Avery Street A3-G P.O. BOX 3897                                                                                Bureau of the Fiscal Service MERRIFIELD VA 221163897                                                                      PO Box 1328 Parkersburg WV 26106-1328 TELEPHONE NO.            7038936020707 17b. CHECK IF REMITTANCE IS DIFFERENT AND PUT SUCH ADDRESS IN OFFER                      18b. SUBMIT INVOICES TO ADDRESS SHOWN IN BLOCK 18a UNLESS BLOCK BELOW IS CHECKED            SEE ADDENDUM
: 19.                                                  20.                                                21.      22.                23.                                  24.
ITEM NO.                                    SCHEDULE OF SUPPLIES/SERVICES                                QUANTITY  UNIT          UNIT PRICE                            AMOUNT GSA Contract #: GS35F0125S The purpose of this BPA Call is to acquire contractor support to perform Independent Verification and Validation (IV&V) services for the Nuclear Regulatory Commission (NRC) Strategic Acquisition System (STAQS) including quality assurance, validation of maintenance releases and support for system security.
Accounting Info:
Continued ...
(Use Reverse and/or Attach Additional Sheets as Necessary)
: 25. ACCOUNTING AND APPROPRIATION DATA                                                                                            26. TOTAL AWARD AMOUNT (For Govt. Use Only)
See schedule                                                                                                                                  $2,769,493.44 27a. SOLICITATION INCORPORATES BY REFERENCE FAR 52.212-1, 52.212-4. FAR 52.212-3 AND 52.212-5 ARE ATTACHED.                ADDENDA                            ARE        ARE NOT ATTACHED.
27b. CONTRACT/PURCHASE ORDER INCORPORATES BY REFERENCE FAR 52.212-4. FAR 52.212-5 IS ATTACHED.                      ADDENDA                                    ARE        ARE NOT ATTACHED.
X 28. CONTRACTOR IS REQUIRED TO SIGN THIS DOCUMENT AND RETURN                          1                  29. AWARD OF CONTRACT:                                                                OFFER COPIES TO ISSUING OFFICE. CONTRACTOR AGREES TO FURNISH AND DELIVER                                    REF.
DATED                              . YOUR OFFER ON SOLICITATION (BLOCK 5),
ALL ITEMS SET FORTH OR OTHERWISE IDENTIFIED ABOVE AND ON ANY ADDITIONAL                                INCLUDING ANY ADDITIONS OR CHANGES WHICH ARE SET FORTH SHEETS SUBJECT TO THE TERMS AND CONDITIONS SPECIFIED.                                                  HEREIN, IS ACCEPTED AS TO ITEMS:
30a. SIGNATURE OF OFFEROR/CONTRACTOR                                                          31a. UNITED STATES OF AMERICA (SIGNATURE OF CONTRACTING OFFICER) 30b. NAME AND TITLE OF SIGNER (Type or print)                          30c. DATE SIGNED        31b. NAME OF CONTRACTING OFFICER (Type or print)                            31c. DATE SIGNED DOMONIQUE MALONE                                                                04/14/2021 AUTHORIZED FOR LOCAL REPRODUCTION                                                                                                                  STANDARD FORM 1449 (REV. 2/2012)
PREVIOUS EDITION IS NOT USABLE                                                                                                                    Prescribed by GSA - FAR (48 CFR) 53.212
 
2 of      32
: 19.                                              20.                                        21. 22.            23.                        24.
ITEM NO.                              SCHEDULE OF SUPPLIES/SERVICES                        QUANTITY  UNIT        UNIT PRICE                  AMOUNT 2021-X0200-FEEBASED-40-40D007-6031-51-P-156-252A-5 1-P-156-6031 Period of Performance: 05/09/2021 to 05/08/2022 32a. QUANTITY IN COLUMN 21 HAS BEEN RECEIVED            INSPECTED              ACCEPTED, AND CONFORMS TO THE CONTRACT, EXCEPT AS NOTED:
32b. SIGNATURE OF AUTHORIZED GOVERNMENT REPRESENTATIVE                      32c. DATE 32d. PRINTED NAME AND TITLE OF AUTHORIZED GOVERNMENT REPRESENTATIVE 32e. MAILING ADDRESS OF AUTHORIZED GOVERNMENT REPRESENTATIVE                          32f. TELEPHONE NUMBER OF AUTHORIZED GOVERNMENT REPRESENTATIVE 32g. E-MAIL OF AUTHORIZED GOVERNMENT REPRESENTATIVE
: 33. SHIP NUMBER                  34. VOUCHER NUMBER            35. AMOUNT VERIFIED    36. PAYMENT                                        37. CHECK NUMBER CORRECT FOR COMPLETE          PARTIAL          FINAL PARTIAL          FINAL
: 38. S/R ACCOUNT NUMBER          39. S/R VOUCHER NUMBER        40. PAID BY 41a. I CERTIFY THIS ACCOUNT IS CORRECT AND PROPER FOR PAYMENT                          42a. RECEIVED BY (Print) 41b. SIGNATURE AND TITLE OF CERTIFYING OFFICER                        41c. DATE 42b. RECEIVED AT (Location) 42c. DATE REC'D (YY/MM/DD)            42d. TOTAL CONTAINERS STANDARD FORM 1449 (REV. 2/2012) BACK
 
31310020A0003/31310021F0006 Page 3
 
31310020A0003/31310021F0006 B - Supplies or Services/Prices B.1 BRIEF PROJECT TITLE AND WORK DESCRIPTION (a) The title of this project is: Independent Verification and Validation for the Strategic Acquisition System (IV&V STAQS)
(b) Summary work description: (a) This task order requires contractor support to perform Independent Verification and Validation (IV&V) services for the Nuclear Regulatory Commission (NRC) Strategic Acquisition System (STAQS) and Enterprise Acquisition Toolset (NEAT) including quality assurance, verification and validation of maintenance/enhancement software releases and cybersecurity support.
B.2 TYPE OF CONTRACT (JULY 2020)
The contract type for this award is Labor Hours B.3 CONSIDERATION AND OBLIGATION- LABOR-HOUR CONTRACT (a) The ceiling price to the Government for full performance under this contract is $2,769.493.44 (b) The contract includes direct labor hours at specified fixed hourly rates, inclusive of wages, fringe, overhead, general and administrative expenses, and profit.
(c) It is estimated that the amount currently obligated will cover performance through 05/08/2022.
(d) This is an incrementally-funded contract and FAR 52.232 Limitation of Funds applies.
Page 4
 
31310020A0003/31310021F0006 C - Description/Specifications C.1 STATEMENT OF WORK C.1.1      Background The U.S. Nuclear Regulatory Commissions (NRCs) Office of Administration, Acquisition Management Division (ADM/AMD) is responsible for overseeing the agencys procurement activities. The Strategic Acquisition System (STAQS) provides the information technology that supports the procurement business process. STAQS utilizes the PRISM Acquisition Software Suite by Unison configured to meet the requirements of the NRC. STAQS interfaces in real-time with the agencys financial system, Financial Accounting and Information Management System (FAIMIS), using Talend Middleware to commit and obligate agency funds using commercial contracts, Financial Assistance, Grants, Department of Energy (DOE) lab agreements, and Interagency Agreements (IAAs). The NRC needs independent verification and validation services to support operations and maintenance of STAQS and to ensure that STAQS and FAIMIS remain synchronized with respect to procurement data. The NRC also needs independent verification and validation services to support STAQS system security needs.
C.1.2      Objective The objective of this acquisition is to acquire Independent Verification and Validation (IV&V) services for the Nuclear Regulatory Commission (NRC) Strategic Acquisition System (STAQS) including quality assurance, validation of maintenance releases and support for system security.
C.1.3      Scope of Work/Tasks The Contractor shall provide the following independent verification and validation (IV&V) services for STAQS and NEAT:
: 1. Analyze, review and validate system deliverables such as system configurations, architecture, source code and design plans developed by the system integrator, system hosting provider, STAQS/NEAT support staff and the FAIMIS support staff. Results of analysis and recommendations shall be provided to the BPA Call Contracting Officers Representative (COR) and/or Alternate Contracting Officer Representative (ACOR) in a report that includes a summary of the items reviewed/analyzed, method of verification and/or validation, system/architecture/user impacts and actionable recommendations. The Contractor shall perform any recommended actions when determined to be appropriate by the BPA Call COR/ACOR.
: 2. Develop comprehensive system testing strategies and approaches along with test plans, test scripts, and test results with analysis and recommendations based on identified failure/issues. Contractors shall perform testing services when required. System testing may be required for when STAQS/NEAT upgrades/enhancements are made or when changes to interconnected systems and services take place. Such systems and services would include (but not limited to): FAIMIS, Grants.gov, FedConnect, and all Integrated Award Environment (e.g.,
FPDS NG, SAM.gov, Beta.SAM.gov, etc.).
Types of testing shall include but it is not limited to the following: Unit, Integration, Smoke, Interface, Regression, Stress, Load, Performance, User Acceptance, etc.
: 3. Develop and execute quality assurance plans for STAQS that includes the IV&V of STAQS data that is shared to external systems and services such as FAIMIS, Grants.gov, FedConnect, and Integrated Award Environment Services (e.g., FPDS NG, SAM.gov, Beta.SAM.gov, etc.).
Page 5
 
31310020A0003/31310021F0006
: 4. Provide recommendations to the BPA Call COR/ACOR for actionable items identified during the execution of the quality assurance plans/activities. This task may require the Contractor to perform or implement the recommended actions.
: 5. Provide FISMA support for STAQS. This includes but not limited to the following activities:
o Develop, review and update the required security documents for STAQS as required in the NRC MD 12.5, NRC Cybersecurity Program and NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations (https://csrc.nist.gov/publications/sp800) o Perform security and vulnerability assessments based on internal/external audit reports and scans (e.g., OMB, NRC OIG, NRC/OCIO/CSB, etc.). Any validated vulnerability findings shall be documented in the Plan of Actions and Milestones (POA&M) repository for STAQS along with actions to remediate or mitigate the vulnerabilities.
o Provide STAQS security engineering assessments and recommendations for proposed architectures and implementations based on NRC MD 12.5, NRC Cybersecurity Program and NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations requirements are met.
o Perform continuous monitoring activities for STAQS as outlined in CSO-PROS-1323, Information Security Continuous Monitoring Process
: 6. The Contractor shall assist the BPA Call COR/ACOR on STAQS related data calls tasks received from the NRC OIG and other government organizations. Data calls are usually unexpected and require a quick turnaround. These tasks will require the Contractor to be reviewing, analyzing and, if necessary, creating artifacts required by the auditors (e.g.,
screenshots, STAQS SOPs, STAQS training materials, STAQS system audit logs, etc.).
C.1.3.1 - REVIEW OF SYSTEM CONFIGURATION, DESIGN, AND IT SECURITY DELIVERABLES The Contractor shall work with the STAQS Information System Security Officer (ISSO) to develop, review and update system configurations and design deliverables.
The deliverables that will be provided to the Contractor for review include, Items such as design documents, the quality assurance plan, the test plan, data conversion scripts, interface documentation, test result summaries, IT security continuous monitoring products, IT security documentation, and user training materials. In reviewing each deliverable, the contractor shall notify in writing the BPA Call COR/ACOR of any issues with accuracy or potential project risk.
For each deliverable review, the contractor shall assess compliance with NRC requirements, the approved design, applicable standards, and absence of techniques that may reduce maintainability or extensibility. The contractor shall analyze and provide recommendations on STAQS system audit reports from either CSB, independent third-party auditors or NRC OIG in a written report delivered to the BPA Call COR/ACOR.
C.1.3.2 - CYBERSECURITY SUPPORT The Contractor shall support the BPA Call COR/ACOR in understanding the system architecture and technological concerns related to NRC and federal cybersecurity policies and requirements.
The Contractor shall perform the STAQS security assessment activities, for example when applicable develop, update or review all deliverables required by CSO-PROS-2102, System Cybersecurity Assessment Process, NRC MD 12.5, NRC Cybersecurity Program and NIST SP Page 6
 
31310020A0003/31310021F0006 800-53, Security and Privacy Controls for Federal Information Systems and Organizations and coordinating the distribution of these deliverables according to Agency policy and procedures.
The Contractor shall keep the BPA Call COR/ACOR informed of any changes based upon an expectation of strict adherence to the specific and general conditions stated in the ATO.
The Contractor shall perform IT security continuous monitoring activities for STAQS as required by the CSO-PROS-1323, Information Security Continuous Monitoring Process and coordinate the distribution of any deliverables according to Agency policy and procedures. The Contractor shall keep the BPA Call COR/ACOR informed concerning system vulnerabilities and POAMS.
The Contractor shall review, analyze and, if necessary, create artifacts required by the IT security and financial system audits (e.g., screenshots, STAQS SOPs, STAQS training materials, STAQS system audit logs, etc.).
The Contractor shall develop and update STAQS security documentation as necessary to maintain current system specification, modifications, and updates.
All system modifications shall undergo a security review commensurate with the Security Categorization of the system and in accordance with FIPS 199, Standards for Security Categorization of Federal Information and Information Systems.
The Contractor shall perform reviews and documentation updates of system controls to ensure that all system modifications are in compliance with FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, and NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations.
Additionally, the Contractor shall develop test scripts and plans and review the system test results of all changes to ensure that any change to existing security controls or requirements for new security controls are implemented and tested by the system integrator. The criteria for testing and acceptance shall be based on the original content of the release together with the technical approach/design, as approved by the BPA Call COR/ACOR.
The Contractor shall ensure that valid test cases are provided for all the system code releases.
A valid test case is one that will fully exercise and verify the change requests (CR) requirements. The test plans shall also exercise the systems security controls and security requirements and associated technical resolutions, risk mitigation, and implementations to confirm that the system and associated controls are operating as intended, and in accordance with FIPS 200, and NIST SP 800-53 and 800- 53A, NIST SP 800-37 Guide for the Security Certification and Accreditation of Federal Information Systems, and the NRC System Security Test and Evaluation (ST&E) Plan Template. The Contractor shall update the test plan report after completion of the system security test and evaluation plan test report to reflect validated information.
C.1.3.3 - QUALITY ASSURANCE The Contractor shall ensure the quality and integrity of acquisition data sent through the interfaces between STAQS and FAIMIS by performing a review and comparison of the data based on system requirements and design criteria. The Contractor shall analyze all discrepancies and identify the actions needed to correct each discrepancy.
Page 7
 
