ORDER FOR SUPPLIES OR SERVICES (FINAL) 2 3170.01 Joint Capabilities Integration and Development System (JCIDS) CJCSI 6212F.01 Net Ready Key Performance Parameter (KPP), March 21, 2012

1. CONTRACT NO.

N00178-04-D-41242. DELIVERY ORDER NO.

N0017817F30103. EFFECTIVE DATE

2017 May 224. PURCH REQUEST NO.

TBD5. PRIORITY

DO-C96. ISSUED BY CODEN00178 7. ADMINISTERED BY CODE S5111A 8. DELIVERY FOB

NSWC, DAHLGREN DIVISION17632 Dahlgren Road Suite 157Dahlgren VA 22448-5110Alexander C Del Guidice/0251540-653-4402

DCMA HAMPTON2000 Enterprise Parkway, Suite 200Hampton VA 23666

SCD: C DESTINATION

OTHER

(See Schedule if other)

9. CONTRACTOR CODE1R5Z0 FACILITY 10. DELIVER TO FOB POINT BY (Date)

See Schedule11. X IF BUSINESS IS

SimVentions11905 Bowman Drive, Suite 502Fredericksburg VA 22408-7307

X SMALL

12. DISCOUNT TERMS

Net 30 DaysWIDE AREA WORK FLOW

SMALLDISADVANTAGED

WOMEN-OWNED

13. MAIL INVOICES TO THE ADDRESS IN BLOCK

See Section G14. SHIP TO CODE 15. PAYMENT WILL BE MADE BY CODE HQ0338 MARK ALL

PACKAGES ANDPAPERS WITH

IDENTIFICATIONNUMBERS IN

BLOCKS 1 AND 2.

See Section D DFAS Columbus Center,South Entitlement OperationsP.O. Box 182264Columbus OH 43218-2264

16.TYPE

OFORDER

DELIVERY/CALL

XThis delivery order/call is issued on another Government agency or in accordance with and subject to terms and conditions of numbered contract.

PURCHASE

Reference your furnish the following on terms specified herein.

ACCEPTANCE. THE CONTRACTOR HEREBY ACCEPTS THE OFFER REPRESENTED BY THE NUMBERED PURCHASE ORDER AS IT MAY PREVIOUSLYHAVE BEEN OR IS NOW MODIFIED, SUBJECT TO ALL OF THE TERMS AND CONDITIONS SET FORTH, AND AGREES TO PERFORM THE SAME.

SimVentions Troy Sizemore Contracts Administrator

_____________________________________ _____________________________________ ______________________________________________ ____________________________NAME OF CONTRACTOR SIGNATURE TYPED NAME AND TITLE DATE SIGNED

(YYYYMMDD)

If this box is marked, supplier must sign Acceptance and return the following number of copies:

17. ACCOUNTING AND APPROPRIATION DATA/LOCAL USE

See Schedule18. ITEM NO. 19. SCHEDULE OF SUPPLIES/SERVICES 20. QUANTITY

ORDERED/ACCEPTED *

21. UNIT 22. UNIT PRICE 23. AMOUNT

See Schedule

*If quantity accepted by the Government is sameas quantity ordered, indicate by X. If different,enter actual quantity accepted below quantityordered and encircle.

24. UNITED STATES OF AMERICA 25. TOTAL

26.DIFFERENCES

BY: /s/Charles E Thompson, Jr. 05/22/2017CONTRACTING/ORDERING OFFICER

27a. QUANTITY IN COLUMN 20 HAS BEEN

INSPECTED RECEIVEDACCEPTED, AND CONFORMS TOTHE CONTRACT EXCEPT ASNOTED: ___ ___________________________________________________

b. SIGNATURE OF AUTHORIZED GOVERNMENT REPRESENTATIVE c. DATE d. PRINTED NAME AND TITLE OF AUTHORIZED GOVERNMENTREPRESENTATIVE

e. MAILING ADDRESS OF AUTHORIZED GOVERNMENT REPRESENTATIVE 28. SHIP NO. 29. D.O. VOUCHER NO. 30. INITIALS

PARTIAL 32. PAID BY 33. AMOUNT VERIFIED CORRECTFOR

f. TELEPHONE g. E-MAIL ADDRESS FINAL

31. PAYMENT 34. CHECK NUMBER36. I CERTIFY THIS ACCOUNT IS CORRECT AND PROPER FOR PAYMENT. COMPLETE

a. DATE b. SIGNATURE AND TITLE OF CERTIFYING OFFICER PARTIAL 35. BILL OF LADING NO.

FULL

37. RECEIVED AT 38. RECEIVED BY (Print) 39. DATE RECEIVED 40. TOTALCON-TAINERS

41. S/R ACCOUNT NUMBER 42. S/R VOUCHER NO.

DD FORM 1155, DEC 2001 PREVIOUS EDITION IS OBSOLETE.

ORDER FOR SUPPLIES OR SERVICES (FINAL) PAGE 1 OF

2

GENERAL INFORMATION

The following are incorporated into the award:

1) General Information: Removed the solicitation amendment details and solicitation overview.

2) Section B: Populated the Fee Rate Table

3) Section F: Entered the Period of Performance Dates and removed the estimated start date

4) Section G: Filled in the respective Contracting Officer Representative and Administrative Contracting OfficerAlternate Contracting Officers Representative (ACOR) is currently left blank.

5) Section G: Completed Consent to Subcontract

6) Section G: Completed 252.232-7006 Wide Area Workflow Payment Instructions

7) Section G: Provided an increment of funds

8) Section H: Completed the Funding Profile reflective of an increment of funds at award.

9) Section H: Completed the Allotment of Funds Table

10) Section H: Completed 5252.216-9122 Level of Effort – Alternative 1

11) Section H: Completed the Savings Initiatives Clause

12) Section J: Final DD Form 254 has been attached.

13) Section J: COR Appointment letter has been attached.

14) Section J: Exhibit A, CDRLS have been attached.

15) Section J: ACRN Award Sheet has been attached

CONTRACT NO.

N00178-04-D-4124 DELIVERY ORDER NO.

N0017817F3010 PAGE

2 of 2 FINAL

SECTION C DESCRIPTIONS AND SPECIFICATIONS

SECTION C – DESCRIPTIONS AND SPECIFICATIONS

CYBERSECURITY ENGINEERING STATEMENT OF WORK (SOW)

C.1 BACKGROUND / PURPOSE / SCOPE

C.1.1 Background: Naval Surface Warfare Center Dahlgren Division (NSWCDD) and CombatDirection Systems Activity, Dam Neck (CDSADN) provides research, development, test andevaluation, analysis, systems engineering, integration, and certification of complex naval warfaresystems. CDSADN is located in a major fleet concentration area, which enables it to leverage its’unique laboratories and facilities for readiness and training systems. CDASDN's work is focusedon providing engineering, acquisition, logistical, and cybersecurity support to the Navy, MarineCorp, Special Warfare Coalition, and Joint Forces.

With the growing number of breaches of tactical and non-tactical computer systems there is anincreasing need to focus on the engineering aspects of cybersecurity. To date, cybersecurity hasbeen approached through a compliance-based accreditation model and this has not addressedsignificant shortcomings and vulnerabilities in the security of naval warfare systems and otherservice warfare systems. Cybersecurity requirements must be included during the design anddevelopment phases of systems acquisition to ensure they are secure and cyber-resilientthroughout their life-cycle. Additionally, previously designed and fielded systems must beevaluated on an engineering basis to determine potential changes to their design or supportabilityapproaches.

C.1.2 Purpose: This contract provides cybersecurity engineering support to NSWCDD andCDSADN.

C.1.3 Scope: NSWCDD and CDSADN has a requirement for cybersecurity engineering servicesthat includes requirements analysis, secure design, test and evaluation, systems analysis andassessment, and life-cycle management. This Statement of Work (SOW) defines theserequirements across the Systems Engineering V Model to clearly articulate the need forcybersecurity engineering within all stages of the system life cycle.

C.2 APPLICABLE DOCUMENTS

A list of applicable documents (to include references therein) is listed below, but may beexpanded upon as cybersecurity doctrine and policy evolve.

Title 40, Subtitle III, Clinger-Cohen Act of 1995

Title 44, Chapter 35, Subchapter III, Federal Information Security Management Act (FISMA)

DoD Cyberspace Workforce Strategy, 04 December, 2013

DoDD 5000.01 The Defense Acquisition System DoDI 5000.02 Operation of the DefenseAcquisition System, 07January, 2015

CONTRACT NO.


N0017817F3010 PAGE

5 of 101 FINAL

Intelligence Community Directive (ICD-503) of September 2008

DOT&E Memo of 01August 2014, Procedures for Operational Test and Evaluation ofCyberSecurity in Acquisition Programs

DoDI 8500.01, Cybersecurity of 14 March 2014

DoDI 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT) of12 March 2014

DoD 8570.01-M, Information Assurance Training, Certification, and Workforce ImprovementProgram, December 19, 2005 (w/Change 4, January, 10 2015)

DoDD 8140.01: Cybersecurity Workforce Management, August 11, 2015

CJCSI 3170.01 Joint Capabilities Integration and Development System (JCIDS)

CJCSI 6212F.01 Net Ready Key Performance Parameter (KPP), March 21, 2012

CJCSI 6510.01F Information Assurance (IA) and Computer Network Defense (CND), February9, 2011

SECNAV M-5239.1 Navy Information Assurance (IA) Program, November 2005

SECNAV M-5239.2 Navy Information Assurance (IA) Workforce Management Manual ToSupport The IA Workforce Improvement Program, May 2009

SECNAV INSTRUCTION 5239.20A, DoN Cyberspace IT and Cybersecurity WorkforceManagement and Qualification, May 10. 2016

SECNAV INSTRUCTION 5239.3B, DoN Information Assurance Policy

SECNAVINST 5510.36A Department of the Navy Information Security Program 6 October2006

NAVSEA INSTRUCTION 9400.2A, Implementation of Naval Sea Systems Command(NAVSEA) Afloat Information Assurance (IA) Governance and Guidance

NAVSEAINSTRUCTION 9400.2-M, NAVSEA Afloat IA Implementation Manual, September2011

Department of Defense/Defense Information Systems Agency (DISA) Security TechnicalImplementation Guides (STIGs)

DON CIO Qualification Standards and Registration Procedures for Navy Validators of 10 March2010

NIST 800-30 Rev. 1: Guide for Conducting Risk Assessments, September 2012

NIST 800-34 Rev. 1: Contingency Planning Guide for Federal Information Systems, May 2010

CONTRACT NO.


N0017817F3010 PAGE

6 of 101 FINAL

NIST 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems andOrganizations, April 2013

NIST 800-82 R2 May 2015, Guide to Supervisory Control and Data Acquisition (SCADA) andIndustrial Control Systems Security

Committee on National Security Systems (CNSS) Instruction No. 4009, National InformationAssurance (IA) Glossary, April 26, 2010

C.3 REQUIREMENTS

This SOW describes the tasks required of the Contractor to support cybersecurity engineeringservices for NSWCDD and CDSADN. Some of these requirements have the potential to requireTS/SCI access since personnel may be working in designated areas or on tasking that requires thatlevel of clearance. SIPRNet capability will be required at some point during the execution of thiscontract. Specific use requirements and numbers of workstations will be dependent on assigned

technical instruction(s). Tasking is defined in the following areas:

Systems Analysis (C.3.1)Systems Engineering (C.3.2)Requirements Development and Analysis (C.3.3)System Development (C.3.4)Test and Evaluation (C.3.5)System Deployment (C.3.6)Cybersecurity Compliance (C.3.7)System Security Architecture (C.3.8)

C.3.1 Systems Analysis: The contractor shall conduct systems analysis to determine andidentify problems and to ensure applicable security models are being deployed within theapplication or system. Problem solving techniques shall be used to decompose a system into itssubsystems and component pieces and determine how well the subsystems and componentsemploy security protocols individually and while interacting. The Contractor shall research,interpret, recommend and establish security technologies to assist with the development anddeployment of secure systems.

The Contractor shall analyze designated systems to ensure Software Assurance (SwA) andsecurity engineering methodologies are properly implemented. The Contractor shall analyzesystems and applications to ensure best practices and viable SwA measures focusing on themanagement of risk and assurance of safety, security, and dependability within the context ofsystem and software life cycles are implemented.

The Contractor shall perform risk analysis (i.e., threat vulnerability, and probability ofoccurrence) whenever an application or system undergoes a major change. The Contractor shallperform penetration testing for new and updated applications. The Contractor shall applydefensive functions (e.g. encryption, access, control, and identity management) to reduceexploitation opportunities of supply chain vulnerabilities. The Contractor shall assist with code

CONTRACT NO.


N0017817F3010 PAGE

7 of 101 FINAL

analysis, code reviews, and software design reviews. The Contractor shall perform securityprogramming and identify potential flaws in codes to mitigate vulnerabilities.

The Contractor shall assist with ensuring a robust hardware assurance process by analyzingdefensive measures (i.e.: encryption, access control, and identity management) implemented toreduce the exploitation opportunities of supply chain vulnerabilities, such as counterfeit ormalicious hardware systems. The Contractor shall develop and document supply chain risks forcritical systems elements.

The Contractor shall assist in designing, analyzing, and assessing network architectures to ensurethe network and network devices are of sufficient cybersecurity resiliency to meet the system'soperational requirements.

The Contractor shall identify Cross Domain Interface (CDI) security issues and recommendsolutions to resolve them. The Contractor shall engage Navy Cross Domain Solution Office(NCDSO) for approval of CDI solutions. Additionally, the Contractor shall draft alldocumentation, test plans and evaluations to support Cross Domain Technical Advisory Board(CD TAB) and Defense IA/Security Accreditation Working Group (DSAWG) approval.

The contractor shall perform technology research and development assessments and integrationof technical and non-technical controls and requirements (i.e. vulnerability assessment, securecode review, and administrative procedures). The Contractor shall develop, support, andevaluate prototype capabilities from a cybersecurity engineering perspective. The Contractorshall provide security assessment reports that include administrative deficiencies, operationaldiscrepancies, attack methods and points of entry into the system and suggest mitigations. TheContractor shall utilize security assessment tools agreed to by the Government.

CDRLs A001, A002, A003, A004, A005, A006, A007, A008, A009, A010 apply.

C.3.2 Systems Engineering: The Contractor shall provide Systems Engineering services thatfocus on the cybersecurity domain to ensure systems are designed and deployed with fullconsideration of cybersecurity high-level guidance and policy, best practices, and state-of-the-arttechnology. The Contractor shall provide services necessary to ensure cybersecurity solutionsbalance system performance, cost, schedule, and risk.

The Contractor shall assist in the development of system Program Protection Plans (PPP) toensure that technology, components, and information are adequately protected throughout theacquisition process during design, development, delivery and sustainment. The Contractor shallemploy systems engineering best practices and prepare PPPs to guide efforts to manage the risksto critical program information and mission-critical functions and components associated with theprogram.

The Contractor shall assist with establishing and maintaining configuration management ofcybersecurity solutions and system configurations, specifications, and procedures. TheContractor shall maintain technical data that defines product and systems cybersecurity baselinesto reflect approved Engineering Change Proposals (ECPs), implementing their effects on technical

CONTRACT NO.


N0017817F3010 PAGE

8 of 101 FINAL

manuals and preventive/corrective maintenance documentation.

CDRLs A001, A002, A003, A004, A005, A007, A008, A009, A010, A011, A012 apply.

C.3.3 Requirements Development and Analysis: The Contractor shall assist with thegathering, evaluation and translation of functional performance of cybersecurity controls andrequirements to ensure all are properly documented, actionable, measurable, testable, traceableand sufficiently defined to support system design.

The Contractor shall document cybersecurity functional and performance requirements inappropriate system documents in order to establish a baseline to build and manage changes to thesecurity posture of the system.

The Contractor shall conduct analysis and revision of system-level requirements to ensureappropriate and effective cybersecurity controls and requirements are included and satisfyhigh-level cybersecurity policy and guidance.


C.3.4 System Development: The Contractor shall assist in the identification, design, anddevelopment of cybersecurity methodologies and engineering efforts utilizing scientific methodsin accordance with best practices, policies, and guidance to develop material solutions that willfill capability gaps within the cybersecurity discipline.

The Contractor shall implement cybersecurity best practices per the National Security Agency(NSA) and the Defense Information Systems Agency (DISA) Security Technical ImplementationGuides (STIG’s) for all aspects of system architecture in the accreditation boundary includingoperating systems (OS) and network interconnects. The Contractor shall perform securityreviews, identify gaps in security architecture, and develop security risk management plans.

The Contractor shall assist in the design, development and security of platform and computingenvironments by mapping requirements to architecture, documenting system policies and plans,and generating platform baselines from a functional perspective. The Contractor shall supportdevelopment of network-based architecture where enclaves can be used to develop, test andcertify systems in a controlled environment.

The Contractor shall provide support in the development of program documentation that detailsthe design of the system. This effort includes, but is not limited to program Information SupportPlan (ISP), Department of Defense Architecture Framework (DoDAF) Views, network designtools, and systems drawings.

The Contractor shall support the development of a strategic cybersecurity framework byconducting research and development (R&D) that focuses on the identification, disclosure andmitigation of existing cybersecurity deficiencies, analysis of emerging threats and timely deliveryof security solutions for tactical systems. The Contractor shall also research, recommend andsupport the development of tactics, techniques and procedures (TTPs), security related tools andnew technologies to enable robust cybersecurity and resilience.

CONTRACT NO.


N0017817F3010 PAGE

9 of 101 FINAL

CDRLs A001, A002, A003, A004, A005, A007, A008, A009, A010 apply.

C.3.5 Test and Evaluation: The contactor shall develop and conduct tests of systems toevaluate compliance with cybersecurity specifications and requirements by applying principlesand methods for cost-effective planning, evaluating, verifying, and validation (with oversight anddirection from the Government), of technical, functional, and performance characteristics(including interoperability) of systems or elements of systems incorporating IT.

The Contractor shall support the on-site test and evaluation of systems in their actual orsimulated operational environments to determine the effectiveness of cybersecurity controls,designs, solutions, devices, processes, and procedures on system security and cyber resilience.

The Contractor shall support technical processes and technical management processes in supportof comprehensive test and evaluation associated with the following areas: Test support, Fleetengineering support, and Operational verification of installations. Test and evaluation efforts shallsupport the larger verification and validation processes (with oversight and direction from theGovernment), and include support efforts for Developmental Test & Evaluation (DT&E),Operational Test & Evaluation (OT&E), and Environment Qualification Testing (EQT) of new orupgraded systems and components, to be in compliance with the Director of Operational Test &Evaluation (DOT&E) direction and guidance.

The Contractor shall develop and conduct systematic measurable technical assessments ofsystems by manual and automated methods. The assessments shall include performing securityvulnerability scans, reviewing application and operating system access controls, and analyzingphysical access to the systems. The Contractor shall conduct automated assessments to includesystem generated audit reports or using software to monitor and report changes to files andsettings on host computers, servers, network routers and switches.

The Contractor shall assist with the development, writing, and modifying of cybersecurity testplans, procedures, and processes to support the cybersecurity test and evaluation of systems.

CDRLs A001, A002, A003, A004, A005, A006, A007, A008, A009, A010, A013, A014, A015,A016 apply.

C.3.6 System Deployment: The Contractor shall provide support in the production,deployment, and sustainment of systems by developing strategies for assessing and rectifyingcybersecurity deficiencies, whether they be design related or emergent (due to an adaptivethreat). The Contractor shall provide services to include support for lifecycle Assessment andAuthorization (A&A), robust risk assessment and management strategies, and a security patchmanagement process.

The contractor shall provide System Administration (Sys Admin) services for cybersecuritylaboratories, research and development laboratories, and shore based test and developmentlaboratories. The Contractor shall also provide System Administration to shipboard anddeployed and shipboard systems to ensure the systems are secure.

The Contractor shall provide support in development, presentation and documentation of

CONTRACT NO.


N0017817F3010 PAGE

10 of 101 FINAL

cybersecurity training materials for system stakeholders.

The Contractor shall develop and conduct systematic measurable technical assessments ofsystems by manual and automated methods. The assessments shall include performing securityvulnerability scans, reviewing application and operating system access controls, and analyzingphysical access to the systems. The Contractor shall conduct automated assessments to includesystem generated audit reports or using software to monitor and report changes to files andsettings on host computers, servers, network routers and switches.

The Contractor shall support the acquisition, scheduling, testing, and installation ofcybersecurity system updates and application patches to produce the enhanced security desiredwithout adversely affecting the performance functional capabilities of the system. TheContractor shall support re-certification of systems as required to meet safety, performance, andfunctional policy, guidance, and direction.

CDRLs A001, A002, A003, A004, A005, A006, A007, A008, A009, A010, A013, A014, A015,A016, A017 and A018 apply.

C.3.7 Cybersecurity Compliance: The Contractor shall assist with the interpretation of andadherence to written policy, to include implementation. The Contractor shall provide inputs todraft policy for the Government’s consideration.

The Contractor shall validate that system designs and the associated data in the system complywith applicable DoD Security Classification Guides (SCGs) and marking practices. TheContractor shall provide support by drafting specific sections of a comprehensive RMF Package(CDRL A006) that are required to be researched, produced, and reviewed following the DoDI8510.01 - Risk Management Framework (RMF) for DoD Information Technology (IT), NISTSpecial Publication 800-37 (Guide for Applying the Risk Management Framework to FederalInformation Systems) and other guidance. The Contractor shall produce artifacts to support allaspect of Assessment and Authorization (A & A) in accordance with the most recent DoD andDoN guidance, regulations, and policy.

CDRLs A001, A002, A003, A004, A005, A006, A007, A008, A009, A010, A013, A014, A015,A016 apply.

C.3.8 System Security Architecture: The Contractor shall assist in developing systemconcepts and work on the capabilities phases of the systems development lifecycle; translatetechnology and environmental conditions (e.g., law and regulation) into system and securitydesigns and processes. The Contractor shall provide input to the Risk Management Frameworkprocess activities and related documentation (e.g., system life-cycle support plans, concept ofoperations, operational procedures, and maintenance training materials). The Contractor shalldesign countermeasures and mitigations against potential exploitation of programming languageweaknesses and vulnerabilities in system and elements.


C.4 GOVERNMENT FURNISHED ITEMS

CONTRACT NO.


N0017817F3010 PAGE

11 of 101 FINAL

(a) Government Furnished Property (GFP) will be issued to the Contractor

(b) The Contractor shall maintain and report the inventory of GFP (CDRL A003) issued tothem.

(c) The specific format will be addressed at the Task order Kick-Off meeting.

(d) The specific format shall be pre-approved by the COR and Contracting Officer.

C.4.1 Government Provided Space: The Government shall make CDSADN Governmentspaces available to Contractor personnel for the labor categories indicated in the chart below.

Location # of Persons Labor Category

CDSADN 1 Senior Systems Engineer

CDSADN 1 Intermediate Systems Engineer

CDSADN 1 Senior Cybersecurity Engineer

CDSADN 2 Intermediate Cybersecurity Engineer

CDSADN 1 Senior Test and Evaluation Specialist

CDSADN 2 Intermediate Test and Evaluation Specialist

CDSADN 2 Computer Lab Technician

Each on-site Contractor will have:

1 desk1 phone line1 NMCI computerAccess as required to local RDT&E networks, SIPR, NSAnet, and JWICS.

C.4.2 Contract Personnel Administration: When on-site in Government office spaces,laboratories, test facilities, or ship assets, Contractor employees shall be clearly identified as aContractor (e.g. utilizing badge identifications and sign identifications in office spaces). Inaddition, Contractor employees shall identify themselves as Contractor personnel whenanswering telephones and sending emails. Contractor personnel cannot lead/manage/superviseGovernment personnel. Contractor program /project managers shall be clearly identified andknown as such by Government employees. As circumstances permit, periodic meetings shall beconducted between the COR and the Contractor organization program manager/project manager.

CONTRACT NO.


N0017817F3010 PAGE

12 of 101 FINAL

C.4.3 Identification Badges: The Contractor shall be required to obtain identification badgesfrom the Government for all Contractor personnel requiring regular access to Governmentproperty. The identification badge shall be visible at all times while employees are onGovernment property. The Contractor shall furnish all requested information required tofacilitate issuance of identification badges and shall conform to applicable regulations concerningthe use and possession of the badges. The Contractor shall be responsible for ensuring that allidentification badges issued to Contractor employees are returned to the appropriate SecurityOffice within 48 hours following completion of the Task Order, relocation or termination of anemployee, and upon request by the Procuring Contracting Officer.

C.5 OTHER DIRECT COST FOR MATERIALS

During the performance of this Task Order it may be necessary for the Contractor to procurematerials or equipment (hereafter referred to as “materials”) to respond to the missionrequirements listed in the SOW. This Task Order is a service contract and the procurement costof material, of any kind, that is not incidental to, and necessary for, the contract performancemay be determined unallowable costs pursuant to FAR (Federal Acquisition Regulation) Part 31.

The term “material” means property that may be consumed or expended during the performanceof a contract, component parts of a higher assembly, or items that lose their individual identitythrough incorporation into an end-item.

The term "equipment" means a tangible item that is functionally complete for its intendedpurpose, durable, nonexpendable, and needed for performance of a contract. Equipment is notintended for sale, and does not ordinarily lose its identity or become a component part of anotherarticle when put into use. Equipment does not include material, real property, special testequipment or special tooling.

"Government property" means all property owned or leased by the Government. Governmentproperty includes both Government-furnished and Contactor-acquired property. Governmentproperty includes material, equipment, special tooling, special test equipment, and real property.Any material acquired by the Contractor is subject to the requirements of the FAR and DFARS(Defense Federal Acquisition Regulations System). Charges related to materials costs mayinclude general and administrative (G&A) expenses but shall not include fee or profit.

C.5.1 Costs Expressly Not Allowed for Direct Charge

The costs of general purpose business expenses required for the conduct of normal businessoperations will not be considered allowable direct costs in the performance of the contract unlesssupported by the Defense Contract Management Agency (DCMA) as a procedure of theContractor's accounting procedures. General purpose business expenses include but are notlimited to the costs for items such as telephones (including cell phones) and telephone charges,copy machines, word processing equipment, personal computers, other office equipment andsupplies.

