General Services Administration
Office of Professional Services and Human Capital Categories (PSHC)
Office of Contract Operations (QRAD) for the GSA Center for Charge Card Management (CCCM)
From: Rosalind Cherry, Contracting Officer (CO), General Services Administration (GSA), Office of Contract Operations (QRAD)
Subject: Request for Quotation (RFQ)
RFQ Issue Date: July 31, 2023
Set-aside: Total Small Business
Contract vehicles: GSA Multiple Award Schedule (MAS) Information Technology Professional Services, Special Item Number (SIN) 54151S
All clauses, terms and conditions of the contractor’s contract apply / flow down to this solicitation and resultant task order contract. In the event of a conflict between the schedule contract and an order, the terms and conditions of the schedule contract prevail.
| Item | Date responses due | Format |
|---|---|---|
| Questions Submission | August 9, 2023 at Noon, Eastern Time (ET) | Question Response Form |
| Contracting Officer | Rosalind Cherry |
|---|---|
| Contracting Office | Office of Professional Services and Human Capital Categories (PSHC) Office of Contract Operations (QRAD) |
| rosalind.cherry@gsa.gov and spcard@gsa.gov | |
| Correspondence | Any emails related to this RFQ shall use the email subject heading “SmartPay RFQ Agile Development - [Schedule holder’s name]” |
| RFQ closing date | August 25, 2023 at Noon, Eastern Time (ET) |
|---|---|
| Communications during RFQ posting | The only method by which any terms and conditions of this RFQ may be changed is by a formal amendment generated by the Contracting Officer (CO). No other communication made, whether oral or in writing, will modify or supersede the terms of the RFQ. All communication related to the RFQ shall be directed to the CO via email. |
The GSA Center for Charge Card Management (hereinafter “CCCM”) administers the GSA SmartPay Program, which is the world’s largest government charge card and commercial payment solutions program. Providing services to nearly 600 federal government agencies, organizations, and Native American tribal governments, GSA SmartPay payment solutions enable authorized government employees to make purchases to support agency and organization missions.
This program has interfaced and provided support to users through: (1) GSA SmartPay main website, and (2) GSA SmartPay training website.
(1) The GSA SmartPay main website is available at https://smartpay.gsa.gov and is:
- Built on a Drupal version 9 with PHP programming.
- Hosted on Red Hat Enterprise Linux version 8 servers.
The website received more than 1.8 million visitors (mobile & web) in FY22. Based on current content and development in progress, the Government anticipates that traffic will be driven by state sales tax content and visits to the Section 889 Representations tool.
Section 889 of the 2019 National Defense Authorization Act prohibits purchases from certain banned telecommunication and video surveillance equipment in an effort to protect national security. The Section 889 Representations tool searches for company 889 status with Unique Entity Identifier (UEI), company name, or Commercial and Government Entity code (CAGE) number via the SAM.gov Entity Management application programming interface (API). The current 889 Representation tool is:
- Built on GSA’s instance of Google Cloud Platform.
- Developed with Python (back-end) and Vue.js (front-end).
(2) The GSA SmartPay training website, which is available at https://training.smartpay.gsa.gov, provides mandatory training to card/account holders, approving officials (AOs), and agency/organization program coordinators (A/OPCs), as required by law and policy. This offering is optional for agencies to use (some prefer to host their own content in their learning management systems. The current GSA SmartPay training website:
- Is built on a Drupal version 9 with PHP programming.
- Is hosted on Red Hat Enterprise Linux version 8 servers.
- Uses a MariaDB database.
- Has five (5) on-demand, HTML-based training courses, which include:
- Purchase Training for Card/Account Holders/AOs
- Travel Training for Card/Account Holders/AOs
- Purchase Training for A/OPCs
- Travel Training for A/OPCs
- Fleet Training for A/OPCs
Certificates are issued after the completion of a multiple question quiz with a passing score of 75%. There are approximately 700,000 current accounts and just under 600,000 visitors in FY22.
All information posted on the GSA SmartPay main website and GSA SmartPay training website is public. The Government owns all code, data, image licenses, user information, and domain names.
The intention is to decommission the existing Drupal program and training websites. The scope of this procurement does not include maintenance of these sites.
Currently, CCCM program has partnered with the GSA Service Delivery team to build a minimally viable product (MVP) of the main website and training website using an iterative and user-centered delivery cadence. The Service Delivery team expects the MVP for each website to be delivered by summer 2023 and will work with the Contractor to transition the project.
The new GSA SmartPay main website (GitHub) will:
- Be hosted on Cloud.gov Pages (formerly known as Federalist).
- Leverage the static site generator, Astro.
- Incorporate the U.S. Web Design System.
The above-mentioned 889 tool will be migrated from Google Cloud Platform to Cloud.gov and Cloud.gov Pages before launch of the new GSA SmartPay main website.
The new GSA SmartPay training website (GitHub) will be a combination of static web content and a custom training application (Astro with Vue.js components) with a database-backed API component using FastAPI/python connecting with a PostgreSQL database. The training website will be hosted on Cloud.gov (backend) and Cloud.gov Pages (front end).
CCCM is seeking a Contractor to take the MVP of each website and continue future development. The Contractor will continue to build off the open source code developed by the Service Delivery team and develop enhanced functionality based on user needs, programmatic needs, and changes in policy. The Contractor will need to continue to add content and functionality using GitHub.
The Service Delivery team is available to support transition.
Implementation and documentation is ongoing — current specifications are published to the Github repositories. These repositories include supplementary information to this RFQ (see also Wikis found here and here).
CCCM has a large user base and can facilitate recruitment of users for ongoing research and usability testing. CCCM has robust survey results, user research, and ongoing usability testing feedback they will share with the Contractor upon award.
