Automated Fingerprint Matcher Systems Equipment and Services Blanket Purchase Agreement - Immigration and Naturalization Service and Cogent Systems Inc.
AUTOMATED FINGERPRINT MATCHER SYSTEMS
EQUIPMENT AND SERVICES
BLANKET PURCHASE AGREEMENT (BPA)
COW-2-A-0052
[GRAPHIC]
INS Headquarters Procurement Division
425 I Street, NW, R.2208
Washington, D.C. 20536
Immigration and Naturalization Service | Matchers BPA | Acquisition Management Branch | ||
TABLE OF CONTENTS
1. | AUTOMATED FINGERPRINT MATCHER SYSTEMS EQUIPMENT AND SERVICES BLANKET PURCHASE AGREEMENT (BPA) | 1 | ||
1.1 | Background | 1 | ||
1.2 | Blanket Purchase Agreement | 1 | ||
2. | BPA TERMS AND CONDITIONS | 3 | ||
2.1 | Federal Supply Schedule | 3 | ||
2.2 | Delivery | 3 | ||
2.3 | BPA Volume | 3 | ||
2.4 | Obligation | 3 | ||
2.5 | Expiration | 4 | ||
2.6 | Ordering Officers | 4 | ||
2.7 | Ordering Procedures | 4 | ||
2.8 | Award of Orders Under the BPA | 4 | ||
2.9 | Invoicing | 5 | ||
2.10 | Invoice Distribution | 5 | ||
2.11 | Order of Precedence | 6 | ||
2.12 | Teaming | 6 | ||
2.13 | Security Requirements | 6 | ||
2.13.1 | General | 6 | ||
2.13.2 | Suitability Determination | 6 | ||
2.13.3 | Background Investigations | 7 | ||
2.13.4 | Continued Eligibility | 8 | ||
2.13.5 | Employment Eligibility | 8 | ||
2.13.6 | Security Management | 9 | ||
2.13.7 | Information Technology Security Clearance | 9 | ||
2.13.8 | Information Technology Security Training and Oversight | 9 | ||
2.13.9 | Minimum Computer and Telecommunications Security Requirements | 9 | ||
2.13.10 | C&TS in the INS Systems Development Life Cycle (SDLC) | 10 | ||
2.13.11 | Security Assurances | 10 | ||
2.13.12 | Data Security | 11 | ||
2.14 | Government Furnished Property (GFP) | 11 | ||
2.15 | Contractor Location and Response Times | 12 | ||
2.16 | Key Personnel | 12 | ||
2.16.1 | Substitution or Diversion of Key Personnel | 12 | ||
2.16.2 | Designation of Key Personnel by Order | 12 | ||
2.16.3 | Employment of Key Personnel | 12 |
1
Immigration and Naturalization Service | Matchers BPA | Acquisition Management Branch | ||
1. AUTOMATED FINGERPRINT MATCHER SYSTEMS EQUIPMENT
AND SERVICES BLANKET PURCHASE AGREEMENT (BPA)
1.1 | Background |
In carrying out its responsibilities for the enforcement of US Immigration Laws, the Immigration and Naturalization Service (INS) performs fingerprint identification for individuals, in association with entry into the US and the application for various classes of immigration benefits. INS has defined requirements to create repositories of fingerprint identification records for several classes of individuals including, for example, criminal aliens, recidivist illegal border crossers, and asylum applicants. The currently defined repositories are projected to grow to sizes ranging from a few million records to 30 million records or more. Fingerprint identification processing is performed by the INS IDENT system. As existing repositories continue to grow in size, and as new repositories are brought on-line, the identification matching capabilities of IDENT must be expanded to maintain required levels of response time performance. The open architecture design of the IDENT system enables the use of a heterogeneous mix of independent fingerprint matcher subsystems, each in a configuration optimized to meet the specific performance requirements of its associated repository application.