31310020A0003/31310021F0006 The Contractor shall investigate reported system defects, confirming their existence, proposing a short-term work-around, defining relationships to stated system requirements, evaluating maintainer-proposed solutions, and providing recommendations to BPA Call COR/ACOR.
C.1.3.3.1 - System Change Control The Contractor shall review, for clarity and completeness, proposed system changes to STAQS and provide recommendations to the BPA Call COR/ACOR. The Contractor shall verify that each CR specification was fully implemented and provide the implications/impacts of each defect or proposed enhancement that is under consideration by the CCB.
The Contractor shall also advise the BPA Call COR/ACOR during the evaluation of maintenance cost and schedule proposals.
The Contractor shall support the BPA Call COR/ACOR in tracking and updating STAQS CCB documentation, and artifacts, as needed.
C.1.3.4 - TESTING SUPPORT FOR STAQS MAINTENANCE RELEASES The contractor shall provide comprehensive technical assistance and support for NRC with all stages of testing. The contractor shall develop, execute, compile and/or review the system test plans and reports for all testing phases (for example, but not limited to the following types of system testing):
* System Unit Testing
* System Interface Testing
* Performance Testing
* Stress Testing
* Load Testing
* End-to-End Testing
* User Acceptance Testing
* Integration Testing
* Smoke Testing
* Regression Testing The contractor shall provide support with user acceptance testing (UAT). UAT testing should be in concert with the requirements established in the system requirements and design. This support shall include development of user support test plans, ensuring coverage of all requirements, and shall include development of test plans and test scripts for automated performance of acceptance testing.
The contractor shall execute test scripts and supplement the NRC user role to the extent directed by the BPA Call COR/ACOR. Test scripts shall be automated unless otherwise directed by the BPA Call COR/ACOR. The contractor shall develop automated scripts in the IBM Rational Robot, Functional Tester, and Manual Test tools.
C.1.4    Personnel Qualifications Page 8
 
31310020A0003/31310021F0006
: 1.      Personnel performing the IV&V requirements shall possess appropriate qualifications, including experience with a federal acquisition system as it related to IT system testing, quality/data assurance, and interfaces/connections with federal financial systems (e.g.
Momentum).
: 2.      Personnel performing the cybersecurity support requirements shall possess appropriate qualifications and knowledge of federal IT systems and federal (e.g., NIST, DHS, DISA, etc.)
and NRC cybersecurity polices, requirements and best practices.
C.1.5    Reporting Requirements In addition to meeting the delivery schedule in the timely submission of any draft and final reports, summaries, data and documents that are created in the performance of this contract, the Contractor shall comply with the directions of the BPA Call COR/ACOR regarding the contents of the report, summaries, data and related documents to include correcting, deleting, editing, revising, modifying, formatting, and supplementing any of the information contained therein at no additional cost to the NRC. Performance under the contract shall not be deemed accepted or completed until the Contractor complies with BPA Call COR/ACOR's directions.
Unless otherwise directed by the BPA Call COR/ACOR, the reports, summaries, data and related documents shall be considered draft until approved by the BPA Call COR/ACOR. The Contractor agrees that the direction, determinations, and decisions on approval or disapproval of reports, summaries, data and related documents created under this contract remains solely within the discretion of the NRC.
C.1.5.1 Monthly Letter Status Report The contractor shall provide a Monthly Letter Status Report (MLSR) which consists of a technical progress report and financial status report. This report will be used by the Government to assess the adequacy of the resources proposed by the contractor to accomplish the work contained in this SOW and provide status of contractor progress in achieving tasks and producing deliverables. The report shall include contract/order summary information, work completed during the specified period, milestone schedule information, problem resolution, travel plans, and staff hour summary.
C.1.5.2 Final Report The contractor shall provide a final report summarizing the work performed and the results and conclusions under this contract/order.
C.1.6    List of Deliverables Section #              Deliverable              Due Date            Format        Submit to Analysis and                  As assigned by MS Word /        BPA C.1.3-1        Recommendations (of          BPA Excel / PDF      COR/ACOR system configurations,        COR/ACOR Page 9
 
31310020A0003/31310021F0006 architecture, source code and design plans)
STAQS Test Plans, Test As assigned by Scripts and Test Results                        MS Word /        BPA C.1.3-2                                    BPA with Analysis and                              Excel / PDF      COR/ACOR COR/ACOR Recommendations As assigned by MS Word /        BPA C.1.3-3        Quality Assurance Plans      BPA Excel / PDF      COR/ACOR COR/ACOR As assigned by Quality Assurance Report                        MS Word /        BPA C.1.3-4                                    BPA with Recommendations                            Excel / PDF      COR/ACOR COR/ACOR Security Categorization Report, System Security Plan (SSP), Privacy Threshold Analysis/Privacy Impact Assessment (PTA/PIA),
Configuration As assigned by Management Plan,                                MS Word /        BPA C.1.3-5                                    BPA Incident Response Plan,                        Excel / PDF      COR/ACOR COR/ACOR System Inventory, System Architecture Document, Operational Support Procedures, Plan of Action and Milestones (POA&M)
Report, IT Services MOUs/ISAs/Authorizations Audit Artifacts (screenshots, STAQS          As assigned by MS Word /        BPA C.1.3-6        SOPs, STAQS training        BPA Excel / PDF      COR/ACOR materials, STAQS system      COR/ACOR audit logs, etc.)
1 Monthly                  20th of the        Word            CO/ BPA C.6.1 Technical Report            following month    Document        COR/ACOR When tested Word or Document Accessibility      documents are                        BPA C.16.6.5                                                      Adobe PDS Checklist                    delivered, as                      COR/ACOR Document applicable C.1.7 Section 508 - Information and Communication Technology Accessibility C.1.8.1 Introduction In December 2000, the Architectural and Transportation Barriers Compliance Board (Access Board) pursuant to Section 508(2)(A) of the Rehabilitation Act Amendments of 1998, established electronic and information technology (EIT) accessibility standards for the federal Page 10
 
31310020A0003/31310021F0006 government.
The Standards for Section 508 of the Rehabilitation Act (codified at 36 CFR § 1194) were revised by the Access Board, published on January 18, 2017 and minor corrections were made on January 22, 2018, effective March 23, 2018.
The Revised 508 Standards have replaced the term EIT with information and communication technology (ICT). ICT is information technology (as defined in 40 U.S.C. 11101(6)) and other equipment, systems, technologies, or processes, for which the principal function is the creation, manipulation, storage, display, receipt, or transmission of electronic data and information, as well as any associated content. Examples of ICT include, but are not limited to: Computers and peripheral equipment; information kiosks and transaction machines; telecommunications equipment; customer premises equipment; multifunction office machines; software; applications; Web sites; videos; and, electronic documents.
The text of the Revised 508 Standards can be found in 36 CFR § 1194.1 and in Appendices A, C and D of 36 CFR § 1194 (at https://www.ecfr.gov/cgi-bin/text-idx?SID=caeb8ddcea26ba5002c2eea047698e85&mc=true&tpl=/ecfrbrowse/Title36/36cfr1194_
main_02.tpl).
C.1.7.2 General Requirements In order to help the NRC comply with Section 508 of the Rehabilitation Act of 1973, as amended (29 U.S.C. § 794d)(Section 508), the Contractor shall ensure that its deliverables (both products and services) within the scope of this contract/order are
: 1. in conformance with, and
: 2. support the requirements of the Standards for Section 508 of the Rehabilitation Act, as set forth in Appendices A, C and D of 36 CFR § 1194.
C.1.7.3 Applicable Provisions of the Revised 508 Standards The following is an outline of the Revised 508 Standards that identifies what provisions are always applicable and which ones may be applicable. If Maybe is stated in the table below, then those provisions are applicable only if they are within the scope of this acquisition.
Applicable to the Provision of 36 CFR Part 1194 Contract/Order?
: 1. Appendix A to Part 1194 - Section 508 of the Rehabilitation Act:
Yes Application and Scoping Requirements Section 508 Chapter 1: Application and Administration - sets Yes                        forth general application and administration provisions Section 508 Chapter 2: Scoping Requirements - containing scoping requirements (which, in turn, prescribe which ICT -
Yes                        and, in some cases, how many - must comply with the technical specifications)
: 2. Appendix C to Part 1194 - Functional Performance Criteria and Maybe Technical Requirements Chapter 3: Functional Performance Criteria - applies to ICT Maybe where required by 508 Chapter 2 (Scoping Requirements) and Page 11
 
31310020A0003/31310021F0006 where otherwise referenced in any other chapter of the Revised 508 Standards Maybe                      Chapter 4: Hardware Maybe                      Chapter 5: Software Chapter 6: Support Documentation and Services (applicable to, but not limited to, help desks, call centers, training services, Maybe                      and automated self-service technical support) (Always applies if Chapters 4 or 5 apply)
Yes                        Chapter 7: Referenced Standards
: 3. Appendix D to Part 1194 - Electronic and Information Technology Maybe Accessibility Standards as Originally Published on December 21, 2000 Refer to Chapter 2 (Scoping Requirements) first to confirm what provisions in Appendix C apply in a particular case.
Section E203.2 applies only to the NRC, except as specified below.
C.1.7.4 Exceptions C.1.8.4.1 Legacy ICT Unless a deliverable of this contract/order is identified in this contract/order as Legacy ICT, use by the Contractor of the Legacy ICT general exception (section E202.2 of 36 CFR § 1194) shall only be permitted on a case-by-case basis for applicable legacy ICT and with advance written approval from the COR.
C.1.7.4.2 Undue Burden The Undue Burden general exception (section E202.6 of 36 CFR § 1194) is not expected to be applicable to work performed by the Contractor. If there are questions about potential application of this exception, please discuss with the CO.
C.1.7.4.3 Fundamental Alteration or Best Meets If the Contractor wishes to use the Fundamental Alteration (section E202.6 of 36 CFR § 1194) or Best Meets (section E202.7 of 36 CFR § 1194) general exceptions the Contractor shall do the following:
: 1. provide the COR with information necessary to support the agencys documentation requirements, as identified in sections E202.6.2 and E202.7.1 of 36 CFR § 1194, respectively
: 2. request and obtain written approval from the COR for development and/or use, as applicable to the scope of the contract/order, of an alternative means for providing individuals with disabilities access to and use of the information and data, as specified in sections E202.6.3 and E202.7.2 of 36 CFR § 1194, respectively.
Page 12
 
31310020A0003/31310021F0006 C.1.7.4.4 National Security Systems Based on the definition at 40 U.S.C. 11103(a), the National Security Systems general exception (section E202.3 of 36 CFR § 1194) is not applicable to this contract/order.
C.1.7.4.5 ICT Functions Located in Maintenance or Monitoring Spaces The Contractor shall confirm with the COR that an ICT deliverable of this contract/order will be located in maintenance or monitoring spaces before assuming that the ICT Functions Located in Maintenance or Monitoring Spaces general exception (section E202.5 of 36 CFR § 1194) applies.
Note that this exception does not apply to features of the ICT (such as Web interfaces) that can be accessed remotely, outside the maintenance or monitoring space where the ICT is located.
C.1.7.5 Additional Requirements C.1.7.5.1 Notification Due to Impact from NRC Policies, Procedures, Tools and/or ICT Infrastructure If and when 1) the Contractor is dependent upon NRC policies, procedures, tools and/or ICT infrastructure for Revised-508-Standards-conformant delivery of any of the products or services under this acquisition, and 2) the Contractor is aware that conformance of products or services will be negatively impacted by capability gaps in NRC policies, procedures, tools and/or ICT infrastructure, the Contractor shall inform the COR so that the NRC can both be aware and take corrective action.
C.1.7.5.2 Accessibility of Electronic Content For electronic content (as defined in section E103 of 36 CFR § 1194) deliverables of this contract/order:
: 1. If a deliverable is in the form of an Adobe Portable Document Format (PDF) file and is either Public Facing or Agency Official Communication (as defined in sections E103 and E205.3 of 36 CFR § 1194, respectively) the Contractor shall ensure that it conforms to both section E205.4 of 36 CFR § 1194 and ISO 14289-1 (PDF/UA-1)
: 2. Unless the Contractor requests and obtains advance written approval from the COR for a specific deliverable or class of deliverables, the contractor shall ensure that
: 1. deliverables that are not Public Facing and not Agency Official Communication (as defined in sections E103 and E205.3 of 36 CFR § 1194, respectively) shall conform to section E205.4 of 36 CFR § 1194
: 2. deliverables that are in the form of PDF files, are not Public Facing and are not Agency Official Communication (as defined in sections E103 and E205.3 of 36 CFR § 1194, respectively) shall conform to section E205.4 of 36 CFR § 1194 and ISO 14289-1 (PDF/UA-1).
C.1.7.5.3 Other It is desirable that the Contractor address the applicable provisions of the Revised 508 Standards throughout product and service lifecycles rather than only performing a conformance Page 13
 
31310020A0003/31310021F0006 check toward the end of a process.
If and when the Contractor provides custom ICT development services pursuant to this acquisition, the Contractor shall ensure the ICT products and services fully support the applicable provisions of the Revised 508 Standards prior to delivery and before final acceptance.
If and when the Contractor provides installation, configuration or integration services for ICT products (equipment and/or software) pursuant to this acquisition, the Contractor shall not install, configure or integrate the ICT equipment and software in a way that reduces the level of conformance with the applicable provisions of the Revised 508 Standards.
If and when the scope of this contract/order includes work by the Contractor to collect, directly from NRC employees or the Public, requirements for the procurement, development, maintenance or use of ICT the Contractor shall identify the needs of users with disabilities in conformance to section E203.2.
C.1.7.6 ICT Accessibility Deliverables The Contractor shall provide the following ICT accessibility deliverables, when within the scope of this contract/order.
C.1.8.6.1 Accessibility Conformance Report (ACR)
This report shall be submitted for ICT products, systems or application deliverables. A written ACR shall be based on the Voluntary Product Accessibility Template (VPAT), as specified at https://www.itic.org/policy/accessibility/vpat or provide equivalent information. This report has the purpose to document the state of conformance to the Revised 508 Standards for the subject product, system or application.
C.1.7.6.2 Supplemental Accessibility Report (SAR)
This report shall be submitted for ICT products, systems or application deliverables that have been custom developed or integrated by the Contractor to meet contract/order requirements. A written SAR shall contain:
a) Description of evaluation methods used to produce the ACR, to demonstrate due diligence in supporting conformance claims; b) Information on core functions that cant be used by persons with disabilities; and, c) Information on how to configure and install the ICT item to support accessibility C.1.7.6.3 ICT Support Documentation This documentation shall be submitted for ICT products, systems or application deliverables.
The support documentation shall include:
a) Documentation of features that help achieve accessibility and compatibility with assistive technology for persons with disabilities (as required by section 602 of 36 CFR § 1194);
b) For authoring tools that generate content (documents, reports, videos, multimedia, web content, etc.): Information on how the tool enables the creation of accessible electronic content that conforms to the Revised 508 Standards (see section 504 of 36 CFR § 1194), including the Page 14
 