The current GSA SmartPay main website is difficult for users to navigate intuitively. CCCM has challenges keeping content current and ensuring content is accessible to all audiences.
The current GSA SmartPay training website suffers from performance issues, which cause users to time-out in the middle of quizzes or experience random crashes. Since users login so infrequently, they often forget their passwords and need manual assistance in some cases to reset passwords which is a drain on CCCM resources. Reporting is limited and only available at the agency level; for large agencies, this is too untenable to track, and agencies require users to email agency coordinators their certificates to manually check them off a list.
Make it easier for SmartPay stakeholders to find the information they’re interested in, and for the SmartPay Program Management Office (PMO) to keep the website updated and accessible to users.
CCCM seeks agile software development services. The services to be provided will include all aspects of the software development process, including planning, design, software development and coding, prototyping, documentation, and testing. The services also include support of GSA security documentation and testing.
CCCM intends that the software delivered under this task order will be committed to the public domain. The Contractor will have to obtain CCCM’s permission before delivering software under this task order that incorporates any software that is not free and open source. The Contractor must post all developed code to a GitHub repository designated by CCCM.
The set of preliminary user stories set forth below will be the starting point for the development of software to be provided by the Contractor under this task order. These preliminary user stories are provided only for illustrative purposes, and do not comprise the full scope or detail of the project. CCCM expects that the Contractor will work closely with CCCM Product Owner(s) to develop and prioritize a full gamut of user stories as the project progresses.
Individual user stories may be modified, added, retracted, or reprioritized by CCCM at any time, and CCCM expects that the user stories will be continuously refined during the development process.
Programmatic data
- As an Agency / Organization Program Coordinator (A/OPC), I want information relevant for agency spend, so I can provide this to agency Chief Financial Officers as requested.
- As an A/OPC, I want access to travel spend by region, so I can understand regional spend trends for travel.
Training reporting
- As an A/OPC, I want users to be sent automatic reminders for training, so that certification requirements are automatically managed by the training platform.
- As a Level 1 A/OPC, I want to have reports automatically sent to me at indicated time frames, so I can have regular access to reports without having to access the system.
- As an A/OPC and administrator, I want to have customizable reports, so I have the ability to further analyze data.
Administrative functions
- As a system administrator, I want to perform periodic database purges for users who exist in the system but have not completed any quizzes so I can keep the database up-to-date and reduce storage requirements.
- As a system administrator, I want to be able to post system messages, so I can alert users to website status.
- As a system administrator, I want a user friendly maintenance interface, so I can easily make content changes.
- As a system administrator I want to be able to modify a user’s profile in the database, so that I can correct incorrect or out-of-date information.
Email usage/monitoring
- As a system administrator, I want to be able to confirm what emails were sent to whom and when, so that we can ensure users are being properly notified.
- As a system administrator, I want to monitor email bouncebacks, so that I can take corrective action (as needed) to ensure users are being properly notified.
- As a system administrator, in the event of important information / notification, I need the ability to send emails to all users.
Other
- As an A/OPC and card holder, I want access to interactive content, so I can engage with the content in the forum I feel most comfortable.
- As an A/OPC and card holder, I want quick access to GSA SmartPay’s social media accounts, so that I can stay apprised of program information / announcements.
- As the GSA SmartPay program, we want to implement GSA’s instance of Google Tag Manager, in order to have more transparency into how our users are using our main website and training website.
Security
- As the system administrator, I need [a specific system vulnerability] that was discovered during penetration testing to be remediated, to ensure the training website remains secure.
- As the system administrator, I need [a specific item] to be updated, to comply with updated GSA IT security policies, standards and guidelines.
- As a system administrator, I need to remediate vulnerabilities based on authenticated scans, to comply with monthly security deliverable requirements.
- As a system administrator, I need the System Security Plan to be updated, to reflect a significant change in the system.
The following chart sets forth the performance standards and quality levels the code and documentation, that is provided by the Contractor, must meet. It also outlines the methods CCCM will use to assess the standard and quality levels of that code and documentation.
| Deliverable | Performance Standard(s) | Acceptable Quality Level | Method of Assessment |
|---|---|---|---|
| Tested Code | Code delivered under the order must have substantial test code coverage | Minimum of 90% test coverage of all code. All areas of code are meaningfully tested | Combination of manual review and automated testing |
| Properly Styled Code | 18F Coding Styles Reference Guide | 0 linting errors and 0 warnings | Combination of manual review and automated testing |
| Accessible | Web Content Accessibility Guidelines 2.1 AA standards; Section 508 Compliance | 0 errors reported using an automated scanner and 0 errors reported in manual testing | Combination of manual review and automated testing (such as pa11y) |
| Deployed | Code must successfully build and deploy into staging environment | Successful build with a single command | Combination of manual review and automated testing |
| Documented | Summary of user stories completed every sprint. All dependencies are listed and the licenses are documented. Major functionality in the software/source code is documented. Individual methods are documented inline in a format that permits the use of tools such as JSDoc. System diagram is provided. Relevant security controls are documented and kept up to date. | Combination of manual review and automated testing, if available | Manual review |
| Secure | Code is free of known static and runtime vulnerabilities | Code submitted must be free of medium- and high-level static and dynamic security vulnerabilities | Tests free of medium- and high-level vulnerabilities from a static testing SaaS (such as Snyk or npm audit), from dynamic testing tools like OWASP ZAP (with documentation explaining any false positives), and ongoing code review informed by OWASP or similar standards |
| User research | Features and functionality developed should be driven by user insights and data analytics. Usability testing and other user research methods must be conducted at regular intervals throughout the development process (not just at the beginning or end). | Research plans and artifacts from usability testing and/or other research methods with end users are available at the end of every applicable sprint, in accordance with the Contractor’s research plan. | SmartPay will manually evaluate the artifacts based on a research plan provided by the contractor at the end of the second sprint and every applicable sprint thereafter. |
- Software development services will occur in the GSA SmartPay Github environment(s).