When requirements for a specific IDENT repository application are defined, the requirements will be communicated to BPA holders in a BPA Request for Quotation (RFQ), or Call for a delivery or task order as applicable. The BPA Contractor will be required to submit an abbreviated response with information such as initial and annual expansion configurations, performance, installation requirements, etc. Unless deemed technically acceptable previously, proposed products may be required to undergo pre-award in-use testing at INS as a pre-condition of vendor selection for a particular repository application. Unless disqualified by this testing or post-award operational acceptance testing, matcher components provided by the selected manufacturer may be used exclusively for a specific repository application. Throughout the establishment and growth phases of that repository, only components of the previously competitively selected manufacturer may be used due to the proprietary and incompatible nature of the matching subsystem algorithms of differing manufacturers. The Contractor by their signature certify their understanding that INS desires follow-on competition among INS BPA resellers who possess the required equipment and services for a given repository application.
1.2 | Blanket Purchase Agreement |
In the spirit of the Federal Acquisition Streamlining Act, the Immigration & Naturalization Service and
(Cogent Systems Inc.)
enter into an exclusive blanket purchase agreement to further reduce the administrative cost of acquiring commercial products and services from the General Services Administration (GSA) Federal Supply Schedule contract(s).
1
Immigration and Naturalization Service | Matchers BPA | Acquisition Management Branch | ||
Federal Supply Schedule contract BPAs eliminate contracting and open market costs such as the search for sources; the development of technical documents and solicitations; and the evaluation of bids and offers. Contractor Term Arrangements are permitted with Federal Supply Schedule contractors in accordance with Federal Acquisition Regulation (FAR) 9.6.
This BPA will further decrease costs, reduce paperwork, and save time by eliminating the need for repetitive individual purchases from the Schedule contract. The end result is to create a purchasing mechanism for the Government that works better and costs less.
Signatures:
INS Contracting Officer | ||||||
Illegible |
Contracting officer |
/s/ Illegible | 7/11/02 | |||
Printed Name | INS Title | Signature | Date | |||
Contractor | ||||||
Illegible |
Illegible |
/s/ Illegible | 7/11/02 | |||
Printed Name | Company Title | Signature | Date |
2
Immigration and Naturalization Service | Matchers BPA | Acquisition Management Branch | ||
2. BPA TERMS AND CONDITIONS
This section presents the general requirements applicable to the Automated Fingerprint Matcher Systems Equipment and Services Blanket Purchase Agreement (BPA) Contractor, including security, Government Furnished Property (GFP), Contractor location, contract management, and key personnel requirements.
The following contract services/products can be ordered under this BPA. This BPA is being offered to Cogent Systems Inc. for the aforementioned equipment and services. However, each order issued shall be competed among several BPAs to determine the best value to the government. It is anticipated that the vast majority of orders in terms of dollar value will be for equipment including equipment-related maintenance and warranty services. Unless deemed technically acceptable previously, proposed products may be required to undergo pre-award in-use testing at INS as a pre-condition of vendor selection for a particular repository application. Listed discounts shall apply to the current GSA Schedule Price. It is the responsibility of the Offeror to notify the Contracting Officer of GSA Schedule price changes affecting line items or categories of equipment and services listed in this BPA. Cogent Systems Inc. shall provide their discounts on a per order basis. For orders issued under this BPA, the price paid shall be the GSA Schedule price in effect at the time the order is issued less applicable discounts under this BPA. All orders placed against this BPA are subject to the terms and conditions of the GSA Schedule contract.
2.1 | Federal Supply Schedule |
All orders placed against this BPA are subject to the terms and conditions of the Federal Supply Schedule. Furthermore, all orders shall be competed among several BPAs to determine the best value to the government.
2.2 | Delivery |
Delivery destination and schedule will be specified in each order.
2.3 | BPA Volume |
The government estimates, but does not guarantee, that the volume of purchases through this agreement will be $98,000,000 over 60 months.
2.4 | Obligation |
This BPA does not obligate any funds.
3
Immigration and Naturalization Service | Matchers BPA | Acquisition Management Branch | ||
2.5 | Expiration |
This BPA expires at the end of the current Offerors GSA Schedule contract period or each subsequent contract period for which GSA extends the GSA Schedule contract by modification, in which case this BPA will be comparably extended by modification.
2.6 | Ordering Officers |
The following Contracting Officers are hereby authorized to place orders under this BPA:
John A. Russo, Jr. | Madan M. Kar | |
425 I Street, NW, Room 2208 | 425 I Street, NW, Room 2208 | |
Washington, DC 20536 | Washington, DC 20536 | |
(202) 305-8379 | (202) 514-1429 |
2.7 | Ordering Procedures |
Orders will be placed against this BPA via facsimile or hard copy.