31310020A0003/31310021F0006 range of accessible user interface elements the tool can create; c) For platform software (as defined in section E103.4 of 36 CFR § 1194) and software tools that are provided by a platform developer: Documentation on the set of accessibility services that support applications running on the platform to interoperate with assistive technology, as required by section 502.3 of 36 CFR § 1194.
C.1.7.6.4 ICT Support Documentation (Alternate Formats)
Upon request, alternate formats for non-electronic support documentation shall be provided (as required by section 602.4 of 36 CFR § 1194).
C.1.7.6.5 Document Accessibility Checklist This checklist shall be submitted for ICT electronic content deliverables that are documents (as defined in section E103 of 36 CFR § 1194), if the requirement is specified elsewhere in this acquisition that testing be performed. A completed checklist summarising the subject documents state of conformance to the applicable WCAG 2.0 Level A and AA Success Criteria (as referenced in section E205.4 and 702.10 of 36 CFR § 1194) and, for PDF files, ISO 14289-1 (PDF/UA-1).
C.1.7.6.6 Communication to ICT Users When the Contractor is providing ICT support services (including, but not limited to help desks, call centers, training services, and automated self-service technical support), any communication to ICT users shall accommodate the communication needs of individuals with disabilities (see section 603.3 of 36 CFR § 1194) and include information on accessibility and compatibility features (see 603.2 of 36 CFR § 1194).
C.1.8 Applicable Publications (Current Editions)
The contractor shall comply with the following applicable regulations, publications, manuals, and local policies and procedures:
: 1. NRC Policies, Procedures and Standards (CSO internal website): NRC OCIO/CSO Policies
: 2. All NRC MDs (public website): http://www.nrc.gov/reading-rm/doc-collections/management-directives/
: 3. NIST SP and FIPS documentation is located at: http://csrc.nist.gov/
: 4. CNSS documents are located at: http://www.cnss.gov/
C.1.9 Security Requirements The contractor shall be required to return NRC issued Personal Identification Verification (PIV) cards/badges to the COR at the end of the contract period of performance. If a contractor voluntarily leaves the company, the badge must be returned on the employees final day of employment. Once the badge is returned to the NRC, the contractor will no longer have access to NRC buildings, sensitive automated information technology systems or data. Additional information related to the returning of PIV badges can be found in MD 12.1, Section 5.
Page 15
 
31310020A0003/31310021F0006 D - Packaging and Marking D.1 PACKAGING AND MARKING (a) The Contractor shall package material for shipment to the NRC in such a manner that will ensure acceptance by common carrier and safe delivery at destination. Containers and closures shall comply with the Surface Transportation Board, Uniform Freight Classification Rules, or regulations of other carriers as applicable to the mode of transportation.
(b) On the front of the package, the Contractor shall clearly identify the contract number under which the product is being provided.
(c) Additional packaging and/or marking requirements are as follows: NA.
D.2 BRANDING The Contractor is required to use the statement below in any publications, presentations, articles, products, or materials funded under this contract/order, to the extent practical, in order to provide NRC with recognition for its involvement in and contribution to the project. If the work performed is funded entirely with NRC funds, then the contractor must acknowledge that information in its documentation/presentation.
Work Supported by the U.S. Nuclear Regulatory Commission (NRC), Office of Administration (ADM), under Contract/order number 31310020A0003/31310021F0006.
Page 16
 
31310020A0003/31310021F0006 E - Inspection and Acceptance E.1 INSPECTION AND ACCEPTANCE BY THE NRC (SEP 2013)
Inspection and acceptance of the deliverable items to be furnished hereunder shall be made by the NRC Contracting Officers Representative (COR) at the destination, accordance with FAR 52.247 F.o.b. Destination.
Contract Deliverables:
: 1. See Section C.1.7 List of Deliverables of the Statement of Work
: 2. []
: 3. []
: 4. []
: 5. []
Page 17
 
31310020A0003/31310021F0006 F - Deliveries or Performance F.1 PLACE OF DELIVERY-REPORTS The items to be furnished hereunder shall be delivered, with all charges paid by the Contractor, to:
BPA Call COR Leah Kube Leah.Kube@nrc.gov and BPA Call ACOR Diem Le Diem.Le@nrc.gov F.2 TASK/DELIVERY ORDER PERIOD OF PERFORMANCE (SEP 2013)
This order shall commence on May 9, 2021 and will expire on May 8, 2022. The term of this contract may be extended at the option of the Government for up to an additional 4 years, from May 9, 2022 to May 8, 2026.
Base Period: May 9, 2021 - May 8, 2022.
Option Period 1: May 9, 2022 - May 8, 2023 Option Period 2: May 9, 2023 - May 8, 2024 Option Period 3: May 9, 2024 - May 8, 2025 Option Period 4: May 9, 2025 - May 8, 2026 Page 18
 
31310020A0003/31310021F0006 G - Contract Administration Data NRC Local Clauses Incorporated by Full Text G.1 REGISTRATION IN FEDCONNECT (JULY 2014)
The Nuclear Regulatory Commission (NRC) uses Unison Software Systems secure and auditable two-way web portal, FedConnect, to communicate with vendors and contractors.
FedConnect provides bi-directional communication between the vendor/contractor and the NRC throughout pre-award, award, and post-award acquisition phases. Therefore, in order to do business with the NRC, vendors and contractors must register to use FedConnect at https://www.fedconnect.net/FedConnect. The individual registering in FedConnect must have authority to bind the vendor/contractor. There is no charge for using FedConnect. Assistance with FedConnect is provided by Unison Software Systems, not the NRC. FedConnect contact and assistance information is provided on the FedConnect web site at https://www.fedconnect.net/FedConnect.
NRCAR Clauses Incorporated By Full Text G.2 2052.215-71 CONTRACTING OFFICER REPRESENTATIVE AUTHORITY. (OCT 1999)
(a) The contracting officer's authorized representative (hereinafter referred to as the COR) for this contract is:
BPA Call COR Name: Leah Kube Email: Leah.Kube@nrc.gov Phone: 301-415-0669 BPA Call ACOR Name: Diem Le Email: Diem.Le@nrc.gov Phone: 301-415-7114 (b) Performance of the work under this contract is subject to the technical direction of the NRC COR. The term "technical direction" is defined to include the following:
(1) Technical direction to the contractor which shifts work emphasis between areas of work or tasks, authorizes travel which was unanticipated in the Schedule (i.e., travel not contemplated in the Statement of Work (SOW) or changes to specific travel identified in the SOW), fills in details, or otherwise serves to accomplish the contractual SOW.
(2) Provide advice and guidance to the contractor in the preparation of drawings, specifications, or technical portions of the work description.
(3) Review and, where required by the contract, approval of technical reports, drawings, specifications, and technical information to be delivered by the contractor to the Government under the contract.
Page 19
 
31310020A0003/31310021F0006 (c) Technical direction must be within the general statement of work stated in the contract. The COR does not have the authority to and may not issue any technical direction which:
(1) Constitutes an assignment of work outside the general scope of the contract.
(2) Constitutes a change as defined in the "Changes" clause of this contract.
(3) In any way causes an increase or decrease in the total estimated contract cost, the fixed fee, if any, or the time required for contract performance.
(4) Changes any of the expressed terms, conditions, or specifications of the contract.
(5) Terminates the contract, settles any claim or dispute arising under the contract, or issues any unilateral directive whatever.
(d) All technical directions must be issued in writing by the COR or must be confirmed by the COR in writing within ten (10) working days after verbal issuance. A copy of the written direction must be furnished to the contracting officer. A copy of NRC Form 445, Request for Approval of Official Foreign Travel, which has received final approval from the NRC must be furnished to the contracting officer.
(e) The contractor shall proceed promptly with the performance of technical directions duly issued by the COR in the manner prescribed by this clause and within the COR's authority under the provisions of this clause.
(f) If, in the opinion of the contractor, any instruction or direction issued by the COR is within one of the categories as defined in paragraph (c) of this section, the contractor may not proceed but shall notify the contracting officer in writing within five (5) working days after the receipt of any instruction or direction and shall request the contracting officer to modify the contract accordingly. Upon receiving the notification from the contractor, the contracting officer shall issue an appropriate contract modification or advise the contractor in writing that, in the contracting officer's opinion, the technical direction is within the scope of this article and does not constitute a change under the "Changes" clause.
(g) Any unauthorized commitment or direction issued by the COR may result in an unnecessary delay in the contractor's performance and may even result in the contractor expending funds for unallowable costs under the contract.
(h) A failure of the parties to agree upon the nature of the instruction or direction or upon the contract action to be taken with respect thereto is subject to 52.233 Disputes.
(i) In addition to providing technical direction as defined in paragraph (b) of the section, the COR shall:
(1) Monitor the contractor's technical progress, including surveillance and assessment of performance, and recommend to the contracting officer changes in requirements.
Page 20
 
31310020A0003/31310021F0006 (2) Assist the contractor in the resolution of technical problems encountered during performance.
(3) Review all costs requested for reimbursement by the contractor and submit to the contracting officer recommendations for approval, disapproval, or suspension of payment for supplies and services required under this contract.
(4) Assist the contractor in obtaining the badges for the contractor personnel.
(5) Immediately notify the Security Branch, Division of Facilities and Security (SB/DFS) (via e-mail) when a contractor employee no longer requires access authorization and return of any NRC issued badge to SB/DFS within three days after their termination.
(6) Ensure that all contractor employees that require access to classified Restricted Data or National Security Information or matter, access to sensitive unclassified information (Safeguards, Official Use Only, and Proprietary information) access to sensitive IT systems or data, unescorted access to NRC controlled buildings/space, or unescorted access to protected and vital areas of nuclear power plants receive approval of SB/DFS prior to access in accordance with Management Directive and Handbook 12.3.
(7) For contracts for the design, development, maintenance or operation of Privacy Act Systems of Records, obtain from the contractor as part of closeout procedures, written certification that the contractor has returned to NRC, transferred to the successor contractor, or destroyed at the end of the contract in accordance with instructions provided by the NRC Systems Manager for Privacy Act Systems of Records, all records (electronic or paper) which were created, compiled, obtained or maintained under the contract.
(End of Clause)
Page 21
 
31310020A0003/31310021F0006 H - Special Contract Requirements H.1 Special Contract Requirements NRC Local Clauses Incorporated by Full Text H.2 GOVERNMENT FURNISHED EQUIPMENT/PROPERTY (a) The NRC will provide the contractor with the following items for use under this contract:
: 1. NRC Standard Laptop
: 2. []
: 3. []
Include an asterisk (*) if the item also applies to paragraph (b) below.
(b) The equipment/property listed below is hereby transferred from contract/agreement number:[], to contract/agreement number:[]:
: 1. []
: 2. []
: 3. []
(c) Only the equipment/property listed above in the quantities shown will be provided by the Government. The contractor shall be responsible and accountable for all Government property provided under this contract and shall comply with the provisions of the FAR Government Property Clause under this contract and FAR Subpart 45.5, as in effect on the date of this contract. The contractor shall investigate and provide written notification to the NRC Contracting Officer (CO) and the NRC Division of Facilities and Security, Physical Security Branch of all cases of loss, damage, or destruction of Government property in its possession or control not later than 24 hours after discovery. The contractor must report stolen Government property to the local police and a copy of the police report must be provided to the CO and to the Division of Facilities and Security, Office of Administration.
(d) All other equipment/property required in performance of the contract shall be furnished by the Contractor.
H.3 AWARD NOTIFICATION AND COMMITMENT OF PUBLIC FUNDS (a) All offerors will receive preaward and postaward notices in accordance with FAR 15.503.
(b) It is also brought to your attention that the contracting officer is the only individual who can legally obligate funds or commit the NRC to the expenditure of public funds in connection with this procurement. This means that unless provided in a contract document or specifically authorized by the contracting officer, NRC technical personnel may not issue contract modifications, give formal contractual commitments, or otherwise bind, commit, or obligate the NRC contractually. Informal unauthorized commitments, which do not obligate the NRC and do not entitle the contractor to payment, may include:
Page 22
 
31310020A0003/31310021F0006 (1) Encouraging a potential contractor to incur costs prior to receiving a contract; (2) Requesting or requiring a contractor to make changes under a contract without formal contract modifications; (3) Encouraging a contractor to incur costs under a cost-reimbursable contract in excess of those costs contractually allowable; and (4) Committing the Government to a course of action with regard to a potential contract, contract change, claim, or dispute.
Page 23
 
31310020A0003/31310021F0006 I - Contract Clauses NRC Local Clauses Incorporated by Full Text I.1 NRC ACQUISTION REGULATION (NRCAR) PROVISIONS AND CLAUSES (AUG 2011)
Applicable NRCAR provisions and clauses located in 48 CFR Chapter 20 are hereby incorporated by reference into this contract/order.
NRCAR Clauses Incorporated By Full Text I.2 2052.215-77 TRAVEL APPROVALS AND REIMBURSEMENT. (OCT 1999)
(a) All foreign travel must be approved in advance by the NRC on NRC Form 445, Request for Approval of Official Foreign Travel, and must be in compliance with FAR 52.247-63 Preference for U.S. Flag Air Carriers. The contractor shall submit NRC Form 445 to the NRC no later than 30 days before beginning travel.
(b) The contractor must receive written approval from the NRC Project Officer before taking travel that was unanticipated in the Schedule (i.e., travel not contemplated in the Statement of Work, or changes to specific travel identified in the Statement of Work).
(c) The contractor will be reimbursed only for travel costs incurred that are directly related to this contract and are allowable subject to the limitations prescribed in FAR 31.205-46.
(d) It is the responsibility of the contractor to notify the contracting officer in accordance with the Limitations of Cost clause of this contract when, at any time, the contractor learns that travel expenses will cause the contractor to exceed the estimated costs specified in the Schedule.
(e) Reasonable travel costs for research and related activities performed at State and nonprofit institutions, in accordance with Section 12 of Pub. L. 100-679, must be charged in accordance with the contractor's institutional policy to the degree that the limitations of Office of Management and Budget (OMB) guidance are not exceeded. Applicable guidance documents include OMB Circular A-87, Cost Principles for State and Local Governments; OMB Circular A-122, Cost Principles for Nonprofit Organizations; and OMB Circular A-21, Cost Principles for Educational Institutions.
(End of Clause)
FAR Clauses Incorporated By Reference 52.227-14 RIGHTS IN DATA-GENERAL. (MAY 2014)
FAR Clauses Incorporated By Full Text I.3 52.204-25 PROHIBITION ON CONTRACTING FOR CERTAIN TELECOMMUNICATIONS AND VIDEO SURVEILLANCE SERVICES OR EQUIPMENT. (AUG 2020)
(a) Definitions. As used in this clause-Page 24
 