C.5.2 List of Materials Approved for Purchase

CONTRACT NO.


N0017817F3010 PAGE

13 of 101 FINAL

If the Contractor operates a DCMA or Defense Contract Audit Agency (DCAA) approved purchasing system, individual purchases equal to or over shall not be executed until the COR reviews the requested purchase and approval is obtained from the Procuring Contracting Officer (PCO). If the Contractor does not operate a DCMA or DCAA approved purchasing system, purchases equal to or over shall not be executed until the COR reviews the requested purchase and approval is obtained from PCO. No purchases of any amount shall be executed by a subcontractor if they do not have a DCMA or DCAA approved purchasing system.

C.5.3 Materials List

The materials and equipment contained in the following list are authorized for purchase once theContractor has complied with approval requirements as stated in sections C.5.2 above and C.5.4and C.5.5 below.

1. Software Tools – such as Wind River VxWorks, Red Hat Enterprise Linux, McAfee VirusScanEnterprise, Collabnet Subversion Edge, etc.

2. Software Licenses – such as RedHat Licenses, Oracle Licenses, McAfee Viruscan Licenses,IBM Rational Requisite Pro, etc.

3. Hardware and software products to support testing – such as Servers, Laptop computers,Circuit Card Adapters (CCA), Virtual Machine Environment (VME) Chassis, Hard Drives, I/OSwitches KVM (Key Board Video Mouse), Black Boxes),etc.

4. Cybersecurity Engineering, Test and Evaluation, and Analysis applications and tools, such asCore Impact, Metasploit, Splunk, Wireshark, ACAS (Assured Compliance AssessmentSolution), NMAP (Network Mapper), etc.

C.5.4 Required Approvals

Prior written approval from the PCO shall be required for all purchases of materials under thefollowing circumstances:

(a) If the Prime Contractor or subcontractor possesses an approved purchasing system, thefollowing applies:

(1) A purchase of materials, from the list at Section C.5.3, that equals or above may NOT be executed unless the COR reviews the proposed purchase and the PCO issues written approval.

(2) A purchase of materials, from the list at Section C.5.3, less than may be executed with COR review and written approval. PCO approval is not required.

(3) An approved Information Technology Procurement Request (ITPR) is required for applicableIT procurements prior to purchase. All IT procurements shall have the COR review and writtenapproval.

CONTRACT NO.


N0017817F3010 PAGE

14 of 101 FINAL

(b) If the Prime Contractor does not possess an approved purchasing system, the following

applies:

(1) A purchase of materials, from the list at Section C.5.3 above, less than per individual

purchase may be executed with COR review and written approval. PCO approval is not required.

(2) A purchase of materials, from the list at Section C.5.3 above, that equals or exceeds per

individual purchase may NOT be executed unless the COR reviews the proposed purchase and

the PCO issues written approval.

(c) Separate multiple purchases of amounts valued below those thresholds stated in this section

shall not be submitted to circumvent the COR and PCO review and approval procedure. Splitting

purchase requirements to defeat purchasing thresholds shall not be approved.

C.5.5 Procedure for Obtaining COR and PCO Approval

To obtain COR and/or PCO approval, the Contractor shall do the following:

(a) Submit a written request for purchase of materials to the COR through e-mail. The COR shall

review the request. If it is in accordance with C.5.4 above and requires PCO approval, the COR

shall submit the request via the Contract Specialist to the PCO for review and approval.

(b) Minimum requirements for a written request for purchase are as follows:

(1) Description of the material to be purchased

(2) Quantity

(3) Unit and total cost

(4) Delivery/freight charges

(5) Any associated service charges such as assembly, configuration, packing, etc.

(6) An explanation of the need for the material

(7) Copy of the competitive quotes received from potential suppliers

(8) The basis for the selection of the selected supplier

(9) Explanation of the determination of price reasonableness regarding the selected supplier cost

(10) If the procurement is sole sourced to a particular supplier or manufacturer, include the

rationale for limiting the procurement to that supplier or manufacturer (seek assistance from

Contract Specialist for guidance, if needed).

(c) Once the COR and/or PCO have reviewed the request, the Government shall notify the

Contractor of the outcome. Issues or details may be discussed with the Contract Specialist acting

on behalf of the PCO until a final Government determination is made as to whether to approve,

modify, or reject the purchase.

CONTRACT NO.


N0017817F3010 PAGE

15 of 101 FINAL

C.5.6 Property Management System

The Contractor is required to possess and maintain a property management system. The systemmust track all materials and ODC's associated with this Task Order.

C.5.7 Disposition of Materials

Upon completion of the period of performance, all material associated with this contract that ispurchased by the Contractor and not depleted during the performance of the contract shallbecome the property of the Federal Government. The Contractor shall transfer all materials, notdepleted, to the COR by way of a Material Inspection and Receiving Report (DD Form 250).The Contractor’s Monthly Progress Report shall include a complete list of all material purchasedto date under the Task Order.

C.5.8 Information Technology (IT) Resources

IT Resources shall not be purchased unless DoD and Navy purchasing procedures have beensatisfied and approvals obtained. IT resources include personal computers (PC’s), laptops,printers, software, servers, hubs, routers, phones, fax machines, and any related maintenance,telecommunications, training, or other support services. All IT Resource Other Direct CostPurchases require COR and PCO approval regardless of the dollar value associated with thepurchase.

C.5.9 Equipment, Material, and Consumables

This Task Order is issued as a services contract and the procurement of materials of any kindthat are not directly related to and necessary for performance may be determined to beunallowable costs pursuant to FAR Part 31. Materials allowed as direct charge and approved forpurchase during the performance of this Task Order are as stated in Section C.5.

C.6 CONTRACTOR-FURNISHED MATERIALS

The tools and equipment needed to complete this order are considered to be common tools and/orequipment of the trade and shall be supplied by the Contractor except for specific items listed asGFE.

C.7 TRAVEL

The Contractor may be required to travel in performance of this Task Order. This travel may beCONUS (Continental U.S.) or OCONUS (Outside the Continental U.S.) and shall bepre-approved by the Contracting Officer’s Representative (COR). The numbers of trips andtypes of personnel traveling shall be limited to the minimum required to accomplish workrequirements and shall be coordinated with the COR. All travel under this effort must berequested to the COR, in writing or by electronic mail, and must show the appropriate ordernumber, the number of people traveling, the number of days for the trip, the reason for the travel,and any high cost or unusual costs expected. Travel costs shall be in accordance with FAR31.205-46. Representative locations include:

CONTRACT NO.


N0017817F3010 PAGE

16 of 101 FINAL

Virginia Beach, VA Orlando, FL

Norfolk, VA Eglin, FL

Wallops, Island, VA Marinette, WI

Dahlgren, VA Bethesda, MD

Washington, DC Indian Head, MD

Moorestown, NJ Mobile, AL

Carderock, MD Huntsville, AL

Newport, RI Clinton, TN

Groton, CT San Diego, CA

Kingsland, GA Port Hueneme, CA

Pittsfield, MA Corona, CA

Lexington, MA Honolulu, HI

Pocasset, MA Guam

Panama City, FL Singapore

Jacksonville, FL

The Contractor shall submit trip reports following any travel under this effort. (CDRL A003)

C.8 SKILLS AND TRAINING

The Contractor shall provide capable personnel with qualifications, experience levels, securityclearances, and necessary licenses, certifications, and training required by Federal, State, andLocal laws and regulations. Information assurance functions require certifications specified inDFARS 252.239-7001 INFORMATION ASSURANCE CONTRACTOR TRAINING ANDCERTIFICATION. Training necessary to ensure that personnel performing under this TaskOrder maintain the knowledge and skills to successfully perform the required functions is theresponsibility of the Contractor. Training necessary to maintain professional certification is theresponsibility of the Contractor. Only training costs associated with the Government mandatorytraining of Contractor personnel will be reimbursed. The title of the event is irrelevant(conference, seminar, symposium, etc.). If there is a fee charged to participate, it is consideredtraining and will not be reimbursed.

C.9 TRANSPORTATION OF EQUIPMENT/MATERIAL: The shipment of both Governmentand Contractor furnished items are required for the performance of this order. Typical itemsinclude any or all of the below:

Documentation

Test equipment

Tools

C.9.1. Packing and packaging shall be as specified in the contract. Shipments weighing less than25 pounds shall be shipped by any expedient method including overnight air express; shipmentsweighing 25 pounds and greater shall be shipped surface freight. Written requests (including

CONTRACT NO.


N0017817F3010 PAGE

17 of 101 FINAL

electronic mail) for exception will be approved by the COR (information copy to the SubjectMatter Expert (SME)) on a case by case basis. Classified items shall be protected in accordancewith the Industrial Security Manual.

C.9.2. All Government property being received by the Contractor and all Government propertybeing transferred from Contractor custody shall be documented on a DD Form 1149. NoGovernment property shall be accepted or transferred without a DD Form 1149.

C.10 MANDATORY REQUIREMENTS

Mandatory requirements must be maintain throughout the life of the Task Order. The mandatoryrequirements are as follows:

Requirement 1: Facility Location.

The Contractor shall have and maintain a facility to serve as the principal place of performancewithin 60 miles commuting distance of CDSADN and a remote site within 60 miles commutingdistance of Dahlgren, VA.

Requirement 2: Facility Security Clearance

The Contractor’s facilities must be cleared at the SECRET level for both processing and storageof data.

Requirement 3: Personnel Security Requirements.

All personnel performing classified tasks under this contract must be U.S. citizens and mustpossess at a minimum a SECRET clearance. If access to NSANet and JWICS is required theemployee must be at minimum of TS/SCI Eligible.

Requirement 4:Training Certifications/Licenses.

Contractors performing Cybersecurity/IA (Information Assurance) functions on DoD systemsmust meet the qualification requirements established in the DoD 8570.01-M/DoD 8140, andfollow-on guidance for the appropriate category and function level in which they are performing.The policy defines Cyber Security/IA workforce members as anyone with privileged access toinformation system and performing IA/Cybersecurity functions. The requirements applywhether the duties are performed full-time, part-time, or as an embedded duty. All Contractorsbrought on to a DoD contract performing Information Assurance Manager (IAM), InformationSystems Security Manager (ISSM), Information Assurance Technician (IAT), InformationAssurance System Architect and Engineer (IASAE), and Computer Network Defense ServiceProvider (CND SP) functions after 31Dec2011 must meet the baseline certification requirementprior to assignment of IAM, ISSM, IAT, IASAE, and CND SP job functions. Cybersecurity/IAcertifications must be obtained for all personnel supporting this contract and documentation mustbe provided to the Contracting Officer prior to working on this contract.

C.11 SECURITY

CONTRACT NO.


N0017817F3010 PAGE

18 of 101 FINAL

All personnel performing tasks under this task order shall possess, at minimum, a DoD IndustrialSecurity Clearance of SECRET. Interim clearances are acceptable (See note under Requirement 3above). Access to classified spaces and generation of classified material shall be in accordancewith DD Form 254. The Department of Defense Contract Security Classification Specification(DD Form 254) provides the security classification requirements for this task order. TheContractor shall obtain facility and personnel security clearances as required by the Departmentof Industrial Security Program prior to starting to work on tasks requiring clearances

(a) Contractor requests for visit authorizations shall be submitted in accordance with DoD5520.22M (National Industrial Security Program Operating Manual”, as early as practicable andnot later than three working days prior to visit (except in cases of urgency). When a contractualrelationship exists, original requests shall be delivered to the Security Officer of the activity beingvisited. When a contractual relationship does not exist, original requests shall be delivered to theSecurity Officer of the activity being visited via the COR for endorsement of need-to-know.

(b) Visit requests for subcontractors shall be submitted to the appropriate Contractor FacilitySecurity Officer (FSO) for certification on need to know, when applicable.

C.11.1 Information Security and Computer System Usage: In accordance with U.S. Navypolicy, any personnel, including the Contractor, who utilizes DoD-owned systems, shall assumeresponsibility for adherence to restrictions regarding internet and e-mail usage. Navy policyprohibits racist, sexist, threatening, pornographic, personal business, subversive or politicallypartisan communications. All personnel, including the Contractor, are accountable and must actaccordingly. DoD computer systems are monitored to ensure that the use is authorized, tofacilitate protection against unauthorized access, and to verify security procedures, survivabilityand operational security. During monitoring, information may be examined, recorded, copied, andused for authorized purposes. All information, including personal information, placed on or sentover a DoD system may be monitored. Use of a DoD system constitutes consent to monitoring. Unauthorized use may result in criminal prosecution. Evidence of unauthorized use collectedduring monitoring may be used as a basis for recommended administrative, criminal or adverseaction. The use of Contractor owned computer equipment in Government spaces must receiveprior approval through the Government Information Assurance Manager.

C.11.2 Electronic Spillages:

C.11.2.1: Electronic Spillages (ES) are unacceptable and pose a risk to national security. Anelectronic spillage is defined as classified data placed on an information system (IS), media orhardcopy document possessing insufficient security controls to protect the data at the requiredclassification level, thus posing a risk to national security (e.g., sensitive compartmentedinformation (SCI) onto collateral, Secret onto Unclassified, etc.). The Contractor's performanceas it relates to ES will be evaluated by the Government. ES reflects on the overall securityposture of CDSADN and a lack of attention to detail with regard to the handling of classifiedinformation of IS security discipline and will be reflected in the Contractor's performance rating. In the event that a Contractor is determined to be responsible for an ES, all direct and indirectcosts incurred by the Government for ES remediation will be charged to the Contractor.

CONTRACT NO.


N0017817F3010 PAGE

19 of 101 FINAL

C.11.2.2: CDSADN Security will continue to be responsible for the corrective action plan inaccordance with the security guidance reflected on the DoD Contract Security ClassificationSpecification - DD Form 254. CDSADN Security will identify the Contractor facility andcontract number associated with all electronic spillages during the investigation that involveContractor support. CDSADN Security will notify the Contracts Division with the Contractorfacility name and contract number, incident specifics and associated costs for clean-up. TheContracting Officer will be responsible to work with the Contractor to capture the costs incurredduring the spillage clean up. The Contractor is also responsible for taking Information SecurityAwareness training annually, via their Facility Security Officer (FSO), as part of the mandatorytraining requirements. If a spillage occurs additional training will be required to preventrecurrence.

C.11.3 Portable Electronic Devices (PEDs): Non-Government and/or personally ownedportable electronic devices (PEDs) are prohibited in all CDSADN buildings. The Contractor shallensure the onsite personnel remain compliant with the current PED policy. CDSADN instructiondefines PEDS as the following: any electronic device designed to be easily transported, with thecapability to store, record, receive or transmit text, images, video, or audio data in any format viaany transmission medium. PEDS include, but are not limited to, pagers, laptops, radios, compactdiscs and cassette players/recorders. In addition, this includes removable storage media such asflash memory, memory sticks, multimedia cards and secure digital cards, micro-drive modules,ZIP drives, ZIP disks, recordable CDs, DVDs, MP3 players, iPADs, digital picture frames,electronic book readers, kindle, nook, cameras, external hard disk drives, and floppy diskettes.

PEDs belonging to an external organization shall not be connected to CDSADN networks orinfrastructure without prior approval from the CDSADN Information Assurance andCompliance Authority. This approval will be granted using the AISE (Automated InformationSystem Equipment approval form.

Personally owned hardware or software shall not be connected or introduced to any CDSADNhardware, network or information system infrastructure.

C.11.4 Information Assurance

C.11.4.1: Some efforts being performed under this contract/order will require the performingContractor personnel to have access to Government Information Technology (IT) Systems. Inthose instances, the Contractor shall ensure the performing employee is trained/certified inInformation Assurance (IA) commensurate with their level/category of access, as well as thecomputing environment certifications (Microsoft, Unix/Linux, etc.).

C.11.4.2: Contractor personnel whose IT access is limited to routine usage of NMCI assets androutine access to CDSADN business systems that requires IA training in accordance with DoDManual 8570.01-M Chapter 6. Contractor personnel whose IT access falls under the TechnicalCategory, Management Category, Architecture and Engineering Specialty, or Network Defense-Service Provider Specialty require IA training and certification in accordance with DoD Manual8570.01-M Chapter 3, 4, 10, or 11, as applicable.

CONTRACT NO.


N0017817F3010 PAGE

20 of 101 FINAL

C.11.5 Contract Security Classification Specification: The Department of Defense (DoD)Contract Security Classification Specification (DD Form 254), attached as Attachment J.1 inSection J, itemizes the security classification requirements for this order. The work efforts underthis order and Technical Instructions are at the Confidential and Secret levels. All personnelperforming efforts under this order shall possess, at a minimum, a DoD Industrial SecurityClearance of SECRET for all personnel assigned to perform work on board U.S. Navy ships or atCDSADN.

(a) Contractor requests for visit authorizations shall be submitted per DoD 5520.22M (IndustrialSecurity manual for Safeguarding Classified Information) as early as practicable and not later thanthree working days prior to visit (except in cases of urgency).

(b) When a contractual relationship exists between the Contractor and the site being visited,original requests shall be delivered to the Security Officer of the activity being visited.

(c) When a contractual relationship does not exist between the Contractor and the site beingvisited, original requests shall be delivered to the Security Officer of CDSADN via the COR,with the original copy of the request being forwarded to the activity being visited by theCDSADN Security Officer.

(d) Visit requests for subcontractors shall be submitted to the appropriate Contractor FacilitySecurity Officer (FSO) for certification of need-to-know, when applicable.

C.12 SHIPBOARD PROTOCOL

This tasking may involve platform engineering and fleet support onboard ship. As such, theContractor is responsible that shipboard protocol is strictly followed. Visit clearances must bearranged through the Government sponsor and must be forwarded to the individual commandbeing visited as well as to all supporting commands, such as the base, squadron, tender, etc. thatthe visitor must pass through to get to the ship; the Contractor is responsible for obtaining andmaintaining specialized training (i.e. nuclear awareness, safety, quality control, etc.) andcertification (i.e. SUBSAFE certificates etc.); personnel performing on board US Navy Shipsmust have at least a Secret Security Clearance; if not led by a Government representative theContractor is responsible for briefing the ship/command upon arrival as to the purpose of thevisit and expected duration; and the Contractor is responsible for debriefing the ship/commandupon departure as to the success of the tasking and the operational condition of affectedequipment. The Contractor shall ensure its personnel adhere to these requirements whenperforming shipboard tasking. Compliance shall be reported in the trip report.

C.12.1 SAFETY

Safety Requirements. The Contractor shall comply with all applicable DoD, DON, NAVSEA,NSWCDD, OSHA and private shipyard facility safety instructions, policies, procedures andguidance while on Government or private shipyard property. The Contractor shall request anyneeded clarification of safety procedures and guidance from the COR. The Contractor shallimmediately report any unsafe working conditions to the on-site Government manager.

CONTRACT NO.


N0017817F3010 PAGE

21 of 101 FINAL

Safety PPE. The Contractor will provide all employees with the required safety equipment. TheContractor shall ensure that all safety and personal protection equipment (PPE), such as hardhats, safety shoes, safety glasses, hearing protection, flashlights, and any other task-specific PPEare available to employees and used or worn as required.

Alarms/Drills. Contract personnel shall adhere to all alarm or drill procedures and documentalarms or drills in the trip report.

Physical Requirements. Some shipboard tasking may require ascending and descending verticalladders to and from the highest points of the ship both pierside and underway. Contractors mustbe able to stand; walk; climb stairs; balance; stoop; kneel; crouch or crawl around and lift amaximum of 50 lbs. (single person).

Medical Screening. If the Contractor is embarking aboard any U.S. Navy vessel for a periodlonger than 24 hours, the Contractor shall comply with COMUSFLTFORCOM/COMPACFLTINSTRUCTION 6320.3A regarding the medical and dental screening.

C.12.2 HAZMAT

HAZMAT Handling. The Contractor shall provide, and comply with all applicable Federal, Stateand local laws and DoD, DON, NAVSEA, and NSWCDD instructions, policies, procedures andguidance pertaining to, the purchase, handling, storage, transfer, use and disposal of hazardousmaterials (HAZMAT). The Contractor shall contact NSWCDD Technical Point of Contact or theHAZMAT Coordinator in advance of commencing such work to ensure compliance with thelatest procedures, including those for handling potential spills. The Contractor shall contact theappropriate local HAZMAT Coordinator who will monitor Contractor storage, transfer,handling, use and disposal of HAZMAT on Government property prior to conducting suchwork. The Contractor shall request any needed clarification that arises in regards to HAZMATprocedures and guidance from the Local Government HAZMAT Coordinator.

HAZMAT Disposal. The Contractor shall provide HAZMAT disposal of unused or expiredmaterials, which shall be in accordance with all applicable federal, state and local laws.

HAZMAT Impacts. The Contractor shall notify the COR of any requirements under thisStatement of Work, that may be determined or discovered to impact the protection of endangeredplant or animal species or environmentally sensitive areas, prior to commencing such work.

C.12.3 TRAINING/CERTIFCATIONS/LICENSES

Certifications and Licenses. Contractor personnel will have the appropriate training and validcertifications or licenses as required based on the work to be accomplished.

Training. Repair and maintenance employees working aboard vessels, dry docks and piers shallhave a valid 10-hour OSHA Maritime Shipyard Employment Course #7615 or NAVSEA-approved equivalent completion card within 60 days of employment.

Private Shipyards. Private Shipyards may require other documentation and additional training in

CONTRACT NO.


N0017817F3010 PAGE

22 of 101 FINAL

advance of proceeding to the yard. There may be fees associated with the training forContractors.

C.13 CONTROL OF CONTRACTOR PERSONNEL

The Contractor shall comply with the requirements of NAVSEA and CDSADN instructionsregarding performance in Government facilities. All persons engaged in work while on Governmentproperty shall be subject to search of their persons (no bodily search) and vehicles at any time bythe Government, and shall report any known or suspected security violations to the appropriateSecurity Department. Assignment, transfer, and reassignment of Contractor personnel shall be atthe discretion of the Contractor. However, when the Government directs, the Contractor shallremove from contract performance any person who endangers life, property, or national securitythrough improper conduct. All Contractor personnel engaged in work while on Governmentproperty shall be subject to all applicable DoD and Navy Standards of Conduct.

C.14 NON-DISCLOSURE AGREEMENTS (NDAs)

This SOW may require the Contractor to access data and information proprietary to a Contractoror Government agency and/or of such a nature that its dissemination or use, other than inperformance of this SOW, would be adverse to the interest of the Government and/or others. TheContractor, including subcontractors and consultants, shall not divulge or release data orinformation developed or obtained in performance of this SOW except to authorized Governmentpersonnel or upon written approval of the PCO or COR. The Contractor shall not use, disclose,or reproduce proprietary data which bears a restrictive legend other than as required in theperformance of this SOW. The limitations above do not apply to data or information that hasbeen made public by the Government. All products, deliverables and work produced, as well asassociated back-up documentation, will be considered the property of the Government.

NDAs may be utilized to allow for access to company sensitive and proprietary data. For tasksrequiring NDAs, the Contractor shall obtain appropriate agreements for all of their employeesthat are associated with the task requiring such an agreement.

Contractor personnel may be required, from time to time, to sign non-disclosurestatements/agreements as applicable to specific tasking. The COR will notify the Contractor ofthe number and type of personnel that will need to sign the NDAs. The signed NDAs shall beexecuted prior to accessing data or providing support for information to the COR forendorsement and retention. Copies of all executed NDAs shall be provided to the COR.

This is a contract for the provision of services by the Contractor. In accordance with law andpolicy and with the provisions of this contract, Contractor personnel shall perform as requiredby this contract, and such work shall include working in cooperation and collaboration withGovernment personnel. Performance of this contract work shall require, among other things, theContractor to access and use Government owned data such as software, documentation, technicaldata, process and report templates, and the like. Any and all software, documentation, technicaldata, and the like generated from such access and use shall also be and remain Government owneddata. The Contractor’s use of and access to Government owned data shall neither constitute nor

CONTRACT NO.


N0017817F3010 PAGE

23 of 101 FINAL

create any Contractor rights in or license to such data; the only Contractor permissions to useand access the data shall be those necessarily required by the Contractor to perform the workherein. Rights in data constituting and contained in contract deliverables required by the ContractData Requirements List shall be governed by the appropriate contract clauses.

C.15 DIGITAL DELIVERY OF DATA

(a) Delivery by the Contractor to the Government of certain technical data and other information isnow frequently required to be made in digital form rather than in hardcopy form. The method ofdelivery of such data and/or other information (i.e., in electronic, digital, paper hardcopy, or otherform) shall not be deemed to affect in any way either the identity of the information (i.e., as“technical data” or “computer software”) or the Government’s and the Contractor’s respectiverights therein.

(b) Whenever technical data and/or computer software deliverables required by this contract are tobe delivered in digital form, any authorized, required, or permitted markings relating to theGovernment’s rights in and to such technical data and/or computer software must also be digitallyincluded as part of the deliverable and on or in the same medium used to deliver the technical dataand/or software. Such markings must be clearly associated with the corresponding technical dataand/or computer software to which the markings relate and must be included in such a way that themarking(s) appear in human-readable form when the technical data and/or software is accessedand/or used. Such markings must also be applied in conspicuous human- readable form on a visibleportion of any physical medium used to effect delivery of the technical data and/or computersoftware. Nothing in this paragraph shall replace or relieve the Contractor’s obligations with respectto requirements for marking technical data and/or computer software that are imposed by otherapplicable clauses such as, where applicable and without limitation, DFARS 252.227-7013 and/orDFARS 252.227-7014.

(c) Digital delivery means (such as but not limited to Internet tools, websites, shared networks, andthe like) sometimes require, as a condition for access to and/or use of the means, an agreement by auser to certain terms, agreements, or other restrictions such as but not limited to “Terms of Use,”licenses, or other restrictions intended to be applicable to the information being delivered via thedigital delivery means. The Contractor expressly acknowledges that, with respect to deliverablesmade according to this contract, no such terms, agreements, or other restrictions shall be applicableto or enforceable with respect to such deliverables unless such terms, agreements, or otherrestrictions expressly have been accepted in writing by the Procuring Contracting Officer; otherwise,the Government’s rights in and to such deliverables shall be governed exclusively by the terms ofthis Task Order.

