GENERAL INFORMATION FOLLOWED BY A TENTATIVE STATEMENT OF WORK
NOTICE: This is not a solicitation but rather a Request for Information (RFI) (Sources Sought) to determine capability of potential sources and is for information and planning purposes only.
Veterans Health Affairs, Network Contracting Office 4, is issuing this request for information/sources sought notice in order to identify capable firms for Xerox MFD Support Services for the Butler VAMC.
Responses must be submitted by 11:00pm (EST) March 19th, 2019. Submit responses to the information requested above via email to
[email protected] . All SDVOSB and VOSB firms that respond shall include proof of CVE certification via www.vip.vetbiz.gov. All small business firms that respond shall include proof of small business status via their Representations and Certifications in accordance with (FAR 4.1102 Policy). While SDVOSB/VOSB contractors are preferred, all capable contractors are welcome to respond to this sources sought notice for market research purposes, and shall include as part of their response a brief capability statement that covers the information in the following tentative statement of work
The results of this market research will assist in the development of (1) the requirement, and (2) the acquisition strategy (e.g., socioeconomic set-aside, full and open competition, etc.). VA assumes no responsibility for any costs incurred associated with the preparation of responses.
Suggested NAICS: 811212 (Office machine repair and maintenance services except communication equipment)
Suggested PSC: J074 (Maintenance and Repair of Office Machines)
Open to suggestions from the market as to a more proper NAICS and/or PSC, as well as any potential GSA/FSS Schedule SIN categories.
SAMPLE / TENTATIVE STATEMENT OF WORK (BELOW)
XEROX MULTIFUNCTION SUPPLIES, PARTS, MAINTENANCE, AND SUPPORT SERVICES
BACKGROUND
The Department of Veterans Affairs medical center in Butler, PA (Butler VA Health Care System) deployed 49 Xerox multifunction devices (MFD) throughout the Abie Abraham Health Care Center. In order to maintain copying, printing, scanning, and faxing services, these device require supplies, parts, maintenance, and support as described in the requirements below.
APPLICABLE DOCUMENTS
In the performance of the tasks associated with this Performance Work Statement (PWS), the Contractor shall comply with the following:
44 U.S.C. § 3541, Federal Information Security Management Act (FISMA) of 2002
Federal Information Processing Standards (FIPS) Publication 140-2, Security Requirements For Cryptographic Modules
FIPS Pub 201-2, Personal Identity Verification of Federal Employees and Contractors, August 2013
10 U.S.C. § 2224, "Defense Information Assurance Program"
Carnegie Mellon Software Engineering Institute, Capability Maturity Model® Integration for Development (CMMI-DEV), Version 1.3 November 2010; and Carnegie Mellon Software Engineering Institute, Capability Maturity Model® Integration for Acquisition (CMMI-ACQ), Version 1.3 November 2010
5 U.S.C. § 552a, as amended, The Privacy Act of 1974
42 U.S.C. § 2000d Title VI of the Civil Rights Act of 1964
VA Directive 0710, Personnel Suitability and Security Program, June 4, 2010, http://www.va.gov/vapubs/
VA Handbook 0710, Personnel Suitability and Security Program, September 10, 2004, http://www.va.gov/vapubs
VA Directive and Handbook 6102, Internet/Intranet Services, July 15, 2008
36 C.F.R. Part 1194 Electronic and Information Technology Accessibility Standards, July 1, 2003
Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, November 28, 2000
32 C.F.R. Part 199, Civilian Health and Medical Program of the Uniformed Services (CHAMPUS)
An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, October 2008
Sections 504 and 508 of the Rehabilitation Act (29 U.S.C. § 794d), as amended by the Workforce Investment Act of 1998 (P.L. 105-220), August 7, 1998
Homeland Security Presidential Directive (12) (HSPD-12), August 27, 2004
VA Directive 6500, Managing Information Security Risk: VA Information Security Program, September 20, 2012
VA Handbook 6500, Risk Management Framework for VA Information Systems Tier 3: VA Information Security Program, March 10, 2015
VA Handbook 6500.1, Electronic Media Sanitization, November 03, 2008
VA Handbook 6500.2, Management of Data Breaches Involving Sensitive Personal Information (SPI) , January 6, 2012
VA Handbook 6500.3, Assessment, Authorization, And Continuous Monitoring Of VA Information Systems, February 3, 2014
VA Handbook 6500.5, Incorporating Security and Privacy in System Development Lifecycle March 22, 2010
VA Handbook 6500.6, Contract Security, March 12, 2010
VA Handbook 6500.8, Information System Contingency Planning , April 6, 2011
Project Management Accountability System (PMAS) portal (reference https://www.voa.va.gov/pmas/)
OI&T ProPath Process Methodology (reference process maps at http://www.va.gov/PROPATH/Maps.asp and templates at http://www.va.gov/PROPATH/Templates.asp
NOTE: In the event of a conflict, OI&T ProPath takes precedence over other processes or methodologies.