31310020A0003/31310021F0006 Backhaul means intermediate links between the core network, or backbone network, and the small subnetworks at the edge of the network (e.g., connecting cell phones/towers to the core telephone network). Backhaul can be wireless (e.g., microwave) or wired (e.g.,
fiber optic, coaxial cable, Ethernet).
Covered foreign country means The People's Republic of China.
Covered telecommunications equipment or services means-(1) Telecommunications equipment produced by Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate of such entities);
(2) For the purpose of public safety, security of Government facilities, physical security surveillance of critical infrastructure, and other national security purposes, video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of such entities);
(3) Telecommunications or video surveillance services provided by such entities or using such equipment; or (4) Telecommunications or video surveillance equipment or services produced or provided by an entity that the Secretary of Defense, in consultation with the Director of National Intelligence or the Director of the Federal Bureau of Investigation, reasonably believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country.
Critical technology means-(1) Defense articles or defense services included on the United States Munitions List set forth in the International Traffic in Arms Regulations under subchapter M of chapter I of title 22, Code of Federal Regulations; (2) Items included on the Commerce Control List set forth in Supplement No. 1 to part 774 of the Export Administration Regulations under subchapter C of chapter VII of title 15, Code of Federal Regulations, and controlled-(i) Pursuant to multilateral regimes, including for reasons relating to national security, chemical and biological weapons proliferation, nuclear nonproliferation, or missile technology; or (ii) For reasons relating to regional stability or surreptitious listening; (3) Specially designed and prepared nuclear equipment, parts and components, materials, software, and technology covered by part 810 of title 10, Code of Federal Regulations (relating to assistance to foreign atomic energy activities);
(4) Nuclear facilities, equipment, and material covered by part 110 of title 10, Code of Federal Regulations (relating to export and import of nuclear equipment and material);
Page 25
 
31310020A0003/31310021F0006 (5) Select agents and toxins covered by part 331 of title 7, Code of Federal Regulations, part 121 of title 9 of such Code, or part 73 of title 42 of such Code; or (6) Emerging and foundational technologies controlled pursuant to section 1758 of the Export Control Reform Act of 2018 (50 U.S.C. 4817).
Interconnection arrangements means arrangements governing the physical connection of two or more networks to allow the use of another's network to hand off traffic where it is ultimately delivered (e.g., connection of a customer of telephone provider A to a customer of telephone company B) or sharing data and other information resources.
Reasonable inquiry means an inquiry designed to uncover any information in the entity's possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity that excludes the need to include an internal or third-party audit.
Roaming means cellular communications services (e.g., voice, video, data) received from a visited network when unable to connect to the facilities of the home network either because signal coverage is too weak or because traffic is too high.
Substantial or essential component means any component necessary for the proper function or performance of a piece of equipment, system, or service.
(b) Prohibition. (1) Section 889(a)(1)(A) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. 115-232) prohibits the head of an executive agency on or after August 13, 2019, from procuring or obtaining, or extending or renewing a contract to procure or obtain, any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system. The Contractor is prohibited from providing to the Government any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, unless an exception at paragraph (c) of this clause applies or the covered telecommunication equipment or services are covered by a waiver described in FAR 4.2104.
(2) Section 889(a)(1)(B) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. 115-232) prohibits the head of an executive agency on or after August 13, 2020, from entering into a contract, or extending or renewing a contract, with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, unless an exception at paragraph (c) of this clause applies or the covered telecommunication equipment or services are covered by a waiver described in FAR 4.2104. This prohibition applies to the use of covered telecommunications equipment or services, regardless of whether that use is in performance of work under a Federal contract.
(c) Exceptions. This clause does not prohibit contractors from providing-Page 26
 
31310020A0003/31310021F0006 (1) A service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements; or (2) Telecommunications equipment that cannot route or redirect user data traffic or permit visibility into any user data or packets that such equipment transmits or otherwise handles.
(d) Reporting requirement. (1) In the event the Contractor identifies covered telecommunications equipment or services used as a substantial or essential component of any system, or as critical technology as part of any system, during contract performance, or the Contractor is notified of such by a subcontractor at any tier or by any other source, the Contractor shall report the information in paragraph (d)(2) of this clause to the Contracting Officer, unless elsewhere in this contract are established procedures for reporting the information; in the case of the Department of Defense, the Contractor shall report to the website at https://dibnet.dod.mil. For indefinite delivery contracts, the Contractor shall report to the Contracting Officer for the indefinite delivery contract and the Contracting Officer(s) for any affected order or, in the case of the Department of Defense, identify both the indefinite delivery contract and any affected orders in the report provided at https://dibnet.dod.mil.
(2) The Contractor shall report the following information pursuant to paragraph (d)(1) of this clause:
(i) Within one business day from the date of such identification or notification: The contract number; the order number(s), if applicable; supplier name; supplier unique entity identifier (if known); supplier Commercial and Government Entity (CAGE) code (if known); brand; model number (original equipment manufacturer number, manufacturer part number, or wholesaler number); item description; and any readily available information about mitigation actions undertaken or recommended.
(ii) Within 10 business days of submitting the information in paragraph (d)(2)(i) of this clause: Any further available information about mitigation actions undertaken or recommended. In addition, the Contractor shall describe the efforts it undertook to prevent use or submission of covered telecommunications equipment or services, and any additional efforts that will be incorporated to prevent future use or submission of covered telecommunications equipment or services.
(e) Subcontracts. The Contractor shall insert the substance of this clause, including this paragraph (e) and excluding paragraph (b)(2), in all subcontracts and other contractual instruments, including subcontracts for the acquisition of commercial items.
(End of clause)
I.4 52.217-8 OPTION TO EXTEND SERVICES. (NOV 1999)
The Government may require continued performance of any services within the limits and at the rates specified in the contract. These rates may be adjusted only as a result of revisions to prevailing labor rates provided by the Secretary of Labor. The option provision may be Page 27
 
31310020A0003/31310021F0006 exercised more than once, but the total extension of performance hereunder shall not exceed 6 months. The Contracting Officer may exercise the option by written notice to the Contractor within anytime prior to contract expiration.
(End of clause)
I.5 52.217-9 OPTION TO EXTEND THE TERM OF THE CONTRACT. (MAR 2000)
(a) The Government may extend the term of this contract by written notice to the Contractor within anytime prior to contract expiration; provided that the Government gives the Contractor a preliminary written notice of its intent to extend at least 5 days before the contract expires. The preliminary notice does not commit the Government to an extension.
(b) If the Government exercises this option, the extended contract shall be considered to include this option clause.
(c) The total duration of this contract, including the exercise of any options under this clause, shall not exceed 5.5 years.
(End of clause)
I.6 52.232-19 AVAILABILITY OF FUNDS FOR THE NEXT FISCAL YEAR. (APR 1984)
Funds are not presently available for performance under this contract beyond 2021. The Government's obligation for performance of this contract beyond that date is contingent upon the availability of appropriated funds from which payment for contract purposes can be made.
No legal liability on the part of the Government for any payment may arise for performance under this contract beyond 2021, until funds are made available to the Contracting Officer for performance and until the Contractor receives notice of availability, to be confirmed in writing by the Contracting Officer.
(End of clause)
I.7 52.232-22 LIMITATION OF FUNDS. (APR 1984)
(a) The parties estimate that performance of this contract will not cost the Government more than (1) the estimated cost specified in the Schedule or, (2) if this is a cost-sharing contract, the Government's share of the estimated cost specified in the Schedule. The Contractor agrees to use its best efforts to perform the work specified in the Schedule and all obligations under this contract within the estimated cost, which, if this is a cost-sharing contract, includes both the Government's and the Contractor's share of the cost.
(b) The Schedule specifies the amount presently available for payment by the Government and allotted to this contract, the items covered, the Government's share of the cost if this is a cost-sharing contract, and the period of performance it is estimated the allotted amount will cover. The parties contemplate that the Government will allot additional funds incrementally to the contract up to the full estimated cost to the Government specified in the Schedule, exclusive of any fee. The Contractor agrees to perform, or have performed, work on the contract up to the point at which the total Page 28
 
31310020A0003/31310021F0006 amount paid and payable by the Government under the contract approximates but does not exceed the total amount actually allotted by the Government to the contract.
(c) The Contractor shall notify the Contracting Officer in writing whenever it has reason to believe that the costs it expects to incur under this contract in the next 60 days, when added to all costs previously incurred, will exceed 75 percent of (1) the total amount so far allotted to the contract by the Government or, (2) if this is a cost-sharing contract, the amount then allotted to the contract by the Government plus the Contractor's corresponding share. The notice shall state the estimated amount of additional funds required to continue performance for the period specified in the Schedule.
(d) Sixty days before the end of the period specified in the Schedule, the Contractor shall notify the Contracting Officer in writing of the estimated amount of additional funds, if any, required to continue timely performance under the contract or for any further period specified in the Schedule or otherwise agreed upon, and when the funds will be required.
(e) If, after notification, additional funds are not allotted by the end of the period specified in the Schedule or another agreed-upon date, upon the Contractor's written request the Contracting Officer will terminate this contract on that date in accordance with the provisions of the Termination clause of this contract. If the Contractor estimates that the funds available will allow it to continue to discharge its obligations beyond that date, it may specify a later date in its request, and the Contracting Officer may terminate this contract on that later date.
(f) Except as required by other provisions of this contract, specifically citing and stated to be an exception to this clause (1) the Government is not obligated to reimburse the Contractor for costs incurred in excess of the total amount allotted by the Government to this contract and (2) the Contractor is not obligated to continue performance under this contract (including actions under the Termination clause of this contract) or otherwise incur costs in excess of (i) the amount then allotted to the contract by the Government or (ii) if this is a cost-sharing contract, the amount then allotted by the Government to the contract plus the Contractor's corresponding share, until the Contracting Officer notifies the Contractor in writing that the amount allotted by the Government has been increased and specifies an increased amount, which shall then constitute the total amount allotted by the Government to this contract.
(g) The estimated cost shall be increased to the extent that (1) the amount allotted by the Government or, (2) if this is a cost-sharing contract, the amount then allotted by the Government to the contract plus the Contractor's corresponding share, exceeds the estimated cost specified in the Schedule. If this is a cost-sharing contract, the increase shall be allocated in accordance with the formula specified in the Schedule.
(h) No notice, communication, or representation in any form other than that specified in subparagraph (f)(2) above, or from any person other than the Contracting Officer, shall affect the amount allotted by the Government to this contract. In the absence of the specified notice, the Government is not obligated to reimburse the Contractor for any costs in excess of the total amount allotted by the Government to this contract, whether incurred during the course of the contract or as a result of termination.
Page 29
 
31310020A0003/31310021F0006 (i) When and to the extent that the amount allotted by the Government to the contract is increased, any costs the Contractor incurs before the increase that are in excess of (1) The amount previously allotted by the Government or (2) if this is a cost-sharing contract, the amount previously allotted by the Government to the contract plus the Contractor's corresponding share, shall be allowable to the same extent as if incurred afterward, unless the Contracting Officer issues a termination or other notice and directs that the increase is solely to cover termination or other specified expenses.
(j) Change orders shall not be considered an authorization to exceed the amount allotted by the Government specified in the Schedule, unless they contain a statement increasing the amount allotted.
(k) Nothing in this clause shall affect the right of the Government to terminate this contract. If this contract is terminated, the Government and the Contractor shall negotiate an equitable distribution of all property produced or purchased under the contract, based upon the share of costs incurred by each.
(l) If the Government does not allot sufficient funds to allow completion of the work, the Contractor is entitled to a percentage of the fee specified in the Schedule equalling the percentage of completion of the work contemplated by this contract.
(End of clause)
I.8 52.237-3 CONTINUITY OF SERVICES. (JAN 1991)
(a) The Contractor recognizes that the services under this contract are vital to the Government and must be continued without interruption and that, upon contract expiration, a successor, either the Government or another contractor, may continue them. The Contractor agrees to (1) furnish phase-in training and (2) exercise its best efforts and cooperation to effect an orderly and efficient transition to a successor.
(b) The Contractor shall, upon the Contracting Officer's written notice, (1) furnish phase-in, phase-out services for up to 90 days after this contract expires and (2) negotiate in good faith a plan with a successor to determine the nature and extent of phase-in, phase-out services required. The plan shall specify a training program and a date for transferring responsibilities for each division of work described in the plan, and shall be subject to the Contracting Officer's approval. The Contractor shall provide sufficient experienced personnel during the phase-in, phase-out period to ensure that the services called for by this contract are maintained at the required level of proficiency.
(c) The Contractor shall allow as many personnel as practicable to remain on the job to help the successor maintain the continuity and consistency of the services required by this contract. The Contractor also shall disclose necessary personnel records and allow the successor to conduct on-site interviews with these employees. If selected employees are agreeable to the change, the Contractor shall release them at a mutually agreeable date and negotiate transfer of their earned fringe benefits to the successor.
(d) The Contractor shall be reimbursed for all reasonable phase-in, phase-out costs (i.e.,
costs incurred within the agreed period after contract expiration that result from phase-in, Page 30
 
31310020A0003/31310021F0006 phase-out operations) and a fee (profit) not to exceed a pro rata portion of the fee (profit) under this contract.
(End of clause)
I.9 52.252-2 CLAUSES INCORPORATED BY REFERENCE. (FEB 1998)
This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address(es): This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address(es):
https://www.acquisition.gov/browse/index/far https://www.acquisition.gov/nrcar (End of clause)
Page 31
 
31310020A0003/31310021F0006 J - List of Documents, Exhibits and Other Attachments Number Attachment Title                            Date      of Number Pages 1          IV&V STAQS Price Schedule xlsx                        03/17/2021      1 Instructions_ IPP Billing Instructions for Labor-Hour 2                                                                04/14/2021      7 or Time-and-Materials Contracts Page 32}}

Latest revision as of 16:17, 19 January 2022

Task Order No. 31310021F0006 Under Contract No. 31310020A0003 - Redacted
ML21104A374
Person / Time
Issue date: 04/14/2021
From: Domonique Malone
Acquisition Management Division
To: Hyland M
AEGIS.net
References
31310020A0003
Download: ML21104A374 (32)


Text

1. REQUISITION NUMBER PAGE OF SOLICITATION/CONTRACT/ORDER FOR COMMERCIAL ITEMS OFFEROR TO COMPLETE BLOCKS 12, 17, 23, 24, & 30 ADM-21-0002 1 32