C.16 ENTERPRISE-WIDE CONTRACTOR MANPOWER REPORTING APPLICATION(ECMRA)

(a) The Contractor shall report ALL Contractor labor hours (including subcontractor labor hours)required for performance of services provided under this contract for the Naval Surface WarfareCenter Dahlgren Division via a secure data collection site. The Contractor is required tocompletely fill in all required data fields using the following web address

CONTRACT NO.


N0017817F3010 PAGE

24 of 101 FINAL

https://doncmra.nmci.navy.mil.

(b) Reporting inputs will be for the labor executed during the period of performance during eachGovernment fiscal year (FY), which runs October 1 through September 30. While inputs may bereported any time during the FY, all data shall be reported no later than October 31 of eachcalendar year. Contractors may direct questions to the help desk, linked athttps://doncmra.nmci.navy.mil.

C.17 NON-PERSONAL SERVICES/INHERENTLY GOVERNMENTAL FUNCTIONS

(a) The Government will neither supervise Contractor employees nor control the method by whichthe Contractor performs the required tasks. The Government will not direct the hiring, dismissal orreassignment of Contractor personnel. Under no circumstances shall the Government assign tasksto, or prepare work schedules for, individual Contractor employees. It shall be the responsibility ofthe Contractor to manage its employees and to guard against any actions that are of the nature ofpersonal services or give the perception that personal services are being provided. If the Contractorfeels that any actions constitute, or are perceived to constitute personal services, it shall be theContractor's responsibility to notify the Contracting Officer immediately in accordance with theclause 52.243-7.

(b) Inherently-Governmental functions are not within the scope of this Task Order. Decisionsrelative to programs supported by the Contractor shall be the sole responsibility of theGovernment. The Contractor may be required to attend technical meetings for the Government;however, they are not, under any circumstances, authorized to represent the Government or give theappearance that they are doing so.

C.18 ON-SITE ENVIRONMENTAL AWARENESS

C.18.1 The Contractor shall strictly adhere to all Federal, State and local laws and regulations,Executive Orders, and Department of Defense and Navy policies.

C. 18.2 The Contractor shall ensure that each Contractor employee who has been or will beissued a Common Access Card (CAC) completes the annual CDSADN EnvironmentalAwareness Training (EAT) within 30 days of commencing contract performance and annuallythereafter as directed by their CDSADN training coordinator or their COR.

C. 18.3 The Contractor shall ensure that each Contractor employee not required to complete thetraining described in part (b) above (i.e., those who do not have and will not be issued a CAC)reads the CDSADN Environmental Policy Statement within 30 days of commencing contractperformance. This document will be available from the COR, however, the policy is alsoprovided on the publicly-available CDSADN website, https://wwwdd.nmci.navy.mil/program/Safety_and_Environmental_Office.

C. 18.4 Within 30 days of commencing contract performance, the Contractor shall certify bye-mail to their COR that the requirements captured by C.18.2 and C.18.3 above have been met.The e-mail shall include each employee name and work site and shall indicate which requirement—C.18.2 or C.18.3 above--each employee has satisfied.

CONTRACT NO.


N0017817F3010 PAGE

25 of 101 FINAL

https://doncmra.nmci.navy.mil/

https://doncmra.nmci.navy.mil/

https://wwwdd.nmci.navy.mil/program/Safety_and_Environmental_Office

C. 18.5 Contractor copies of the records generated by the actions described in C.18.2 and C.18.3above will be maintained and disposed of by the Contractor in accordance with SECNAVINST5210.8D.

C.19 ON-SITE SAFETY REQUIREMENTS

C.19.1 The Contractor shall strictly adhere to Federal Occupational Safety and Health Agency(OSHA) Regulations, Environmental Protection Agency (EPA) Regulations, and all applicablestate and local requirements.

C.19.2 The Contractor shall ensure that each Contractor employee reads the document entitled,"Occupational Safety and Health (OSH) Policy Statement" within 30 days of commencingperformance at CDSADN. This document is available at: https://wwwdd.nmci.navy.mil/program/Safety_and_Environmental_Office/Safety/Safety.html

C.19.3 The Contractor shall provide each Contractor employee with the training required to dohis/her job safely and in compliance with applicable regulations. The Contractor shall documentand provide, upon request, qualifications, certifications, and licenses as required.

C.19.4 The Contractor shall provide each Contractor employee with the personal protectiveequipment required to do their job safely and in compliance with all applicable regulations.

C.19.5 Contractors working with ionizing radiation (radioactive material or machine sources)must comply with NAVSEA S0420-AA-RAD-010 (latest revision)[provided upon request].Prior to bringing radioactive materials or machine sources on base, the Contractor must notify theCommand Radiation Safety Officer in the Safety & Environmental Office.

C.19.6 The Contractor shall ensure that all hazardous materials (hazmat) procured for CDSADNare procured through or approved through the hazmat procurement process. Hazmat broughtinto CDSADN work spaces shall be reviewed and approved by the Safety & EnvironmentalOffice prior to use by submitting an Authorized Use List addition form and Safety Data Sheetthat shall be routed through the Government supervisor responsible for the specific work area.The Authorized Use List addition form can be found at https://wwwdd.nmci.navy.mil/program/Safety_and_Environmental_Office/.

C.19.7 Upon request the Contractor shall submit their OSHA 300 Logs (injury/illness rates) forreview by the Safety Office. If a Contractor's injury/illness rates are above the Bureau of Labor& Statistics industry standards, a safety assessment will be performed by the Safety Office todetermine if any administrative or engineering controls can be utilized to prevent furtherinjuries/illnesses, or if any additional PPE or training will be required.

C.19.8 Applicable Contractors shall submit Total Case Incident Rate (TCIR) and Days Away,Restricted and Transfer (DART) rates for the past three years upon request by the SafetyOffice. A Contractor meets the definition of applicable if its employees worked 1,000 hours ormore in any calendar quarter on site and where oversight is not directly provided in day to dayactivities by the command.

CONTRACT NO.


N0017817F3010 PAGE

26 of 101 FINAL

https://wwwdd.nmci.navy.mil/program/Safety_and_Environmental_Office/Safety/Safety.html

https://wwwdd.nmci.navy.mil/program/Safety_and_Environmental_Office/

C.19.9 The Contractor shall report all work-related injuries/illnesses that occurred while workingat CDSADN to the Safety Office.

C.19.10 The Contractor shall ensure that all on-site Contractor work at CDSADN is inaccordance with the NSWCDDINST 5100.1D Occupational Safety and Health Instruction,available at:


C.20 SENSITIVE, PROPRIETARY, AND PERSONAL INFORMATION

Work under this contact may require that personnel have access to Privacy Information. Contractorpersonnel shall adhere to the Privacy Act, Title 5 of the U.S. Code. Section 552a and applicableagency rules and regulations. Access to and preparation of sensitive information subject to privacyAct and Business Sensitive safeguarding and destruction may be required in the execution of taskingassociated with this contract. Administratively sensitive information/data must not be sharedoutside of the specific work areas. All personnel with access to privacy act data in support of thiscontract must sign a privacy act certification.

C. 21 SUBCONTRACTORS or CONSULTANTS

In addition to the information required by FAR 52.244-2 Alternate 1 (JUN 2007), the Contractorshall include the following information in requests to add subcontractors or consultants duringperformance, regardless of subcontract type or pricing arrangement.

(1) Clearly present the business case for the addition of the subcontractor or consultant,

(2) If applicable, the impact on subcontracting goals, and

(3) Impact on providing support at the contracted value.

NOTE: Regarding FAR 52.244-2 Alternate 1 (JUN 2007) - Teaming arrangement with any firm notincluded in the Contractor's basic MAC contract must be submitted to the MAC ContractingOfficer for approval. Team member (Subcontract) additions after Task Order award must beapproved by the Task Order Contracting Officer.

C.22 VISITS BY FOREIGN NATIONALS AND FOREIGN REPRESENTATIVES

C.22.1 Contract performance may require that the Contractor host, at an off-base location,foreign nationals and/or foreign representatives. A foreign national is a person who is a citizen ofa foreign nation, and who is not a citizen of the United States. A foreign representative is aperson who represents a foreign interest in dealings with the U.S. Government, either directly orthrough dealings with a U.S. Government Contractor. A foreign representative may be a UnitedStates citizen.

C.22.2 A Contractor-hosted visit of a foreign national or foreign representative may be either an“official” visit or an “unofficial” visit. An official visit is a visit where the foreign national orforeign representative is representing a foreign Government in an official capacity. An unofficial

CONTRACT NO.


N0017817F3010 PAGE

27 of 101 FINAL


visit is a visit where the foreign national or foreign representative is not representing a foreignGovernment.

C.22.3 A visit by a foreign national or a foreign representative may be either “DoD Sponsored”or “Non-DoD Sponsored”. A DoD Sponsored visit is a visit that is coordinated by a DoDentity. A Non-DoD Sponsored visit is a visit that does not involve DoD coordination (A visitby either a foreign national or a foreign representative pursuant to performance by the Contractorunder this contract is not considered to be, by itself, a sponsored visit).

C.22.4 The Contractor hosting a visit by either a foreign national or a foreign representative isresponsible for adherence to Department of Defense and Department of the Navy directives,instructions, regulations, and manuals that govern foreign disclosure. “Foreign Disclosure” isdefined as the disclosure of Classified Military Information (CMI) and Controlled UnclassifiedInformation (CUI) to foreign nationals and/or foreign representatives. Disclosure of suchinformation may be accomplished orally, visually, in writing, or by any other medium.

C.22.5 Classified Military Information (CMI). This is information that is originated by or forthe Department of Defense, or a Military Department, or an entity under its jurisdiction andcontrol, and which requires protection in the interest of national security. Such information isdesignated as TOP SECRET, SECRET, or CONFIDENTIAL.

C.22.6 Controlled Unclassified Information (CUI). This is information that although unclassifiedis subject to access or distribution limitations in accordance with statute or regulation. Includedis information exempt from mandatory release to the public under the Freedom of InformationAct, or information that is subject to export control.

C.22.7 CDSADN/NSWCDD Foreign National Visitor and Foreign Disclosure Applicationprocess. CDSADN has established a foreign national visitor approval and foreign disclosureprocess. Whenever, pursuant to the terms of this contract, a visit to a Contractor facility orContractor workspace by a foreign national or foreign representative is anticipated, and one ormore CDSADN employees will be in attendance at this visit/meeting for the purpose of potentialdiscussions, above the public release level, resulting in disclosure of either CMI or CUI, acompleted “CDSADN/NSWCDD Foreign National Visitor and Foreign Disclosure Application”e-form must be supplied to the Contractor’s Facility Security Officer (FSO). The accountableCDSADN personnel attending the meeting must ensure that the CDSADN disclosure processhas been complied with and an approved copy of the “CDSADN/NSWCDD Foreign NationalVisitor and Foreign Disclosure Application” generated e-form has been provided to the COR andthe Contractor’s FSO. The Contractor’s FSO should ensure that approved copies of the e-formare maintained at their facility as a record of compliance with requirements set forth in theNational Industrial Security Program Operating Manual (NISPOM) as well as the requirementsset forth above.

C.24 NOTIFICATION OF POTENTIAL ORGANIZATIONAL CONFLICT(S) OFINTEREST

Offerors are reminded that certain arrangements may preclude, restrict or limit participation, in

CONTRACT NO.


N0017817F3010 PAGE

28 of 101 FINAL

whole or in part, as either a subcontractor or as a prime contractor under this competitiveprocurement. Notwithstanding the existence or non-existence of an OCI clause in the currentcontract, the offeror shall comply with FAR 9.5 and identify if an OCI exists at any tier or arisesat any tier at any time during contract performance. The contractor shall provide notice.

C.25 IN-PROCESS REVIEWS (IPR)

The Contractor shall prepare an IPR 90 days after contract award and every 180 days thereafter,to be held at a location mutually agreed upon by the Contractor and the COR. One week inadvance of the IPR the Contractor shall submit an IPR agenda and a copy of the data to bepresented at the IPR (CDRL A010) which shall address the status of action items from theprevious IPR, pertinent issues and a financial analysis. All information presented shall beup-to-date as of the final agreed upon agenda. Emergent/future interest items and meetings shallbe discussed during the IPR. The Contractor shall submit meeting minutes, including the list ofattendees and action items no later than 5 working days after the IPR. (CDRL A009).

C.26 ANNUAL GOVERNMENT FURNISHED PROPERTY (GFP) REPORT

Government-owned property in the custody of the Contractor shall be reported monthly. Thisrequirement is in addition to anything required by regulation, statute, or the assigned GovernmentProperty Administrator. This includes items loaned by the Government as well as that which isContractor acquired. The Contractor shall deliver monthly, in accordance with CDRL ItemNumber A003, a Government-Owned Property Database Report. All items in the report shall besorted by Government bar code, Government plant account number, and Government minorproperty number.

C.27 PLACES OF PERFORMANCE

Efforts under this order shall be performed primarily at Contractor facilities andCDSADN/NSWCDD facilities, and at times various US Naval facilities, various foreign navyfacilities. Lab work will be performed primarily at CDSADN/NSWCDD facilities. Occasional,short-term temporary duty may be required on U.S. ships, in (U.S. and Other countries) Navyand commercial shipyards, at various Contractor sites, and Government facilities. Supportservices may be included onboard ships while operating at sea, and outside the continental UnitedStates. Any exceptions must be approved by the COR and PCO prior to travel.

C.28 MONTHLY PROGRESS REPORTS

Monthly Progress Reports. The Contractor shall provide a Monthly Progress Report (CDRLA002). This report shall reflect prime and Subcontractor data, if applicable, at the same level ofdetail. In addition to the requirements of DI-MGMT-81864, the progress report shall contain:(CDRL A002)

a. Training Courses.

b. A listing of all Personnel that possess a Common Access Card (CAC) to include: name,location, company, email address and Work Area (WA) supporting.

CONTRACT NO.


N0017817F3010 PAGE

29 of 101 FINAL

c. Organizational chart naming all personnel (including management support) that are supportingtasking under the contract. Task leaders shall be identified. Both administrative and technicalpersonnel shall be shown.

C.28.1 Comptroller Monthly Report. The Contractor shall provide a Comptroller MonthlyReport as set forth below:

a. Cost Analysis. The Contractor shall provide a monthly cost analysis report of each WA andtotals to the CLIN level to the CDSADN Comptroller and Contracting Officer Representative(COR) that includes as a minimum: WA title, actual cost incurred to date, fee, Estimate Cost toCompletion and Total Cost to Complete for each WA. Total funding, amount expended andremaining funds for each WA shall also be included.

b. Labor Analysis. The Contractor shall provide a monthly labor analysis report of each task areato the CDSADN Comptroller and COR that includes as a minimum: WA title, actual man hourexpenditure, estimate of man-hours to completion, a summation of actual and estimated hoursand Full Time Equivalent (FTE) man hours for each WA. This shall also be totaled at the CLINlevel.

C.28.2 Accounting Classification Reference Number (ACRN) Report

a. ACRN Analysis. The Contractor shall provide a monthly ACRN analysis report to CDSADNComptroller and COR that includes as a minimum: ACRN, CLIN, Amount.

C.29 USE OF GOVERNMENT FACILITIES

The execution of Sections C.3.1 to C.3.8 requires that the Contractor have use of various testfacilities. The Government, however, does not guarantee the Contractor a specific amount ofprime time computer hours. The Contractor is expected to adjust schedules as necessary to meetthe workload including multiple shifts. The Contractor shall adhere to all policies and procedures,which have been established to govern the utilization of such facilities. Government FurnishedInformation (GFI) items such as procedures will be provided at no cost to the Contractor.Computer time shall be scheduled through the Government.

TASK ORDER CLAUSES:

HQ C-1-0001 ITEM(S) A001- A036- DATA REQUIREMENTS (NAVSEA) (SEP 1992)

The data to be furnished hereunder shall be prepared in accordance with the Contract DataRequirements List, DD Form 1423, Exhibit(s) , attached hereto

HQ C-2-0002 ACCESS TO PROPRIETARY DATA OR COMPUTER SOFTWARE(NAVSEA) (JUN 1994)

(a) Performance under this contract may require that the Contractor have access to technical data,computer software, or other sensitive data of another party who asserts that such data orsoftware is proprietary. If access to such data or software is required or to be provided, theContractor shall enter into a written agreement with such party prior to gaining access to such

CONTRACT NO.


N0017817F3010 PAGE

30 of 101 FINAL

data or software. The agreement shall address, at a minimum, (1) access to, and use of, theproprietary data or software exclusively for the purposes of performance of the work requiredby this contract, and (2) safeguards to protect such data or software from unauthorized use ordisclosure for so long as the data or software remains proprietary. In addition, the agreement shallnot impose any limitation upon the Government or its employees with respect to such data orsoftware. A copy of the executed agreement shall be provided to the Contracting Officer. TheGovernment may unilaterally modify the contract to list those third parties with which theContractor has agreement(s).

(b) The Contractor agrees to: (1) indoctrinate its personnel who will have access to the data orsoftware as to the restrictions under which access is granted; (2) not disclose the data or softwareto another party or other Contractor personnel except as authorized by the Contracting Officer;(3) not engage in any other action, venture, or employment wherein this information will be used,other than under this contract, in any manner inconsistent with the spirit and intent of thisrequirement; (4) not disclose the data or software to any other party, including, but not limitedto, joint venture, affiliate, successor, or assign of the Contractor; and (5) reproduce the restrictivestamp, marking, or legend on each use of the data or software whether in whole or in part.

(c) The restrictions on use and disclosure of the data and software described above also apply tosuch information received from the Government through any means to which the Contractor hasaccess in the performance of this contract that contains proprietary or other restrictive markings.

(d) The Contractor agrees that it will promptly notify the Contracting Officer of any attempt byan individual, company, or Government representative not directly involved in the effort to beperformed under this contract to gain access to such proprietary information. Such notificationshall include the name and organization of the individual, company, or Governmentrepresentative seeking access to such information.

(e) The Contractor shall include this requirement in subcontracts of any tier which involve accessto information covered by paragraph (a), substituting "subcontractor" for "Contractor" whereappropriate.

(f) Compliance with this requirement is a material requirement of this contract.

HQ C-2-0004 ACCESS TO THE VESSEL(S) (AT) (NAVSEA) (JAN 1983)

Officers, employees and associates of other prime Contractors with the Government and theirsubcontractors, shall, as authorized by the Supervisor, have, at all reasonable times, admission tothe plant, access to the vessel(s) where and as required, and be permitted, within the plant and onthe vessel(s) required, to perform and fulfill their respective obligations to the Government. TheContractor shall make reasonable arrangements with the Government or Contractors of theGovernment, as shall have been identified and authorized by the Supervisor to be given admissionto the plant and access to the vessel(s) for office space, work areas, storage or shop areas, orother facilities and services, necessary for the performance of the respective responsibilitiesinvolved, and reasonable to their performance.

CONTRACT NO.


N0017817F3010 PAGE

31 of 101 FINAL

HQ C-2-0005 ACCESS TO VESSELS BY NON-U.S. CITIZENS (NAVSEA)(DEC 2005)

(a) No person not known to be a U.S. citizen shall be eligible for access to naval vessels, worksites and adjacent areas when said vessels are under construction, conversion, overhaul, or repair,except upon a finding by COMNAVSEA or his designated representative that such access shouldbe permitted in the best interest of the United States. The Contractor shall establish proceduresto comply with this requirement and NAVSEAINST 5500.3 (series) in effect on the date of thiscontract or agreement.

(b) If the Contractor desires to employ non-U.S. citizens in the performance of work under thiscontract or agreement that requires access as specified in paragraph (a) of this requirement,approval must be obtained prior to access for each contract or agreement where such access isrequired. To request such approval for non-U.S. citizens of friendly countries, the Contractorshall submit to the cognizant Contract Administration Office (CAO), an Access Control Plan(ACP) which shall contain as a minimum, the following information:

(1) Badge or Pass oriented identification, access, and movement control system for non-U.S.citizen employees with the badge or pass to be worn or displayed on outer garments at all timeswhile on the Contractor's facilities and when performing work aboard ship.

(i) Badges must be of such design and appearance that permits easy recognition to facilitate quickand positive identification.

(ii) Access authorization and limitations for the bearer must be clearly established and inaccordance with applicable security regulations and instructions.

(iii) A control system, which provides rigid accountability procedures for handling lost, damaged,forgotten or no longer required badges, must be established.

(iv) A badge or pass check must be performed at all points of entry to the Contractor's facilitiesor by a site supervisor for work performed on vessels outside the Contractor's plant.

(2) Contractor's plan for ascertaining citizenship and for screening employees for security risk.

(3) Data reflecting the number, nationality, and positions held by non-U.S. citizen employees,including procedures to update data as non-U.S. citizen employee data changes, and pass tocognizant CAO.

(4) Contractor's plan for ensuring subcontractor compliance with the provisions of theContractor's ACP.

(5) These conditions and controls are intended to serve as guidelines representing the minimumrequirements of an acceptable ACP. They are not meant to restrict the Contractor in any wayfrom imposing additional controls necessary to tailor these requirements to a specific facility.

(c) To request approval for non-U.S. citizens of hostile and/or communist-controlled countries(listed in Department of Defense Industrial Security Manual, DoD 5220.22-M or available from

CONTRACT NO.


N0017817F3010 PAGE

32 of 101 FINAL

cognizant CAO), Contractor shall include in the ACP the following employee data: name, placeof birth, citizenship (if different from place of birth), date of entry to U.S., extenuatingcircumstances (if any) concerning immigration to U.S., number of years employed by Contractor,position, and stated intent concerning U.S. citizenship. COMNAVSEA or his designatedrepresentative will make individual determinations for desirability of access for the above group.Approval of ACP's for access of non-U.S. citizens of friendly countries will not be delayed forapproval of non-U.S. citizens of hostile communist-controlled countries. Until approval isreceived, Contractor must deny access to vessels for employees who are non-U.S. citizens ofhostile and/or communist-controlled countries.

(d) The Contractor shall fully comply with approved ACPs. Noncompliance by the Contractoror subcontractor serves to cancel any authorization previously granted, in which case theContractor shall be precluded from the continued use of non-U.S. citizens on this contract oragreement until such time as the compliance with an approved ACP is demonstrated and upon adetermination by the CAO that the Government's interests are protected. Further, theGovernment reserves the right to cancel previously granted authority when such cancellation isdetermined to be in the Government's best interest. Use of non-U.S. citizens, without anapproved ACP or when a previous authorization has been canceled, will be considered a violationof security regulations. Upon confirmation by the CAO of such violation, this contract,agreement or any job order issued under this agreement may be terminated or default inaccordance with the clause entitled "DEFAULT (FIXED-PRICE SUPPLY AND SERVICE)"(FAR 52.249-8), "DEFAULT (FIXED-PRICE RESEARCH AND DEVELOPMENT)" (FAR52.249-9) or "TERMINATION (COST REIMBURSEMENT)" (FAR 52.249-6), as applicable.

(e) Prime Contractors have full responsibility for the proper administration of the approved ACPfor all work performed under this contract or agreement, regardless of the location of the vessel,and must ensure compliance by all subcontractors, technical representatives and other personsgranted access to U.S. Navy vessels, adjacent areas, and work sites.

(f) In the event the Contractor does not intend to employ non-U.S. citizens in the performance ofthe work under this contract, but has non-U.S. citizen employees, such employees must beprecluded from access to the vessel and its work site and those shops where work on the vessel'sequipment is being performed. The ACP must spell out how non-U.S. citizens are excluded fromaccess to contract work areas.

(g) The same restriction as in paragraph (f) above applies to other non-US citizens who haveaccess to the Contractor’s facilities (e.g., for accomplishing facility improvements, from foreigncrewed vessels within its facility, etc.

HQ C-2-0011 COMPUTER SOFTWARE AND/OR COMPUTER DATABASE(S)DELIVERED TO AND/OR RECEIVED FROM THE GOVERNMENT (NAVSEA) (APR2004)

(a) The Contractor agrees to test for viruses all computer software and/or computer databases, asdefined in the clause entitled “RIGHTS IN NONCOMMERCIAL COMPUTER SOFTWAREAND NONCOMERCIAL COMPUTER SOFTWARE DOCUMENTATION” (DFARS

CONTRACT NO.


N0017817F3010 PAGE

33 of 101 FINAL

252.227-7014), before delivery of that computer software or computer database in whatevermedia and on whatever system the software is delivered. The Contractor warrants that any suchcomputer software and/or computer database will be free of viruses when delivered.

(b) The Contractor agrees to test any computer software and/or computer database(s) receivedfrom the Government for viruses prior to use under this contract.

(c) Unless otherwise agreed in writing, any license agreement governing the use of any computersoftware to be delivered as a result of this contract must be paid-up and perpetual, or so nearlyperpetual as to allow the use of the computer software or computer data base with theequipment for which it is obtained, or any replacement equipment, for so long as such equipmentis used. Otherwise the computer software or computer database does not meet the minimumfunctional requirements of this contract. In the event that there is any routine to disable thecomputer software or computer database after the software is developed for or delivered to theGovernment, that routine shall not disable the computer software or computer database until atleast twenty-five calendar years after the delivery date of the affected computer software orcomputer database to the Government.

(d) No copy protection devices or systems shall be used in any computer software or computerdatabase delivered under this contract to restrict or limit the Government from making copies.This does not prohibit license agreements from specifying the maximum amount of copies thatcan be made.

(e) Delivery by the Contractor to the Government of certain technical data and other data is nowfrequently required in digital form rather than as hard copy. Such delivery may cause confusionbetween data rights and computer software rights. It is agreed that, to the extent that any suchdata is computer software by virtue of its delivery in digital form, the Government will belicensed to use that digital-form data with exactly the same rights and limitations as if the datahad been delivered as hard copy.