- Website usage will be tracked with the Digital Analytics Program.
- Hosting will be on Cloud.gov Pages for building and serving front-end static assets and Cloud.gov for serving APIs and hosting the database and other backend services. Services are provided through an interagency agreement that CCCM has in place with Cloud.gov.
- Current coding languages are Python for the back-end and JavaScript (Astro and Vue.js) for the front-end. The Government is not prescribing that these must be the coding language(s) moving forward.
- Software development services shall leverage the U.S. Web Design System.
- Content development will follow CCCM style guide.
- Software development will follow Section 508 compliance standards and accessibility guidelines using Web Content Accessibility Guidelines 2.1 AA standards.
- All Contractor personnel working under the task order will need to be U.S. citizens and reside in the United States.
- Homeland Security Presidential Directive 12 (HSPD-12) applies to Contractor development personnel as such performance requires access to internal government information technology (IT) systems. As a result of HSPD-12 applicability to the requirements of this document, the Government will perform all required background investigations for Contractor personnel, and the Contractor shall ensure their personnel requiring physical access to Federally- controlled information technology systems have identification that complies with HSPD-12 policy. Immediately upon award, the credential process shall commence. The Contractor will not be given the Notice to Proceed (NTP) to start work until all Contractor personnel have the proper identification to satisfy this requirement.
- Medium risk security clearance (Tier 2) shall be required. Access to GSA data and systems cannot be provided until a favorable adjudication is received.
- NIST phishing resistant multi-factor authentication (MFA) shall be required for privileged and non-privileged users where login is required.
- Once the award is made, the Government will begin the process to provide the Government Furnished Equipment (GFE) and GSA Access Cards (GAC) to the contractor. Until the GFE and GACs are provided to the contractor by the Government, the contractor shall use their own equipment (which should abide by GSA security requirements) for work on the project at no additional cost. After the GFE and GACs are provided to the contractor by the Government, the contractor must use the GFE (which requires a GAC to operate) for work on the project.
The CCCM website properties supporting the GSA SmartPay Program (as identified below) are Federal information systems that are presently categorized at FIPS 199 Low Impact.
- GSA SmartPay Main website (https://smartpay.gsa.gov)
- GSA SmartPay Training website (https://training.smartpay.gsa.gov)
- GSA SmartPay Section 889 Representations tool website (https://889.smartpay.gsa.gov)
As GSA Federal Information systems, the websites are required to comply with the Federal Information Security Management Act (FISMA) (44 U.S.C. 3544); OMB policy, GSA Information security policies and information security guidelines, and Cybersecurity & Infrastructure Security Agency (CISA) Binding Operational Directives and Emergency Directives. Security compliance will be continuous through DevSecOps practices and via user stories issued in sprint planning.
The Vendor shall support the security and privacy requirements for Internal Systems enumerated in Section 2.0 of GSA IT Security Procedural Guide 09-48, Security and Privacy Requirements for IT Acquisition Efforts, Revision 6, dated April 15, 2021 at the direction of the GSA SmartPay Program and GSA SmartPay Information System Security Manager (ISSM). This includes but is not limited to documentation, implementation, assessment support, and continuous monitoring of NIST 800-53 R5 security and privacy controls to support the initial and ongoing authorization to operate for the in-scope GSA SmartPay Program websites. The specific assessment & authorization (A&A) approach for the GSA SmartPay Program websites will be directed by the GSA SmartPay Program and ISSM and may involve an initial Lightweight ATO followings GSA’s Lightweight Security Authorization Process; final authorizations for applications/systems on Cloud PaaS/SaaS that are FedRAMP authorized shall be assessed and authorized to the corresponding FedRAMP Customer Responsible Matrix (CRM) controls.
The required policies and regulations are specified in Security and Privacy Requirements for IT Acquisition Efforts; CIO-IT Security-09-48, April 15, 2021 (Attachment A) or latest version; Managing Enterprise Cybersecurity Risk CIO-IT Security-06-30, May 9, 2022 or latest version (Attachment B); GSA Information Technology Security Policy, CIO 21001N, September 21, 2022 or latest version (Attachment C); CIO IT Policy Requirements Guide-12-2018, June 9, 2023 or latest version (Attachment D).
The contractor shall design and implement ICAM solutions that are consistent with GSA requirements as outlined in Identification and Authentication Procedural Guide [CIO IT Security 01-01 Rev. 7] and Access Control Procedural Guide [CIO IT Security 01-07, Rev 5].
The Contractor shall have all staff members complete a confidentiality agreement and submit to the Contracting Officer prior to starting contract performance.
FAR 52.204-27 Prohibition on a ByteDance Covered Application (Jun 2023) (a) Definitions. As used in this clause—
Covered application means the social networking service TikTok or any successor application or service developed or provided by ByteDance Limited or an entity owned by ByteDance Limited.
Information technology, as defined in 40 U.S.C. 11101(6)—
(1) Means any equipment or interconnected system or subsystem of equipment, used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency, if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency that requires the use—
(i) Of that equipment; or
(ii) Of that equipment to a significant extent in the performance of a service or the furnishing of a product;
(2) Includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources; but
(3) Does not include any equipment acquired by a Federal contractor incidental to a Federal contract.