One-VA Technical Reference Model (TRM) (reference at http://www.va.gov/trm/TRMHomePage.asp)
National Institute Standards and Technology (NIST) Special Publications (SP)
VA Directive 6508, VA Privacy Impact Assessment, October 3, 2008
VA Directive 6300, Records and Information Management, February 26, 2009
VA Handbook, 6300.1, Records Management Procedures, March 24, 2010
OMB Memorandum, Transition to IPv6 , September 28, 2010
VA Directive 0735, Homeland Security Presidential Directive 12 (HSPD-12) Program, February 17, 2011
VA Handbook 0735, Homeland Security Presidential Directive 12 (HSPD-12) Program, March 20, 2014
OMB Memorandum M-06-18, Acquisition of Products and Services for Implementation of HSPD-12, June 30, 2006
OMB Memorandum 05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors, August 5, 2005
OMB memorandum M-11-11, Continued Implementation of Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors, February 3, 2011
OMB Memorandum, Guidance for Homeland Security Presidential Directive (HSPD) 12 Implementation, May 23, 2008
Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance, December 2, 2011
NIST SP 800-116, A Recommendation for the Use of Personal Identity Verification (PIV) Credentials in Physical Access Control Systems, November 20, 2008
OMB Memorandum M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, May 22, 2007
NIST SP 800-63-2, Electronic Authentication Guideline, August 2013
Draft NIST Special Publication 800-157, Guidelines for Derived PIV Credentials, March 2014
NIST Special Publication 800-164, Guidelines on Hardware-Rooted Security in Mobile Devices (Draft), October 2012
Draft National Institute of Standards and Technology Interagency Report (NISTIR) 7981 Mobile, PIV, and Authentication, March 2014
VA Memorandum, VAIQ #7100147, Continued Implementation of Homeland Security Presidential Directive 12 (HSPD-12), April 29, 2011 (reference https://www.voa.va.gov/documentlistpublic.aspx?NodeID=514)
VA Memorandum, VAIQ # 7011145, VA Identity Management Policy, June 28, 2010 (reference Enterprise Architecture Section, PIV/IAM (reference https://www.voa.va.gov/documentlistpublic.aspx?NodeID=514)
IAM Identity Management Business Requirements Guidance document, May 2013, (reference Enterprise Architecture Section, PIV/IAM (reference https://www.voa.va.gov/documentlistpublic.aspx?NodeID=514)
Trusted Internet Connections (TIC) Reference Architecture Document, Version 2.0, Federal Interagency Technical Reference Architectures, Department of Homeland Security, October 1, 2013, https://www.fedramp.gov/files/2015/04/TIC_Ref_Arch_v2-0_2013.pdf
OMB Memorandum M-08-05, Implementation of Trusted Internet Connections (TIC), November 20, 2007
OMB Memorandum M-08-23, Securing the Federal Government s Domain Name System Infrastructure, August 22, 2008
VA Memorandum, VAIQ #7497987, Compliance Electronic Product Environmental Assessment Tool (EPEAT) IT Electronic Equipment, August 11, 2014 (reference Document Libraries, EPEAT/Green Purchasing Section, https://www.voa.va.gov/documentlistpublic.aspx?NodeID=552)
Sections 524 and 525 of the Energy Independence and Security Act of 2007, (Public Law 110 140), December 19, 2007
Section 104 of the Energy Policy Act of 2005, (Public Law 109 58), August 8, 2005
Executive Order 13693, Planning for Federal Sustainability in the Next Decade, March 19, 2015
Implementing Instructions for Executive Order 13693 Planning for Federal Sustainability in the Next Decade, June 10, 2015
Executive Order 13221, Energy-Efficient Standby Power Devices, August 2, 2001
VA Directive 0058, VA Green Purchasing Program , July 19, 2013
VA Handbook 0058, VA Green Purchasing Program , July 19, 2013
Office of Information Security (OIS) VAIQ #7424808 Memorandum, Remote Access , January 15, 2014, https://www.voa.va.gov/DocumentListPublic.aspx?NodeId=28
Clinger-Cohen Act of 1996, 40 U.S.C. §11101 and §11103
VA Directive 6071, Project Management Accountability System (PMAS), February 20, 2013
VA Memorandum, Implementation of Federal Personal Identity Verification (PIV) Credentials for Federal and Contractor Access to VA IT Systems , (VAIQ# 7614373) July 9, 2015, https://www.voa.va.gov/DocumentListPublic.aspx?NodeId=28