2. CONTRACT NO. 3. AWARD/ 4. ORDER NUMBER 5. SOLICITATION NUMBER 6. SOLICITATION 31310020A0003 EFFECTIVE DATE 31310021Q0001 ISSUE DATE 31310021F0006 11/16/2020
7. FOR SOLICITATION a. NAME b. TELEPHONE NUMBER (No collect calls) 8. OFFER DUE DATE/LOCAL TIME INFORMATION CALL: BANU GOLDFEIZ ET
9. ISSUED BY CODE NRCHQ 10. THIS ACQUISITION IS X UNRESTRICTED OR SET ASIDE:  % FOR:

WOMEN-OWNED SMALL BUSINESS U.S. NRC - HQ SMALL BUSINESS (WOSB) ELIGIBLE UNDER THE WOMEN-OWNED Acquisition Management Division HUBZONE SMALL SMALL BUSINESS PROGRAM NAICS: 541519 BUSINESS EDWOSB Mail Stop: TWFN-07B20M SERVICE-DISABLED Washington DC 20555-0001 VETERAN-OWNED 8(A)

SIZE STANDARD: $150.00 SMALL BUSINESS

11. DELIVERY FOR FOB DESTINA- 12. DISCOUNT TERMS 13b. RATING TION UNLESS BLOCK IS 13a. THIS CONTRACT IS A MARKED 30 RATED ORDER UNDER
14. METHOD OF SOLICITATION SEE SCHEDULE DPAS (15 CFR 700)

X RFQ IFB RFP

15. DELIVER TO CODE NRCHQ 16. ADMINISTERED BY CODE NRCHQ Nuclear Regulatory Commission U.S. NRC - HQ Nuclear Regulatory Commission Acquisition Management Division Washington DC 20555-0001 Mail Stop: TWFN-07B20M Washington DC 20555-0001 17a. CONTRACTOR/ CODE 152858358 FACILITY 18a. PAYMENT WILL BE MADE BY CODE NRCPAYMENTS OFFEROR CODE AEGIS.NET INC Fiscal Accounting Program Attn: Mario Hyland Admin & Training Group, Avery Street A3-G P.O. BOX 3897 Bureau of the Fiscal Service MERRIFIELD VA 221163897 PO Box 1328 Parkersburg WV 26106-1328 TELEPHONE NO. 7038936020707 17b. CHECK IF REMITTANCE IS DIFFERENT AND PUT SUCH ADDRESS IN OFFER 18b. SUBMIT INVOICES TO ADDRESS SHOWN IN BLOCK 18a UNLESS BLOCK BELOW IS CHECKED SEE ADDENDUM
19. 20. 21. 22. 23. 24.

ITEM NO. SCHEDULE OF SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT GSA Contract #: GS35F0125S The purpose of this BPA Call is to acquire contractor support to perform Independent Verification and Validation (IV&V) services for the Nuclear Regulatory Commission (NRC) Strategic Acquisition System (STAQS) including quality assurance, validation of maintenance releases and support for system security.

Accounting Info:

Continued ...

(Use Reverse and/or Attach Additional Sheets as Necessary)

25. ACCOUNTING AND APPROPRIATION DATA 26. TOTAL AWARD AMOUNT (For Govt. Use Only)

See schedule $2,769,493.44 27a. SOLICITATION INCORPORATES BY REFERENCE FAR 52.212-1, 52.212-4. FAR 52.212-3 AND 52.212-5 ARE ATTACHED. ADDENDA ARE ARE NOT ATTACHED.

27b. CONTRACT/PURCHASE ORDER INCORPORATES BY REFERENCE FAR 52.212-4. FAR 52.212-5 IS ATTACHED. ADDENDA ARE ARE NOT ATTACHED.

X 28. CONTRACTOR IS REQUIRED TO SIGN THIS DOCUMENT AND RETURN 1 29. AWARD OF CONTRACT: OFFER COPIES TO ISSUING OFFICE. CONTRACTOR AGREES TO FURNISH AND DELIVER REF.

DATED . YOUR OFFER ON SOLICITATION (BLOCK 5),

ALL ITEMS SET FORTH OR OTHERWISE IDENTIFIED ABOVE AND ON ANY ADDITIONAL INCLUDING ANY ADDITIONS OR CHANGES WHICH ARE SET FORTH SHEETS SUBJECT TO THE TERMS AND CONDITIONS SPECIFIED. HEREIN, IS ACCEPTED AS TO ITEMS:

30a. SIGNATURE OF OFFEROR/CONTRACTOR 31a. UNITED STATES OF AMERICA (SIGNATURE OF CONTRACTING OFFICER) 30b. NAME AND TITLE OF SIGNER (Type or print) 30c. DATE SIGNED 31b. NAME OF CONTRACTING OFFICER (Type or print) 31c. DATE SIGNED DOMONIQUE MALONE 04/14/2021 AUTHORIZED FOR LOCAL REPRODUCTION STANDARD FORM 1449 (REV. 2/2012)

PREVIOUS EDITION IS NOT USABLE Prescribed by GSA - FAR (48 CFR) 53.212

2 of 32

19. 20. 21. 22. 23. 24.

ITEM NO. SCHEDULE OF SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT 2021-X0200-FEEBASED-40-40D007-6031-51-P-156-252A-5 1-P-156-6031 Period of Performance: 05/09/2021 to 05/08/2022 32a. QUANTITY IN COLUMN 21 HAS BEEN RECEIVED INSPECTED ACCEPTED, AND CONFORMS TO THE CONTRACT, EXCEPT AS NOTED:

32b. SIGNATURE OF AUTHORIZED GOVERNMENT REPRESENTATIVE 32c. DATE 32d. PRINTED NAME AND TITLE OF AUTHORIZED GOVERNMENT REPRESENTATIVE 32e. MAILING ADDRESS OF AUTHORIZED GOVERNMENT REPRESENTATIVE 32f. TELEPHONE NUMBER OF AUTHORIZED GOVERNMENT REPRESENTATIVE 32g. E-MAIL OF AUTHORIZED GOVERNMENT REPRESENTATIVE

33. SHIP NUMBER 34. VOUCHER NUMBER 35. AMOUNT VERIFIED 36. PAYMENT 37. CHECK NUMBER CORRECT FOR COMPLETE PARTIAL FINAL PARTIAL FINAL
38. S/R ACCOUNT NUMBER 39. S/R VOUCHER NUMBER 40. PAID BY 41a. I CERTIFY THIS ACCOUNT IS CORRECT AND PROPER FOR PAYMENT 42a. RECEIVED BY (Print) 41b. SIGNATURE AND TITLE OF CERTIFYING OFFICER 41c. DATE 42b. RECEIVED AT (Location) 42c. DATE REC'D (YY/MM/DD) 42d. TOTAL CONTAINERS STANDARD FORM 1449 (REV. 2/2012) BACK

31310020A0003/31310021F0006 Page 3

31310020A0003/31310021F0006 B - Supplies or Services/Prices B.1 BRIEF PROJECT TITLE AND WORK DESCRIPTION (a) The title of this project is: Independent Verification and Validation for the Strategic Acquisition System (IV&V STAQS)

(b) Summary work description: (a) This task order requires contractor support to perform Independent Verification and Validation (IV&V) services for the Nuclear Regulatory Commission (NRC) Strategic Acquisition System (STAQS) and Enterprise Acquisition Toolset (NEAT) including quality assurance, verification and validation of maintenance/enhancement software releases and cybersecurity support.

B.2 TYPE OF CONTRACT (JULY 2020)

The contract type for this award is Labor Hours B.3 CONSIDERATION AND OBLIGATION- LABOR-HOUR CONTRACT (a) The ceiling price to the Government for full performance under this contract is $2,769.493.44 (b) The contract includes direct labor hours at specified fixed hourly rates, inclusive of wages, fringe, overhead, general and administrative expenses, and profit.

(c) It is estimated that the amount currently obligated will cover performance through 05/08/2022.

(d) This is an incrementally-funded contract and FAR 52.232 Limitation of Funds applies.

Page 4

31310020A0003/31310021F0006 C - Description/Specifications C.1 STATEMENT OF WORK C.1.1 Background The U.S. Nuclear Regulatory Commissions (NRCs) Office of Administration, Acquisition Management Division (ADM/AMD) is responsible for overseeing the agencys procurement activities. The Strategic Acquisition System (STAQS) provides the information technology that supports the procurement business process. STAQS utilizes the PRISM Acquisition Software Suite by Unison configured to meet the requirements of the NRC. STAQS interfaces in real-time with the agencys financial system, Financial Accounting and Information Management System (FAIMIS), using Talend Middleware to commit and obligate agency funds using commercial contracts, Financial Assistance, Grants, Department of Energy (DOE) lab agreements, and Interagency Agreements (IAAs). The NRC needs independent verification and validation services to support operations and maintenance of STAQS and to ensure that STAQS and FAIMIS remain synchronized with respect to procurement data. The NRC also needs independent verification and validation services to support STAQS system security needs.

C.1.2 Objective The objective of this acquisition is to acquire Independent Verification and Validation (IV&V) services for the Nuclear Regulatory Commission (NRC) Strategic Acquisition System (STAQS) including quality assurance, validation of maintenance releases and support for system security.

C.1.3 Scope of Work/Tasks The Contractor shall provide the following independent verification and validation (IV&V) services for STAQS and NEAT:

1. Analyze, review and validate system deliverables such as system configurations, architecture, source code and design plans developed by the system integrator, system hosting provider, STAQS/NEAT support staff and the FAIMIS support staff. Results of analysis and recommendations shall be provided to the BPA Call Contracting Officers Representative (COR) and/or Alternate Contracting Officer Representative (ACOR) in a report that includes a summary of the items reviewed/analyzed, method of verification and/or validation, system/architecture/user impacts and actionable recommendations. The Contractor shall perform any recommended actions when determined to be appropriate by the BPA Call COR/ACOR.
2. Develop comprehensive system testing strategies and approaches along with test plans, test scripts, and test results with analysis and recommendations based on identified failure/issues. Contractors shall perform testing services when required. System testing may be required for when STAQS/NEAT upgrades/enhancements are made or when changes to interconnected systems and services take place. Such systems and services would include (but not limited to): FAIMIS, Grants.gov, FedConnect, and all Integrated Award Environment (e.g.,

FPDS NG, SAM.gov, Beta.SAM.gov, etc.).

Types of testing shall include but it is not limited to the following: Unit, Integration, Smoke, Interface, Regression, Stress, Load, Performance, User Acceptance, etc.

3. Develop and execute quality assurance plans for STAQS that includes the IV&V of STAQS data that is shared to external systems and services such as FAIMIS, Grants.gov, FedConnect, and Integrated Award Environment Services (e.g., FPDS NG, SAM.gov, Beta.SAM.gov, etc.).

Page 5

31310020A0003/31310021F0006

4. Provide recommendations to the BPA Call COR/ACOR for actionable items identified during the execution of the quality assurance plans/activities. This task may require the Contractor to perform or implement the recommended actions.
5. Provide FISMA support for STAQS. This includes but not limited to the following activities:

o Develop, review and update the required security documents for STAQS as required in the NRC MD 12.5, NRC Cybersecurity Program and NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations (https://csrc.nist.gov/publications/sp800) o Perform security and vulnerability assessments based on internal/external audit reports and scans (e.g., OMB, NRC OIG, NRC/OCIO/CSB, etc.). Any validated vulnerability findings shall be documented in the Plan of Actions and Milestones (POA&M) repository for STAQS along with actions to remediate or mitigate the vulnerabilities.

o Provide STAQS security engineering assessments and recommendations for proposed architectures and implementations based on NRC MD 12.5, NRC Cybersecurity Program and NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations requirements are met.

o Perform continuous monitoring activities for STAQS as outlined in CSO-PROS-1323, Information Security Continuous Monitoring Process

6. The Contractor shall assist the BPA Call COR/ACOR on STAQS related data calls tasks received from the NRC OIG and other government organizations. Data calls are usually unexpected and require a quick turnaround. These tasks will require the Contractor to be reviewing, analyzing and, if necessary, creating artifacts required by the auditors (e.g.,

screenshots, STAQS SOPs, STAQS training materials, STAQS system audit logs, etc.).

C.1.3.1 - REVIEW OF SYSTEM CONFIGURATION, DESIGN, AND IT SECURITY DELIVERABLES The Contractor shall work with the STAQS Information System Security Officer (ISSO) to develop, review and update system configurations and design deliverables.

The deliverables that will be provided to the Contractor for review include, Items such as design documents, the quality assurance plan, the test plan, data conversion scripts, interface documentation, test result summaries, IT security continuous monitoring products, IT security documentation, and user training materials. In reviewing each deliverable, the contractor shall notify in writing the BPA Call COR/ACOR of any issues with accuracy or potential project risk.

For each deliverable review, the contractor shall assess compliance with NRC requirements, the approved design, applicable standards, and absence of techniques that may reduce maintainability or extensibility. The contractor shall analyze and provide recommendations on STAQS system audit reports from either CSB, independent third-party auditors or NRC OIG in a written report delivered to the BPA Call COR/ACOR.

C.1.3.2 - CYBERSECURITY SUPPORT The Contractor shall support the BPA Call COR/ACOR in understanding the system architecture and technological concerns related to NRC and federal cybersecurity policies and requirements.

The Contractor shall perform the STAQS security assessment activities, for example when applicable develop, update or review all deliverables required by CSO-PROS-2102, System Cybersecurity Assessment Process, NRC MD 12.5, NRC Cybersecurity Program and NIST SP Page 6

31310020A0003/31310021F0006 800-53, Security and Privacy Controls for Federal Information Systems and Organizations and coordinating the distribution of these deliverables according to Agency policy and procedures.

The Contractor shall keep the BPA Call COR/ACOR informed of any changes based upon an expectation of strict adherence to the specific and general conditions stated in the ATO.

The Contractor shall perform IT security continuous monitoring activities for STAQS as required by the CSO-PROS-1323, Information Security Continuous Monitoring Process and coordinate the distribution of any deliverables according to Agency policy and procedures. The Contractor shall keep the BPA Call COR/ACOR informed concerning system vulnerabilities and POAMS.

The Contractor shall review, analyze and, if necessary, create artifacts required by the IT security and financial system audits (e.g., screenshots, STAQS SOPs, STAQS training materials, STAQS system audit logs, etc.).

The Contractor shall develop and update STAQS security documentation as necessary to maintain current system specification, modifications, and updates.

All system modifications shall undergo a security review commensurate with the Security Categorization of the system and in accordance with FIPS 199, Standards for Security Categorization of Federal Information and Information Systems.

The Contractor shall perform reviews and documentation updates of system controls to ensure that all system modifications are in compliance with FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, and NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations.

Additionally, the Contractor shall develop test scripts and plans and review the system test results of all changes to ensure that any change to existing security controls or requirements for new security controls are implemented and tested by the system integrator. The criteria for testing and acceptance shall be based on the original content of the release together with the technical approach/design, as approved by the BPA Call COR/ACOR.