(b) Prohibition. Section 102 of Division R of the Consolidated Appropriations Act, 2023 (Pub. L. 117-328), the No TikTok on Government Devices Act, and its implementing guidance under Office of Management and Budget (OMB) Memorandum M-23-13, dated February 27, 2023, “No TikTok on Government Devices” Implementation Guidance, collectively prohibit the presence or use of a covered application on executive agency information technology, including certain equipment used by Federal contractors. The Contractor is prohibited from having or using a covered application on any information technology owned or managed by the Government, or on any information technology used or provided by the Contractor under this contract, including equipment provided by the Contractor’s employees; however, this prohibition does not apply if the Contracting Officer provides written notification to the Contractor that an exception has been granted in accordance with OMB Memorandum M-23-13.
c) Subcontracts. The Contractor shall insert the substance of this clause, including this paragraph (c), in all subcontracts, including subcontracts for the acquisition of commercial products or commercial services.
(End of clause)
Performance Requirement FAS Cyber-Supply Chain Risk Assessment (JAN 2023)
The Government may perform a cyber-supply chain risk assessment of the awarded contractor at any time during the period of performance. The Government may review any information provided by the contractor to the Government as part of this contract action, along with any other information available to the Government from any other source, to assess the cyber-supply chain risk associated with the contractor. The Government may monitor the following cyber-supply chain risk information, including, but not limited to:
- Functionality and features of awarded products and services, including access to data and information system privileges;
- The ability of a source to produce and deliver products and services as expected;
- Foreign control of, or influence over, a source, product or service (e.g., foreign ownership, personal and professional ties between a source and any foreign entity, legal regime of any foreign country in which a source is headquartered or conducts operations);
- Security, authenticity, and integrity of products and services and their supply and compilation chains;
- The contractor’s capacity to mitigate identified risks;
- Any other considerations that would factor into an analysis of the security, integrity, resilience, quality, trustworthiness, or authenticity of products, services or sources.
In the event supply chain risks are identified during contract administration and corrective action becomes necessary, mutually agreeable corrective actions will be sought based upon specific identified risks. Failure to resolve any identified risk may result in government action including not extending the period of performance, not exercising remaining option periods, and/or contract termination.
Key Personnel – The Contractor must designate both a Project Manager (PM) and a Technical Lead (or labor category equivalent) as Key Personnel for this project. The PM will be a direct liaison to the CCCM product team, and will be responsible for the supervision and management of all of the Contractor’s personnel. The Technical Lead must have a full understanding of the technical approach to be used by the Contractor’s development team and will be responsible for ensuring that the Contractor’s development team follows that approach.
Key Personnel Substitution – Key Personnel substitutions must be approved by the CO or COR in writing. Contractor requests for a substitution of Key Personnel must include a detailed explanation of the justifying circumstances, and a complete résumé for the proposed substitute or addition, including skills, experience, education, training, and security level.
Teaming Arrangements – No teaming will be permitted.
Data Rights and Ownership of Deliverables – All software and documentation delivered by the Contractor will be owned by the Government and committed to the public domain. This software and documentation includes, but is not limited to, data, documents, graphics, code, plans, reports, schedules, schemas, metadata, architecture designs, and the like; all new open source software created by the Contractor and forks or branches of current open source software where the Contractor has made a modification; and all new tooling, scripting configuration management, infrastructure as code, or any other final changes or edits to successfully deploy or operate the software.
To the extent that the Contractor seeks to incorporate any software that was not first produced in the performance of this task order in the software delivered under this task order, CCCM encourages the Contractor to incorporate either software that is in the public domain, or free and open source software that qualifies under the Open Source Definition promulgated by the Open Source Initiative. The Contractor must obtain written permission from the CO or COR before incorporating into the delivered software any software that is subject to a license that does not qualify under the Open Source Definition promulgated by the Open Source Initiative. If granted such written permission, then the Contractor’s rights to use that software must be promptly assigned to the Government.
If software delivered by the Contractor incorporates software that is subject to an open source license that provides implementation guidance, then the Contractor must ensure compliance with that guidance. If software delivered by the Contractor incorporates software that is subject to an open source license that does not provide implementation guidance, then the Contractor must attach or include the terms of the license within the work itself, such as in code comments at the beginning of a file, or in a license file within a software repository.
FAR 52.204-24 Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment (NOV 2021)
The Offeror shall not complete the representation at paragraph (d)(1) of this provision if the Offeror has represented that it "does not provide covered telecommunications equipment or services as a part of its offered products or services to the Government in the performance of any contract, subcontract, or other contractual instrument" in paragraph (c)(1) in the provision at 52.204-26, Covered Telecommunications Equipment or Services—Representation, or in paragraph (v)(2)(i) of the provision at 52.212-3, Offeror Representations and Certifications-Commercial Products or Commercial Services. The Offeror shall not complete the representation in paragraph (d)(2) of this provision if the Offeror has represented that it "does not use covered telecommunications equipment or services, or any equipment, system, or service that uses covered telecommunications equipment or services" in paragraph (c)(2) of the provision at 52.204-26, or in paragraph (v)(2)(ii) of the provision at 52.212-3.
(a) Definitions. As used in this provision— Backhaul, covered telecommunications equipment or services, critical technology, interconnection arrangements, reasonable inquiry, roaming, and substantial or essential component have the meanings provided in the clause 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment.
(b) Prohibition. (1) Section 889(a)(1)(A) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. 115-232) prohibits the head of an executive agency on or after August 13, 2019, from procuring or obtaining, or extending or renewing a contract to procure or obtain, any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system. Nothing in the prohibition shall be construed to—
(i) Prohibit the head of an executive agency from procuring with an entity to provide a service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements; or
(ii) Cover telecommunications equipment that cannot route or redirect user data traffic or cannot permit visibility into any user data or packets that such equipment transmits or otherwise handles.