(f) Any limited rights legends or other allowed legends placed by a Contractor on technical dataor other data delivered in digital form shall be digitally include on the same media as thedigital-form data and must be associated with the corresponding digital-form technical data towhich the legends apply to the extent possible. Such legends shall also be placed in human-readable form on a visible surface of the media carrying the digital-form data as delivered, to theextent possible.

HQ C-2-0032 INFORMATION AND DATA FURNISHED BY THE GOVERNMENT -ALTERNATE II (NAVSEA) (SEP 2009)

(a) NAVSEA Form 4340/2 or Schedule C, as applicable, Government Furnished Information,attached hereto, incorporates by listing or specific reference, all the data or information which theGovernment has provided or will provide to the Contractor except for

(1) The specifications set forth in Section C, and

(2) Government specifications, including drawings and other Government technical

CONTRACT NO.


N0017817F3010 PAGE

34 of 101 FINAL

documentation which are referenced directly or indirectly in the specifications set forth in SectionC and which are applicable to this contract as specifications, and which are generally availableand provided to Contractors or prospective Contractors upon proper request, such as Federal orMilitary Specifications, and Standard Drawings, etc.

(b) Except for the specifications referred to in subparagraphs (a)(1) and (2) above, theGovernment will not be obligated to provide to the Contractor any specification, drawing,technical documentation or other publication which is not listed or specifically referenced inNAVSEA Form 4340/2 or Schedule C, as applicable, notwithstanding anything to the contrary inthe specifications, the publications listed or specifically referenced in NAVSEA Form 4340/2 orSchedule C, as applicable, the clause entitled "GOVERNMENT PROPERTY" (FAR 52.245-1)or "GOVERNMENT PROPERTY INSTALLATION OPERATION SERVICES " (FAR52.245-2), as applicable, or any other term or condition of this contract.

(c)(1) The Contracting Officer may at any time by written order:

(i) delete, supersede, or revise, in whole or in part, data listed or specifically referenced inNAVSEA Form 4340/2 or Schedule C, as applicable; or

(ii) add items of data or information to NAVSEA Form 4340/2 or Schedule C, as applicable; or

(iii) establish or revise due dates for items of data or information in NAVSEA Form 4340/2 orSchedule C, as applicable.

(2) If any action taken by the Contracting Officer pursuant to subparagraph (c)(1) immediatelyabove causes an increase or decrease in the costs of, or the time required for, performance of anypart of the work under this contract, the Contractor may be entitled to an equitable adjustment inthe contract amount and delivery schedule in accordance with the procedures provided for in the"CHANGES" clause of this contract.

HQ C-2-0034 MINIMUM INSURANCE REQUIREMENTS (NAVSEA) (SEP 1990)

In accordance with the clause of this contract entitled "INSURANCE -- WORK ON AGOVERNMENT INSTALLATION" (FAR 52.228-5), the Contractor shall procure and maintaininsurance, of at least the kinds and minimum amounts set forth below:

(a) Workers' Compensation and Employer's Liability coverage shall be at least , except as provided in FAR 28.307(a).

(b) Bodily injury liability insurance coverage shall be written on the comprehensive form of policy of at least per occurrence.

(c) Automobile Liability policies covering automobiles operated in the United Sates shall provide coverage of at least per person and per occurrence for bodily injury and per occurrence for property damage. The amount of liability coverage on other policies shall be commensurate with any legal requirements of the locality and sufficient to meet normal and customary claims.

CONTRACT NO.


N0017817F3010 PAGE

35 of 101 FINAL

HQ C-2-0037 ORGANIZATIONAL CONFLICT OF INTEREST (NAVSEA) (JUL 2000)

(a) "Organizational Conflict of Interest" means that because of other activities or relationshipswith other persons, a person is unable or potentially unable to render impartial assistance oradvice to the Government, or the person's objectivity in performing the contract work is or mightbe otherwise impaired, or a person has an unfair competitive advantage. "Person" as used hereinincludes Corporations, Partnerships, Joint Ventures, and other business enterprises.

(b) The Contractor warrants that to the best of its knowledge and belief, and except as otherwiseset forth in the contract, the Contractor does not have any organizational conflict of interest(s) asdefined in paragraph (a).

(c) It is recognized that the effort to be performed by the Contractor under this contract maycreate a potential organizational conflict of interest on the instant contract or on a futureacquisition. In order to avoid this potential conflict of interest, and at the same time to avoidprejudicing the best interest of the Government, the right of the Contractor to participate infuture procurement of equipment and/or services that are the subject of any work under thiscontract shall be limited as described below in accordance with the requirements of FAR 9.5.

(d) (1) The Contractor agrees that it shall not release, disclose, or use in any way that wouldpermit or result in disclosure to any party outside the Government any information provided tothe Contractor by the Government during or as a result of performance of this contract. Suchinformation includes, but is not limited to, information submitted to the Government on aconfidential basis by other persons. Further, the prohibition against release of Governmentprovided information extends to cover such information whether or not in its original form, e.g.,where the information has been included in Contractor generated work or where it is discerniblefrom materials incorporating or based upon such information. This prohibition shall not expireafter a given period of time.

(2) The Contractor agrees that it shall not release, disclose, or use in any way that would permitor result in disclosure to any party outside the Government any information generated or derivedduring or as a result of performance of this contract. This prohibition shall expire after a period ofthree years after completion of performance of this contract.

(3) The prohibitions contained in subparagraphs (d)(1) and (d)(2) shall apply with equal force toany affiliate of the Contractor, any subcontractor, consultant, or employee of the Contractor, anyjoint venture involving the Contractor, any entity into or with which it may merge or affiliate, orany successor or assign of the Contractor. The terms of paragraph (f) of this Special ContractRequirement relating to notification shall apply to any release of information in contravention ofthis paragraph (d).

(e) The Contractor further agrees that, during the performance of this contract and for a period ofthree years after completion of performance of this contract, the Contractor, any affiliate of theContractor, any subcontractor, consultant, or employee of the Contractor, any joint ventureinvolving the Contractor, any entity into or with which it may subsequently merge or affiliate, orany other successor or assign of the Contractor, shall not furnish to the United States

CONTRACT NO.


N0017817F3010 PAGE

36 of 101 FINAL

Government, either as a prime Contractor or as a subcontractor, or as a consultant to a primeContractor or subcontractor, any system, component or services which is the subject of the workto be performed under this contract. This exclusion does not apply to any recompetition forthose systems, components or services furnished pursuant to this contract. As provided in FAR9.505-2, if the Government procures the system, component, or services on the basis of workstatements growing out of the effort performed under this contract, from a source other than theContractor, subcontractor, affiliate, or assign of either, during the course of performance of thiscontract or before the three year period following completion of this contract has lapsed, theContractor may, with the authorization of the cognizant Contracting Officer, participate in asubsequent procurement for the same system, component, or service. In other words, theContractor may be authorized to compete for procurement(s) for systems, components orservices subsequent to an intervening procurement.

(f) The Contractor agrees that, if after award, it discovers an actual or potential organizationalconflict of interest, it shall make immediate and full disclosure in writing to the ContractingOfficer. The notification shall include a description of the actual or potential organizationalconflict of interest, a description of the action which the Contractor has taken or proposes totake to avoid, mitigate, or neutralize the conflict, and any other relevant information that wouldassist the Contracting Officer in making a determination on this matter. Notwithstanding thisnotification, the Government may terminate the contract for the convenience of the Governmentif determined to be in the best interest of the Government.

(g) Notwithstanding paragraph (f) above, if the Contractor was aware, or should have been aware,of an organizational conflict of interest prior to the award of this contract or becomes, or shouldbecome, aware of an organizational conflict of interest after award of this contract and does notmake an immediate and full disclosure in writing to the Contracting Officer, the Government mayterminate this contract for default.

(h) If the Contractor takes any action prohibited by this requirement or fails to take actionrequired by this requirement, the Government may terminate this contract for default.

(i) The Contracting Officer's decision as to the existence or nonexistence of an actual or potentialorganizational conflict of interest shall be final.

(j) Nothing in this requirement is intended to prohibit or preclude the Contractor from marketingor selling to the United States Government its product lines in existence on the effective date ofthis contract; nor, shall this requirement preclude the Contractor from participating in anyresearch and development or delivering any design development model or prototype of any suchequipment. Additionally, sale of catalog or standard commercial items are exempt from thisrequirement.

(k) The Contractor shall promptly notify the Contracting Officer, in writing, if it has been taskedto evaluate or advise the Government concerning its own products or activities or those of acompetitor in order to ensure proper safeguards exist to guarantee objectivity and to protect theGovernment's interest.

CONTRACT NO.


N0017817F3010 PAGE

37 of 101 FINAL

(l) The Contractor shall include this requirement in subcontracts of any tier which involve accessto information or situations/conditions covered by the preceding paragraphs, substituting"subcontractor" for "Contractor" where appropriate.

(m) The rights and remedies described herein shall not be exclusive and are in addition to otherrights and remedies provided by law or elsewhere included in this contract.

(n) Compliance with this requirement is a material requirement of this contract.

HQ C-2-0051 SPECIFICATIONS AND STANDARDS (NAVSEA) (AUG 1994)

(a) Definitions.

(i) A "zero-tier reference" is a specification, standard, or drawing that is cited in the contract(including its attachments).

(ii) A "first-tier reference" is either: (1) a specification, standard, or drawing cited in a zero-tierreference, or (2) a specification cited in a first-tier drawing.

(b) Requirements.

All zero-tier and first-tier references, as defined above, are mandatory for use. All lower tierreferences shall be used for guidance only.

HQ C-2-0059 UPDATING SPECIFICATIONS AND STANDARDS (NAVSEA) (AUG 1994)

If, during the performance of this or any other contract, the Contractor believes that any contractcontains outdated or different versions of any specifications or standards, the Contractor mayrequest that all of its contracts be updated to include the current version of the applicablespecification or standard. Updating shall not affect the form, fit or function of any deliverableitem or increase the cost/price of the item to the Government. The Contractor should submitupdate requests to the Procuring Contracting Officer with copies to the AdministrativeContracting Officer and cognizant program office representative for approval. The Contractorshall perform the contract in accordance with the existing specifications and standards untilnotified of approval/disapproval by the Procuring Contracting Officer. Any approved alternatespecifications or standards will be incorporated into the contract.

Ddl-C30 HAZARDOUS MATERIALS USED ON GOVERNMENT SITE

(a) This clause applies if hazardous materials are utilized at any time during the performance ofwork on a Government site. Under this Task Order, Hazardous materials are defined in FederalStandard No. 313 and include items such as chemicals, paint, thinners, cleaning fluids, alcohol,epoxy, flammable solvents, or asbestos.

(b) The Contractor shall have an active Hazard Communication Program in place for allContractor employees per 29 C.F.R. 1910.1200. Before delivery of any hazardous materials ontoGovernment property, the Contractor shall provide the both the PCO and the ContractingOfficer's Representative (COR) with an inventory and Material Safety Data Sheet (MSDS) for

CONTRACT NO.


N0017817F3010 PAGE

38 of 101 FINAL

these materials.

Ddl-C40 USE OF INFORMATION SYSTEM (IS) RESOURCES

(a) Contractor Provision of IS Resources - Except in special circumstances explicitly detailedelsewhere in this document, the Contractor shall provide all IS resources needed in theperformance of this contract. This includes, but is not limited to computers, software, networks,certificates, and network addresses.

(b) Contractor Use of CDSADN IS Resources

(1) In the event that the Contractor is required to have access to CDSADN IS resources, the loginname used for access shall conform to the NMCI login naming convention. If the Contractorrequires access to applications/systems that utilize client certificates for authentication, theContractor is responsible for obtaining requisite certificates from a DoD or External CertificateAuthority.

(2) If this contract requires that the Contractor be granted access and use of CDSADN ISresources (at any site), the IS shall be accredited for Contractor use in accordance withprocedures specified by the Information Assurance Office.

(c) Connections between CDSADN and Contractor Facilities - If there is a requirement(specifically delineated elsewhere in this contract) for interconnection (e.g., link level or VirtualPrivate Network (VPN)) between any facilities and/or ISs owned or operated by the Contractorand ISs owned or operated by CDSADN, such interconnection shall take place only afterapproval from the Information Assurance Office. All such connections as well as the ISsconnected thereto will be accredited in accordance with DoD policy (DoDI 5200.40) by thecognizant Designated Approving Authority (DAA) and comply with the requirements of CJCSI6211.02B regarding Memorandums of Agreement. All such connections shall be made outside theappropriate CDSADN firewall.

Ddl-C41 TERMINATION OF EMPLOYEES WITH CDSADN BASE ACCESS

(a) The Contractor shall ensure that all employees who have a CAC and\or CDSADN badge andbuilding keys turn in the badges and keys immediately upon termination of their employmentunder this order. The above requirement shall be made a part of the standard employee facilityclearance procedures for all separated personnel. The Contractor shall advise CDSADN PhysicalSecurity of all changes in their personnel requiring CDSADN base access.

(b) For involuntarily separated personnel and those separated under adverse circumstances, theContractor shall notify CDSADN Physical Security in advance of the date, time, and locationwhere the CDSADN representative may retrieve the CAC and\or CDSADN badge and buildingkeys prior to the employee departing the Contractor’s facility. In the event the employee isseparated in his or her absence, the Contractor shall immediately notify CDSADN PhysicalSecurity of the separation and make arrangements between the former employee and CDSADNPhysical Security for the return of the badges and building keys.

CONTRACT NO.


N0017817F3010 PAGE

39 of 101 FINAL

SECTION D PACKAGING AND MARKING

D.1 HQ-D-1-0001 DATA PACKAGING LANGUAGE

Data to be delivered by Integrated Digital Environment (IDE) or other electronic media shall be asspecified in the contract.

All unclassified data to be shipped shall be prepared for shipment in accordance with bestcommercial practices.

Classified reports, data, and documentation shall be prepared for shipment in accordance withNational Industrial Security Program Operating Manual (NISPOM), DOD 5220.22-M dated 28February 2006.

D.2 HQ-D-2-0008 MARKING OF REPORTS (NAVSEA) (SEP 1990)

All reports delivered by the Contractor to the Government under this contract shall prominentlyshow on the cover of the report:

(1) Name and business address of the Contractor

(2) Contract number

(3) Contract dollar amount

(4) Whether the contract was competitively or non-competitively awarded

(5) Sponsor:

________________________________________________________

(Name of Individual Sponsor)

________________________________________________________

(Name of Requiring Activity)

All Deliverables shall be packaged and marked IAW Best Commercial Practice.

CONTRACT NO.


N0017817F3010 PAGE

40 of 101 FINAL

SECTION E INSPECTION AND ACCEPTANCE

E.1 INSPECTION AND ACCEPTANCE

E.2 TASK ORDER REVIEW AND ACCEPTANCE PROCEDURES

(a) This Task Order as defined in FAR 37.6. Contractor performance will be evaluated inaccordance with the Quality Assurance Surveillance Plan (QASP) that is provided below.

(b) The QASP defines this evaluation and acceptance to be part of the annual ContractorPerformance Assessment Reporting System (CPARS). The contractor may obtain moreinformation regarding the CPARS process at the following internet site: http://cpars.navy.mil.

E.3 PERFORMANCE TASK ORDER REVIEW AND ACCEPTANCE PROCEDURES -THE QUALITY ASSURANCE SURVEILLANCE PLAN (QASP)

E.3.1 The contractor’s performance in each of the task areas of SOW will be continuallymonitored in conjunction with the Contractor Performance Assessment Reporting System(CPARS) and the criteria set forth below. The results of this evaluation will factor into theGovernment’s Option Exercise determination and will be included in the contractor’s CPARsevaluation, which is accomplished on an annual basis. The evaluation will be based on contractorperformance during the previous period. The primary Government official responsible for theQASP evaluation is the Contracting Officers Representative (COR) for the contract. OtherGovernment individuals having information relevant to the quality of contractor performancemay assist the COR, as necessary.

E.3.2 Contractor performance will be assessed on a continuing basis throughout the year based onreview and assessment of products and deliverables (technical and management), by observationof personnel during technical meetings and task execution, by monthly progress and statusreports for the Contractor, formal In-Progress Reviews, and general contacts with the contractor.

E.3.3 Contractor performance will be evaluated in five general areas. A rating of Exceptional, VeryGood, Satisfactory, Marginal or Unsatisfactory (as defined in Table 42-1 @ FAR 42.1503) willbe assigned to each area. These general areas are described below. The items identified undereach area represent the types of considerations to be addressed. They should not be consideredan exclusive list. The degree of Government technical direction necessary to solve problems thatarise during performance will be a consideration for each area. Improvements made in an areaduring the evaluation period will also be considered as will degradation in the overall quality ofperformance.

E.3.3.1 Quality of Product or Service – Addresses the extent to which the contractor (a) metcontract technical requirements, including the accuracy (information conveyed by products andservices are factually accurate and, where applicable, annotated with supporting source) andcompleteness of reports/ data delivered (products are complete, well-coordinated with all relatedmanagers and personnel, and presented in concise and understandable format); (b) employedmethods and approaches to ensure fully successful performance; (c) consistently conveyed hisintended approach clearly and completely to ensure that there were no surprises; (d) was

CONTRACT NO.


N0017817F3010 PAGE

41 of 101 FINAL

http://cpars.navy.mil/

proactive and demonstrated initiative; (e) remained flexible to internal or external changes; (f) waseffective in developing and implementing process improvements to make the end productdevelopment more efficient and the end product display more effective and (g) Services areprovided in a professional unbiased manner.

E.3.3.2 Schedule – Addresses the extent to which the contractor met contract schedules, includingthe need for deadline extensions. Delivery of products and services are within deadlines identifiedby the COR or his representative.

E.3.3.3 Cost Control – Addresses the contractor’s overall effectiveness in controlling both direct,indirect costs, and other direct costs as well as the incidence of cost overruns.

E.3.3.4 Business Relations – Addresses the responsiveness of the contractor’s upper-levelmanagement to Government concerns and needs, the effectiveness of the contractor’smanagement interface with the Government, and the overall cooperativeness and receptiveness ofthe contractor in dealing with the Government, and the overall cooperativeness and receptivenessof the contractor in dealing with the Government on both technical and management issues.

E.3.3.5 Management of Key Personnel – Addresses the overall quality of the contractor’s team,including their education, relevant experience, skill levels and expertise as well as the degree ofcompliance with the terms of the contract regarding Key Personnel. Also includes theeffectiveness of the contractor’s efforts to retain or attract qualified personnel.

Contract Clauses:

HQ E-1-0001 INSPECTION AND ACCEPTANCE LANGUAGE FOR DATA

Inspection and acceptance of all data shall be as specified on the attached Contract DataRequirements List(s), DD Form 1423.

HQ E-1-0007 INSPECTION AND ACCEPTANCE LANGUAGE FOR LOE SERVICES

Item(s) 7000 – 7400 Inspection and Acceptance shall be made by the Contracting Officer’sRepresentative (COR) at CDSADN, Virginia Beach, VA.

CONTRACT NO.


N0017817F3010 PAGE

42 of 101 FINAL

SECTION F DELIVERABLES OR PERFORMANCE

The periods of performance for the following Items are as follows:

7000AA 6/5/2017 - 6/4/2018

7000AB 6/5/2017 - 6/4/2018

9000AA 6/5/2017 - 6/4/2018

9000AB 6/5/2017 - 6/4/2018

CLIN - DELIVERIES OR PERFORMANCE

The periods of performance for the following Items are as follows:

7000AA 6/5/2017 - 6/4/2018

7000AB 6/5/2017 - 6/4/2018

9000AA 6/5/2017 - 6/4/2018

9000AB 6/5/2017 - 6/4/2018

The periods of performance for the following Option Items are as follows:

7100AA 6/5/2018 - 6/4/2019

7200AA 6/5/2019 - 6/4/2020

7300AA 6/5/2020 - 6/4/2021

7400AA 6/5/2021 - 6/4/2022

9100AA 6/5/2018 - 6/4/2019

9200AA 6/5/2019 - 6/4/2020

9300AA 6/5/2020 - 6/4/2021

9400AA 6/5/2021 - 6/4/2022

F.1 PLACE OF PERFORMANCE

Services to be performed hereunder will be provided at CDSADN and NSWCDD facilities.Occasional, short-term temporary duty may be required on U.S. ships in (U.S. and Othercountries) Navy and commercial shipyards, at various contractor sites, and Government facilities

HQ F-1-0003 PERFORMANCE LANGUAGE FOR LOE SERVICES

The Contractor shall perform the work described in SECTION C, at the level of effort specifiedin SECTION B, as follows:

CONTRACT NO.


N0017817F3010 PAGE

43 of 101 FINAL

ITEM(S) FROM TO

7000 06/05/2017 - 06/04/2018

7100 06/05/2018 - 06/04/2019

7200 06/05/2019 - 06/04/2020

7300 06/05/2020 - 06/04/2021

7400 06/05/2021 - 06/04/2022

HQ F-2-0003 DATA DELIVERY LANGUAGE FOR SERVICES ONLY PROCUREMENTS

All data to be furnished under this contract shall be delivered prepaid to the destination(s) and atthe time(s) specified on the Contract Data Requirements List(s), DD Form 1423.

The periods of performance for the Data Items are as follows:

7900 06/05/2017 - 06/04/2018

7901 06/05/2018 - 06/04/2019

7902 06/05/2019 - 06/04/2020

7903 06/05/2020 - 06/04/2021

7904 06/05/2021 - 06/04/2022

F.2 DELIVERY/PERFORMANCE/DATA RIGHTS

This is a task order for the provision of services by the contractor. In accordance with law andpolicy and with the provisions of this task order, contractor personnel shall perform as requiredby this task order, and such work shall include working in cooperation and collaboration withGovernment personnel. Performance of this contract work shall require, among other things, thecontractor to access and use Government-owned data such as software, documentation, technicaldata, process and report templates, and the like. Any and all software, documentation, technicaldata, and the like generated from such access and use shall also be and remain Government-owneddata and shall be included in an appropriate technical report or other deliverable. The contractor'suse of and access to Government-owned data shall neither constitute nor create any contractorrights in or license to such data; the only contractor permissions to use and access the data shallbe those necessarily required by the contractor to perform the work herein. On occasion andincidental to the provision of support services by the contractor, the contractor may be tasked toindependently create discrete new data products (e.g., a computer software program, drawings,etc.) that do not derive from existing data. Such products shall be specifically identified by theGovernment in writing and shall be delivered pursuant to the appropriate Contract DataRequirements List (CDRL) document. Rights in such products shall be governed by theappropriate task order clauses.

CONTRACT NO.


N0017817F3010 PAGE

44 of 101 FINAL

SECTION G CONTRACT ADMINISTRATION DATA

G.1 ACCOUNTING DATA

G.2 SPECIAL INVOICE INSTRUCTIONS

Each SLIN providing funding designates a specific project area/work area/work breakdownstructure (WBS) item. Tracking and reporting shall be accomplished at the project/workarea/WBS item level. Each identified project/work area/WBS shall be invoiced by its associatedCLIN and ACRN. If multiple ACRNs are associated with a single project/work area/WBS, thecontractor shall consult with the Contracting Officer Representative for additional invoicinginstructions.

G.3 PAYMENT INSTRUCTION

In accordance with (DFARS) PGI 204.7108 "Line item specific: sequential ACRN Order"(d) (2)INVOICING AND PAYMENT INSTRUCTIONS FOR MULTIPLE ACCOUNTINGCLASSIFICATION CITATIONS The following payment instructions apply to this task order:

Per DFARS 252.204-0002 Line Item Specific: Sequential ACRN Order. (SEP 2009) – Thepayment office shall make payment in sequential ACRN order within the line item, exhausting allfunds in the previous ACRN before paying from the next ACRN using the following sequentialorder: Alpha/Alpha; Alpha/numeric; numeric/alpha; and numeric/numeric.

Note: The Government may change the Payment Instruction.

G.4 Ddl-G10 GOVERNMENT CONTRACT ADMINISTRATION POINTS-OF-CONTACT AND RESPONSIBILITIES.

[ ] Procuring Contracting Officer (PCO):

(a) Name: Charles E. Thompson, Jr. Code: 0251Address: Naval Surface Warfare Center, Dahlgren Division

17632 Dahlgren Road, Suite 157 Dahlgren, Virginia 22448-5100

Phone: 540-653-7094

CONTRACT NO.


N0017817F3010 PAGE

45 of 101 FINAL

E-mail: [email protected]

(b) PCO responsibilities are outlined in FAR 1.602-2. The PCO is the only person authorized toapprove changes in any of the requirements of this Task Order, notwithstanding provisionscontained elsewhere in this contract, the said authority remains solely the PCO’s. The contractorshall not comply with any order, direction or request of Government personnel unless it is issuedin writing and signed by the Contracting Officer or is pursuant to specific authority otherwiseincluded as part of this contract. In the event the contractor effects any change at the direction ofany person other than the PCO, the change will be considered to be unauthorized.

[ ] Contract Specialist:

(a) Name: Alexander Del Guidice Code: 0251Address: Naval Surface Warfare Center, Dahlgren Division

17632 Dahlgren Road, Suite 157 Dahlgren, Virginia 22448-5100

Phone: 540-653-4402E-mail: [email protected]

(b) The Contract Specialist is the representative of the Contracting Officer for all contractualmatters.

[ ] Administrative Contracting Officer (ACO)

(a) Name: DCMA Hampton -- Juanita Clarke

Phone: (757) 251-6141


(b) The Administrative Contracting Officer (ACO) of the cognizant Defense ContractManagement Agency (DCMA) is designated as the authorized representative of the ContractingOfficer for purposes of administering this Task Order in accordance with FAR 42.3. However, inview of the technical nature of the supplies and services to be furnished, technical cognizance isretained by the Naval Surface Warfare Center, Dahlgren Division.

[ ] Contracting Officer Representative (COR):

(a) Name: Anthony E. Stinnette

Code: R03A

Phone: 757-492-8261


(b) The COR is the PCO’s appointed representative for technical matters. The COR is not acontracting officer and does not have the authority to direct the accomplishment of effort which

CONTRACT NO.