The Contractor shall ensure that valid test cases are provided for all the system code releases.

A valid test case is one that will fully exercise and verify the change requests (CR) requirements. The test plans shall also exercise the systems security controls and security requirements and associated technical resolutions, risk mitigation, and implementations to confirm that the system and associated controls are operating as intended, and in accordance with FIPS 200, and NIST SP 800-53 and 800- 53A, NIST SP 800-37 Guide for the Security Certification and Accreditation of Federal Information Systems, and the NRC System Security Test and Evaluation (ST&E) Plan Template. The Contractor shall update the test plan report after completion of the system security test and evaluation plan test report to reflect validated information.

C.1.3.3 - QUALITY ASSURANCE The Contractor shall ensure the quality and integrity of acquisition data sent through the interfaces between STAQS and FAIMIS by performing a review and comparison of the data based on system requirements and design criteria. The Contractor shall analyze all discrepancies and identify the actions needed to correct each discrepancy.

Page 7

31310020A0003/31310021F0006 The Contractor shall investigate reported system defects, confirming their existence, proposing a short-term work-around, defining relationships to stated system requirements, evaluating maintainer-proposed solutions, and providing recommendations to BPA Call COR/ACOR.

C.1.3.3.1 - System Change Control The Contractor shall review, for clarity and completeness, proposed system changes to STAQS and provide recommendations to the BPA Call COR/ACOR. The Contractor shall verify that each CR specification was fully implemented and provide the implications/impacts of each defect or proposed enhancement that is under consideration by the CCB.

The Contractor shall also advise the BPA Call COR/ACOR during the evaluation of maintenance cost and schedule proposals.

The Contractor shall support the BPA Call COR/ACOR in tracking and updating STAQS CCB documentation, and artifacts, as needed.

C.1.3.4 - TESTING SUPPORT FOR STAQS MAINTENANCE RELEASES The contractor shall provide comprehensive technical assistance and support for NRC with all stages of testing. The contractor shall develop, execute, compile and/or review the system test plans and reports for all testing phases (for example, but not limited to the following types of system testing):

  • System Unit Testing
  • System Interface Testing
  • Performance Testing
  • Stress Testing
  • Load Testing
  • End-to-End Testing
  • User Acceptance Testing
  • Integration Testing
  • Smoke Testing
  • Regression Testing The contractor shall provide support with user acceptance testing (UAT). UAT testing should be in concert with the requirements established in the system requirements and design. This support shall include development of user support test plans, ensuring coverage of all requirements, and shall include development of test plans and test scripts for automated performance of acceptance testing.

The contractor shall execute test scripts and supplement the NRC user role to the extent directed by the BPA Call COR/ACOR. Test scripts shall be automated unless otherwise directed by the BPA Call COR/ACOR. The contractor shall develop automated scripts in the IBM Rational Robot, Functional Tester, and Manual Test tools.

C.1.4 Personnel Qualifications Page 8

31310020A0003/31310021F0006

1. Personnel performing the IV&V requirements shall possess appropriate qualifications, including experience with a federal acquisition system as it related to IT system testing, quality/data assurance, and interfaces/connections with federal financial systems (e.g.

Momentum).

2. Personnel performing the cybersecurity support requirements shall possess appropriate qualifications and knowledge of federal IT systems and federal (e.g., NIST, DHS, DISA, etc.)

and NRC cybersecurity polices, requirements and best practices.

C.1.5 Reporting Requirements In addition to meeting the delivery schedule in the timely submission of any draft and final reports, summaries, data and documents that are created in the performance of this contract, the Contractor shall comply with the directions of the BPA Call COR/ACOR regarding the contents of the report, summaries, data and related documents to include correcting, deleting, editing, revising, modifying, formatting, and supplementing any of the information contained therein at no additional cost to the NRC. Performance under the contract shall not be deemed accepted or completed until the Contractor complies with BPA Call COR/ACOR's directions.

Unless otherwise directed by the BPA Call COR/ACOR, the reports, summaries, data and related documents shall be considered draft until approved by the BPA Call COR/ACOR. The Contractor agrees that the direction, determinations, and decisions on approval or disapproval of reports, summaries, data and related documents created under this contract remains solely within the discretion of the NRC.

C.1.5.1 Monthly Letter Status Report The contractor shall provide a Monthly Letter Status Report (MLSR) which consists of a technical progress report and financial status report. This report will be used by the Government to assess the adequacy of the resources proposed by the contractor to accomplish the work contained in this SOW and provide status of contractor progress in achieving tasks and producing deliverables. The report shall include contract/order summary information, work completed during the specified period, milestone schedule information, problem resolution, travel plans, and staff hour summary.

C.1.5.2 Final Report The contractor shall provide a final report summarizing the work performed and the results and conclusions under this contract/order.

C.1.6 List of Deliverables Section # Deliverable Due Date Format Submit to Analysis and As assigned by MS Word / BPA C.1.3-1 Recommendations (of BPA Excel / PDF COR/ACOR system configurations, COR/ACOR Page 9

31310020A0003/31310021F0006 architecture, source code and design plans)

STAQS Test Plans, Test As assigned by Scripts and Test Results MS Word / BPA C.1.3-2 BPA with Analysis and Excel / PDF COR/ACOR COR/ACOR Recommendations As assigned by MS Word / BPA C.1.3-3 Quality Assurance Plans BPA Excel / PDF COR/ACOR COR/ACOR As assigned by Quality Assurance Report MS Word / BPA C.1.3-4 BPA with Recommendations Excel / PDF COR/ACOR COR/ACOR Security Categorization Report, System Security Plan (SSP), Privacy Threshold Analysis/Privacy Impact Assessment (PTA/PIA),

Configuration As assigned by Management Plan, MS Word / BPA C.1.3-5 BPA Incident Response Plan, Excel / PDF COR/ACOR COR/ACOR System Inventory, System Architecture Document, Operational Support Procedures, Plan of Action and Milestones (POA&M)

Report, IT Services MOUs/ISAs/Authorizations Audit Artifacts (screenshots, STAQS As assigned by MS Word / BPA C.1.3-6 SOPs, STAQS training BPA Excel / PDF COR/ACOR materials, STAQS system COR/ACOR audit logs, etc.)

1 Monthly 20th of the Word CO/ BPA C.6.1 Technical Report following month Document COR/ACOR When tested Word or Document Accessibility documents are BPA C.16.6.5 Adobe PDS Checklist delivered, as COR/ACOR Document applicable C.1.7 Section 508 - Information and Communication Technology Accessibility C.1.8.1 Introduction In December 2000, the Architectural and Transportation Barriers Compliance Board (Access Board) pursuant to Section 508(2)(A) of the Rehabilitation Act Amendments of 1998, established electronic and information technology (EIT) accessibility standards for the federal Page 10

31310020A0003/31310021F0006 government.

The Standards for Section 508 of the Rehabilitation Act (codified at 36 CFR § 1194) were revised by the Access Board, published on January 18, 2017 and minor corrections were made on January 22, 2018, effective March 23, 2018.

The Revised 508 Standards have replaced the term EIT with information and communication technology (ICT). ICT is information technology (as defined in 40 U.S.C. 11101(6)) and other equipment, systems, technologies, or processes, for which the principal function is the creation, manipulation, storage, display, receipt, or transmission of electronic data and information, as well as any associated content. Examples of ICT include, but are not limited to: Computers and peripheral equipment; information kiosks and transaction machines; telecommunications equipment; customer premises equipment; multifunction office machines; software; applications; Web sites; videos; and, electronic documents.

The text of the Revised 508 Standards can be found in 36 CFR § 1194.1 and in Appendices A, C and D of 36 CFR § 1194 (at https://www.ecfr.gov/cgi-bin/text-idx?SID=caeb8ddcea26ba5002c2eea047698e85&mc=true&tpl=/ecfrbrowse/Title36/36cfr1194_

main_02.tpl).

C.1.7.2 General Requirements In order to help the NRC comply with Section 508 of the Rehabilitation Act of 1973, as amended (29 U.S.C. § 794d)(Section 508), the Contractor shall ensure that its deliverables (both products and services) within the scope of this contract/order are

1. in conformance with, and
2. support the requirements of the Standards for Section 508 of the Rehabilitation Act, as set forth in Appendices A, C and D of 36 CFR § 1194.

C.1.7.3 Applicable Provisions of the Revised 508 Standards The following is an outline of the Revised 508 Standards that identifies what provisions are always applicable and which ones may be applicable. If Maybe is stated in the table below, then those provisions are applicable only if they are within the scope of this acquisition.

Applicable to the Provision of 36 CFR Part 1194 Contract/Order?

1. Appendix A to Part 1194 - Section 508 of the Rehabilitation Act:

Yes Application and Scoping Requirements Section 508 Chapter 1: Application and Administration - sets Yes forth general application and administration provisions Section 508 Chapter 2: Scoping Requirements - containing scoping requirements (which, in turn, prescribe which ICT -

Yes and, in some cases, how many - must comply with the technical specifications)

2. Appendix C to Part 1194 - Functional Performance Criteria and Maybe Technical Requirements Chapter 3: Functional Performance Criteria - applies to ICT Maybe where required by 508 Chapter 2 (Scoping Requirements) and Page 11

31310020A0003/31310021F0006 where otherwise referenced in any other chapter of the Revised 508 Standards Maybe Chapter 4: Hardware Maybe Chapter 5: Software Chapter 6: Support Documentation and Services (applicable to, but not limited to, help desks, call centers, training services, Maybe and automated self-service technical support) (Always applies if Chapters 4 or 5 apply)

Yes Chapter 7: Referenced Standards

3. Appendix D to Part 1194 - Electronic and Information Technology Maybe Accessibility Standards as Originally Published on December 21, 2000 Refer to Chapter 2 (Scoping Requirements) first to confirm what provisions in Appendix C apply in a particular case.

Section E203.2 applies only to the NRC, except as specified below.

C.1.7.4 Exceptions C.1.8.4.1 Legacy ICT Unless a deliverable of this contract/order is identified in this contract/order as Legacy ICT, use by the Contractor of the Legacy ICT general exception (section E202.2 of 36 CFR § 1194) shall only be permitted on a case-by-case basis for applicable legacy ICT and with advance written approval from the COR.

C.1.7.4.2 Undue Burden The Undue Burden general exception (section E202.6 of 36 CFR § 1194) is not expected to be applicable to work performed by the Contractor. If there are questions about potential application of this exception, please discuss with the CO.

C.1.7.4.3 Fundamental Alteration or Best Meets If the Contractor wishes to use the Fundamental Alteration (section E202.6 of 36 CFR § 1194) or Best Meets (section E202.7 of 36 CFR § 1194) general exceptions the Contractor shall do the following:

1. provide the COR with information necessary to support the agencys documentation requirements, as identified in sections E202.6.2 and E202.7.1 of 36 CFR § 1194, respectively
2. request and obtain written approval from the COR for development and/or use, as applicable to the scope of the contract/order, of an alternative means for providing individuals with disabilities access to and use of the information and data, as specified in sections E202.6.3 and E202.7.2 of 36 CFR § 1194, respectively.

Page 12

31310020A0003/31310021F0006 C.1.7.4.4 National Security Systems Based on the definition at 40 U.S.C. 11103(a), the National Security Systems general exception (section E202.3 of 36 CFR § 1194) is not applicable to this contract/order.

C.1.7.4.5 ICT Functions Located in Maintenance or Monitoring Spaces The Contractor shall confirm with the COR that an ICT deliverable of this contract/order will be located in maintenance or monitoring spaces before assuming that the ICT Functions Located in Maintenance or Monitoring Spaces general exception (section E202.5 of 36 CFR § 1194) applies.

Note that this exception does not apply to features of the ICT (such as Web interfaces) that can be accessed remotely, outside the maintenance or monitoring space where the ICT is located.

C.1.7.5 Additional Requirements C.1.7.5.1 Notification Due to Impact from NRC Policies, Procedures, Tools and/or ICT Infrastructure If and when 1) the Contractor is dependent upon NRC policies, procedures, tools and/or ICT infrastructure for Revised-508-Standards-conformant delivery of any of the products or services under this acquisition, and 2) the Contractor is aware that conformance of products or services will be negatively impacted by capability gaps in NRC policies, procedures, tools and/or ICT infrastructure, the Contractor shall inform the COR so that the NRC can both be aware and take corrective action.

C.1.7.5.2 Accessibility of Electronic Content For electronic content (as defined in section E103 of 36 CFR § 1194) deliverables of this contract/order:

1. If a deliverable is in the form of an Adobe Portable Document Format (PDF) file and is either Public Facing or Agency Official Communication (as defined in sections E103 and E205.3 of 36 CFR § 1194, respectively) the Contractor shall ensure that it conforms to both section E205.4 of 36 CFR § 1194 and ISO 14289-1 (PDF/UA-1)
2. Unless the Contractor requests and obtains advance written approval from the COR for a specific deliverable or class of deliverables, the contractor shall ensure that
1. deliverables that are not Public Facing and not Agency Official Communication (as defined in sections E103 and E205.3 of 36 CFR § 1194, respectively) shall conform to section E205.4 of 36 CFR § 1194
2. deliverables that are in the form of PDF files, are not Public Facing and are not Agency Official Communication (as defined in sections E103 and E205.3 of 36 CFR § 1194, respectively) shall conform to section E205.4 of 36 CFR § 1194 and ISO 14289-1 (PDF/UA-1).

C.1.7.5.3 Other It is desirable that the Contractor address the applicable provisions of the Revised 508 Standards throughout product and service lifecycles rather than only performing a conformance Page 13

31310020A0003/31310021F0006 check toward the end of a process.

If and when the Contractor provides custom ICT development services pursuant to this acquisition, the Contractor shall ensure the ICT products and services fully support the applicable provisions of the Revised 508 Standards prior to delivery and before final acceptance.

If and when the Contractor provides installation, configuration or integration services for ICT products (equipment and/or software) pursuant to this acquisition, the Contractor shall not install, configure or integrate the ICT equipment and software in a way that reduces the level of conformance with the applicable provisions of the Revised 508 Standards.

If and when the scope of this contract/order includes work by the Contractor to collect, directly from NRC employees or the Public, requirements for the procurement, development, maintenance or use of ICT the Contractor shall identify the needs of users with disabilities in conformance to section E203.2.

C.1.7.6 ICT Accessibility Deliverables The Contractor shall provide the following ICT accessibility deliverables, when within the scope of this contract/order.

C.1.8.6.1 Accessibility Conformance Report (ACR)

This report shall be submitted for ICT products, systems or application deliverables. A written ACR shall be based on the Voluntary Product Accessibility Template (VPAT), as specified at https://www.itic.org/policy/accessibility/vpat or provide equivalent information. This report has the purpose to document the state of conformance to the Revised 508 Standards for the subject product, system or application.