(2) Section 889(a)(1)(B) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. 115-232) prohibits the head of an executive agency on or after August 13, 2020, from entering into a contract or extending or renewing a contract with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system. This prohibition applies to the use of covered telecommunications equipment or services, regardless of whether that use is in performance of work under a Federal contract. Nothing in the prohibition shall be construed to—
(i) Prohibit the head of an executive agency from procuring with an entity to provide a service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements; or
(ii) Cover telecommunications equipment that cannot route or redirect user data traffic or cannot permit visibility into any user data or packets that such equipment transmits or otherwise handles.
(c) Procedures. The Offeror shall review the list of excluded parties in the System for Award Management (SAM) ( https://www.sam.gov) for entities excluded from receiving federal awards for "covered telecommunications equipment or services".
(d) Representation. The Offeror represents that—
(1) It □ will, □ will not provide covered telecommunications equipment or services to the Government in the performance of any contract, subcontract or other contractual instrument resulting from this solicitation. The Offeror shall provide the additional disclosure information required at paragraph (e)(1) of this section if the Offeror responds "will" in paragraph (d)(1) of this section; and
(2) After conducting a reasonable inquiry, for purposes of this representation, the Offeror represents that—
It □ does, □ does not use covered telecommunications equipment or services, or use any equipment, system, or service that uses covered telecommunications equipment or services. The Offeror shall provide the additional disclosure information required at paragraph (e)(2) of this section if the Offeror responds "does" in paragraph (d)(2) of this section.
(e) Disclosures. (1) Disclosure for the representation in paragraph (d)(1) of this provision. If the Offeror has responded "will" in the representation in paragraph (d)(1) of this provision, the Offeror shall provide the following information as part of the offer:
(i) For covered equipment—
(A) The entity that produced the covered telecommunications equipment (include entity name, unique entity identifier, CAGE code, and whether the entity was the original equipment manufacturer (OEM) or a distributor, if known);
(B) A description of all covered telecommunications equipment offered (include brand; model number, such as OEM number, manufacturer part number, or wholesaler number; and item description, as applicable); and
(C) Explanation of the proposed use of covered telecommunications equipment and any factors relevant to determining if such use would be permissible under the prohibition in paragraph (b)(1) of this provision.
(ii) For covered services—
(A) If the service is related to item maintenance: A description of all covered telecommunications services offered (include on the item being maintained: Brand; model number, such as OEM number, manufacturer part number, or wholesaler number; and item description, as applicable); or
(B) If not associated with maintenance, the Product Service Code (PSC) of the service being provided; and explanation of the proposed use of covered telecommunications services and any factors relevant to determining if such use would be permissible under the prohibition in paragraph (b)(1) of this provision.
(2) Disclosure for the representation in paragraph (d)(2) of this provision. If the Offeror has responded "does" in the representation in paragraph (d)(2) of this provision, the Offeror shall provide the following information as part of the offer:
(i) For covered equipment—
(A) The entity that produced the covered telecommunications equipment (include entity name, unique entity identifier, CAGE code, and whether the entity was the OEM or a distributor, if known);
(B) A description of all covered telecommunications equipment offered (include brand; model number, such as OEM number, manufacturer part number, or wholesaler number; and item description, as applicable); and
(C) Explanation of the proposed use of covered telecommunications equipment and any factors relevant to determining if such use would be permissible under the prohibition in paragraph (b)(2) of this provision.
(ii) For covered services—
(A) If the service is related to item maintenance: A description of all covered telecommunications services offered (include on the item being maintained: Brand; model number, such as OEM number, manufacturer part number, or wholesaler number; and item description, as applicable); or
(B) If not associated with maintenance, the PSC of the service being provided; and explanation of the proposed use of covered telecommunications services and any factors relevant to determining if such use would be permissible under the prohibition in paragraph (b)(2) of this provision.
(End of provision)
FAR 52.204-26 Covered Telecommunications Equipment or Services-Representation (Oct 2020)
(a) Definitions. As used in this provision, "covered telecommunications equipment or services" and "reasonable inquiry" have the meaning provided in the clause 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment.
(b) Procedures. The Offeror shall review the list of excluded parties in the System for Award Management (SAM) ( https://www.sam.gov) for entities excluded from receiving federal awards for "covered telecommunications equipment or services".
(c) (1) Representation. The Offeror represents that it □ does, □ does not provide covered telecommunications equipment or services as a part of its offered products or services to the Government in the performance of any contract, subcontract, or other contractual instrument.
(2) After conducting a reasonable inquiry for purposes of this representation, the offeror represents that it □ does, □ does not use covered telecommunications equipment or services, or any equipment, system, or service that uses covered telecommunications equipment or services.
(End of provision)
The period of performance (PoP) shall be one (1) year, with options to extend up to two (2) additional years. The PoP is expected to begin on or around September 30, 2023.
GSA may, by written notice, extend the term of the contract in accordance with FAR Clause 52.217-9, Option to Extend the Term of the Contract.
FAR 52.217-9 Option to Extend the Term of the Contract (Mar 2000)
(a) The Government may extend the term of this contract by written notice to the Contractor within 30 days; provided that the Government gives the Contractor a preliminary written notice of its intent to extend at least 60 days before the contract expires. The preliminary notice does not commit the Government to an extension.
(b) If the Government exercises this option, the extended contract shall be considered to include this option clause.
(c) The total duration of this contract, including the exercise of any options under this clause, shall not exceed 4 (four) years.
(End of clause)
As indicated in FAR 52.217-8, the Government may choose to exercise the Extension of Services at the end of any performance period (base or option periods), utilizing the rates of that performance period. Evaluation or inclusion of options shall not obligate the Government to exercise the option(s).