N0017817F3010 PAGE

46 of 101 FINAL

mailto:[email protected]




is beyond the scope of the Task Order or to otherwise change any Task Order requirements. Aninformational copy of the COR appointment letter which provides a delineation of CORauthority and responsibilities is provided as an attachment to this Task Order.

[ * ] Alternate Contracting Officer Representative (ACOR):

(a) Name:

Code:

Address: (TBD)

Phone:

FAX:

E-mail:

(b) The ACOR is responsible for COR responsibilities and functions in the event that the CORis unavailable due to leave, illness, or other official business. The ACOR is appointed by thePCO; a copy of the ACOR appointment is provided as an attachment to this Task Order.

G.5 Ddl-G11 CONSENT TO SUBCONTRACT

For subcontracts and consulting agreements for services, where the prime contractor anticipatesthat hours delivered will be counted against the hours in the Level of Effort clause below,Consent to subcontract authority is retained by the Procuring Contracting Officer.

The following subcontractors are approved on this order:

Camber Corporation

Cybrex LLC

Engility Corporation

Systems Technology Forum, Limited

G.6 252.232-7006 WIDE AREA WORKFLOW PAYMENT INSTRUCTIONS (MAY 2013)

(a) Definitions. As used in this clause—

"Department of Defense Activity Address Code (DoDAAC)" is a six position code thatuniquely identifies a unit, activity, or organization.

"Document type" means the type of payment request or receiving report available for creation inWide Area WorkFlow (WAWF).

"Local processing office (LPO)" is the office responsible for payment certification whenpayment certification is done external to the entitlement system.

CONTRACT NO.


N0017817F3010 PAGE

47 of 101 FINAL

(b) Electronic invoicing. The WAWF system is the method to electronically process vendorpayment requests and receiving reports, as authorized by DFARS 252.232-7003, ElectronicSubmission of Payment Requests and Receiving Reports.

(c) WAWF access. To access WAWF, the Contractor shall—

(1) Have a designated electronic business point of contact in the System for Award Managementat https://www.acquisition.gov; and

(2) Be registered to use WAWF at https://wawf.eb.mil/ following the step-by-step proceduresfor self-registration available at this web site.

(d) WAWF training. The Contractor should follow the training instructions of the WAWFWeb-Based Training Course and use the Practice Training Site before submitting paymentrequests through WAWF. Both can be accessed by selecting the "Web Based Training" link on theWAWF home page at https://wawf.eb.mil/

(e) WAWF methods of document submission. Document submissions may be via web entry,Electronic Data Interchange, or File Transfer Protocol.

(f) WAWF payment instructions. The Contractor must use the following informationwhen submitting payment requests and receiving reports in WAWF for this contract/order:

(1) Document type. The Contractor shall use the following document type(s).

Cost Voucher

(2) Inspection/acceptance location. The Contractor shall select the followinginspection/acceptance location(s) in WAWF, as specified by the contracting officer.

Destination (N00178)

(3) Document routing. The Contractor shall use the information in the Routing Data Table belowonly to fill in applicable fields in WAWF when creating payment requests and receiving reports inthe system.

Routing Data Table

Field Name in WAWF Data to be entered in WAWFPay Official DoDAAC HQ0338

Issue by DoDAAC N00178

Admin DoDAAC S5111A

Inspect By DoDAAC Not Applicable

Ship to Code Not Applicable

Ship From Code Not Applicable

Mark for Code Not Applicable

Service Approver(DoDAAC)

S5111A

CONTRACT NO.


N0017817F3010 PAGE

48 of 101 FINAL

Service Acceptor(DoDAAC)

Not Applicable

Accept at Other DoDAAC Not Applicable

LPO DoDAAC Not Applicable

DCAA Auditor DoDAAC HAA47B

Other DoDAAC(s) Not Applicable

(4) Payment request and supporting documentation. The Contractor shall ensure a paymentrequest includes appropriate contract line item and subline item descriptions of the workperformed or supplies delivered, unit price/cost per unit, fee (if applicable), and all relevantback-up documentation, as defined in DFARS Appendix F, (e.g. timesheets) in support of eachpayment request.

(5) WAWF email notifications. The Contractor shall enter the e-mail address identified below inthe "Send Additional Email Notifications" field of WAWF once a document is submitted in thesystem.

[email protected]

[email protected]

(g) WAWF point of contact.

(1) The Contractor may obtain clarification regarding invoicing in WAWF from the followingcontracting activity’s WAWF point of contact: [email protected].

(2) For technical WAWF help, contact the WAWF helpdesk at 866-618-5988.

G.7 HQ G-2-0009 SUPPLEMENTAL INSTRUCTIONS REGARDING INVOICING(NAVSEA) (APR 2015)

(a) For other than firm fixed priced contract line item numbers (CLINs), the Contractor agrees tosegregate costs incurred under this contract/task order (TO), as applicable, at the lowest level ofperformance, either at the technical instruction (TI), sub line item number (SLIN), or contract lineitem number (CLIN) level, rather than on a total contract/TO basis, and to submit invoicesreflecting costs incurred at that level. Supporting documentation in Wide Area Workflow(WAWF) for invoices shall include summaries of work charged during the period covered as wellas overall cumulative summaries by individual labor categories, rates, and hours (both straighttime and overtime) invoiced; as well as, a cost breakdown of other direct costs (ODCs), materials,and travel, by TI, SLIN, or CLIN level. For other than firm fixed price subcontractors,subcontractors are also required to provide labor categories, rates, and hours (both straight timeand overtime) invoiced; as well as, a cost breakdown of ODCs, materials, and travel invoiced.Supporting documentation may be encrypted before submission to the prime contractor forWAWF invoice submittal. Subcontractors may email encryption code information directly to theContracting Officer (CO) and Contracting Officer Representative (COR). Should thesubcontractor lack encryption capability, the subcontractor may also email detailed supporting

CONTRACT NO.


N0017817F3010 PAGE

49 of 101 FINAL



cost information directly to the CO and COR; or other method as agreed to by the CO.

(b) Contractors submitting payment requests and receiving reports to WAWF using eitherElectronic Data Interchange (EDI) or Secure File Transfer Protocol (SFTP) shall separately sendan email notification to the COR and CO on the same date they submit the invoice in WAWF. Nopayments shall be due if the contractor does not provide the COR and CO email notification asrequired herein.

G.8 EARLY DISMISSAL AND CLOSURE OF GOVERNMENT FACILITIES

When a Government facility is closed and/or early dismissal of Federal employees is directed dueto severe weather, security threat, or a facility related problem that prevents personnel fromworking, onsite Contractor personnel regularly assigned to work at that facility should follow thesame reporting and/or departure directions given to Government personnel. The Contractor shallnot direct charge to the contract for time off, but shall follow parent company policies regardingtaking leave (administrative or other). Non-essential Contractor personnel, who are not requiredto remain at or report to the facility, shall follow their parent company policy regarding whetherthey should go/stay home or report to another company facility. Subsequent to an earlydismissal and during periods of inclement weather, on-site Contractors should monitor radio andtelevision announcements before departing for work to determine if the facility is closed oroperating on a delayed arrival basis.

When Federal employees are excused from work due to a holiday or a special event (that isunrelated to severe weather, a security threat, or a facility related problem), on-site Contractorswill continue working established work hours or take leave in accordance with parent companypolicy. Those Contractors who take leave shall not direct charge the non-working hours to thetask order. Contractors are responsible for predetermining and disclosing their charging practicesfor early dismissal, delayed openings, or closings in accordance with the FAR, applicable costaccounting standards, and company policy. Contractors shall follow their disclosed chargingpractices during the task order period of performance, and shall not follow any verbal directionsto the contrary. The Contracting Officer will make the determination of cost allowability for timelost due to facility closure in accordance with FAR, applicable Cost Accounting Standards, andthe Contractor's established accounting policy.

G.9 5252.245-9108 GOVERNMENT-FURNISHED PROPERTY (PERFORMANCE) (SEP1990)

The Government will provide only that property set forth in Section J (no GFP at solicitationissue), notwithstanding any term or condition of this contract to the contrary. Upon Contractor'swritten request to the cognizant Technical Program Manager, via the cognizant AdministrationOffice, the Government will furnish the following for use in the performance of this Task Order:

G.10 5252.245-9109 GOVERNMENT-FURNISHED PROPERTY (INCORPORATION)(SEP 1990)

CONTRACT NO.


N0017817F3010 PAGE

50 of 101 FINAL

The Government will provide only that property set forth in Section J (no GFP at solicitationissue), notwithstanding any term or condition of this contract to the contrary. Upon Contractor'swritten request to the cognizant Technical Program Manager, via the cognizant ContractAdministration Office, the Government will furnish the following for incorporation in theequipment to be delivered under Item(s) of this Task Order.

Accounting Data

SLINID PR Number Amount -------- -------------------------------------------------- ---------------------7000AB LLA : AA 1771804 60VP 251 49606 068892 2D X016DN 496067GDOCOQ Standard Number: N4960617WX016DN ACRN: AA TI 2

9000AB LLA : AA 1771804 60VP 251 49606 068892 2D X016DN 496067GDOCOQ Standard Number: N4960617WX016DN ACRN AA TI 2

CONTRACT NO.


N0017817F3010 PAGE

51 of 101 FINAL

SECTION H SPECIAL CONTRACT REQUIREMENTS

H.1 TASK ORDER LABOR CATEGORY QUALIFICATIONS

Ddl-H14 KEY PERSONNEL – DESIRED QUALIFICATIONS

To perform the requirements of the Statement of Work (SOW), the Government desirespersonnel with the appropriate experience and professional qualifications. Key Personnelqualification levels are considered to be desired for those individuals whose resumes aresubmitted for evaluation with the proposal. Resumes for any replacement personnel that aresubmitted following award shall be equal to or better than the individuals initially proposed asrequired by the clause 5252.237-9106, SUBSTITUTION OF PERSONNEL (SEP 1990),incorporated under Section H. Following award, the qualification levels are considered to beminimums for any growth beyond those individuals initially proposed or in labor categorieswhere no resumes were required for proposal purposes. The applicable labor categories andassociated qualifications are listed in Sections H.1 and H.2.

In addition to the specific experience listed below, general experience in information assurance,computer system certification and accreditation, information system vulnerability management,information security and security engineering, information system architecture development,cybersecurity engineering and cybersecurity research and development apply to theaccomplishment of the technical objectives of the SOW will be favorably considered (although itmay not be used to meet the minimum requirements), as will experience utilizing automatedsystems, including personal computers/workstations and basic software applications such asword processors, spreadsheets, graphics/presentation packages, databases, and e-mail.Importantly, substitution of relevant academic degree(s) for qualifying experience may beconsidered on a case-by-case basis.

(a) Experience – The desired experience for each Key Labor Category must be directly related tothe tasks and programs listed in the SOW. Key labor categories are listed by title. Additionally,qualifications for certain Key labor categories cite requirements for general tactical experienceand/or Aegis-specific experience, as described below:

(1) Cybersecurity and Information Assurance Experience – General Cybersecurity experiencerefers to prior experience in any of the following: information assurance, computer systemcertification and accreditation, information system vulnerability management, informationsecurity and security engineering, information system architecture development, cybersecurityengineering and cybersecurity research and development.

(2) Specific Experience – Specific experience is defined as those experiences defined in the SOWand specifically in the labor category descriptions below.

(b) Professional Development - Professional development includes honors, degrees, publications,professional licenses and certifications and similar evidence of professional accomplishments thatdirectly impact the Offerors ability to perform the order. The years of experience listed below arein addition to appropriate professional development. It is incumbent upon the offer or to

CONTRACT NO.


N0017817F3010 PAGE

52 of 101 FINAL

demonstrate that the proposed personnel have appropriate credentials to perform the work.

(c) Accumulation of Qualifying Experience -All categories of experience may be accumulatedconcurrently. For example, if the candidate worked while going to school, the work and educationtime may be credited concurrently. One exception is in the area of specific experience and generalcombat system experience. Specific experience may count as general cybersecurity experience,but general cybersecurity experience may not count as specific experience. All experience must beclearly supported by the resume or it will be discounted. Non-Key Personnel are thenon-resumed personnel proposed to provide hours on this requirement. Based on the Key LaborCategory Desired Qualifications listed below and the SOW, the Contractor will elect and managethe workforce supporting this contract. While Government approval is required only for theResumed Key Personnel, the entire workforce will be evaluated based on the Contractor’sperformance of the SOW in accordance with the QASP.

*Note: See Mandatory Requirements for Certifications needed for Key and Non-Key Personnel.

H.2 KEY LABOR CATEGORY DESIRED QUALIFICATIONS

Program/Project Manager

Ten (10) years full-time professional experience in Program Management (PM) of DoD systems.Five (5) years of leadership experience and responsibility in DoD contract management, toinclude management of a major technical support contract (Navy preferred) and a thoroughknowledge of the Navy’s contractual process. Possesses an understanding of computer security,military system specifications, DoD Cybersecurity/IA policies and the ability to communicateclearly and succinctly in written and oral presentations. Possesses the ability to:

Manage a technical team.1.

Develop cost estimates and schedules.2.

Prepare status reports.3.

Prepare budget reports.4.

Senior Systems Engineer

Ten (10) Years of full-time professional experience providing technical expertise, advice, andleadership for the design, testing, operation, or maintenance of maritime platform warfare andcontrol systems within a specific domain such as Combat Control, Radar, Sonar, Weapons,Navigation, Machinery Control, Communications, or Electronic Warfare. Five (5) years ofgeneral professional experience, or equivalent academic background, in Systems Engineeringproviding requirements analysis and total life-cycle system design. Has experience with the DoDAcquisition Process and the Systems Engineering Technical Review (SETR) Process. Two (2)years of full-time professional experience providing cybersecurity engineering support formaritime platform warfare and control systems, to include the development of Certification andAccreditation packages, cybersecurity vulnerability analysis, and the implementation ofcybersecurity controls. Two (2) year experience in hardware design and development in supportof cybersecurity solutions.

CONTRACT NO.


N0017817F3010 PAGE

53 of 101 FINAL

Senior Cybersecurity Engineer

Ten (10) years of full-time professional experience in Cybersecurity Engineering, InformationAssurance, Vulnerability analysis, risk remediation, and the implementation of cybersecuritycontrols within DoD systems. Possesses an in-depth understanding of computer security,military system specifications, DoD cybersecurity policies, and the ability to communicateclearly and succinctly in written and oral presentations. Possesses an in-depth understanding ofthe DoD Information Assurance Certification and Accreditation Process (DIACAP), RiskManagement Framework (RMF), Platform IT (PIT), and the implementation of Cybersecurityand IA boundary defense techniques and various IA-enabled appliances. Examples of theseappliances and applications are Firewalls, IDS, IPS, Switch/Routers, Cross Domain Solutions(CDS), EMASS and Host Based Security Systems (HBSS).

Senior Test and Evaluation Specialist

Ten (10) years of professional experience with the test and evaluation of computer-basedsystems, to include test planning, coordination, and conduct, the analysis of acquired data, andthe documentation and presentation of results. Five (5) years of professional experienceconducting cybersecurity specific testing, to include penetration testing, vulnerabilityassessments, and ethical hacking at the subsystem, system, and systems of systems levels.

H.3 NON-KEY PERSONNEL – MINIMUM REQUIRED QUALIFICATIONS

In order to provide additional clarification to the Statement of Work, minimum qualifications areprovided for non-key personnel. The Contractor shall provide non-key personnel who meet orexceed the minimum qualifications provided below. Prior to charging non-key personnel labor tothis order, the Contractor shall provide written certification stating the individual's name, laborcategory, and certification that the individual meets or exceeds the minimum qualifications of thelabor category. This written certification shall be made by email to the Contract Specialist and theCOR.

Computer Lab Technician

Five (5) years of full-time professional work experience installing, operating, maintaining,troubleshooting, and repairing computer systems, computer networks, peripheral equipment,virtual computing environments, databases, and software applications. Experience with multiplecomputer Operating Systems such as Microsoft Windows, Linux, Solaris, or VMware, etc.Experience with assisting and communicating with users in order to effectively communicatesystem changes and security requirements, and to plan system updates. Experience withdocumenting and maintaining system configurations of computer based labs, networks, andsystems

Cybersecurity Configuration Management Specialist

Five (5) years of full-time professional experience working in Configuration Management toinclude the implementation of configuration management processes and chairing of aConfiguration Control Board or similar functional body. Experience will include the configuration

CONTRACT NO.


N0017817F3010 PAGE

54 of 101 FINAL

management of computer based systems, network devices, software applications, securitycontrol baselines, system documentation, and software security patching.

Accreditor/Validator Specialist

Seven (7) years of full-time professional experience in overseeing, evaluating, and reviewingdocumentation in support of technical and administrative assessments that assure InformationTechnology (IT) systems meet the organization’s information assurance and securityrequirements. Experience with analyzing cybersecurity risks and the implementation of securitycontrols from internal and external perspectives.

Junior Systems Engineer

Three (3) years of full-time professional experience providing technical expertise, advice, andleadership for the design, testing, operation, or maintenance of maritime platform warfare andcontrol systems within a specific domain such as Combat Control, Radar, Sonar, Weapons,Navigation, Machinery Control, Communications, or Electronic Warfare. One (1) year of generalprofessional experience, or equivalent academic background, in Systems Engineering providingrequirements analysis and total life-cycle system design. Has experience with the DoDAcquisition Process and the Systems Engineering Technical Review (SETR) Process. One (1)year of full-time professional experience providing cybersecurity engineering support formaritime platform warfare and control systems, to include the development of Certification andAccreditation packages, cybersecurity vulnerability analysis, and the implementation ofcybersecurity controls. One (1) year experience in hardware design and development in supportof cybersecurity solutions.

Intermediate Systems Engineer.

Five (5) years of full-time professional experience providing technical expertise, advice, andleadership for the design, testing, operation, or maintenance of maritime platform warfare andcontrol systems within a specific domain such as Combat Control, Radar, Sonar, Weapons,Navigation, Machinery Control, Communications, or Electronic Warfare. Three (3) years ofgeneral professional experience, or equivalent academic background, in Systems Engineeringproviding requirements analysis and total life-cycle system design. Has experience with the DoDAcquisition Process and the Systems Engineering Technical Review (SETR) Process. One (1)year of full-time professional experience providing cybersecurity engineering support formaritime platform warfare and control systems, to include the development of Certification andAccreditation packages, cybersecurity vulnerability analysis, and the implementation ofcybersecurity controls. One (1) year experience in hardware design and development in supportof cybersecurity solutions.

Junior Cybersecurity Engineer

Three (3) years of full-time professional experience in Cybersecurity. Engineering, InformationAssurance, Vulnerability analysis, risk remediation, and the implementation of cybersecuritycontrols within DoD systems. Possesses an in-depth understanding of computer security,

CONTRACT NO.


N0017817F3010 PAGE

55 of 101 FINAL

military system specifications, DoD cybersecurity policies, and the ability to communicateclearly and succinctly in written and oral presentations. Possesses an in-depth understanding ofthe DoD Information Assurance Certification and Accreditation Process (DIACAP), RiskManagement Framework (RMF), Platform IT (PIT), and the implementation of Cybersecurityand IA boundary defense techniques and various IA-enabled appliances. Examples of theseappliances and applications are Firewalls, IDS, IPS, Switch/Routers, Cross Domain Solutions(CDS), EMASS and Host Based Security Systems (HBSS).

Intermediate Cybersecurity Engineer

Five (5) years of full-time professional experience in Cybersecurity Engineering, InformationAssurance, Vulnerability analysis, risk remediation, and the implementation of cybersecuritycontrols within DoD systems. Possesses an in-depth understanding of computer security,military system specifications, DoD cybersecurity policies, and the ability to communicateclearly and succinctly in written and oral presentations. Possesses an in-depth understanding ofthe DoD Information Assurance Certification and Accreditation Process (DIACAP), RiskManagement Framework (RMF), Platform IT (PIT), and the implementation of Cybersecurityand IA boundary defense techniques and various IA-enabled appliances. Examples of theseappliances and applications are Firewalls, IDS, IPS, Switch/Routers, Cross Domain Solutions(CDS), EMASS and Host Based Security Systems (HBSS).

Junior Software Engineer

One (1) year of full-time professional experience in software engineering applied to software orfirmware design, programming, analysis, debugging, documentation, testing, modeling, securecoding methods and/or simulation, and the development process. Possesses an understanding ofcomputer security, military system specifications, DoD IA policies. Has the ability tocommunicate clearly and succinctly in written and oral presentations.

Intermediate Software Engineer

Five (5) years of full-time professional experience in software engineering applied to software orfirmware design, programming, analysis, debugging, documentation, testing, modeling, securecoding methods and/or simulation, and the development process. Possesses an understanding ofcomputer security, military system specifications, DoD IA policies. Has the ability tocommunicate clearly and succinctly in written and oral presentations.

Senior Software Engineer

Ten (10) years of full-time professional experience in software engineering applied to software orfirmware design, programming, analysis, debugging, documentation, testing, modeling, securecoding methods and/or simulation, and the development process. Possesses an understanding ofcomputer security, military system specifications, DoD IA policies. Has the ability tocommunicate clearly and succinctly in written and oral presentations.

Junior Network Security Engineer

CONTRACT NO.


N0017817F3010 PAGE

56 of 101 FINAL

Three (3) years of full-time professional experience in Network Engineering executing activitiessuch as the design, implementation, installation, configuration, maintenance, and integration, andanalysis of local or enterprise wireless and wired computer networks, to include the selection andconfiguration of networking devices such as routers, switches, and firewalls. One (1) years offull-time professional experience in Network Security to include the design, implementation,configuration, and enforcement of security controls on network, hardware, and softwarecomponents and devices.

Intermediate Network Security Engineer

Five (5) years of full-time professional experience in Network Engineering executing activitiessuch as the design, implementation, installation, configuration, maintenance, and integration, andanalysis of local or enterprise wireless and wired computer networks, to include the selection andconfiguration of networking devices such as routers, switches, and firewalls. Three (3) years offull-time professional experience in Network Security to include the design, implementation,configuration, and enforcement of security controls on network, hardware, and softwarecomponents and devices.

Senior Network Security Engineer

Ten (10) years of full-time professional experience in Network Engineering executing activitiessuch as the design, implementation, installation, configuration, maintenance, and integration, andanalysis of local or enterprise wireless and wired computer networks, to include the selection andconfiguration of networking devices such as routers, switches, and firewalls. Seven (7) years offull-time professional experience in Network Security to include the design, implementation,configuration, and enforcement of security controls on network, hardware, and softwarecomponents and devices.

Senior Research & Development Engineer

Ten (10) years of full-time professional experience with a significant academic background in theresearch, design, and application of advanced, cutting-edge technology focused on information,computer, or network security.

Junior Testing and Evaluation Specialist

One (1) year of professional experience with the test and evaluation of computer-based systems,to include test planning, coordination, and conduct, the analysis of acquired data, and thedocumentation and presentation of results. One (1) years of professional experience conductingcybersecurity specific testing, to include penetration testing, vulnerability assessments, andethical hacking at the subsystem, system, and systems of systems levels.

Intermediate Testing and Evaluation Specialist

Five (5) years of professional experience with the test and evaluation of computer-basedsystems, to include test planning, coordination, and conduct, the analysis of acquired data, andthe documentation and presentation of results. Three (3) years of professional experience

CONTRACT NO.


N0017817F3010 PAGE

57 of 101 FINAL

conducting cybersecurity specific testing, to include penetration testing, vulnerabilityassessments, and ethical hacking at the subsystem, system, and systems of systems levels.

H.4 5252.237-9106 SUBSTITUTION OF PERSONNEL (Sep 1990)

(a) The Contractor agrees that a partial basis for award of this contract is the list of keypersonnel proposed. Accordingly, the Contractor agrees to assign to this contract those keypersons whose resumes were submitted with the proposal necessary to fulfill the requirements ofthe contract. No substitution shall be made without prior notification to and concurrence of theContracting Officer in accordance with this requirement. (b) All proposed substitutes shall havequalifications equal to or higher than the qualifications of the person to be replaced. TheContracting Officer shall be notified in writing of any proposed substitution at least forty-five(45) days, or ninety (90) days if a security clearance is to be obtained, in advance of theproposed substitution. Such notification shall include: (1) an explanation of the circumstancesnecessitating the substitution; (2) a complete resume of the proposed substitute; and (3) anyother information requested by the Contracting Officer to enable him/her to judge whether or notthe Contractor is maintaining the same high quality of personnel that provided the partial basisfor award.

H.5 POST AWARD CONTRACTOR PERSONNEL APPROVAL

(a) Requests for post award approval of additional and/or replacement Resumed Key Personnelshall be submitted via e-mail. E-mail submissions shall be made simultaneously to the ContractSpecialist, COR, and the Alternate COR. Electronic notification via e-mail from the ContractingOfficer will serve as written approval/disapproval. This approval is required before an individualmay begin charging to the Task Order.

(b) Resumes shall be submitted in the format required. However, in order to expedite contractadministration, Contractor format may be used providing sufficient information is submitted foran independent comparison of the individual’s qualifications with labor category requirements.

(c) If the employee is not a current employee of the Contractor (or a subcontractor), a copy ofthe accepted offer letter (which identifies a projected start date and the agreed to annual salary)shall be provided.

(d) TRIPWIRE NOTIFICATION. If the employee is a current employee of the Contractor (or asubcontractor), the fully burdened hourly rate that will be invoiced under the Task Order shall beprovided. If the labor rate to be invoiced for the individual will exceed any Navy labor ratetripwire for service contracts in effect at time of the request for approval, the Contractor shallfully justify why the proposed individual is required for contract performance and the specificbenefit to be derived from the individual’s addition to the Task Order.

H.6 RESUME FORMAT AND CONTENT REQUIREMENTS

In order to facilitate evaluation, all resumes shall contain the following minimum information :

H.6.1 Complete Name

CONTRACT NO.


N0017817F3010 PAGE

58 of 101 FINAL

H.6.2 Task Order Labor Category

H.6.3 Contractor Labor Category

H.6.4 Percentage of time to be allocated to this effort

H.6.5 Current level of security clearance level per JPAS (identify if interim or final)

H.6.6 Current work location and planned work location upon award of this Task Order

H.6.7 Note if the individual is key on another contract with a period of performance that willoverlap this requirement. Note plans to satisfy both contracts if the Offeror is selected for award.