2.8 | Award of Orders Under the BPA |
Orders shall be competed among the technically eligible BPA holders. Orders for fixed price equipment-related services (repair services etc.) shall conform to the applicable SIN terms and conditions.
The basis for award of competed orders will be specified in the RFQ applicable to the order being competed. Orders shall be competed on a beat value basis.
Offerors may or may not be contacted prior to the placement of an order for further discounts or concessions on terms such as warranty and the like. Each Offeror will have had the opportunity to present its best offer at the time it was solicited for its BPA and in its quarterly update to its prices. Orders shall be awarded on a best value basis to the Offeror whose offer on any given order is deemed to constitute the best value to the Government. Best value considerations may include but are not limited to:
| Special features of the supply or service that are required in effective program performance and that are not provided by a comparable supply or service; |
| Price and price-related terms such as warranties; |
| Trade-in considerations; |
| Probable life of the item selected as compared with that of a comparable item; |
4
Immigration and Naturalization Service | Matchers BPA | Acquisition Management Branch | ||
| Warranty considerations; |
| Maintenance availability; |
| Past performance; and |
| Environmental and energy efficiency considerations. |
2.9 | Invoicing |
Unless otherwise agreed to, all deliveries under this BPA shall be accompanied by delivery tickets or sales slips that must contain the following information as a minimum:
(a) | Name of contractor; |
(b) | Contract number; |
(c) | BPA number; |
(d) | Labor category; |
(e) | Order number; |
(f) | Date of order; |
(g) | Quantity, unit price, and extension of each item (unit prices and extensions need not be shown when incompatible with the use of automated systems; provided, that the invoice is itemized to show the information); and |
(h) | Performance period. |
2.10 | Invoice Distribution |
The requirements of a proper invoice are as specified in the Federal Supply Schedule contract. The contractor shall submit invoices as follows:
Original invoice to:
One (1) Copy to the COTR:
Ms. Sandra Smith
Immigration and Naturalization Service
Acquisition Management Branch
801 I Street NW, Room: 730
Washington, DC 20536
5
Immigration and Naturalization Service | Matchers BPA | Acquisition Management Branch | ||
One (1) Copy to the Primary Contracting Officer:
Contracting Officer will be identified at time of award
Immigration and Naturalization Service
Headquarters Procurement Office
425 I Street, NW, Room 2208
Washington DC, 20536
(202) 514-5417
2.11 | Order of Precedence |
The terms and conditions included in this BPA apply to all purchases made pursuant to it. In the event of an inconsistency between the provisions of this BPA and the Contractors invoice, the provisions of this BPA will take precedence.
2.12 | Teaming |
Contractor teaming arrangements are permitted with FSS contractors per FAR 9.6.
The team leader is
(Insert Team Leader & GSA Schedule)
The team members are
(Insert Team Members & GSA Schedule)
2.13 | Security Requirements |
2.13.1 | General |
INS has determined that performance of this contract requires that the Contractor, subcontractor(s), vendor(s), etc. (herein known as Contractor), requires access to sensitive INS information, and that the Contractor will adhere to the following.
2.13.2 | Suitability Determination |
INS shall have and exercise full control over granting, denying, withholding or terminating unescorted government facility and/or sensitive Government information access for Contractor employees, based upon the results of a background investigation. INS may, as it deems appropriate, authorize and make a favorable entry on duty (EOD) decision based on preliminary security checks. The favorable EOD decision would allow the employees to commence work temporarily prior to the completion of the full investigation. The granting of a favorable EOD decision shall not be considered as assurance that a full employment suitability authorization will follow as a result thereof. The granting of a favorable EOD decision or a full employment
6
Immigration and Naturalization Service | Matchers BPA | Acquisition Management Branch | ||
suitability determination shall in no way prevent, preclude, or bar the withdrawal or termination of any such access by INS, at any time during the term of the contract. No employee of the Contractor shall be allowed unescorted access to a Government facility without a favorable EOD decision or suitability determination by the Security Office. Contract employees assigned to the contract not needing access to sensitive INS information or recurring access to INS facilities will not be subject to security suitability screening.