VA Memorandum Mandatory Use of PIV Multifactor Authentication to VA Information System (VAIQ# 7613595), June 30, 2015, https://www.voa.va.gov/DocumentListPublic.aspx?NodeId=28
VA Memorandum Mandatory Use of PIV Multifactor Authentication for Users with Elevated Privileges (VAIQ# 7613597), June 30, 2015; https://www.voa.va.gov/DocumentListPublic.aspx?NodeId=28
Multi-Function Device and Network Printers Security Technical Implementation Guide (STIG) - Version 2, Release 4 http://iase.disa.mil/stigs/Lists/stigs-masterlist/npw-netothermulti.aspx
SCOPE OF WORK
The contractor shall maintain the functioning 49 Xerox multifunction devices (MFD) listed in Appendix A. The functions of the MFD are copying, printing, scanning, and faxing which includes the configuration of Personal Identification Verification (PIV) cards, secure release printing, and network-based faxing within the MFD in accordance to the VA resources listed in the Applicable Documents section.
Performance Details
4.1 PERFORMANCE PERIOD
The performance period is 12 months from the effective date of award.
4.2 PLACE OF PERFORMANCE
The 49 Xerox MFD units are located within the Abie Abraham VA Health Care Center located at 353 North Duffy Road, Butler, PA 16001.
4.3 TRAVEL
The Government anticipates travel to be required to satisfy the requirements throughout the period of performance. All estimated travel costs shall be included in line items, as travel costs will not be directly reimbursed by the Government.
5.0 SPECIFIC REQUIREMENTS
5.1 PRINTING REQUIREMENTS
In addition to receiving and processing normal print and scan jobs, an MFD on the network shall be able to receive any user-initiated secure print jobs via PIV Authentication (VistA terminal emulation, CPRS and other Windows applications print jobs) from workstations and allow only the specified user to view, or delete only their print jobs from the MFD. Unclaimed print jobs must be deleted by the system at configurable time intervals. The configuration of Nuance Output Manager (NSI) application shall be maintained on the MFD.
An MFD shall be able to capture the print job user metadata to associate the print job with the authenticated user at the output device. The MFD will not show other user s jobs sitting in the queue. Only the authenticated user s job will be shown as not to present a security vulnerability target.
The Contractor shall provide a PIV enabled secure print feature that allows users to retrieve printouts securely, using their PIV credentials.
The MFD shall be capable of allowing the user to authenticate at the MFD with PIV to release the held print job(s).
For auditing purposes, an MFD shall track username, print job name, and date/time stamp for all print jobs.
MFD shall support follow me print via use of VA supported PIV card and NT credentials entered on a key board. The configuration of Nuance Output Manager (NSI) application shall be maintained on the MFD.
5.2 SCANNING REQUIREMENTS
The Contractor shall adhere to the PIV method as outlined in the FIPS 201-1 publication. The Contractor shall maintain authentication capabilities that shall integrate with the PIV system. The MFD may use an internal or external PIV solution to achieve this requirement. User identification must be automatic based on attributes on the PIV.
Based on PIV authentication, the MFD shall allow VA to customize scan options based on user profiles or user group profile (e.g., users in the Prosthetics user group can scan to only Prosthetics document destinations) as a measure of operational security.
The MFD shall maintain a capability to allow users to scan to user home directories (i.e., home folders, H-Drives, or U-Drives) or other personalized destinations to limit Personally Identifiable Information (PII) exposure. Apart from PIV authentication, MFD routing of documents shall not require any additional user identification (such as requiring the user to type in their username or navigating to a folder structure).
5.3 FAX REQUIREMENTS
The Contractor shall maintain the connection and configuration of the MFD to the existing VA FAX server at the installation site. The fax server application is CLEO STREEM.