H.6.8 Chronological Work History / Experience – Show experience and date(s) as follows:

(a) Employer: Dates (month/year); Title(s) held

(b) Work experience shall be presented separately for each employer, clearly marked with propercategory of experience (i.e, Relevant Experience; Non-Relevant Experience.). If relevant andnon-relevant experience were obtained while at the same employer, separate time periods shall benoted for each assignment. (This is necessary to prevent an Offeror from describing relevantexperience obtained in a six month assignment for Company A as applicable to the entire 10-yearemployment with that firm and to ensure Offerors' proposals are evaluated on an equal basis).Responsibilities shall be discussed in sufficient detail for each assignment so as to permitcomparison with desired experience levels in Section H. Specific examples of work assignments,accomplishments, and products shall be provided.

(c) Phrases such as "assisted with", "participated in", or "supported" are UNACCEPTABLEexcept as introductory to a detailed description of the actual work performed. If no suchdescription is provided, the sentence or bulleted information will NOT be considered in theresume evaluation process. This is because evaluators would not be able to identify the specifictechnical work contributions made by the individual.

(d) Resume information is encouraged to be presented in bullet format. This will allow evaluatorsto focus on relevant information.

(e) Offerors shall note that the lack of specific definition in job responsibilities, servicesperformed or products produced may be viewed as a lack of understanding of the Government’soverall technical requirements.

(f) All relevant military experience claimed shall be described such that each relevant tour istreated as a separate employer. Time frames/titles/responsibilities shall be provided in accordancewith the level of detail prescribed above. Military experience not documented in this manner willnot be considered.

(g) Gaps in experience shall be explained.

(h) The cut-off date for any experience claimed shall be the closing date of the solicitation.

CONTRACT NO.


N0017817F3010 PAGE

59 of 101 FINAL

(i) PROFESSIONAL DEVELOPMENT – Show any honors, degrees, publications, professionallicenses, certifications and other evidence of professional accomplishments that are directlyrelevant and impact the Offeror’s ability to perform under the Task Order. For education andtraining, the following format is preferred:

Academic: Degree(s); Date(s); Institution; Major/Minor

Non-Academic: Course title, date(s), approximate length

Professional licenses and certifications.

*Note: The date obtained for each, as well as the date when each license/certification requiresrenewal.

Offeror. The employee certification shall include the following statement: CERTIFICATION: "Icertify that the experience and professional development described herein are complete andaccurate in all respects. I consent to the disclosure of my resume for NSWCDD SolicitationN00024-16-R-3207 by __________________________________ (insert Offeror's companyname) and intend to make myself available to work under any resultant contract to the extentproposed."

_________________________ _____________________________

Employee Signature and Date Offeror Signature and Date

Resumes without this certification will be unacceptable and will not be considered. The employeecertification shall not be dated earlier than the issue date of this solicitation.

(j) If the employee is not a current employee of the offeror (or a proposed subcontractor), a copyof the accepted offer letter shall be provided. The letter shall identify the projected start date.The Cost Proposal shall include documentation that identifies the agreed-to salary amount.

H.7 5252.202-9101 ADDITIONAL DEFINITIONS (MAY 1993)

As used throughout this contract, the following terms shall have the meanings set forth below:

(a) DEPARTMENT - means the Department of the Navy.

(b) REFERENCES TO THE FEDERAL ACQUISITION REGULATION (FAR) - All referencesto the FAR in this contract shall be deemed to also reference the appropriate sections of theDefense FAR Supplement (DFARS), unless clearly indicated otherwise.

(c) REFERENCES TO ARMED SERVICES PROCUREMENT REGULATION OR DEFENSEACQUISITION REGULATION – All references in this document to either the Armed ServicesProcurement Regulation (ASPR) or the Defense Acquisition Regulation (DAR) shall be deemedto be references to the appropriate sections of the FAR/DFARs.

H.8 NAVSEA 5252.242-9115 TECHNICAL INSTRUCTIONS (APR 2015)

CONTRACT NO.


N0017817F3010 PAGE

60 of 101 FINAL

(a) Performance of the work hereunder may be subject to written technical instructions signed bythe Contracting Officer and the Contracting Officer's Representative specified in Section G ofthis contract. As used herein, technical instructions are defined to include the following:

(1) Directions to the Contractor which suggest pursuit of certain lines of inquiry, shift workemphasis, fill in details or otherwise serve to accomplish the contractual statement of work.

(2) Guidelines to the Contractor which assist in the interpretation of drawings, specificationsor technical portions of work description.

(b) Technical instructions must be within the general scope of work stated in the contract.Technical instructions may not be used to: (1) assign additional work under the contract; (2)direct a change as defined in the "CHANGES" clause of this contract; (3) increase or decrease thecontract price or estimated contract amount (including fee), as applicable, the level of effort, orthe time required for contract performance; or (4) change any of the terms, conditions orspecifications of the contract.

(c) If, in the opinion of the Contractor, any technical instruction calls for effort outside the scopeof the contract or is inconsistent with this requirement, the Contractor shall notify theContracting Officer in writing within ten (10) working days after the receipt of any suchinstruction. The Contractor shall not proceed with the work affected by the technical instructionunless and until the Contractor is notified by the Contracting Officer that the technicalinstruction is within the scope of this contract.

(d) Nothing in the foregoing paragraph shall be construed to excuse the Contractor fromperforming that portion of the contractual work statement which is not affected by the disputedtechnical instruction.

H.9 FUNDING PROFILE

It is estimated that these incremental funds will provide for the number of hours of labor statedbelow. The following details funding to date:

H.10 5252.216-9122 LEVEL OF EFFORT – ALTERNATE 1 (MAY 2010)

(a) The Contractor agrees to provide the total level of effort specified below in performance ofthe work described in Sections B and C of this Task Order. The total level of effort for theperformance of this Task Order shall be man-hours of direct labor, including subcontractor directlabor for those subcontractors specifically identified in the Contractor's proposal as having hoursincluded in the proposed level of effort. The table below and information for blanks in paragraph(b) and (d) are to be completed by the Offeror.

CONTRACT NO.


N0017817F3010 PAGE

61 of 101 FINAL

(b) Of the total man-hours of direct labor set forth above, it is estimated that (Offeror to fill-in)man-hours are uncompensated effort. Uncompensated effort is defined as hours provided bypersonnel in excess of 40 hours per week without additional compensation for such excess work.Total Times Accounting (TTA) efforts are included in this definition. All other effort is definedas compensated effort. If no effort is indicated in the first sentence of this paragraph,uncompensated effort performed by the Contractor shall not be counted in fulfillment of the levelof effort obligations under this contract.

(c) Effort performed in fulfilling the total level of effort obligations specified above shall onlyinclude effort performed in direct support of this contract and shall not include time and effortexpended on such things as (local travel to and from an employee's usual work location),uncompensated effort while on travel status, truncated lunch periods, work (actual or inferred) atan employee's residence or other non-work locations (except as provided in paragraph (i) below),or other time and effort which does not have a specific and direct contribution to the tasksdescribed in Sections B and C.

(d) The level of effort for this contract shall be expended at an average rate of approximately(Offeror to fill-in) hours per week. It is understood and agreed that the rate of man-hours permonth may fluctuate in pursuit of the technical objective, provided such fluctuation does notresult in the use of the total man-hours of effort prior to the expiration of the term hereof, exceptas provided in the following paragraph.

(e) If, during the term hereof, the Contractor finds it necessary to accelerate the expenditure ofdirect labor to such an extent that the total man-hours of effort specified above would be usedprior to the expiration of the term, the Contractor shall notify the Contracting Officer in writingsetting forth the acceleration required, the probable benefits which would result, and an offer toundertake the acceleration at no increase in the estimated cost or fee together with an offer,setting forth a proposed level of effort, cost breakdown, and proposed fee, for continuation ofthe work until expiration of the term hereof. The offer shall provide that the work proposed willbe subject to the terms and conditions of this contract and any additions or changes required bythen current law, regulations, or directives, and that the offer, with a written notice of acceptanceby the Contracting Officer, shall constitute a binding contract. The Contractor shall not accelerateany effort until receipt of such written approval by the Contracting Officer. Any agreement toaccelerate will be formalized by contract modification.

(f) The Contracting Officer may, by written order, direct the Contractor to accelerate theexpenditure of direct labor such that the total man-hours of effort specified in paragraph (a)above would be used prior to the expiration of the term. This order shall specify the accelerationrequired and the resulting revised term. The Contractor shall acknowledge this order within fivedays of receipt.

(g) The Contractor shall provide and maintain an accounting system, acceptable to the

CONTRACT NO.


N0017817F3010 PAGE

62 of 101 FINAL

Administrative Contracting Officer and the Defense Contract Audit Agency (DCAA), whichcollects costs incurred and effort (compensated and uncompensated, if any) provided infulfillment of the level of effort obligations of this contract. The Contractor shall indicate on eachinvoice the total level of effort claimed during the period covered by the invoice, separatelyidentifying compensated effort and uncompensated effort, if any.

(h) Within 45 days after completion of the work under each separately identified period ofperformance hereunder, the Contractor shall submit the following information in writing to theContracting Officer with copies to the cognizant Contract Administration Office and to theDCAA office to which vouchers are submitted: (1) the total number of man-hours of direct laborexpended during the applicable period; (2) a breakdown of this total showing the number ofman-hours expended in each direct labor classification and associated direct and indirect costs; (3)a breakdown of other costs incurred; and (4) the Contractor's estimate of the total allowable costincurred under the contract for the period. Within 45 days after completion of the work under thecontract, the Contractor shall submit, in addition, in the case of a cost underrun; (5) the amountby which the estimated cost of this contract may be reduced to recover excess funds. Allsubmissions shall include subcontractor information.

(i) Unless the Contracting Officer determines that alternative worksite arrangements aredetrimental to contract performance, the Contractor may perform up to 10% of the hours at analternative worksite, provided the Contractor has a company-approved alternative worksite plan.The primary worksite is the traditional "main office" worksite. An alternative worksite means anemployee’s residence or a telecommuting center. A telecommuting center is a geographicallyconvenient office setting as an alternative to an employee’s main office. The Government reservesthe right to review the Contractor’s alternative worksite plan. In the event performance becomesunacceptable, the Contractor will be prohibited from counting the hours performed at thealternative worksite in fulfilling the total level of effort obligations of the contract. Regardless ofwork location, all contract terms and conditions, including security requirements and labor laws,remain in effect. The Government shall not incur any additional cost nor provide additionalequipment for contract performance as a result of the Contractor’s election to implement analternative worksite plan.

(j) Notwithstanding any of the provisions in the above paragraphs and subject to theLIMITATION OF FUNDS or LIMITATION OF COST clauses, as applicable, the period ofperformance may be extended and the estimated cost may be increased in order to permit theContractor to provide all of the man-hours listed in paragraph (a) above. The Contractor shallcontinue to be paid fee for each man-hour performed in accordance with the terms of the contract.

H.11 NAVSEA 5252.232-9104 ALLOTMENT OF FUNDS (JAN 2008)

CONTRACT NO.


N0017817F3010 PAGE

63 of 101 FINAL

H.12 SAVINGS INITIATIVES

The following cost savings initiatives are required under this Task Order:

(a) Annual Labor Escalation:

(b) Maximum Pass-Thru Rate:

(c) Lower Fee rate:

H.13 LABOR TRIPWIRE JUSTIFICATIONS

(a) The Contractor shall advise the COR and the Contract Specialist, by email, if the pendingaddition of any individual (Key or non-Key) will be at a fully loaded (through target fee) laborrate that exceeds the labor tripwire amount in a contract labor category with no previous tripwireapproval. If the contract labor category has not been approved, the Contractor may not proceedwith the addition until he is advised by the Contract Specialist that the request has beenapproved.

(b) The Contractor’s request shall include: the proposed individual’s resume, labor hourly ratebuild-up, labor hours per work year, detailed justification for the addition of the particularindividual based on his/her technical expertise and projected technical impact on the Task

CONTRACT NO.


N0017817F3010 PAGE

64 of 101 FINAL

Order/Technical Instruction. If the individual is a subcontractor or consultant, the rate build-upshall include the Prime Contractor’s pass through rate.

(c) Currently, the labor tripwire is , regardless of the number of labor hours the proposed individual will work. The Contractor will be advised of any changes to this tripwire level that occur during performance.

H.14 252.239-7001 INFORMATION ASSURANCE CONTRACTOR TRAINING ANDCERTIFICATION (JAN 2008)

(a) The Contractor shall ensure that personnel accessing information systems have the properand current information assurance certification to perform information assurance functions inaccordance with DoD 8570.01-M, or successor, Information Assurance Workforce ImprovementProgram. The Contractor shall meet the applicable information assurance certificationrequirements, including—

(1) DoD-approved information assurance workforce certifications appropriate for eachcategory and level as listed in the current version of DoD 8570.01-M, or successor; and

(2) Appropriate operating system certification for information assurance technical positions asrequired by DoD 8570.01-M, or successor.

(b) Upon request by the Government, the Contractor shall provide documentation supportingthe information assurance certification status of personnel performing information assurancefunctions.

(c) Contractor personnel who do not have proper and current certifications shall be denied accessto DoD information systems for the purpose of performing information assurance functions.

H.15 5252.227-9113 GOVERNMENT-INDUSTRY DATA EXCHANGE PROGRAM (APR2015)

(a) The Contractor shall participate in the appropriate interchange of the Government-IndustryData Exchange Program (GIDEP) in accordance with GIDEP PUBLICATION 1 dated April2008. Data entered is retained by the program and provided to qualified participants. Compliancewith this requirement shall not relieve the Contractor from complying with any other requirementof the contract.

(b) The Contractor agrees to insert paragraph (a) of this requirement in any subcontract hereunder exceeding . When so inserted, the word "Contractor" shall be changed to "subcontractor".

(c) GIDEP materials, software and information are available without charge from:

GIDEP Operations Center

P.O. Box 8000

Corona, CA 92878-8000

CONTRACT NO.


N0017817F3010 PAGE

65 of 101 FINAL

Phone: (951) 898-3207

FAX: (951) 898-3250

Internet: http://www.gidep.org

CONTRACT NO.


N0017817F3010 PAGE

66 of 101 FINAL

SECTION I CONTRACT CLAUSES

CLAUSES INCORPORATED BY REFERENCE

52.224-2 Privacy Act APR 1984

52.232-40Providing Accelerated Payments to Small BusinessSubcontractors

Dec 2013

52.237-3 Continuity of Services Jan 1991

52.239-1 Privacy or Security Safeguards Aug. 1996

252.203-7003 Agency Office of the Inspector General Dec 2012

252.204-7000 Disclosure of Information Aug 2013

252.204-7005 Oral Attestation of Security Responsibilities Nov 2001

252.204-7009Limitations on the Use or Disclosure of Third-PartyContractor Reported Cyber Incident Information

Dec 2015

252.239-7009 Representation on Use of Cloud Computing Aug 2015

252.239-7010 Cloud Computing Services Aug 2015

*All clauses in the Offerors MAC contract apply to this Task Order, except for thefollowing:

52.216-1652.216-1752.219-352.219-452.227-352.227-13

Note: Regarding 52.244-2 -- SUBCONTRACTS (OCT 2010) - ALTERNATE I (JUNE 2007),Teaming arrangement with any firm not included in the Contractor's basic MAC contract must besubmitted to the basic MAC Contracting Officer for approval. Team member (subcontract)additions after Task Order award must be approved by the Task Order Contracting Officer.

CLAUSES INCORPORATED BY FULL TEXT

52.217-9 OPTION TO EXTEND THE TERM OF THE CONTRACT (MAR 2000) (NAVSEAVARIATION) (APR 2015)

(a) The Government may extend the term of this contract by written notice(s) to the Contractor

CONTRACT NO.


N0017817F3010 PAGE

67 of 101 FINAL

within the periods specified below. If more than one option exists the Government has the rightto unilaterally exercise any such option whether or not it has exercised other options.

LATEST OPTION EXERCISE DATA

(b) If the Government exercises this option, the extended contract shall be considered to includethis option clause.

(c) The total duration of this contract, including the exercise of any option(s) under this clause,shall not exceed five (5) years, however, in accordance with paragraph (j) of the requirement ofthis contract entitled "LEVEL OF EFFORT – ALTERNATE 1", (NAVSEA 5252.216-9122), ifthe total manhours delineated in paragraph (a) of the LEVEL OF EFFORT requirement, have notbeen expended within the period specified above, the Government may require the Contractor tocontinue to perform the work until the total number of manhours specified in paragraph (a) of theaforementioned requirement have been expended.

52.219-6 -Notice of Total Small Business Set-Aside (Nov 2011)

(a) Definition. “Small business concern,” as used in this clause, means a concern, including itsaffiliates, that is independently owned and operated, not dominant in the field of operation inwhich it is bidding on Government contracts, and qualified as a small business under the sizestandards in this solicitation.

(b) Applicability. This clause applies only to--

(1) Contracts that have been totally set aside or reserved for small business concerns; and

(2) Orders set aside for small business concerns under multiple-award contracts as describedin 8.405-5 and 16.505(b)(2)(i)(F).*

(c) General.

(1) Offers are solicited only from small business concerns. Offers received from concernsthat are not small business concerns shall be considered nonresponsive and will be rejected.

(2) Any award resulting from this solicitation will be made to a small business concern.

(d) Agreement. A small business concern submitting an offer in its own name shall furnish, inperforming the contract, only end items manufactured or produced by small business concerns in

CONTRACT NO.


N0017817F3010 PAGE

68 of 101 FINAL

the United States or its outlying areas. If this procurement is processed under simplified acquisition procedures and the total amount of this contract does not exceed , a small business concern may furnish the product of any domestic firm. This paragraph does not apply to construction or service contracts.

52.243-7 NOTIFICATION OF CHANGES (APR 1984)

(a) Definitions. "Contracting Officer," as used in this clause, does not include any representativeof the Contracting Officer.

"Specifically Authorized Representative (SAR)," as used in this clause, means any person theContracting Officer has so designated by written notice (a copy of which shall be provided to theContractor) which shall refer to this subparagraph and shall be issued to the designatedrepresentative before the SAR exercises such authority.

(b) Notice. The primary purpose of this clause is to obtain prompt reporting of Governmentconduct that the Contractor considers to constitute a change to this contract. Except for changesidentified as such in writing and signed by the Contracting Officer, the Contractor shall notify theAdministrative Contracting Officer in writing promptly, within ____ (to be negotiated) calendardays from the date that the Contractor identifies any conduct (including actions, inactions, andwritten or oral communications) that the Contractor regards as a change to the contract terms andconditions. On the basis of the most accurate information available to the Contractor, the noticeshall state --

(1) The date, nature, and circumstances of the conduct regarded as a change;

(2) The name, function, and activity of each Government individual and Contractor official oremployee involved in or knowledgeable about such conduct;

(3) The identification of any documents and the substance of any oral communication involved insuch conduct;

(4) In the instance of alleged acceleration of scheduled performance or delivery, the basis uponwhich it arose;

(5) The particular elements of contract performance for which the Contractor may seek anequitable adjustment under this clause, including --

(i) What contract line items have been or may be affected by the alleged change;

(ii) What labor or materials or both have been or may be added, deleted, or wasted by the allegedchange;

(iii) To the extent practicable, what delay and disruption in the manner and sequence ofperformance and effect on continued performance have been or may be caused by the allegedchange;

(iv) What adjustments to contract price, delivery schedule, and other provisions affected by the

CONTRACT NO.


N0017817F3010 PAGE

69 of 101 FINAL

alleged change are estimated; and

(6) The Contractor’s estimate of the time by which the Government must respond to theContractor’s notice to minimize cost, delay or disruption of performance.

(c) Continued performance. Following submission of the notice required by paragraph (b) of thisclause, the Contractor shall diligently continue performance of this contract to the maximumextent possible in accordance with its terms and conditions as construed by the Contractor,unless the notice reports a direction of the Contracting Officer or a communication from a SAR ofthe Contracting Officer, in either of which events the Contractor shall continue performance;provided, however, that if the Contractor regards the direction or communication as a change asdescribed in paragraph (b) of this clause, notice shall be given in the manner provided. Alldirections, communications, interpretations, orders and similar actions of the SAR shall bereduced to writing promptly and copies furnished to the Contractor and to the ContractingOfficer. The Contracting Officer shall promptly countermand any action which exceeds theauthority of the SAR.

(d) Government response. The Contracting Officer shall promptly, within _____ (to benegotiated) calendar days after receipt of notice, respond to the notice in writing. In responding,the Contracting Officer shall either --

(1) Confirm that the conduct of which the Contractor gave notice constitutes a change and whennecessary direct the mode of further performance;

(2) Countermand any communication regarded as a change;

(3) Deny that the conduct of which the Contractor gave notice constitutes a change and whennecessary direct the mode of further performance; or

(4) In the event the Contractor’s notice information is inadequate to make a decision undersubparagraphs (d)(1), (2), or (3) of this clause, advise the Contractor what additional informationis required, and establish the date by which it should be furnished and the date thereafter bywhich the Government will respond.

(e) Equitable adjustments.

(1) If the Contracting Officer confirms that Government conduct effected a change as alleged bythe Contractor, and the conduct causes an increase or decrease in the Contractor’s cost of, or thetime required for, performance of any part of the work under this contract, whether changed ornot changed by such conduct, an equitable adjustment shall be made --

(i) In the contract price or delivery schedule or both; and

(ii) In such other provisions of the contract as may be affected.

(2) The contract shall be modified in writing accordingly. In the case of drawings, designs orspecifications which are defective and for which the Government is responsible, the equitable

CONTRACT NO.


N0017817F3010 PAGE

70 of 101 FINAL

adjustment shall include the cost and time extension for delay reasonably incurred by theContractor in attempting to comply with the defective drawings, designs or specifications beforethe Contractor identified, or reasonably should have identified, such defect. When the cost ofproperty made obsolete or excess as a result of a change confirmed by the Contracting Officerunder this clause is included in the equitable adjustment, the Contracting Officer shall have theright to prescribe the manner of disposition of the property. The equitable adjustment shall notinclude increased costs or time extensions for delay resulting from the Contractor’s failure toprovide notice or to continue performance as provided, respectively, in paragraphs (b) and (c) ofthis clause.

NOTE: The phrases "contract price" and "cost" wherever they appear in the clause, may beappropriately modified to apply to cost-reimbursement or incentive contracts, or tocombinations thereof.

252.203-7999 PROHIBITION ON CONTRACTING WITH ENTITIES THAT REQUIRECERTAIN INTERNAL CONFIDENTIALITY AGREEMENTS (DEVIATION2015-O0010)(FEB 2015)

(a) The Contractor shall not require employees or subcontractors seeking to report fraud, waste,or abuse to sign or comply with internal confidentiality agreements or statements prohibiting orotherwise restricting such employees or contactors from lawfully reporting such waste, fraud, orabuse to a designated investigative or law enforcement representative of a Federal department oragency authorized to receive such information.

(b) The Contractor shall notify employees that the prohibitions and restrictions of any internalconfidentiality agreements covered by this clause are no longer in effect.

(c) The prohibition in paragraph (a) of this clause does not contravene requirements applicableto Standard Form 312, Form 4414, or any other form issued by a Federal department or agencygoverning the nondisclosure of classified information.

(d) (1) In accordance with section 743 of Division E, Title VIII, of the Consolidated andFurther Continuing Resolution Appropriations Act, 2015, (Pub. L. 113-235), use of fundsappropriated (or otherwise made available) under that or any other Act may be prohibited, if theGovernment determines that the Contractor is not in compliance with the provisions of thisclause.

(2) The Government may seek any available remedies in the event the Contractor fails toperform in accord with the terms and conditions of the contract as a result of Government actionunder this clause.

252.204-7008 COMPLIANCE WITH SAFEGUARDING COVERED DEFENSEINFORMATION CONTROLS (DEC 2015)

(a) Definitions. As used in this provision—

“Controlled technical information,” “covered Contractor information system,” and “covered

CONTRACT NO.


N0017817F3010 PAGE

71 of 101 FINAL

defense information” are defined in clause 252.204-7012, Safeguarding Covered DefenseInformation and Cyber Incident Reporting.

(b) The security requirements required by contract clause 252.204-7012, Covered DefenseInformation and Cyber Incident Reporting, shall be implemented for all covered defenseinformation on all covered Contractor information systems that support the performance of thiscontract.

(c) For covered Contractor information systems that are not part of an information technology(IT) service or system operated on behalf of the Government (see 252.204-7012(b)(1)(ii))—

(1) By submission of this offer, the Offeror represents that it will implement the securityrequirements specified by National Institute of Standards and Technology (NIST) SpecialPublication (SP) 800-171, “Protecting Controlled Unclassified Information in NonfederalInformation Systems and Organizations” (see http://dx.doi.org/10.6028/NIST.SP.800-171), notlater than December 31, 2017.

(2)(i) If the Offeror proposes to vary from any of the security requirements specified byNIST SP 800-171 that is in effect at the time the solicitation is issued or as authorized by theContracting Officer, the Offeror shall submit to the Contracting Officer, for consideration by theDoD Chief Information Officer (CIO), a written explanation of—

(A) Why a particular security requirement is not applicable; or

(B) How an alternative but equally effective, security measure is used to compensate forthe inability to satisfy a particular requirement and achieve equivalent protection.

(ii) An authorized representative of the DoD CIO will adjudicate Offeror requests to varyfrom NIST SP 800-171 requirements in writing prior to contract award. Any accepted variancefrom NIST SP 800-171 shall be incorporated into the resulting contract.

252.204-7012 SAFEGUARDING COVERED DEFENSE INFORMATION AND CYBERINCIDENT REPORTING (DEC 2015)


“Adequate security” means protective measures that are commensurate with the consequencesand probability of loss, misuse, or unauthorized access to, or modification of information.