2.13.3 | Background Investigations |
Contract employees (to include applicants, temporaries, part-time and replacement employees) under the contract, needing access to sensitive information, shall undergo a position sensitivity analysis based on the duties each individual will perform on the contract. The results of the position sensitivity analysis shall identify the appropriate background investigation to be conducted. All background investigations will be processed through the Security Office. Prospective Contractor employees shall submit the following completed forms to the Security Office through the COTR no less than 30 days before the starting date of the contract or 30 days prior to entry on duty of any employees, whether a replacement, addition, subcontractor employee, or vendor:
1. | Standard Form 85P, Questionnaire for Public Trust Positions |
2. | FD Form 258, Fingerprint Card (2 copies) |
3. | Foreign National Relatives or Associates Statement |
4. | Form DOJ-555, Disclosure and Authorization Pertaining to Consumer Reports Pursuant to the Fair Credit Reporting Act |
Required forms will be provided by INS at the time of award of the contract. Only complete packages will be accepted by the Security Office. Specific instructions on submission of packages will be provided upon award of the contract.
Be advised that unless an applicant requiring access to sensitive information has resided in the US for three of the past five years, the Government may not be able to complete a satisfactory background investigation. In such cases, INS retains the right to deem an applicant as ineligible due to insufficient background information.
The Department of Justice (DOJ), in accordance with DOJ Order 2640.2D dated July 12, 2001, does not permit the use of Non-U.S. citizens, including Lawful Permanent Residents (LPRs), in the performance of this contract for any position that involves access to or development of any DOJ IT system. INS will consider only U.S. Citizens and LPRs for employment on this contract. INS will not approve LPRs for employment on this contract in any position that require the LPR to access or assist in the development, operation, management or maintenance of DOJ IT systems. By signing this contract, the contractor agrees to this
7
Immigration and Naturalization Service | Matchers BPA | Acquisition Management Branch | ||
restriction. In those instances where other non-IT requirements contained in the contract can be met by using LPRs, those requirements shall be clearly described.
2.13.4 | Continued Eligibility |
If a prospective employee is found to be ineligible for access to Government facilities or information, the COTR will advise the Contractor that the employee shall not continue to work or to be assigned to work under the contract.
The Security Office may require drug screening for probable cause at any time and/or when the contractor independently identifies, circumstances where probable cause exists.
INS reserves the right and prerogative to deny and/or restrict the facility and information access of any Contractor employee whose actions are in conflict with the DOJ standards of conduct, 5 CFR 2635 and 5 CFR 3801, or whom INS determines to present a risk of compromising sensitive Government information to which he or she would have access under this contract.
The Contractor will report any adverse information coming to their attention concerning contract employees under the contract to INS Security Office. Reports based on rumor or innuendo should not be made. The subsequent termination of employment of an employee does not obviate the requirement to submit this report. The report shall include the employees name and social security number, along with the adverse information being reported.
The Security Office must be notified of all terminations/resignations within five days of occurrence. The Contractor will return any expired INS issued identification cards and building passes, or those of terminated employees to the COTR. If an identification card or building pass is not available to be returned, a report must be submitted to the COTR, referencing the pass or card number, name of individual to whom issued, the last known location and disposition of the pass or card.
2.13.5 | Employment Eligibility |
The Contractor must agree that each employee working on this contract will have a Social Security Card issued and approved by the Social Security Administration. The Contractor shall be responsible to the Government for acts and omissions of his own employees and fix any Subcontractor(s) and their employees.
Subject to existing law, regulations and/or other provisions of this contract, illegal or undocumented aliens will not be employed by the Contractor, or with this contract. The Contractor will ensure that this provision is expressly incorporated into any and all Subcontracts or subordinate agreements issued in support of this contract.
8
Immigration and Naturalization Service | Matchers BPA | Acquisition Management Branch | ||
2.13.6 | Security Management |
The Contractor shall appoint a senior official to act as the Corporate Security Officer. The individual will interface with the Security Office through the COTR on all security matters, to include physical, personnel, and protection of all Government information and data accessed by the Contractor.