FAR Subpart 52.217-8 Option to Extend Services (Nov 1999)
The Government may require continued performance of any services within the limits and at the rates specified in the contract. These rates may be adjusted only as a result of revisions to prevailing labor rates provided by the Secretary of Labor. The option provision may be exercised more than once, but the total extension of performance hereunder shall not exceed 6 months. The Contracting Officer may exercise the option by written notice to the Contractor within 30 days.
(End of clause)
The Contractor may choose the location(s) from which to perform the required software development services so long as the work is performed in the Contiguous United States (CONUS). CONUS is defined as the 48 contiguous States and the District of Columbia. CCCM’s core customer service hours are 8:00 am - 4:00 pm ET; The Contractor’s software development team shall be available 11:00 am - 4:00 pm ET, with an assigned point of contact outside those hours if urgent matters arise.
The Government intends to issue a Time and Materials (T&M) task order under an existing contract under the Multiple Award Schedule (“Schedules”) Technology's Special Item Number (SIN) 54151S for IT Professional Services, and all quotes must be submitted on that basis.The Government will not consider quotes that include fees for licenses or subscriptions.
On each invoice, the Contractor shall provide a summary of the billed CLIN. The summary shall include the invoiced CLIN: CLIN number and description, as well as the invoiced amount. The invoice shall also provide a total amount, across the CLIN, billed to date. The Contractor shall not bill, nor be reimbursed, for any charges that are not specifically tasked in the sprint or incorporated via a written modification issued by the CO. In addition to the requirements defined in sections 5.7.3 and 5.7.4 below, to constitute a proper invoice, the billing document must include the following information and/or attached documentation: (1) Name of Contractor and Contractor’s Taxpayer Identification Number; (2) Period covered by invoice and invoice date; (3) Task order number; (4) All invoices for services must set forth in detail the following: (i) Individual performing service each day by hour and quarter of an hour; (ii) Type of services performed each day by hour and quarter of an hour; and (iii) Hourly rate for each service so detailed; (5) Any applicable payment discount terms; and (6) Total amount billed.
The Contractor shall not bill, nor be reimbursed, for any charges that are not specifically stated in this task order or incorporated via a written modification issued by the CO.
The Government intends to make payment to the Contractor via charge card as outlined in accordance with (IAW) FAR 52.232-36, Payment by Third Party. Pursuant to FAR 32.1108(b)(2)(ii), the contracting officer shall not authorize the government-wide commercial purchase card as a method of payment during any period the System for Award Management (SAM) indicates that the Contractor has delinquent debt subject to collection under the Treasury Offset Program (TOP). In such cases, payments under the contract shall be made in accordance with the clause at 52.232-33, Payment by Electronic Funds Transfer-System for Award Management, or 52.232-34, Payment by Electronic Funds Transfer-Other Than System for Award Management, as appropriate (see FAR 32.1110(d)).
Please note, the payment via purchase card is rescinded should the Contractor's System for Award Management (SAM) registration indicate that the Contractor has delinquent debt that is subject to collection under the Treasury Offset Program (TOP).
The Contractor shall submit invoices not more frequently than once per month. Payment shall be made in accordance with the clause found at FAR 52.212-4 Contract Terms and Conditions – Commercial Items (Nov 2021), paragraph(g), following receipt of properly executed invoices prepared in accordance with the requirements of this task order.
The Contractor has the option to submit an electronic or hard copy original invoice for payment to GSA Financial Information & Operations Division.
Electronic Invoices are encouraged and may be submitted to the following address: https://vcss.ocfo.gsa.gov
Invoices may also be submitted in lieu of electronic submission to:
USDA-OCFO
Financial Information & Operations Division
Financial Operations & Disbursement Branch
2300 Main Street – 2NW
Kansas City, MO 64108
Tel: (800) 676-3690/(816) 926-7287
Fax: (816) 926-5189
A duplicate electronic invoice with supporting documentation shall be sent electronically to the COR and CO. The COR will confirm performance made against the invoiced line items to ensure that the correct amounts have been billed and will document any price deductions. The COR will then certify and provide a signature indicating that the invoice is valid for payment. Invoices are authorized for payment upon the Government’s receipt and acceptance of deliverables specified in the task order and the receipt of a valid invoice. Invoices shall be rendered no later than the 15th calendar day of the month following performance and must be accompanied by all status reports submitted during that period. The COR must receive a copy of the invoice and all supporting documentation (i.e. list of daily hours worked by each of the Contractor’s employees (also summed up as weekly and monthly for each person)) before or at the same time as the GSA Finance Office. All final invoices must be submitted no later than thirty (30) calendar days after the last day of the month for which the charges, either labor and/or ODCs, were incurred. The Contractor may invoice only for hours, travel, and/or unique services ordered by GSA and actually used in direct support of the program office for this task order.
Invoices must include the following:
(1) Name and address of the Contractor
(2) Invoice date and number
(3) GSA Multiple Award Schedule (MAS) Information Technology Professional Services Contract Number, line item number and, if applicable, the order number
(4) Description, quantity, unit of measure, unit price and extended price of the items delivered
(5) Terms of any discount for prompt payment offered
(6) Name and address of official to whom payment is to be sent
(7) Name, title, and phone number of person to notify in event of defective invoice
(8) Taxpayer Identification Number (TIN). The Contractor shall include its TIN on the invoice only if required elsewhere in this contract
(9) Electronic funds transfer (EFT) banking information
Note: Failure to comply with the procedures outlined above may result in the invoice being rejected, or your payment being delayed.
The not-to-exceed ceiling on this contract will be $744,900 for the first period of performance (52.232-22 Limitation of Funds applicable) and up to an additional not-to-exceed of $600,000 for each of the two (2) option periods (FAR 52.232-18 Availability of Funds).