C.1.7.6.2 Supplemental Accessibility Report (SAR)

This report shall be submitted for ICT products, systems or application deliverables that have been custom developed or integrated by the Contractor to meet contract/order requirements. A written SAR shall contain:

a) Description of evaluation methods used to produce the ACR, to demonstrate due diligence in supporting conformance claims; b) Information on core functions that cant be used by persons with disabilities; and, c) Information on how to configure and install the ICT item to support accessibility C.1.7.6.3 ICT Support Documentation This documentation shall be submitted for ICT products, systems or application deliverables.

The support documentation shall include:

a) Documentation of features that help achieve accessibility and compatibility with assistive technology for persons with disabilities (as required by section 602 of 36 CFR § 1194);

b) For authoring tools that generate content (documents, reports, videos, multimedia, web content, etc.): Information on how the tool enables the creation of accessible electronic content that conforms to the Revised 508 Standards (see section 504 of 36 CFR § 1194), including the Page 14

31310020A0003/31310021F0006 range of accessible user interface elements the tool can create; c) For platform software (as defined in section E103.4 of 36 CFR § 1194) and software tools that are provided by a platform developer: Documentation on the set of accessibility services that support applications running on the platform to interoperate with assistive technology, as required by section 502.3 of 36 CFR § 1194.

C.1.7.6.4 ICT Support Documentation (Alternate Formats)

Upon request, alternate formats for non-electronic support documentation shall be provided (as required by section 602.4 of 36 CFR § 1194).

C.1.7.6.5 Document Accessibility Checklist This checklist shall be submitted for ICT electronic content deliverables that are documents (as defined in section E103 of 36 CFR § 1194), if the requirement is specified elsewhere in this acquisition that testing be performed. A completed checklist summarising the subject documents state of conformance to the applicable WCAG 2.0 Level A and AA Success Criteria (as referenced in section E205.4 and 702.10 of 36 CFR § 1194) and, for PDF files, ISO 14289-1 (PDF/UA-1).

C.1.7.6.6 Communication to ICT Users When the Contractor is providing ICT support services (including, but not limited to help desks, call centers, training services, and automated self-service technical support), any communication to ICT users shall accommodate the communication needs of individuals with disabilities (see section 603.3 of 36 CFR § 1194) and include information on accessibility and compatibility features (see 603.2 of 36 CFR § 1194).

C.1.8 Applicable Publications (Current Editions)

The contractor shall comply with the following applicable regulations, publications, manuals, and local policies and procedures:

1. NRC Policies, Procedures and Standards (CSO internal website): NRC OCIO/CSO Policies
2. All NRC MDs (public website): http://www.nrc.gov/reading-rm/doc-collections/management-directives/
3. NIST SP and FIPS documentation is located at: http://csrc.nist.gov/
4. CNSS documents are located at: http://www.cnss.gov/

C.1.9 Security Requirements The contractor shall be required to return NRC issued Personal Identification Verification (PIV) cards/badges to the COR at the end of the contract period of performance. If a contractor voluntarily leaves the company, the badge must be returned on the employees final day of employment. Once the badge is returned to the NRC, the contractor will no longer have access to NRC buildings, sensitive automated information technology systems or data. Additional information related to the returning of PIV badges can be found in MD 12.1, Section 5.

Page 15

31310020A0003/31310021F0006 D - Packaging and Marking D.1 PACKAGING AND MARKING (a) The Contractor shall package material for shipment to the NRC in such a manner that will ensure acceptance by common carrier and safe delivery at destination. Containers and closures shall comply with the Surface Transportation Board, Uniform Freight Classification Rules, or regulations of other carriers as applicable to the mode of transportation.

(b) On the front of the package, the Contractor shall clearly identify the contract number under which the product is being provided.

(c) Additional packaging and/or marking requirements are as follows: NA.

D.2 BRANDING The Contractor is required to use the statement below in any publications, presentations, articles, products, or materials funded under this contract/order, to the extent practical, in order to provide NRC with recognition for its involvement in and contribution to the project. If the work performed is funded entirely with NRC funds, then the contractor must acknowledge that information in its documentation/presentation.

Work Supported by the U.S. Nuclear Regulatory Commission (NRC), Office of Administration (ADM), under Contract/order number 31310020A0003/31310021F0006.

Page 16

31310020A0003/31310021F0006 E - Inspection and Acceptance E.1 INSPECTION AND ACCEPTANCE BY THE NRC (SEP 2013)

Inspection and acceptance of the deliverable items to be furnished hereunder shall be made by the NRC Contracting Officers Representative (COR) at the destination, accordance with FAR 52.247 F.o.b. Destination.

Contract Deliverables:

1. See Section C.1.7 List of Deliverables of the Statement of Work
2. []
3. []
4. []
5. []

Page 17

31310020A0003/31310021F0006 F - Deliveries or Performance F.1 PLACE OF DELIVERY-REPORTS The items to be furnished hereunder shall be delivered, with all charges paid by the Contractor, to:

BPA Call COR Leah Kube Leah.Kube@nrc.gov and BPA Call ACOR Diem Le Diem.Le@nrc.gov F.2 TASK/DELIVERY ORDER PERIOD OF PERFORMANCE (SEP 2013)

This order shall commence on May 9, 2021 and will expire on May 8, 2022. The term of this contract may be extended at the option of the Government for up to an additional 4 years, from May 9, 2022 to May 8, 2026.

Base Period: May 9, 2021 - May 8, 2022.

Option Period 1: May 9, 2022 - May 8, 2023 Option Period 2: May 9, 2023 - May 8, 2024 Option Period 3: May 9, 2024 - May 8, 2025 Option Period 4: May 9, 2025 - May 8, 2026 Page 18

31310020A0003/31310021F0006 G - Contract Administration Data NRC Local Clauses Incorporated by Full Text G.1 REGISTRATION IN FEDCONNECT (JULY 2014)

The Nuclear Regulatory Commission (NRC) uses Unison Software Systems secure and auditable two-way web portal, FedConnect, to communicate with vendors and contractors.

FedConnect provides bi-directional communication between the vendor/contractor and the NRC throughout pre-award, award, and post-award acquisition phases. Therefore, in order to do business with the NRC, vendors and contractors must register to use FedConnect at https://www.fedconnect.net/FedConnect. The individual registering in FedConnect must have authority to bind the vendor/contractor. There is no charge for using FedConnect. Assistance with FedConnect is provided by Unison Software Systems, not the NRC. FedConnect contact and assistance information is provided on the FedConnect web site at https://www.fedconnect.net/FedConnect.

NRCAR Clauses Incorporated By Full Text G.2 2052.215-71 CONTRACTING OFFICER REPRESENTATIVE AUTHORITY. (OCT 1999)

(a) The contracting officer's authorized representative (hereinafter referred to as the COR) for this contract is:

BPA Call COR Name: Leah Kube Email: Leah.Kube@nrc.gov Phone: 301-415-0669 BPA Call ACOR Name: Diem Le Email: Diem.Le@nrc.gov Phone: 301-415-7114 (b) Performance of the work under this contract is subject to the technical direction of the NRC COR. The term "technical direction" is defined to include the following:

(1) Technical direction to the contractor which shifts work emphasis between areas of work or tasks, authorizes travel which was unanticipated in the Schedule (i.e., travel not contemplated in the Statement of Work (SOW) or changes to specific travel identified in the SOW), fills in details, or otherwise serves to accomplish the contractual SOW.

(2) Provide advice and guidance to the contractor in the preparation of drawings, specifications, or technical portions of the work description.

(3) Review and, where required by the contract, approval of technical reports, drawings, specifications, and technical information to be delivered by the contractor to the Government under the contract.

Page 19

31310020A0003/31310021F0006 (c) Technical direction must be within the general statement of work stated in the contract. The COR does not have the authority to and may not issue any technical direction which:

(1) Constitutes an assignment of work outside the general scope of the contract.

(2) Constitutes a change as defined in the "Changes" clause of this contract.

(3) In any way causes an increase or decrease in the total estimated contract cost, the fixed fee, if any, or the time required for contract performance.

(4) Changes any of the expressed terms, conditions, or specifications of the contract.

(5) Terminates the contract, settles any claim or dispute arising under the contract, or issues any unilateral directive whatever.

(d) All technical directions must be issued in writing by the COR or must be confirmed by the COR in writing within ten (10) working days after verbal issuance. A copy of the written direction must be furnished to the contracting officer. A copy of NRC Form 445, Request for Approval of Official Foreign Travel, which has received final approval from the NRC must be furnished to the contracting officer.

(e) The contractor shall proceed promptly with the performance of technical directions duly issued by the COR in the manner prescribed by this clause and within the COR's authority under the provisions of this clause.

(f) If, in the opinion of the contractor, any instruction or direction issued by the COR is within one of the categories as defined in paragraph (c) of this section, the contractor may not proceed but shall notify the contracting officer in writing within five (5) working days after the receipt of any instruction or direction and shall request the contracting officer to modify the contract accordingly. Upon receiving the notification from the contractor, the contracting officer shall issue an appropriate contract modification or advise the contractor in writing that, in the contracting officer's opinion, the technical direction is within the scope of this article and does not constitute a change under the "Changes" clause.

(g) Any unauthorized commitment or direction issued by the COR may result in an unnecessary delay in the contractor's performance and may even result in the contractor expending funds for unallowable costs under the contract.

(h) A failure of the parties to agree upon the nature of the instruction or direction or upon the contract action to be taken with respect thereto is subject to 52.233 Disputes.

(i) In addition to providing technical direction as defined in paragraph (b) of the section, the COR shall:

(1) Monitor the contractor's technical progress, including surveillance and assessment of performance, and recommend to the contracting officer changes in requirements.

Page 20

31310020A0003/31310021F0006 (2) Assist the contractor in the resolution of technical problems encountered during performance.

(3) Review all costs requested for reimbursement by the contractor and submit to the contracting officer recommendations for approval, disapproval, or suspension of payment for supplies and services required under this contract.

(4) Assist the contractor in obtaining the badges for the contractor personnel.

(5) Immediately notify the Security Branch, Division of Facilities and Security (SB/DFS) (via e-mail) when a contractor employee no longer requires access authorization and return of any NRC issued badge to SB/DFS within three days after their termination.

(6) Ensure that all contractor employees that require access to classified Restricted Data or National Security Information or matter, access to sensitive unclassified information (Safeguards, Official Use Only, and Proprietary information) access to sensitive IT systems or data, unescorted access to NRC controlled buildings/space, or unescorted access to protected and vital areas of nuclear power plants receive approval of SB/DFS prior to access in accordance with Management Directive and Handbook 12.3.

(7) For contracts for the design, development, maintenance or operation of Privacy Act Systems of Records, obtain from the contractor as part of closeout procedures, written certification that the contractor has returned to NRC, transferred to the successor contractor, or destroyed at the end of the contract in accordance with instructions provided by the NRC Systems Manager for Privacy Act Systems of Records, all records (electronic or paper) which were created, compiled, obtained or maintained under the contract.

(End of Clause)

Page 21

31310020A0003/31310021F0006 H - Special Contract Requirements H.1 Special Contract Requirements NRC Local Clauses Incorporated by Full Text H.2 GOVERNMENT FURNISHED EQUIPMENT/PROPERTY (a) The NRC will provide the contractor with the following items for use under this contract:

1. NRC Standard Laptop
2. []
3. []

Include an asterisk (*) if the item also applies to paragraph (b) below.

(b) The equipment/property listed below is hereby transferred from contract/agreement number:[], to contract/agreement number:[]:

1. []
2. []
3. []

(c) Only the equipment/property listed above in the quantities shown will be provided by the Government. The contractor shall be responsible and accountable for all Government property provided under this contract and shall comply with the provisions of the FAR Government Property Clause under this contract and FAR Subpart 45.5, as in effect on the date of this contract. The contractor shall investigate and provide written notification to the NRC Contracting Officer (CO) and the NRC Division of Facilities and Security, Physical Security Branch of all cases of loss, damage, or destruction of Government property in its possession or control not later than 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> after discovery. The contractor must report stolen Government property to the local police and a copy of the police report must be provided to the CO and to the Division of Facilities and Security, Office of Administration.

(d) All other equipment/property required in performance of the contract shall be furnished by the Contractor.

H.3 AWARD NOTIFICATION AND COMMITMENT OF PUBLIC FUNDS (a) All offerors will receive preaward and postaward notices in accordance with FAR 15.503.

(b) It is also brought to your attention that the contracting officer is the only individual who can legally obligate funds or commit the NRC to the expenditure of public funds in connection with this procurement. This means that unless provided in a contract document or specifically authorized by the contracting officer, NRC technical personnel may not issue contract modifications, give formal contractual commitments, or otherwise bind, commit, or obligate the NRC contractually. Informal unauthorized commitments, which do not obligate the NRC and do not entitle the contractor to payment, may include:

Page 22

31310020A0003/31310021F0006 (1) Encouraging a potential contractor to incur costs prior to receiving a contract; (2) Requesting or requiring a contractor to make changes under a contract without formal contract modifications; (3) Encouraging a contractor to incur costs under a cost-reimbursable contract in excess of those costs contractually allowable; and (4) Committing the Government to a course of action with regard to a potential contract, contract change, claim, or dispute.

Page 23

31310020A0003/31310021F0006 I - Contract Clauses NRC Local Clauses Incorporated by Full Text I.1 NRC ACQUISTION REGULATION (NRCAR) PROVISIONS AND CLAUSES (AUG 2011)

Applicable NRCAR provisions and clauses located in 48 CFR Chapter 20 are hereby incorporated by reference into this contract/order.

NRCAR Clauses Incorporated By Full Text I.2 2052.215-77 TRAVEL APPROVALS AND REIMBURSEMENT. (OCT 1999)

(a) All foreign travel must be approved in advance by the NRC on NRC Form 445, Request for Approval of Official Foreign Travel, and must be in compliance with FAR 52.247-63 Preference for U.S. Flag Air Carriers. The contractor shall submit NRC Form 445 to the NRC no later than 30 days before beginning travel.

(b) The contractor must receive written approval from the NRC Project Officer before taking travel that was unanticipated in the Schedule (i.e., travel not contemplated in the Statement of Work, or changes to specific travel identified in the Statement of Work).

(c) The contractor will be reimbursed only for travel costs incurred that are directly related to this contract and are allowable subject to the limitations prescribed in FAR 31.205-46.

(d) It is the responsibility of the contractor to notify the contracting officer in accordance with the Limitations of Cost clause of this contract when, at any time, the contractor learns that travel expenses will cause the contractor to exceed the estimated costs specified in the Schedule.