The COTR and the Security Office shall have the right to inspect the procedures, methods, and facilities utilized by the Contractor in complying with the security requirements under this contract. Should the COTR determine that the Contractor is not complying with the security requirements of this contract, the Contractor will be informed in writing by the Contracting Officer of the proper action to be taken in order to effect compliance with such requirements.
2.13.7 | Information Technology Security Clearance |
When sensitive government information is processed on INS telecommunications and automated information systems, the Contractor agrees to provide for the administrative control of sensitive data being processed and to adhere to the procedures governing such data as outlined in DOJ Order 2640.2D, Information Technology Security.
2.13.8 | Information Technology Security Training and Oversight |
All contractor employees using automated systems or processing INS sensitive data will be required to receive Security Awareness Training as outlined in the Computer Security Act of 1987. This training will be provided by the INS C&TS Program Office. All personnel who access INS information systems will be continually evaluated while performing these duties. Supervisors should be aware of any unusual or inappropriate behavior by personnel accessing systems. Any unauthorized access, sharing of passwords, or other questionable security procedures should be reported to the local Security Office or CSSO.
2.13.9 | Minimum Computer and Telecommunications Security Requirements |
GENERAL
Due to the sensitive nature of INS information, the Contractor is required to develop and maintain a comprehensive computer and telecommunications security (C&TS) program to address the integrity, confidentiality, and availability of sensitive but unclassified (SBU) information during collection, storage, transmission, and disposal. The Contractors security program shall adhere to the requirements set forth in the DOJ Order 2640.2D, Information Technology Security, INS C&TS Guidance Documents, and other DOJ/INS guidelines and directives regarding information security requirements. The Contractor shall establish a working relationship with the INS C&TS Program Office, headed by the Computer Security Program Manager (CSPM).
9
Immigration and Naturalization Service | Matchers BPA | Acquisition Management Branch | ||
2.13.10 | C&TS in the INS Systems Development Life Cycle (SDLC) |
C&TS activities in the SDLC are outlined in each current version of the INS SDLC Manual. The Contractor shall assist the appropriate INS CSSO with development and completion of all security related activities contained in the SDLC. These activities include development of the following documents:
| Sensitive System Security Plan (SSSP): This is the primary reference that describes system sensitivity, criticality, security controls, policies, and procedures. |
| Contingency Plan (CP): This plan describes the steps to be taken to ensure that an automated system or facility can be recovered from service disruptions in the event of emergencies and/or disasters. |
| Security Guide (SG): This is a manual that provides users and administrators with detailed requirements on how to operate and maintain a system securely. |
| Risk Assessment (RA): This document identifies threats and vulnerabilities, assesses the impacts of the threats, evaluates in-place countermeasures, and identifies additional countermeasures necessary to ensure an acceptable level of security. |
| Security Test and Evaluation (ST&E): This document evaluates each security control and countermeasure to verify operation in the manner intended. Test parameters are established based on results of the RA. |
| Certification and Accreditation (C&A): This program establishes the extent to which a particular design and implementation of an automated system and the facilities housing that system meet a specified set of security requirements, based on the ST&E of security features and other technical requirements (certification), and the management authorization and approval of a system to process sensitive but unclassified information (accreditation). |
2.13.11 | Security Assurances |
DOJ Order 2640.2D encourages the use of International Standard 15408, Common Criteria for Information Technology Security Evaluation, for evaluating computer systems used for processing SBU information. In addition, the INS Office of Information Resources Management requires that contractors adhere to the Department of Defense (DOD) Standard 5200.28-STD, Trusted Computer System Evaluation Criteria. Therefore, the Contractor shall ensure that requirements are allocated in the functional requirements and system design documents to address C2 level of trust, and that those requirements are based on the INS C&TS Guidance Document 9.0, Minimum Requirements Document or the most currently approved INS directive. C2 systems must offer the following user-visible features:
|
User Identification and Authentication (I&A) I&A is the process of telling a system the identity of a subject (for example, a user) (I) and providing that the subject is who it claims to |
10
Immigration and Naturalization Service | Matchers BPA | Acquisition Management Branch | ||
be (A). Systems must be designed so that the identity of each user must be established prior to authorizing system access, each system user must have his/her own user ID, and each user is authenticated before access is permitted. |