“Compromise” means disclosure of information to unauthorized persons, or a violation of thesecurity policy of a system, in which unauthorized intentional or unintentional disclosure,modification, destruction, or loss of an object, or the copying of information to unauthorizedmedia may have occurred.

“Contractor attributional/proprietary information” means information that identifies theContractor(s), whether directly or indirectly, by the grouping of information that can be tracedback to the Contractor(s) (e.g., program description, facility locations), personally identifiableinformation, as well as trade secrets, commercial or financial information, or other commercially

CONTRACT NO.


N0017817F3010 PAGE

72 of 101 FINAL

http://dx.doi.org/10.6028/NIST.SP.800-171

sensitive information that is not customarily shared outside of the company.

“Contractor information system” means an information system belonging to, or operated by orfor, the Contractor.

“Controlled technical information” means technical information with military or spaceapplication that is subject to controls on the access, use, reproduction, modification,performance, display, release, disclosure, or dissemination. Controlled technical informationwould meet the criteria, if disseminated, for distribution statements B through F using the criteriaset forth in DoD Instruction 5230.24, Distribution Statements on Technical Documents. Theterm does not include information that is lawfully publicly available without restrictions.

“Covered Contractor information system” means an information system that is owned, oroperated by or for, a Contractor and that processes, stores, or transmits covered defenseinformation.

“Covered defense information” means unclassified information that—

(i) Is—

(A) Provided to the Contractor by or on behalf of DoD in connection with the performanceof the contract; or

(B) Collected, developed, received, transmitted, used, or stored by or on behalf of theContractor in support of the performance of the contract; and

(ii) Falls in any of the following categories:

(A) Controlled technical information.

(B) Critical information (operations security). Specific facts identified through the OperationsSecurity process about friendly intentions, capabilities, and activities vitally needed byadversaries for them to plan and act effectively so as to guarantee failure or unacceptableconsequences for friendly mission accomplishment (part of Operations Security process).

(C) Export control. Unclassified information concerning certain items, commodities,technology, software, or other information whose export could reasonably be expected toadversely affect the United States national security and nonproliferation objectives. To includedual use items; items identified in export administration regulations, international traffic in armsregulations and munitions list; license applications; and sensitive nuclear technology information.

(D) Any other information, marked or otherwise identified in the contract, that requiressafeguarding or dissemination controls pursuant to and consistent with law, regulations, andGovernmentwide policies (e.g., privacy, proprietary business information).

“Cyber incident” means actions taken through the use of computer networks that result in acompromise or an actual or potentially adverse effect on an information system and/or theinformation residing therein.

CONTRACT NO.


N0017817F3010 PAGE

73 of 101 FINAL

“Forensic analysis” means the practice of gathering, retaining, and analyzing computer-relateddata for investigative purposes in a manner that maintains the integrity of the data.

“Malicious software” means computer software or firmware intended to perform anunauthorized process that will have adverse impact on the confidentiality, integrity, oravailability of an information system. This definition includes a virus, worm, Trojan horse, orother code-based entity that infects a host, as well as spyware and some forms of adware.

“Media” means physical devices or writing surfaces including, but is not limited to, magnetictapes, optical disks, magnetic disks, large-scale integration memory chips, and printouts ontowhich information is recorded, stored, or printed within an information system.

‘‘Operationally critical support’’ means supplies or services designated by the Government ascritical for airlift, sealift, intermodal transportation services, or logistical support that is essentialto the mobilization, deployment, or sustainment of the Armed Forces in a contingency operation.

“Rapid(ly) report(ing)” means within 72 hours of discovery of any cyber incident.

“Technical information” means technical data or computer software, as those terms are defined inthe clause at DFARS 252.227-7013, Rights in Technical Data-Non Commercial Items, regardlessof whether or not the clause is incorporated in this solicitation or contract. Examples of technicalinformation include research and engineering data, engineering drawings, and associated lists,specifications, standards, process sheets, manuals, technical reports, technical orders,catalog-item identifications, data sets, studies and analyses and related information, and computersoftware executable code and source code.

(b) Adequate security. The Contractor shall provide adequate security for all covered defenseinformation on all covered Contractor information systems that support the performance of workunder this contract. To provide adequate security, the Contractor shall—

(1) Implement information systems security protections on all covered Contractorinformation systems including, at a minimum—

(i) For covered Contractor information systems that are part of an InformationTechnology (IT) service or system operated on behalf of the Government—

(A) Cloud computing services shall be subject to the security requirements specifiedin the clause 252.239-7010, Cloud Computing Services, of this contract; and

(B) Any other such IT service or system (i.e., other than cloud computing) shall besubject to the security requirements specified elsewhere in this contract; or

(ii) For covered Contractor information systems that are not part of an IT service or systemoperated on behalf of the Government and therefore are not subject to the security requirementspecified at paragraph (b)(1)(i) of this clause—

(A) The security requirements in National Institute of Standards and Technology(NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in

CONTRACT NO.


N0017817F3010 PAGE

74 of 101 FINAL

Nonfederal Information Systems and Organizations,” http://dx.doi.org/10.6028/NIST.SP.800-171 that is in effect at the time the solicitation is issued or as authorized by theContracting Officer, as soon as practical, but not later than December 31, 2017. The Contractorshall notify the DoD CIO, via email at [email protected], within 30 days of contract award,of any security requirements specified by NIST SP 800-171 not implemented at the time ofcontract award; or

(B) Alternative but equally effective security measures used to compensate for theinability to satisfy a particular requirement and achieve equivalent protection accepted in writingby an authorized representative of the DoD CIO; and

(2) Apply other information systems security measures when the Contractor easonablydetermines that information systems security measures, in addition to those identified inparagraph (b)(1) of this clause, may be required to provide adequate security in a dynamicenvironment based on an assessed risk or vulnerability.

(c) Cyber incident reporting requirement.

(1) When the Contractor discovers a cyber incident that affects a covered Contractorinformation system or the covered defense information residing therein, or that affects theContractor’s ability to perform the requirements of the contract that are designated asoperationally critical support, the Contractor shall—

(i) Conduct a review for evidence of compromise of covered defense information, including,but not limited to, identifying compromised computers, servers, specific data, and user accounts.This review shall also include analyzing covered Contractor information system(s) that were partof the cyber incident, as well as other information systems on the Contractor’s network(s), thatmay have been accessed as a result of the incident in order to identify compromised covereddefense information, or that affect the Contractor’s ability to provide operationally criticalsupport; and

(ii) Rapidly report cyber incidents to DoD at http://dibnet.dod.mil.

(2) Cyber incident report. The cyber incident report shall be treated as information created byor for DoD and shall include, at a minimum, the required elements at http://dibnet.dod.mil.

(3) Medium assurance certificate requirement. In order to report cyber incidents in accordancewith this clause, the Contractor or subcontractor shall have or acquire a DoD-approved mediumassurance certificate to report cyber incidents. For information on obtaining a DoD-approvedmedium assurance certificate, see http://iase.disa.mil/pki/eca/Pages/index.aspx.

(d) Malicious software. The Contractor or subcontractors that discover and isolatemalicious software in connection with a reported cyber incident shall submit the malicioussoftware in accordance with instructions provided by the Contracting Officer.

(e) Media preservation and protection. When a Contractor discovers a cyber incident hasoccurred, the Contractor shall preserve and protect images of all known affected information

CONTRACT NO.


N0017817F3010 PAGE

75 of 101 FINAL

http://dx.doi.org/10.6028/NIST.SP.800-171


http://dibnet.dod.mil/


http://iase.disa.mil/pki/eca/Pages/index.aspx

systems identified in paragraph (c)(1)(i) of this clause and all relevant monitoring/packet capturedata for at least 90 days from the submission of the cyber incident report to allow DoD torequest the media or decline interest.

(f) Access to additional information or equipment necessary for forensic analysis. Uponrequest by DoD, the Contractor shall provide DoD with access to additional information orequipment that is necessary to conduct a forensic analysis.

(g) Cyber incident damage assessment activities. If DoD elects to conduct a damageassessment, the Contracting Officer will request that the Contractor provide all of the damageassessment information gathered in accordance with paragraph (e) of this clause.

(h) DoD safeguarding and use of Contractor attributional/proprietary information. TheGovernment shall protect against the unauthorized use or release of information obtained fromthe Contractor (or derived from information obtained from the Contractor) under this clause thatincludes Contractor attributional/proprietary information, including such information submittedin accordance with paragraph (c). To the maximum extent practicable, the Contractor shallidentify and mark attributional/proprietary information. In making an authorized release of suchinformation, the Government will implement appropriate procedures to minimize the Contractorattributional/proprietary information that is included in such authorized release, seeking toinclude only that information that is necessary for the authorized purpose(s) for which theinformation is being released.

(i) Use and release of Contractor attributional/proprietary information not created by or forDoD. Information that is obtained from the Contractor (or derived from information obtainedfrom the Contractor) under this clause that is not created by or for DoD is authorized to bereleased outside of DoD—

(1) To entities with missions that may be affected by such information;

(2) To entities that may be called upon to assist in the diagnosis, detection, or mitigation ofcyber incidents;

(3) To Government entities that conduct counterintelligence or law enforcementinvestigations;

(4) For national security purposes, including cyber situational awareness and defensepurposes (including with Defense Industrial Base (DIB) participants in the program at 32 CFRpart 236); or

(5) To a support services Contractor (“recipient”) that is directly supporting Governmentactivities under a contract that includes the clause at 252.204-7009, Limitations on the Use orDisclosure of Third-Party Contractor Reported Cyber Incident Information.

(j) Use and release of Contractor attributional/proprietary information created by or for DoD.Information that is obtained from the Contractor (or derived from information obtained from theContractor) under this clause that is created by or for DoD (including the information submitted

CONTRACT NO.


N0017817F3010 PAGE

76 of 101 FINAL

pursuant to paragraph (c) of this clause) is authorized to be used and released outside of DoD forpurposes and activities authorized by paragraph (i) of this clause, and for any other lawfulGovernment purpose or activity, subject to all applicable statutory, regulatory, and policy basedrestrictions on the Government’s use and release of such information.

(k) The Contractor shall conduct activities under this clause in accordance with applicable lawsand regulations on the interception, monitoring, access, use, and disclosure of electroniccommunications and data.

(l) Other safeguarding or reporting requirements. The safeguarding and cyber incident reportingrequired by this clause in no way abrogates the Contractor’s responsibility for other safeguardingor cyber incident reporting pertaining to its unclassified information systems as required by otherapplicable clauses of this contract, or as a result of other applicable U.S. Government statutoryor regulatory requirements.

(m) Subcontracts. The Contractor shall—

(1) Include this clause, including this paragraph (m), in subcontracts, or similar contractualinstruments, for operationally critical support, or for which subcontract performance will involvea covered Contractor information system, including subcontracts for commercial items, withoutalteration, except to identify the parties; and

(2) When this clause is included in a subcontract, require subcontractors to rapidly reportcyber incidents directly to DoD at http://dibnet.dod.mil and the prime Contractor. This includesproviding the incident report number, automatically assigned by DoD, to the prime Contractor(or next higher-tier subcontractor) as soon as practicable

252.227-7013 RIGHTS IN TECHNICAL DATA--NONCOMMERCIAL ITEMS (FEB 2014)


(1) “Computer data base” means a collection of data recorded in a form capable of beingprocessed by a computer. The term does not include computer software.

(2) “Computer program” means a set of instructions, rules, or routines recorded in a form thatis capable of causing a computer to perform a specific operation or series of operations.

(3) “Computer software” means computer programs, source code, source code listings, objectcode listings, design details, algorithms, processes, flow charts, formulae and related material thatwould enable the software to be reproduced, recreated, or recompiled. Computer software doesnot include computer data bases or computer software documentation.

(4) “Computer software documentation” means owner's manuals, user's manuals, installationinstructions, operating instructions, and other similar items, regardless of storage medium, thatexplain the capabilities of the computer software or provide instructions for using the software.

(5) "Covered Government support Contractor" means a Contractor (other than a litigationsupport Contractor covered by 252.204-7014) under a contract, the primary purpose of which is

CONTRACT NO.


N0017817F3010 PAGE

77 of 101 FINAL


http://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm

to furnish independent and impartial advice or technical assistance directly to the Government insupport of the Government’s management and oversight of a program or effort (rather than todirectly furnish an end item or service to accomplish a program or effort), provided that theContractor—

(i) Is not affiliated with the prime Contractor or a first-tier subcontractor on the program oreffort, or with any direct competitor of such prime Contractor or any such first-tiersubcontractor in furnishing end items or services of the type developed or produced on theprogram or effort; and

(ii) Receives access to technical data or computer software for performance of a Governmentcontract that contains the clause at 252.227-7025, Limitations on the Use or Disclosure ofGovernment-Furnished Information Marked with Restrictive Legends.

(6) “Detailed manufacturing or process data” means technical data that describe the steps,sequences, and conditions of manufacturing, processing or assembly used by the manufacturer toproduce an item or component or to perform a process.

(7) “Developed” means that an item, component, or process exists and is workable. Thus, theitem or component must have been constructed or the process practiced. Workability is generallyestablished when the item, component, or process has been analyzed or tested sufficiently todemonstrate to reasonable people skilled in the applicable art that there is a high probability thatit will operate as intended. Whether, how much, and what type of analysis or testing is requiredto establish workability depends on the nature of the item, component, or process, and the stateof the art. To be considered “developed,” the item, component, or process need not be at thestage where it could be offered for sale or sold on the commercial market, nor must the item,component, or process be actually reduced to practice within the meaning of Title 35 of theUnited States Code.

(8) “Developed exclusively at private expense” means development was accomplished entirelywith costs charged to indirect cost pools, costs not allocated to a Government contract, or anycombination thereof.

(i) Private expense determinations should be made at the lowest practicable level.

(ii) Under fixed-price contracts, when total costs are greater than the firm-fixed-price orceiling price of the contract, the additional development costs necessary to completedevelopment shall not be considered when determining whether development was atGovernment, private, or mixed expense.

(9) “Developed exclusively with Government funds” means development was notaccomplished exclusively or partially at private expense.

(10) “Developed with mixed funding” means development was accomplished partially withcosts charged to indirect cost pools and/or costs not allocated to a Government contract, andpartially with costs charged directly to a Government contract.

CONTRACT NO.


N0017817F3010 PAGE

78 of 101 FINAL


(11) “Form, fit, and function data” means technical data that describes the required overallphysical, functional, and performance characteristics (along with the qualification requirements, ifapplicable) of an item, component, or process to the extent necessary to permit identification ofphysically and functionally interchangeable items.

(12) “Government purpose” means any activity in which the United States Government is aparty, including cooperative agreements with international or multi-national defenseorganizations, or sales or transfers by the United States Government to foreign Governments orinternational organizations. Government purposes include competitive procurement, but do notinclude the rights to use, modify, reproduce, release, perform, display, or disclose technical datafor commercial purposes or authorize others to do so.

(13) “Government purpose rights” means the rights to—

(i) Use, modify, reproduce, release, perform, display, or disclose technical data within theGovernment without restriction; and

(ii) Release or disclose technical data outside the Government and authorize persons towhom release or disclosure has been made to use, modify, reproduce, release, perform, display, ordisclose that data for United States Government purposes.

(14) “Limited rights” means the rights to use, modify, reproduce, release, perform, display, ordisclose technical data, in whole or in part, within the Government. The Government may not,without the written permission of the party asserting limited rights, release or disclose thetechnical data outside the Government, use the technical data for manufacture, or authorize thetechnical data to be used by another party, except that the Government may reproduce, release,or disclose such data or authorize the use or reproduction of the data by persons outside theGovernment if—

(i) The reproduction, release, disclosure, or use is—

(A) Necessary for emergency repair and overhaul; or

(B) A release or disclosure to—

(1) A covered Government support Contractor in performance of its covered Governmentsupport contract for use, modification, reproduction, performance, display, or release ordisclosure to a person authorized to receive limited rights technical data; or

(2) A foreign government, of technical data other than detailed manufacturing or process data,when use of such data by the foreign government is in the interest of the Government and isrequired for evaluational or informational purposes;

(ii) The recipient of the technical data is subject to a prohibition on the furtherreproduction, release, disclosure, or use of the technical data; and

(iii) The Contractor or subcontractor asserting the restriction is notified of suchreproduction, release, disclosure, or use.

CONTRACT NO.


N0017817F3010 PAGE

79 of 101 FINAL

(15) “Technical data” means recorded information, regardless of the form or method of therecording, of a scientific or technical nature (including computer software documentation). Theterm does not include computer software or data incidental to contract administration, such asfinancial and/or management information.

(16) “Unlimited rights” means rights to use, modify, reproduce, perform, display, release, ordisclose technical data in whole or in part, in any manner, and for any purpose whatsoever, andto have or authorize others to do so.

(b) Rights in technical data. The Contractor grants or shall obtain for the Government thefollowing royalty free, world-wide, nonexclusive, irrevocable license rights in technical data otherthan computer software documentation (see the Rights in Noncommercial Computer Softwareand Noncommercial Computer Software Documentation clause of this contract for rights incomputer software documentation):

(1) Unlimited rights. The Government shall have unlimited rights in technical data that are—

(i) Data pertaining to an item, component, or process which has been or will be developedexclusively with Government funds;

(ii) Studies, analyses, test data, or similar data produced for this contract, when the study,analysis, test, or similar work was specified as an element of performance;

(iii) Created exclusively with Government funds in the performance of a contract that doesnot require the development, manufacture, construction, or production of items, components, orprocesses;

(iv) Form, fit, and function data;

(v) Necessary for installation, operation, maintenance, or training purposes (other thandetailed manufacturing or process data);

(vi) Corrections or changes to technical data furnished to the Contractor by the Government;

(vii) Otherwise publicly available or have been released or disclosed by the Contractor orsubcontractor without restrictions on further use, release or disclosure, other than a release ordisclosure resulting from the sale, transfer, or other assignment of interest in the technical data toanother party or the sale or transfer of some or all of a business entity or its assets to anotherparty;

(viii) Data in which the Government has obtained unlimited rights under anotherGovernment contract or as a result of negotiations; or

(ix) Data furnished to the Government, under this or any other Government contract orsubcontract thereunder, with—

(A) Government purpose license rights or limited rights and the restrictive condition(s)has/have expired; or

CONTRACT NO.


N0017817F3010 PAGE

80 of 101 FINAL

(B) Government purpose rights and the Contractor's exclusive right to use such data forcommercial purposes has expired.

(2) Government purpose rights.

(i) The Government shall have government purpose rights for a five-year period, or suchother period as may be negotiated, in technical data—

(A) That pertain to items, components, or processes developed with mixed fundingexcept when the Government is entitled to unlimited rights in such data

as provided in paragraphs (b)(1)(ii) and (b)(1)(iv) through (b)(1)(ix) of this clause; or

(B) Created with mixed funding in the performance of a contract that does not require thedevelopment, manufacture, construction, or production of items, components, or processes.

(ii) The five-year period, or such other period as may have been negotiated, shall commenceupon execution of the contract, subcontract, letter contract (or similar contractual instrument),contract modification, or option exercise that required development of the items, components, orprocesses or creation of the data described in paragraph (b)(2)(i)(B) of this clause. Uponexpiration of the five-year or other negotiated period, the Government shall have unlimited rightsin the technical data.

(iii) The Government shall not release or disclose technical data in which it has governmentpurpose rights unless—

(A) Prior to release or disclosure, the intended recipient is subject to the non-disclosureagreement at 227.7103-7 of the Defense Federal Acquisition Regulation Supplement (DFARS);or

(B) The recipient is a Government Contractor receiving access to the data for performanceof a Government contract that contains the clause at DFARS 252.227-7025, Limitations on theUse or Disclosure of Government-Furnished Information Marked with Restrictive Legends.

(iv) The Contractor has the exclusive right, including the right to license others, to usetechnical data in which the Government has obtained government purpose rights under thiscontract for any commercial purpose during the time period specified in the government purposerights legend prescribed in paragraph (f)(2) of this clause.

(3) Limited rights.

(i) Except as provided in paragraphs (b)(1)(ii) and (b)(1)(iv) through (b)(1)(ix) of this clause,the Government shall have limited rights in technical data—

(A) Pertaining to items, components, or processes developed exclusively at private expenseand marked with the limited rights legend prescribed in paragraph (f) of this clause; or

(B) Created exclusively at private expense in the performance of a contract that does notrequire the development, manufacture, construction, or production of items, components, or

CONTRACT NO.


N0017817F3010 PAGE

81 of 101 FINAL

http://www.acq.osd.mil/dpap/dars/dfars/html/current/227_71.htm


processes.

(ii) The Government shall require a recipient of limited rights data for emergency repair oroverhaul to destroy the data and all copies in its possession promptly following completion ofthe emergency repair/overhaul and to notify the Contractor that the data have been destroyed.

(iii) The Contractor, its subcontractors, and suppliers are not required to provide theGovernment additional rights to use, modify, reproduce, release, perform, display, or disclosetechnical data furnished to the Government with limited rights. However, if the Governmentdesires to obtain additional rights in technical data in which it has limited rights, the Contractoragrees to promptly enter into negotiations with the Contracting Officer to determine whetherthere are acceptable terms for transferring such rights. All technical data in which the Contractorhas granted the Government additional rights shall be listed or described in a license agreementmade part of the contract. The license shall enumerate the additional rights granted theGovernment in such data.

(iv) The Contractor acknowledges that—

(A) Limited rights data are authorized to be released or disclosed to covered Governmentsupport Contractors;

(B) The Contractor will be notified of such release or disclosure;

(C) The Contractor (or the party asserting restrictions as identified in the limited rightslegend) may require each such covered Government support Contractor to enter into anon-disclosure agreement directly with the Contractor (or the party asserting restrictions)regarding the covered Government support Contractor’s use of such data, or alternatively, thatthe Contractor (or party asserting restrictions) may waive in writing the requirement for anon-disclosure agreement; and

(D) Any such non-disclosure agreement shall address the restrictions on the coveredGovernment support Contractor's use of the limited rights data as set forth in the clause at252.227-7025, Limitations on the Use or Disclosure of Government-Furnished InformationMarked with Restrictive Legends. The non-disclosure agreement shall not include any additionalterms and conditions unless mutually agreed to by the parties to the non-disclosure agreement.

(4) Specifically negotiated license rights. The standard license rights granted to the Governmentunder paragraphs (b)(1) through (b)(3) of this clause, including the period during which theGovernment shall have government purpose rights in technical data, may be modified by mutualagreement to provide such rights as the parties consider appropriate but shall not provide theGovernment lesser rights than are enumerated in paragraph (a)(14) of this clause. Any rights sonegotiated shall be identified in a license agreement made part of this contract.

(5) Prior government rights. Technical data that will be delivered, furnished, or otherwiseprovided to the Government under this contract, in which the Government has previouslyobtained rights shall be delivered, furnished, or provided with the pre-existing rights, unless—

CONTRACT NO.


N0017817F3010 PAGE

82 of 101 FINAL


(i) The parties have agreed otherwise; or

(ii) Any restrictions on the Government's rights to use, modify, reproduce, release, perform,display, or disclose the data have expired or no longer apply.

(6) Release from liability. The Contractor agrees to release the Government from liability for anyrelease or disclosure of technical data made in accordance with paragraph (a)(14) or (b)(2)(iii) ofthis clause, in accordance with the terms of a license negotiated under paragraph (b)(4) of thisclause, or by others to whom the recipient has released or disclosed the data and to seek reliefsolely from the party who has improperly used, modified, reproduced, released, performed,displayed, or disclosed Contractor data marked with restrictive legends.

(c) Contractor rights in technical data. All rights not granted to the Government are retained bythe Contractor.

(d) Third party copyrighted data. The Contractor shall not, without the written approval of theContracting Officer, incorporate any copyrighted data in the technical data to be delivered underthis contract unless the Contractor is the copyright owner or has obtained for the Governmentthe license rights necessary to perfect a license or licenses in the deliverable data of theappropriate scope set forth in paragraph (b) of this clause, and has affixed a statement of thelicense or licenses obtained on behalf of the Government and other persons to the data transmittaldocument.

(e) Identification and delivery of data to be furnished with restrictions on use, release, ordisclosure.

(1) This paragraph does not apply to restrictions based solely on copyright.

(2) Except as provided in paragraph (e)(3) of this clause, technical data that the Contractorasserts should be furnished to the Government with restrictions on use, release, or disclosure areidentified in an attachment to this contract (the Attachment). The Contractor shall not deliverany data with restrictive markings unless the data are listed on the Attachment.

(3) In addition to the assertions made in the Attachment, other assertions may be identified afteraward when based on new information or inadvertent omissions unless the inadvertent omissionswould have materially affected the source selection decision. Such identification and assertionshall be submitted to the Contracting Officer as soon as practicable prior to the scheduled datefor delivery of the data, in the following format, and signed by an official authorized tocontractually obligate the Contractor:

Identification and Assertion of Restrictions on the Government's Use, Release, or Disclosure ofTechnical Data.

The Contractor asserts for itself, or the persons identified below, that the Government's rights touse, release, or disclose the following technical data should be restricted—

Technical Data Name of Person

CONTRACT NO.


N0017817F3010 PAGE

83 of 101 FINAL

to be Furnished Basis for Asserted Rights Asserting

With Restrictions* Assertion** Category*** Restrictions****

(LIST) (LIST) (LIST) (LIST)

*If the assertion is applicable to items, components, or processes developed at private expense,identify both the data and each such item, component, or process.

**Generally, the development of an item, component, or process at private expense, eitherexclusively or partially, is the only basis for asserting restrictions on the Government's rights touse, release, or disclose technical data pertaining to such items, components, or processes.Indicate whether development was exclusively or partially at private expense. If developmentwas not at private expense, enter the specific reason for asserting that the Government's rightsshould be restricted.

***Enter asserted rights category (e.g., government purpose license rights from a prior contract,rights in SBIR data generated under another contract, limited or government purpose rights underthis or a prior contract, or specifically negotiated licenses).