(e) Reasonable travel costs for research and related activities performed at State and nonprofit institutions, in accordance with Section 12 of Pub. L. 100-679, must be charged in accordance with the contractor's institutional policy to the degree that the limitations of Office of Management and Budget (OMB) guidance are not exceeded. Applicable guidance documents include OMB Circular A-87, Cost Principles for State and Local Governments; OMB Circular A-122, Cost Principles for Nonprofit Organizations; and OMB Circular A-21, Cost Principles for Educational Institutions.

(End of Clause)

FAR Clauses Incorporated By Reference 52.227-14 RIGHTS IN DATA-GENERAL. (MAY 2014)

FAR Clauses Incorporated By Full Text I.3 52.204-25 PROHIBITION ON CONTRACTING FOR CERTAIN TELECOMMUNICATIONS AND VIDEO SURVEILLANCE SERVICES OR EQUIPMENT. (AUG 2020)

(a) Definitions. As used in this clause-Page 24

31310020A0003/31310021F0006 Backhaul means intermediate links between the core network, or backbone network, and the small subnetworks at the edge of the network (e.g., connecting cell phones/towers to the core telephone network). Backhaul can be wireless (e.g., microwave) or wired (e.g.,

fiber optic, coaxial cable, Ethernet).

Covered foreign country means The People's Republic of China.

Covered telecommunications equipment or services means-(1) Telecommunications equipment produced by Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate of such entities);

(2) For the purpose of public safety, security of Government facilities, physical security surveillance of critical infrastructure, and other national security purposes, video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of such entities);

(3) Telecommunications or video surveillance services provided by such entities or using such equipment; or (4) Telecommunications or video surveillance equipment or services produced or provided by an entity that the Secretary of Defense, in consultation with the Director of National Intelligence or the Director of the Federal Bureau of Investigation, reasonably believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country.

Critical technology means-(1) Defense articles or defense services included on the United States Munitions List set forth in the International Traffic in Arms Regulations under subchapter M of chapter I of title 22, Code of Federal Regulations; (2) Items included on the Commerce Control List set forth in Supplement No. 1 to part 774 of the Export Administration Regulations under subchapter C of chapter VII of title 15, Code of Federal Regulations, and controlled-(i) Pursuant to multilateral regimes, including for reasons relating to national security, chemical and biological weapons proliferation, nuclear nonproliferation, or missile technology; or (ii) For reasons relating to regional stability or surreptitious listening; (3) Specially designed and prepared nuclear equipment, parts and components, materials, software, and technology covered by part 810 of title 10, Code of Federal Regulations (relating to assistance to foreign atomic energy activities);

(4) Nuclear facilities, equipment, and material covered by part 110 of title 10, Code of Federal Regulations (relating to export and import of nuclear equipment and material);

Page 25

31310020A0003/31310021F0006 (5) Select agents and toxins covered by part 331 of title 7, Code of Federal Regulations, part 121 of title 9 of such Code, or part 73 of title 42 of such Code; or (6) Emerging and foundational technologies controlled pursuant to section 1758 of the Export Control Reform Act of 2018 (50 U.S.C. 4817).

Interconnection arrangements means arrangements governing the physical connection of two or more networks to allow the use of another's network to hand off traffic where it is ultimately delivered (e.g., connection of a customer of telephone provider A to a customer of telephone company B) or sharing data and other information resources.

Reasonable inquiry means an inquiry designed to uncover any information in the entity's possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity that excludes the need to include an internal or third-party audit.

Roaming means cellular communications services (e.g., voice, video, data) received from a visited network when unable to connect to the facilities of the home network either because signal coverage is too weak or because traffic is too high.

Substantial or essential component means any component necessary for the proper function or performance of a piece of equipment, system, or service.

(b) Prohibition. (1) Section 889(a)(1)(A) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. 115-232) prohibits the head of an executive agency on or after August 13, 2019, from procuring or obtaining, or extending or renewing a contract to procure or obtain, any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system. The Contractor is prohibited from providing to the Government any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, unless an exception at paragraph (c) of this clause applies or the covered telecommunication equipment or services are covered by a waiver described in FAR 4.2104.

(2) Section 889(a)(1)(B) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. 115-232) prohibits the head of an executive agency on or after August 13, 2020, from entering into a contract, or extending or renewing a contract, with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, unless an exception at paragraph (c) of this clause applies or the covered telecommunication equipment or services are covered by a waiver described in FAR 4.2104. This prohibition applies to the use of covered telecommunications equipment or services, regardless of whether that use is in performance of work under a Federal contract.

(c) Exceptions. This clause does not prohibit contractors from providing-Page 26

31310020A0003/31310021F0006 (1) A service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements; or (2) Telecommunications equipment that cannot route or redirect user data traffic or permit visibility into any user data or packets that such equipment transmits or otherwise handles.

(d) Reporting requirement. (1) In the event the Contractor identifies covered telecommunications equipment or services used as a substantial or essential component of any system, or as critical technology as part of any system, during contract performance, or the Contractor is notified of such by a subcontractor at any tier or by any other source, the Contractor shall report the information in paragraph (d)(2) of this clause to the Contracting Officer, unless elsewhere in this contract are established procedures for reporting the information; in the case of the Department of Defense, the Contractor shall report to the website at https://dibnet.dod.mil. For indefinite delivery contracts, the Contractor shall report to the Contracting Officer for the indefinite delivery contract and the Contracting Officer(s) for any affected order or, in the case of the Department of Defense, identify both the indefinite delivery contract and any affected orders in the report provided at https://dibnet.dod.mil.

(2) The Contractor shall report the following information pursuant to paragraph (d)(1) of this clause:

(i) Within one business day from the date of such identification or notification: The contract number; the order number(s), if applicable; supplier name; supplier unique entity identifier (if known); supplier Commercial and Government Entity (CAGE) code (if known); brand; model number (original equipment manufacturer number, manufacturer part number, or wholesaler number); item description; and any readily available information about mitigation actions undertaken or recommended.

(ii) Within 10 business days of submitting the information in paragraph (d)(2)(i) of this clause: Any further available information about mitigation actions undertaken or recommended. In addition, the Contractor shall describe the efforts it undertook to prevent use or submission of covered telecommunications equipment or services, and any additional efforts that will be incorporated to prevent future use or submission of covered telecommunications equipment or services.

(e) Subcontracts. The Contractor shall insert the substance of this clause, including this paragraph (e) and excluding paragraph (b)(2), in all subcontracts and other contractual instruments, including subcontracts for the acquisition of commercial items.

(End of clause)

I.4 52.217-8 OPTION TO EXTEND SERVICES. (NOV 1999)

The Government may require continued performance of any services within the limits and at the rates specified in the contract. These rates may be adjusted only as a result of revisions to prevailing labor rates provided by the Secretary of Labor. The option provision may be Page 27

31310020A0003/31310021F0006 exercised more than once, but the total extension of performance hereunder shall not exceed 6 months. The Contracting Officer may exercise the option by written notice to the Contractor within anytime prior to contract expiration.

(End of clause)

I.5 52.217-9 OPTION TO EXTEND THE TERM OF THE CONTRACT. (MAR 2000)

(a) The Government may extend the term of this contract by written notice to the Contractor within anytime prior to contract expiration; provided that the Government gives the Contractor a preliminary written notice of its intent to extend at least 5 days before the contract expires. The preliminary notice does not commit the Government to an extension.

(b) If the Government exercises this option, the extended contract shall be considered to include this option clause.

(c) The total duration of this contract, including the exercise of any options under this clause, shall not exceed 5.5 years.

(End of clause)

I.6 52.232-19 AVAILABILITY OF FUNDS FOR THE NEXT FISCAL YEAR. (APR 1984)

Funds are not presently available for performance under this contract beyond 2021. The Government's obligation for performance of this contract beyond that date is contingent upon the availability of appropriated funds from which payment for contract purposes can be made.

No legal liability on the part of the Government for any payment may arise for performance under this contract beyond 2021, until funds are made available to the Contracting Officer for performance and until the Contractor receives notice of availability, to be confirmed in writing by the Contracting Officer.

(End of clause)

I.7 52.232-22 LIMITATION OF FUNDS. (APR 1984)

(a) The parties estimate that performance of this contract will not cost the Government more than (1) the estimated cost specified in the Schedule or, (2) if this is a cost-sharing contract, the Government's share of the estimated cost specified in the Schedule. The Contractor agrees to use its best efforts to perform the work specified in the Schedule and all obligations under this contract within the estimated cost, which, if this is a cost-sharing contract, includes both the Government's and the Contractor's share of the cost.

(b) The Schedule specifies the amount presently available for payment by the Government and allotted to this contract, the items covered, the Government's share of the cost if this is a cost-sharing contract, and the period of performance it is estimated the allotted amount will cover. The parties contemplate that the Government will allot additional funds incrementally to the contract up to the full estimated cost to the Government specified in the Schedule, exclusive of any fee. The Contractor agrees to perform, or have performed, work on the contract up to the point at which the total Page 28

31310020A0003/31310021F0006 amount paid and payable by the Government under the contract approximates but does not exceed the total amount actually allotted by the Government to the contract.

(c) The Contractor shall notify the Contracting Officer in writing whenever it has reason to believe that the costs it expects to incur under this contract in the next 60 days, when added to all costs previously incurred, will exceed 75 percent of (1) the total amount so far allotted to the contract by the Government or, (2) if this is a cost-sharing contract, the amount then allotted to the contract by the Government plus the Contractor's corresponding share. The notice shall state the estimated amount of additional funds required to continue performance for the period specified in the Schedule.

(d) Sixty days before the end of the period specified in the Schedule, the Contractor shall notify the Contracting Officer in writing of the estimated amount of additional funds, if any, required to continue timely performance under the contract or for any further period specified in the Schedule or otherwise agreed upon, and when the funds will be required.

(e) If, after notification, additional funds are not allotted by the end of the period specified in the Schedule or another agreed-upon date, upon the Contractor's written request the Contracting Officer will terminate this contract on that date in accordance with the provisions of the Termination clause of this contract. If the Contractor estimates that the funds available will allow it to continue to discharge its obligations beyond that date, it may specify a later date in its request, and the Contracting Officer may terminate this contract on that later date.

(f) Except as required by other provisions of this contract, specifically citing and stated to be an exception to this clause (1) the Government is not obligated to reimburse the Contractor for costs incurred in excess of the total amount allotted by the Government to this contract and (2) the Contractor is not obligated to continue performance under this contract (including actions under the Termination clause of this contract) or otherwise incur costs in excess of (i) the amount then allotted to the contract by the Government or (ii) if this is a cost-sharing contract, the amount then allotted by the Government to the contract plus the Contractor's corresponding share, until the Contracting Officer notifies the Contractor in writing that the amount allotted by the Government has been increased and specifies an increased amount, which shall then constitute the total amount allotted by the Government to this contract.

(g) The estimated cost shall be increased to the extent that (1) the amount allotted by the Government or, (2) if this is a cost-sharing contract, the amount then allotted by the Government to the contract plus the Contractor's corresponding share, exceeds the estimated cost specified in the Schedule. If this is a cost-sharing contract, the increase shall be allocated in accordance with the formula specified in the Schedule.

(h) No notice, communication, or representation in any form other than that specified in subparagraph (f)(2) above, or from any person other than the Contracting Officer, shall affect the amount allotted by the Government to this contract. In the absence of the specified notice, the Government is not obligated to reimburse the Contractor for any costs in excess of the total amount allotted by the Government to this contract, whether incurred during the course of the contract or as a result of termination.

Page 29

31310020A0003/31310021F0006 (i) When and to the extent that the amount allotted by the Government to the contract is increased, any costs the Contractor incurs before the increase that are in excess of (1) The amount previously allotted by the Government or (2) if this is a cost-sharing contract, the amount previously allotted by the Government to the contract plus the Contractor's corresponding share, shall be allowable to the same extent as if incurred afterward, unless the Contracting Officer issues a termination or other notice and directs that the increase is solely to cover termination or other specified expenses.

(j) Change orders shall not be considered an authorization to exceed the amount allotted by the Government specified in the Schedule, unless they contain a statement increasing the amount allotted.

(k) Nothing in this clause shall affect the right of the Government to terminate this contract. If this contract is terminated, the Government and the Contractor shall negotiate an equitable distribution of all property produced or purchased under the contract, based upon the share of costs incurred by each.

(l) If the Government does not allot sufficient funds to allow completion of the work, the Contractor is entitled to a percentage of the fee specified in the Schedule equalling the percentage of completion of the work contemplated by this contract.

(End of clause)

I.8 52.237-3 CONTINUITY OF SERVICES. (JAN 1991)

(a) The Contractor recognizes that the services under this contract are vital to the Government and must be continued without interruption and that, upon contract expiration, a successor, either the Government or another contractor, may continue them. The Contractor agrees to (1) furnish phase-in training and (2) exercise its best efforts and cooperation to effect an orderly and efficient transition to a successor.

(b) The Contractor shall, upon the Contracting Officer's written notice, (1) furnish phase-in, phase-out services for up to 90 days after this contract expires and (2) negotiate in good faith a plan with a successor to determine the nature and extent of phase-in, phase-out services required. The plan shall specify a training program and a date for transferring responsibilities for each division of work described in the plan, and shall be subject to the Contracting Officer's approval. The Contractor shall provide sufficient experienced personnel during the phase-in, phase-out period to ensure that the services called for by this contract are maintained at the required level of proficiency.

(c) The Contractor shall allow as many personnel as practicable to remain on the job to help the successor maintain the continuity and consistency of the services required by this contract. The Contractor also shall disclose necessary personnel records and allow the successor to conduct on-site interviews with these employees. If selected employees are agreeable to the change, the Contractor shall release them at a mutually agreeable date and negotiate transfer of their earned fringe benefits to the successor.

(d) The Contractor shall be reimbursed for all reasonable phase-in, phase-out costs (i.e.,

costs incurred within the agreed period after contract expiration that result from phase-in, Page 30

31310020A0003/31310021F0006 phase-out operations) and a fee (profit) not to exceed a pro rata portion of the fee (profit) under this contract.

(End of clause)

I.9 52.252-2 CLAUSES INCORPORATED BY REFERENCE. (FEB 1998)

This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address(es): This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address(es):

https://www.acquisition.gov/browse/index/far https://www.acquisition.gov/nrcar (End of clause)

Page 31

31310020A0003/31310021F0006 J - List of Documents, Exhibits and Other Attachments Number Attachment Title Date of Number Pages 1 IV&V STAQS Price Schedule xlsx 03/17/2021 1 Instructions_ IPP Billing Instructions for Labor-Hour 2 04/14/2021 7 or Time-and-Materials Contracts Page 32