| Discretionary Access Control (DAC) DAC is a DOJ access policy that restricts access to system objects (for example, files, directories, devices) based on the identity of the users and/or groups to which they belong. All system files must be protected by a secondary access control measure. |
| Object Reuse Object Reuse is the reassignment to a subject (for example, user) of a medium that previously contained an object (for example, file). Systems that use memory to temporarily store user I&A information and any other SBU information must be cleared before reallocation. |
| Audit INS systems must provide facilities for transaction auditing, which is the examination of a set of chronological records that provide evidence of system activity. |
2.13.12 | Data Security |
SBU systems must be protected from unauthorized access, modification, and denial of service. The Contractor shall ensure that all aspects of data security requirements (i.e., confidentiality, integrity, and availability) are included in the functional requirements and system design, and ensure that they meet the minimum requirements as set forth in the INS C&TS Guidance Document 9.0 or the most currently approved INS directive. These requirements include:
| Integrity The computer systems used for processing SBU must have data integrity controls to ensure that data is not modified (intentionally or unintentionally) or repudiated by either the sender or the receiver of the information. A risk analysis and vulnerability assessment must be performed to determine what type of data integrity controls (e.g., cyclical redundancy checks, message authentication codes, security hash functions, and digital signatures, etc.) must be used. |
| Confidentiality Controls must be included to ensure that SBU information collected, stored, and transmitted by the system is protected against compromise. A risk analysis and vulnerability assessment must be performed to determine if threats to the SBU exist. If it exists, data encryption must be used to mitigate such threats. |
| Availability Controls must be included to ensure that the system is continuously working and all services are fully available within a timeframe commensurate with the availability needs of the user community and the criticality of the information processed. |
2.14 | Government Furnished Property (GFP) |
The INS Office of Information Resources Management (OIRM) does not anticipate providing any property to the Contractor for the performance of work under the BPA. However, should the
11
Immigration and Naturalization Service | Matchers BPA | Acquisition Management Branch | ||
Government determine that it would furnish property to the Contractor, the Government will identify the property and provide specific government property reporting and disposition instructions in the order.
2.15 | Contractor Location and Response Times |
INS may require the Contractor locate personnel at INS or contractor facilities. Any need for personnel to be located at INS facilities will be specified in the particular order and the orders will specify the location of these individuals. Day-to-day supervision and direct control over the work performed by these individuals shall be the sole responsibility of the Contractor. All other Contractor personnel shall be located at the Contractors facilities.
2.16 | Key Personnel |
Key personnel on the BPA are defined as personnel assigned to the labor categories on an individual order that the Government has designated as being essential or key to the work performed. Key personnel shall be available to support the requirements of orders issued under the BPA and ensure that all work performed meets the requirements set forth in the order.
2.16.1 | Substitution or Diversion of Key Personnel |
The personnel specified as key personnel in a given order are considered essential to the work performed under the BPA. Before diverting the specified individuals to other programs, the Contractor shall notify the Contracting Officer no less than 30 calendar days in advance and shall submit justification (including the names and resumes of the proposed substitutions) in sufficient detail to permit evaluation of the impact on the program. The proposed substitutions shall possess qualifications equal or superior to those of the key person(s) being replaced. The Contractor without the written consent of the Contracting Officer shall make no diversions or substitutions. The list of key personnel set forth in this clause may be amended from time to time during the BPA either to add or delete personnel to the order or BPA itself, as appropriate.
2.16.2 | Designation of Key Personnel by Order |
The Government reserves the right to identify or require the designation of key personnel in any order during BPA performance.
2.16.3 | Employment of Key Personnel |
The Program Manager (PM) shall be a full-time employee of the prime Contractor at the time of BPA award. The Contractor shall furnish the name, phone number, and resume of the Program Manager and other pertinent information as required by the Government at the time of award. All other key personnel shall be full-time employees of the Contractor team (i.e., either the prime Contractor or subcontractors, if any are proposed) at the time of BPA award. If the Contractor proposes to use any individuals to fulfill key positions who are not current employees of the Contractors team; then the Contractor shall furnish a letter of commitment signed by the individual which clearly states their availability for employment and their commitment to accept employment if approved/selected by the Government.
12