In accordance with FAR 52.232-22, Limitation of Funds, the Contractor shall notify the CO in writing when it has reason to believe that the costs it expects to incur under this contract in the next 60 days, when added to all costs previously incurred, will exceed 75 percent of (1) the total amount so far allotted to the contract by the Government. The notice shall state the estimated amount of additional funds required to continue performance for the period specified in the contract.
Sixty (60) days before the end of the period specified in the contract, the Contractor shall notify the CO in writing of the estimated amount of additional funds, if any, required to continue timely performance under the contract or for any further period specified in the contract or otherwise agreed upon, and when the funds will be required.
Submit all questions concerning this RFQ through this Google form. All questions must be submitted by August 9, 2023 at Noon, Eastern Time (ET).
Questions should clearly express the Contractor’s issues or concerns and must follow the format provided in the Google form.
Answers to all written questions will be provided to all prospective contractors, giving due regard to the proper protection of proprietary information and without reference to the source of the question. In posing questions, Contractors must cite the relevant section, paragraph, and page number of the RFQ. Statements expressing opinions, sentiments, or conjectures are not considered valid inquiries and will not receive a response. Further, contractors are reminded that hypothetical questions aimed at receiving a potential “evaluation decision” will not be addressed.
Answers will be provided as an amendment to the solicitation no later than three (3) business days after the deadline for questions.
All responses must be submitted using this Google form (page uploads should be 12-point font and 8 ½ x 11 page size) and include the following materials:
Technical Submission:
-
[ ]Technical approach - 4 pages maximum, including diagrams
- [ ]Including user research plan - 3 pages maximum
-
[ ]Code repository - maximum of 2 code repositories, with a short description about the project for each code repository
-
[ ]Similar experience - 1 page maximum
-
[ ]Staffing plan - 3 pages maximum
-
[ ]Resumes from designated key personnel
-
[ ]Letters of intent from designated key personnel (if not currently employed by Contractor)
-
-
[ ]Conflict of Interest (Attachment E)
-
[ ]Representation of FAR Provision 52.204-24 and FAR Provision 52.204-26 (checkbox on Google form)
Price: Price responses must be submitted as part of this Google form and include the following materials:
- [ ]Price Quote (Attachment G)
Failing to follow these instructions may result in removal from consideration for the award.
Technical submissions must consist of a technical approach of no more than four (4) pages, a user research plan of no more than three (3) pages, a staffing plan of no more than three (3) pages plus resumes and signed letters of intent for key personnel, similar experience of no more than one 1 page and references to three (3) source code samples, preferably open source.
Similar experience submittal: The contractor should provide up to three (3) examples of software development services for projects that are similar in size, scope, and complexity to the project described in this RFQ. The description should detail the problem being solved.
Source code submittals: The references for up to three (3) source code samples must be either links to Git repositories (either credentialed or public) or to equivalent version-controlled repositories that provide the Government with the full revision history for all files. If a Contractor submits a link to a private Git repository hosted with GitHub, the Government will provide the Contractor with one (1) or more GitHub user identities by email, and the Contractor will be expected to promptly provide the identified user(s) with access to the private Git repository. The source code samples should be for projects that are similar in size, scope, and complexity to the project contemplated here. The source code must have been developed by either (i) the Contractor itself, or (ii) an individual that is being proposed as Key Personnel for this project.
The technical approach must set forth the Contractor's proposed approach to providing the services required, including programming language(s) the Contractor proposes to use. The technical quote must also make clear that the Contractor understands the details of the project requirements. The technical quote must also identify potential obstacles to efficient development and include plans to overcome those potential obstacles.
User research plan submissions: The Contractor will submit a user research plan demonstrating how they would approach ongoing user research into this project based on the information provided in this RFQ. This user research plan should include:
- A research plan that includes such items as research goals, research questions, methods, roles, timeline, participants, recruiting approach, and expected outcomes
- An interview protocol that shows your introduction, a sample of questions asked, and closing – do not include responses
- A short summary of how those findings would be communicated and used to affect the project work, and how the research would continue after this iteration
- Usability testing approach
The staffing plan must set forth the Contractor's proposed approach to staffing the requirements of this project, including the titles of each of the labor categories proposed and proposed level of effort for each member of the Contractor's development team. The staffing plan must also identify Key Personnel (the proposed Project Manager and proposed Technical Lead) by name, and include a resume for each. Those resumes must include a brief description of the experience and capability for each individual, but cannot exceed one (1) page in length each. Contractors proposing Key Personnel who are not currently employed by the Contractor must include a signed letter of intent from the individual proposed as Key Personnel that they intend to participate in this project for at least one (1) year. The staffing plan must also set forth the extent to which the proposed team for this project was involved in the development of the source code samples submitted.
The staffing plan must set forth and explain the extent to which the Contractor will provide individuals with experience in at least each of the following areas:
- Agile development practices
- Automated (unit/integration/end-to-end) testing
- Continuous Integration and Continuous Deployment
- Application Protocol Interface (API) development and documentation
- Open-source software development
- Cloud deployment
- Building and testing public facing sites and tools
- DevSecOps
- UX research/design
- Cyber security
Price submissions must set forth a single dollar amount that represents the Contractor's estimate of the total T&M cost for the development services for the base 12-month period and 2 separate 12-month option periods using the price worksheet template. The Government expects that the labor categories and staffing levels set forth by the Contractor in the price worksheet will be consistent with the Contractor's staffing plan and in alignment with the Contractor’s GSA Schedule.
The Government does not intend to conduct oral presentations/interviews but reserves the right to. If conducted, the following procedures will apply:
Each interview will be conducted remotely via video connection and/or teleconference. The Contracting Officer will communicate with certain Contractors, solely at the Government’s discretion, to schedule the dates and times of interviews.