5.4 USER ACCESS REQUIREMENTS
The MFD shall support a smart card reader with multiple user access capabilities via the VA PIV card.
5.5 NETWORK SUPPORT
The Contractor shall provide remote technical support to VA IT staff in troubleshooting and providing corrective actions to re-establish MFD connectivity and functionality, to include PIV authentication functionality. The Contractor shall provide a point of contact for VA IT staff to contact via telephone or email, if loss of MFD connectivity or functionality occurs after a software upgrade or patch is done on the VA network.
5.6 FULL SERVICE MEAINTENANCE SUPPORT WITH SUPPLIES
The Contractor shall be responsible for all maintenance actions, labor, and parts, for all devices listed in Appendix A.
The Contractor shall maintain each device at a minimum 95% monthly availability rate, based on an administrative duty schedule, (e.g., 8 am to 7 pm, Monday thru Friday). The Contractor shall repair or replace defective parts or equipment, at Contractor s expense, to maintain the required functionality and operation of the device. Full service maintenance support shall include troubleshooting, repair and replacement of failed or defective non-user replaceable parts, as well as all normal, routine, periodic and preventative maintenance (PM) work and parts, annual and ad hoc repair services, and required PM kits, circuit boards, light bulbs, rollers and any other parts required to retain peak operational function of MFD equipment. The full service maintenance support shall also include coverage for all internal and external mechanical and electronic components and software required to maintain the MFD functionality.
The Contractor technician shall respond to service calls to remotely repair systems within four (4) hours after receiving notification from the VA facility, or arrive at the facility location within next business day, when there is an equipment failure requiring onsite repair.
In addition to the full service maintenance support, as described above, the Contractor shall provide and install the supplies necessary to maintain full MFD operations. The supplies shall include drums, fusers, toner, developer, filters, webs, and paper fasteners. Excluded supplies include paper, transparencies, and binding tape.
In accordance with Executive Order 13693, all toner cartridges provided under this contract shall be remanufactured, contain recycled content, or be bio-based. If all three of these sustainable acquisition requirements for toner cartridges cannot be met in the same product, remanufactured and recycled cartridges shall be provided before bio-based toner, unless one of the exceptions listed below applies. Additionally, all toner cartridges provided by the Contractor shall meet one or both of the following U.S. Environmental Protection Agency (EPA)-recommended standards for toner cartridges:
a. STMC Manufacturer meets Standardized Test Methods of the International Imaging Technology Council
b. UL 2785 Standard for Sustainability for Printing Cartridges
The Contractor shall adhere to the sustainable acquisition requirements for toner cartridges unless there is an allowable exception. An allowable exception is available if any of the following conditions exist:
a. Product or service cannot be acquired competitively within a reasonable performance schedule.
b. Product or service cannot be acquired that meets the performance requirements.
c. Product or service cannot be acquired at a reasonable price.
d. An exception is provided by statute.
The price shall be deemed unreasonable if the total life cycle costs are significantly higher for the sustainable product or service versus the non-sustainable product. Life cycle costs are determined by combining the initial costs of a product or service with any additional costs or revenues generated from that product during its entire life. If at any point during the POP the Contractor cannot comply with the sustainable acquisition requirements for one of the reasons listed above, the Contractor shall provide documentation identifying the exception being used and rationale for using the exception, for approval by the CO.
The Contractor shall be responsible for the cost of repair or replacement for any equipment damaged by the Contractor-provided toner cartridges.
Appendix A
MFD Manufacturer
MFD Model
MFD Serial Number
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018282
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018340
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018269
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018370
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018369
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018356N
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018342
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018354
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018368
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018349
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018236
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018364
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018339
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018359
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018336
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018259
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018256
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018265
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018351
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018365
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018234
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018264
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018293
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018302
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018353
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018334
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018315
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018275
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018358
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018341
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018254
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018233
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018247
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018348
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018272
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018301
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018190
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018261
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018352
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018271
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018372
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018355
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018250
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018363
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018346
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018338
XEROX
Xerox WorkCentre 5865 v1 Multifunction System
EX9018257
XEROX
Xerox WorkCentre 7970 v1 Multifunction Printer
B0W174967
XEROX
Xerox WorkCentre 7970 v1 Multifunction Printer
B0W174958
Bid Protests Not Available
G