Each interview will include an unstructured question and answer session, during which Contractors will be asked questions about the technical aspects of their quote and their approach to software development. The Government expects these interviews will assist in assessing the technical abilities of the proposed development team and to better understand the proposed technical approach described in the Contractor's written submission. Both of the Contractor's proposed Key Personnel must participate in the interview.
The Introductions phase of each interview will last approximately 5 minutes, during which the Contractor and Government’s interview team members will introduce themselves.
The Open Technical Session of each interview will last approximately 45 minutes, during which the Contractor interview team will respond to the Government’s questions related to the technical aspects of the Contractor's quote. Contractors will NOT be able to use or present any slides, graphs, charts, or other written presentation materials, including handouts. There will be no follow-up session for further questions after this part of the interview.
The Closing Remarks phase of each interview will last approximately 5 minutes, during which the Contractor may make a short presentation summarizing the Contractor's responses to the Government’s questions.
Interviews will not constitute discussions. Statements made during an interview will not become part of the quote.
Evaluation will be conducted IAW FAR 8.405-2(d). Each submission received by the Government will be evaluated for technical acceptability. Submissions that are determined to not be technically acceptable after the Contractor has been given the opportunity for a clarification will not be evaluated further.
Quotes must be realistic with respect to technical approach, staffing approach, and total price. Quotes that indicate a lack of understanding of the project requirements may not be considered for award. Quotes may indicate a lack of understanding of the project requirements if the staffing plan does not use a realistic mix of labor categories and hours, or if any proposed hourly labor rates are unrealistically high or low.
The Government will evaluate quotes on a competitive, best value basis using a trade-off between technical and price factors. Submissions will be evaluated based on four (4) evaluation factors. These factors are:
(1) technical approach,
(2) staffing approach,
(3) similar experience, and
(4) price.
The three (3) technical, non-price evaluation factors, when combined, are significantly more important than price. The Government may make an award to a Contractor that demonstrates an advantage with respect to technical (at time of award, the awardee’s technical approach will be added to section 2.1 of the Performance Work Statement, Attachment F), non-price factors, even if such an award would result in a higher total price to the Government. The importance of price in the evaluation will increase with the degree of equality between Contractors with respect to the non-price factors, or when the Contractor's price is so significantly high as to diminish the value to the Government of the Contractor's advantage in the non-price factors.
In evaluating a Contractor's technical approach, the Government will consider (a) the quality of the Contractor's plans to provide the open source, agile development services required, (b) the extent of the Contractor's understanding of the details of the project requirements, and (c) the extent to which the Contractor has identified potential obstacles to efficient development, and has proposed realistic approaches to overcome those potential obstacles.
In evaluating a Contractor's staffing approach, the Government will consider (a) the skills and experience of the Key Personnel and other individuals that the Contractor plans to use to provide the required services, (b) the mix of labor categories that will comprise the Contractor's proposed development team, and (c) the Contractor's proposed number of hours of services to be provided by each member of the Contractor's proposed development team.
In evaluating a Contractor's similar experience, the Government will consider the extent to which the Contractor has recently provided software development services for projects that are similar in size, scope, and complexity to the project described in this RFQ, and the quality of those services. In evaluating the quality of those services, the Government will consider, among other things, the revision history for all files in the source code samples provided. In considering a Contractor's similar experience, the Government may also consider information from any other source, including Contractor's prior customers and public websites.
In evaluating a Contractor's price, the Government will consider the total of the Contractor's estimated costs for the development services for the base and two (2) option periods. The Government will also consider the labor mix and level of effort proposed.
Consistent with a T&M contract, the Contractor will be paid using fully burdened hourly rates. The Government intends to evaluate quotes and award based on initial quotes, and therefore the Contractor's initial quote should contain the Contractor's best fully burdened hourly rates.
The not-to-exceed ceiling on this contract will be $744,900 for the base period of performance (FAR 52.232-22 Limitation of Funds applicable) and up to an additional not-to-exceed ceiling of $600,000 for each of the two (2) option periods (FAR 52.232-18 Availability of Funds). Contractors are expected to submit a quote reflective of its solution to fulfill the Government’s requirements.
The Government may require continued performance of any services within the limits and at the rates specified in the task order in accordance with FAR Clause 52.217-8 - Option To Extend Services. For evaluation purposes only, the Government will calculate a price for FAR Clause 52.217-8, Option to Extend Services, by prorating the evaluated pricing for the final performance period for a six-month period. Contractors shall not submit a separate proposed price for the potential extension of services period of up to six (6) months.
This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address(es):
https://www.acquisition.gov/browse/index/far
The following clauses are incorporated by reference and shall be made a part of the resultant task order:
| Clause Number | Title | Date |
|---|---|---|
| 52.204-25 | Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment | Nov 2021 |
| 52.212-4 | Contract Terms and Conditions—Commercial Products and Commercial Services | Dec 2022 |
| 52.217-5 | Evaluation of Options | Jul 1990 |
| 52.232-18 | Availability of Funds | Apr 1984 |
| 52.232-22 | Limitation of Funds | Apr 1984 |
(End of clause)
| Clause Number | Title | Date |
|---|---|---|
| 552.238-115 | Special Ordering Procedures for the Acquisition of Order-Level Materials | Apr 2022 |
| Title | Date | |
|---|---|---|
| A | Security and Privacy Requirements for IT Acquisition Efforts CIO-IT Security-09-48 | April 15, 2021 (or current version) |
| B | Managing Enterprise Cybersecurity Risk CIO-IT Security-06-30 | May 9, 2023 |
| C | CIO 21001N GSA Information Technology Security Policy | September 21, 2022 |
| D | CIO IT Policy Requirements Guide-12-2018 | June 9, 2023 |
| E | Potential Organizational Conflict of Interest: SmartPay Development Services | |
| F | Performance Work Statement | |
| G | Price Worksheet |