****Corporation, individual, or other person, as appropriate.

Date _________________________________

Printed Name and Title _________________________________

_________________________________

Signature _________________________________

(End of identification and assertion)

(4) When requested by the Contracting Officer, the Contractor shall provide sufficientinformation to enable the Contracting Officer to evaluate the Contractor's assertions. TheContracting Officer reserves the right to add the Contractor's assertions to the Attachment andvalidate any listed assertion, at a later date, in accordance with the procedures of the Validation ofRestrictive Markings on Technical Data clause of this contract.

(f) Marking requirements. The Contractor, and its subcontractors or suppliers, may only assertrestrictions on the Government's rights to use, modify, reproduce, release, perform, display, ordisclose technical data to be delivered under this contract by marking the deliverable data subjectto restriction. Except as provided in paragraph (f)(5) of this clause, only the following legends areauthorized under this contract: the government purpose rights legend at paragraph (f)(2) of thisclause; the limited rights legend at paragraph (f)(3) of this clause; or the special license rightslegend at paragraph (f)(4) of this clause; and/or a notice of copyright as prescribed under 17U.S.C. 401 or 402.

(1) General marking instructions. The Contractor, or its subcontractors or suppliers, shallconspicuously and legibly mark the appropriate legend on all technical data that qualify for suchmarkings. The authorized legends shall be placed on the transmittal document or storage containerand, for printed material, each page of the printed material containing technical data for which

CONTRACT NO.


N0017817F3010 PAGE

84 of 101 FINAL

restrictions are asserted. When only portions of a page of printed material are subject to theasserted restrictions, such portions shall be identified by circling, underscoring, with a note, orother appropriate identifier. Technical data transmitted directly from one computer or computerterminal to another shall contain a notice of asserted restrictions. Reproductions of technical dataor any portions thereof subject to asserted restrictions shall also reproduce the assertedrestrictions.

(2) Government purpose rights markings. Data delivered or otherwise furnished to theGovernment with government purpose rights shall be marked as follows:

GOVERNMENT PURPOSE RIGHTS

Contract No.

Contractor Name

Contractor Address

Expiration Date

The Government's rights to use, modify, reproduce, release, perform, display, or disclose thesetechnical data are restricted by paragraph (b)(2) of the Rights in Technical Data—NoncommercialItems clause contained in the above identified contract. No restrictions apply after the expirationdate shown above. Any reproduction of technical data or portions thereof marked with thislegend must also reproduce the markings.

(End of legend)

(3) Limited rights markings. Data delivered or otherwise furnished to the Government withlimited rights shall be marked with the following legend:

LIMITED RIGHTS

Contract No.

Contractor Name

Contractor Address

The Government's rights to use, modify, reproduce, release, perform, display, or disclose thesetechnical data are restricted by paragraph (b)(3) of the Rights in Technical Data--NoncommercialItems clause contained in the above identified contract. Any reproduction of technical data orportions thereof marked with this legend must also reproduce the markings. Any person, otherthan the Government, who has been provided access to such data must promptly notify theabove named Contractor.

(End of legend)

(4) Special license rights markings.

(i) Data in which the Government's rights stem from a specifically negotiated license shall be

CONTRACT NO.


N0017817F3010 PAGE

85 of 101 FINAL

marked with the following legend:

SPECIAL LICENSE RIGHTS

The Government's rights to use, modify, reproduce, release,perform, display, or disclose these data are restricted by ContractNo. _____(Insert contract number)____, License No. ____(Insertlicense identifier)____. Any reproduction of technical data orportions thereof marked with this legend must also reproduce themarkings.

(End of legend)

(ii) For purposes of this clause, special licenses do not include government purpose licenserights acquired under a prior contract (see paragraph (b)(5) of this clause).

(5) Pre-existing data markings. If the terms of a prior contract or license permitted theContractor to restrict the Government's rights to use, modify, reproduce, release, perform,display, or disclose technical data deliverable under this contract, and those restrictions are stillapplicable, the Contractor may mark such data with the appropriate restrictive legend for whichthe data qualified under the prior contract or license. The marking procedures in paragraph (f)(1)of this clause shall be followed.

(g) Contractor procedures and records. Throughout performance of this contract, the Contractorand its subcontractors or suppliers that will deliver technical data with other than unlimitedrights, shall—

(1) Have, maintain, and follow written procedures sufficient to assure that restrictive markingsare used only when authorized by the terms of this clause; and

(2) Maintain records sufficient to justify the validity of any restrictive markings on technicaldata delivered under this contract.

(h) Removal of unjustified and nonconforming markings.

(1) Unjustified technical data markings. The rights and obligations of the parties regarding thevalidation of restrictive markings on technical data furnished or to be furnished under thiscontract are contained in the Validation of Restrictive Markings on Technical Data clause of thiscontract. Notwithstanding any provision of this contract concerning inspection and acceptance,the Government may ignore or, at the Contractor's expense, correct or strike a marking if, inaccordance with the procedures in the Validation of Restrictive Markings on Technical Dataclause of this contract, a restrictive marking is determined to be unjustified.

(2) Nonconforming technical data markings. A nonconforming marking is a marking placed ontechnical data delivered or otherwise furnished to the Government under this contract that is notin the format authorized by this contract. Correction of nonconforming markings is not subject tothe Validation of Restrictive Markings on Technical Data clause of this contract. If the

CONTRACT NO.


N0017817F3010 PAGE

86 of 101 FINAL

Contracting Officer notifies the Contractor of a nonconforming marking and the Contractor failsto remove or correct such marking within sixty (60) days, the Government may ignore or, at theContractor's expense, remove or correct any nonconforming marking.

(i) Relation to patents. Nothing contained in this clause shall imply a license to theGovernment under any patent or be construed as affecting the scope of any license or other rightotherwise granted to the Government under any patent.

(j) Limitation on charges for rights in technical data.

(1) The Contractor shall not charge to this contract any cost, including, but not limited to,license fees, royalties, or similar charges, for rights in technical data to be delivered under thiscontract when—

(i) The Government has acquired, by any means, the same or greater rights in the data; or

(ii) The data are available to the public without restrictions.

(2) The limitation in paragraph (j)(1) of this clause—

(i) Includes costs charged by a subcontractor or supplier, at any tier, or costs incurred by theContractor to acquire rights in subcontractor or supplier technical data, if the subcontractor orsupplier has been paid for such rights under any other Government contract or under a licenseconveying the rights to the Government; and

(ii) Does not include the reasonable costs of reproducing, handling, or mailing the documentsor other media in which the technical data will be delivered.

(k) Applicability to subcontractors or suppliers.

(1) The Contractor shall ensure that the rights afforded its subcontractors and suppliers under 10U.S.C. 2320, 10 U.S.C. 2321, and the identification, assertion, and delivery processes ofparagraph (e) of this clause are recognized and protected.

(2) Whenever any technical data for noncommercial items, or for commercial items developed inany part at Government expense, is to be obtained from a subcontractor or supplier for deliveryto the Government under this contract, the Contractor shall use this same clause in thesubcontract or other contractual instrument, including subcontracts or other contractualinstruments for commercial items, and require its subcontractors or suppliers to do so, withoutalteration, except to identify the parties. This clause will govern the technical data pertaining tononcommercial items or to any portion of a commercial item that was developed in any part atGovernment expense, and the clause at 252.227-7015 will govern the technical data pertaining toany portion of a commercial item that was developed exclusively at private expense. No otherclause shall be used to enlarge or diminish the Government's, the Contractor's, or a higher-tiersubcontractor's or supplier's rights in a subcontractor's or supplier's technical data.

(3) Technical data required to be delivered by a subcontractor or supplier shall normally bedelivered to the next higher-tier Contractor, subcontractor, or supplier. However, when there is a

CONTRACT NO.


N0017817F3010 PAGE

87 of 101 FINAL


requirement in the prime contract for data which may be submitted with other than unlimitedrights by a subcontractor or supplier, then said subcontractor or supplier may fulfill itsrequirement by submitting such data directly to the Government, rather than through a higher-tierContractor, subcontractor, or supplier.

(4) The Contractor and higher-tier subcontractors or suppliers shall not use their power to awardcontracts as economic leverage to obtain rights in technical data from their subcontractors orsuppliers.

(5) In no event shall the Contractor use its obligation to recognize and protect subcontractor orsupplier rights in technical data as an excuse for failing to satisfy its contractual obligation to theGovernment.

252.227-7014 RIGHTS IN NONCOMMERCIAL COMPUTER SOFTWARE ANDNONCOMMERCIAL COMPUTER SOFTWARE DOCUMENTATION (FEB 2014)


(1) “Commercial computer software” means software developed or regularly used fornon-Governmental purposes which—

(i) Has been sold, leased, or licensed to the public;

(ii) Has been offered for sale, lease, or license to the public;

(iii) Has not been offered, sold, leased, or licensed to the public but will be available forcommercial sale, lease, or license in time to satisfy the delivery requirements of this contract; or

(iv) Satisfies a criterion expressed in paragraph (a)(1)(i), (ii), or (iii) of this clause and wouldrequire only minor modification to meet the requirements of this contract.

(2) “Computer database” means a collection of recorded data in a form capable of being processedby a computer. The term does not include computer software.

(3) “Computer program” means a set of instructions, rules, or routines, recorded in a form that iscapable of causing a computer to perform a specific operation or series of operations.

(4) “Computer software” means computer programs, source code, source code listings, objectcode listings, design details, algorithms, processes, flow charts, formulae, and related material thatwould enable the software to be reproduced, recreated, or recompiled. Computer software doesnot include computer databases or computer software documentation.

(5) “Computer software documentation” means owner's manuals, user's manuals, installationinstructions, operating instructions, and other similar items, regardless of storage medium, thatexplain the capabilities of the computer software or provide instructions for using the software.

(6) "Covered Government support Contractor" means a Contractor (other than a litigationsupport Contractor covered by 252.204-7014) under a contract, the primary purpose of which isto furnish independent and impartial advice or technical assistance directly to the Government in

CONTRACT NO.


N0017817F3010 PAGE

88 of 101 FINAL


support of the Government’s management and oversight of a program or effort (rather than todirectly furnish an end item or service to accomplish a program or effort), provided that theContractor—

(i) Is not affiliated with the prime Contractor or a first-tier subcontractor on the program oreffort, or with any direct competitor of such prime Contractor or any such first-tiersubcontractor in furnishing end items or services of the type developed or produced on theprogram or effort; and

(ii) Receives access to technical data or computer software for performance of a Governmentcontract that contains the clause at 252.227-7025, Limitations on the Use or Disclosure ofGovernment-Furnished Information Marked with Restrictive Legends.

(7) “Developed” means that—

(i) A computer program has been successfully operated in a computer and tested to the extentsufficient to demonstrate to reasonable persons skilled in the art that the program can reasonablybe expected to perform its intended purpose;

(ii) Computer software, other than computer programs, has been tested or analyzed to theextent sufficient to demonstrate to reasonable persons skilled in the art that the software canreasonably be expected to perform its intended purpose; or

(iii) Computer software documentation required to be delivered under a contract has beenwritten, in any medium, in sufficient detail to comply with requirements under that contract.

(8) “Developed exclusively at private expense” means development was accomplished entirelywith costs charged to indirect cost pools, costs not allocated to a Government contract, or anycombination thereof.

(i) Private expense determinations should be made at the lowest practicable level.

(ii) Under fixed-price contracts, when total costs are greater than the firm-fixed-price or ceilingprice of the contract, the additional development costs necessary to complete development shallnot be considered when determining whether development was at Government, private, or mixedexpense.

(9) “Developed exclusively with Government funds” means development was not accomplishedexclusively or partially at private expense.

(10) “Developed with mixed funding” means development was accomplished partially with costscharged to indirect cost pools and/or costs not allocated to a Government contract, and partiallywith costs charged directly to a Government contract.

(11) “Government purpose” means any activity in which the United States Government is aparty, including cooperative agreements with international or multi-national defense organizationsor sales or transfers by the United States Government to foreign governments or internationalorganizations. Government purposes include competitive procurement, but do not include the

CONTRACT NO.


N0017817F3010 PAGE

89 of 101 FINAL


rights to use, modify, reproduce, release, perform, display, or disclose computer software orcomputer software documentation for commercial purposes or authorize others to do so.

(12) “Government purpose rights” means the rights to—

(i) Use, modify, reproduce, release, perform, display, or disclose computer software orcomputer software documentation within the Government without restriction; and

(ii) Release or disclose computer software or computer software documentation outside theGovernment and authorize persons to whom release or disclosure has been made to use, modify,reproduce, release, perform, display, or disclose the software or documentation for United StatesGovernment purposes.

(13) “Minor modification” means a modification that does not significantly alter thenon-Governmental function or purpose of the software or is of the type customarily provided inthe commercial marketplace.

(14) “Noncommercial computer software” means software that does not qualify as commercialcomputer software under paragraph (a)(1) of this clause.

(15) “Restricted rights” apply only to noncommercial computer software and mean theGovernment's rights to—

(i) Use a computer program with one computer at one time. The program may not be accessedby more than one terminal or central processing unit or time shared unless otherwise permittedby this contract;

(ii) Transfer a computer program to another Government agency without the furtherpermission of the Contractor if the transferor destroys all copies of the program and relatedcomputer software documentation in its possession and notifies the licensor of the transfer.Transferred programs remain subject to the provisions of this clause;

(iii) Make the minimum number of copies of the computer software required for safekeeping(archive), backup, or modification purposes;

(iv) Modify computer software provided that the Government may—

(A) Use the modified software only as provided in paragraphs (a)(15)(i) and (iii) of thisclause; and

(B) Not release or disclose the modified software except as provided in paragraphs(a)(15)(ii), (v), (vi) and (vii) of this clause;

(v) Permit Contractors or subcontractors performing service contracts (see 37.101 of theFederal Acquisition Regulation) in support of this or a related contract to use computer softwareto diagnose and correct deficiencies in a computer program, to modify computer software toenable a computer program to be combined with, adapted to, or merged with other computerprograms or when necessary to respond to urgent tactical situations, provided that—

CONTRACT NO.


N0017817F3010 PAGE

90 of 101 FINAL

(A) The Government notifies the party which has granted restricted rights that a release ordisclosure to particular Contractors or subcontractors was made;

(B) Such Contractors or subcontractors are subject to the use and non-disclosure agreementat 227.7103-7 of the Defense Federal Acquisition Regulation Supplement (DFARS) or areGovernment Contractors receiving access to the software for performance of a Governmentcontract that contains the clause at DFARS 252.227-7025, Limitations on the Use or Disclosureof Government-Furnished Information Marked with Restrictive Legends;

(C) The Government shall not permit the recipient to decompile, disassemble, or reverseengineer the software, or use software decompiled, disassembled, or reverse engineered by theGovernment pursuant to paragraph (a)(15)(iv) of this clause, for any other purpose; and

(D) Such use is subject to the limitations in paragraphs (a)(15)(i) through (iii) of this clause;

(vi) Permit Contractors or subcontractors performing emergency repairs or overhaul of itemsor components of items procured under this or a related contract to use the computer softwarewhen necessary to perform the repairs or overhaul, or to modify the computer software to reflectthe repairs or overhaul made, provided that—

(A) The intended recipient is subject to the use and non-disclosure agreement atDFARS 227.7103-7 or is a Government Contractor receiving access to the software forperformance of a Government contract that contains the clause at DFARS 252.227-7025,Limitations on the Use or Disclosure of Government-Furnished Information Marked withRestrictive Legends;

(B) The Government shall not permit the recipient to decompile, disassemble, orreverse engineer the software, or use software decompiled, disassembled, or reverse engineered bythe Government pursuant to paragraph (a)(15)(iv) of this clause, for any other purpose; and

(C) Such use is subject to the limitations in paragraphs (a)(15)(i) through (iii) of thisclause; and

(vii) Permit covered Government support Contractors in the performance of coveredGovernment support contracts that contain the clause at 252.227-7025, Limitations on the Useor Disclosure of Government-Furnished Information Marked with Restrictive Legends, to use,modify, reproduce, perform, display, or release or disclose the computer software to a personauthorized to receive restricted rights computer software, provided that—

(A) The Government shall not permit the covered Government support Contractor todecompile, disassemble, or reverse engineer the software, or use software decompiled,disassembled, or reverse engineered by the Government pursuant to paragraph (a)(15)(iv) of thisclause, for any other purpose; and

(B) Such use is subject to the limitations in paragraphs (a)(15)(i) through (iv) of this clause.

(16) “Unlimited rights” means rights to use, modify, reproduce, release, perform, display, or

CONTRACT NO.


N0017817F3010 PAGE

91 of 101 FINAL






disclose computer software or computer software documentation in whole or in part, in anymanner and for any purpose whatsoever, and to have or authorize others to do so.

(b) Rights in computer software or computer software documentation. The Contractor grants orshall obtain for the Government the following royalty free, world-wide, nonexclusive, irrevocablelicense rights in noncommercial computer software or computer software documentation. Allrights not granted to the Government are retained by the Contractor.

(1) Unlimited rights. The Government shall have unlimited rights in—

(i) Computer software developed exclusively with Government funds;

(ii) Computer software documentation required to be delivered under this contract;

(iii) Corrections or changes to computer software or computer software documentationfurnished to the Contractor by the Government;

(iv) Computer software or computer software documentation that is otherwise publiclyavailable or has been released or disclosed by the Contractor or subcontractor without restrictionon further use, release or disclosure, other than a release or disclosure resulting from the sale,transfer, or other assignment of interest in the software to another party or the sale or transfer ofsome or all of a business entity or its assets to another party;

(v) Computer software or computer software documentation obtained with unlimited rightsunder another Government contract or as a result of negotiations; or

(vi) Computer software or computer software documentation furnished to the Government,under this or any other Government contract or subcontract thereunder with—

(A) Restricted rights in computer software, limited rights in technical data, or Governmentpurpose license rights and the restrictive conditions have expired; or

(B) Government purpose rights and the Contractor's exclusive right to use such software ordocumentation for commercial purposes has expired.

(2) Government purpose rights.

(i) Except as provided in paragraph (b)(1) of this clause, the Government shall havegovernment purpose rights in computer software developed with mixed funding.

(ii) Government purpose rights shall remain in effect for a period of five years unless adifferent period has been negotiated. Upon expiration of the five-year or other negotiated period,the Government shall have unlimited rights in the computer software or computer softwaredocumentation. The Government purpose rights period shall commence upon execution of thecontract, subcontract, letter contract (or similar contractual instrument), contract modification, oroption exercise that required development of the computer software.

(iii) The Government shall not release or disclose computer software in which it has Governmentpurpose rights to any other person unless—

CONTRACT NO.


N0017817F3010 PAGE

92 of 101 FINAL

(A) Prior to release or disclosure, the intended recipient is subject to the use and non-disclosureagreement at DFARS 227.7103-7; or

(B) The recipient is a Government Contractor receiving access to the software or documentationfor performance of a Government contract that contains the clause at DFARS 252.227-7025,Limitations on the Use or Disclosure of Government Furnished Information Marked withRestrictive Legends.

(3) Restricted rights.

(i) The Government shall have restricted rights in noncommercial computer software requiredto be delivered or otherwise provided to the Government under this contract that were developedexclusively at private expense.

(ii) The Contractor, its subcontractors, or suppliers are not required to provide theGovernment additional rights in noncommercial computer software delivered or otherwiseprovided to the Government with restricted rights. However, if the Government desires to obtainadditional rights in such software, the Contractor agrees to promptly enter into negotiations withthe Contracting Officer to determine whether there are acceptable terms for transferring suchrights. All noncommercial computer software in which the Contractor has granted theGovernment additional rights shall be listed or described in a license agreement made part of thecontract (see paragraph (b)(4) of this clause). The license shall enumerate the additional rightsgranted the Government.

(iii) The Contractor acknowledges that—

(A) Restricted rights computer software is authorized to be released or disclosed to coveredGovernment support Contractors;

(B) The Contractor will be notified of such release or disclosure;

(C) The Contractor (or the party asserting restrictions, as identified in the restricted rightslegend) may require each such covered Government support Contractor to enter into anon-disclosure agreement directly with the Contractor (or the party asserting restrictions)regarding the covered Government support Contractor’s use of such software, or alternatively,that the Contractor (or party asserting restrictions) may waive in writing the requirement for anon-disclosure agreement; and

(D) Any such non-disclosure agreement shall address the restrictions on the covered Governmentsupport Contractor's use of the restricted rights software as set forth in the clause at252.227-7025, Limitations on the Use or Disclosure of Government-Furnished InformationMarked with Restrictive Legends. The non-disclosure agreement shall not include any additionalterms and conditions unless mutually agreed to by the parties to the non-disclosure agreement.

(4) Specifically negotiated license rights.

(i) The standard license rights granted to the Government under paragraphs (b)(1) through

CONTRACT NO.


N0017817F3010 PAGE

93 of 101 FINAL




(b)(3) of this clause, including the period during which the Government shall have Governmentpurpose rights in computer software, may be modified by mutual agreement to provide suchrights as the parties consider appropriate but shall not provide the Government lesser rights incomputer software than are enumerated in paragraph (a)(15) of this clause or lesser rights incomputer software documentation than are enumerated in paragraph (a)(14) of the Rights inTechnical Data--Noncommercial Items clause of this contract.

(ii) Any rights so negotiated shall be identified in a license agreement made part of thiscontract.

(5) Prior Government rights. Computer software or computer software documentation that willbe delivered, furnished, or otherwise provided to the Government under this contract, in whichthe Government has previously obtained rights shall be delivered, furnished, or provided with thepre-existing rights, unless—

(i) The parties have agreed otherwise; or

(ii) Any restrictions on the Government's rights to use, modify, reproduce, release, perform,display, or disclose the data have expired or no longer apply.

(6) Release from liability. The Contractor agrees to release the Government from liability for anyrelease or disclosure of computer software made in accordance with paragraph (a)(15) or(b)(2)(iii) of this clause, in accordance with the terms of a license negotiated under paragraph(b)(4) of this clause, or by others to whom the recipient has released or disclosed the software,and to seek relief solely from the party who has improperly used, modified, reproduced, released,performed, displayed, or disclosed Contractor software marked with restrictive legends.

(c) Rights in derivative computer software or computer software documentation. The Governmentshall retain its rights in the unchanged portions of any computer software or computer softwaredocumentation delivered under this contract that the Contractor uses to prepare, or includes in,derivative computer software or computer software documentation.

(d) Third party copyrighted computer software or computer software documentation. TheContractor shall not, without the written approval of the Contracting Officer, incorporate anycopyrighted computer software or computer software documentation in the software ordocumentation to be delivered under this contract unless the Contractor is the copyright owner orhas obtained for the Government the license rights necessary to perfect a license or licenses in thedeliverable software or documentation of the appropriate scope set forth in paragraph (b) of thisclause, and prior to delivery of such—

(1) Computer software, has provided a statement of the license rights obtained in a formacceptable to the Contracting Officer; or (2) Computer software documentation, has affixed tothe transmittal document a statement of the license rights obtained.

(e) Identification and delivery of computer software and computer software documentation to befurnished with restrictions on use, release, or disclosure.

CONTRACT NO.


N0017817F3010 PAGE

94 of 101 FINAL

(1) This paragraph does not apply to restrictions based solely on copyright.

(2) Except as provided in paragraph (e)(3) of this clause, computer software that the Contractorasserts should be furnished to the Government with restrictions on use, release, or disclosure isidentified in an attachment to this contract (the Attachment). The Contractor shall not deliverany software with restrictive markings unless the software is listed on the Attachment.

(3) In addition to the assertions made in the Attachment, other assertions may be identified afteraward when based on new information or inadvertent omissions unless the inadvertent omissionswould have materially affected the source selection decision. Such identification and assertionshall be submitted to the Contracting Officer as soon as practicable prior to the scheduled datefor delivery of the software, in the following format, and signed by an official authorized tocontractually obligate the Contractor:

Identification and Assertion of Restrictions on the Government's Use, Release, or Disclosure ofComputer Software.

The Contractor asserts for itself, or the persons identified below, that the Government's rights touse, release, or disclose the following computer software should be restricted:

Computer Software Name of Person

to be Furnished Basis for Asserted Rights Asserting

With Restrictions* Assertion** Category*** Restrictions****

(LIST) (LIST) (LIST) (LIST)

*Generally, development at private expense, either exclusively or partially, is the only basis forasserting restrictions on the Government's rights to use, release, or disclose computer software.

**Indicate whether development was exclusively or partially at private expense. If developmentwas not at private expense, enter the specific reason for asserting that the Government's rightsshould be restricted.

***Enter asserted rights category (e.g., restricted or Government purpose rights in computersoftware, Government purpose license rights from a prior contract, rights in SBIR softwaregenerated under another contract, or specifically negotiated licenses).

****Corporation, individual, or other person, as appropriate.

Date ______________________________

Printed Name and Title ______________________________

______________________________

Signature ______________________________

(End of identification and assertion)

(4) When requested by the Contracting Officer, the Contractor shall provide sufficientinformation to enable the Contracting Officer to evaluate the Contractor's assertions. The

CONTRACT NO.


N0017817F3010 PAGE

95 of 101 FINAL

Contracting Officer reserves the right to add the Contractor's assertions to the Attachment andvalidate any listed assertion, at a later date, in accordance with the procedures of the Validation ofAsserted Restrictions—Computer Software clause of this contract.

(f) Marking requirements. The Contractor, and its subcontractors or suppliers, may only assertrestrictions on the Government's rights to use, modify, reproduce, release, perform, display, ordisclose computer software by marking the deliverable software or documentation subject torestriction. Except as provided in paragraph (f)(5) of this clause, only the following legends areauthorized under this contract: the Government purpose rights legend at paragraph (f)(2) of thisclause; the restricted rights legend at paragraph (f)(3) of this clause; or the special license rightslegend at paragraph (f)(4) of this clause; and/or a notice of copyright as prescribed under 17U.S.C. 401 or 402.

(1) General marking instructions. The Contractor, or its subcontractors or suppliers, shallconspicuously and legibly mark the appropriate legend on all computer software that qualify forsuch markings. The authorized legends shall be placed on the transmittal document or softwarestorage container and each page, or portions thereof, of printed material containing computersoftware for which restrictions are asserted. Computer software transmitted directly from onecomputer or computer terminal to another shall contain a notice of asserted restrictions.However, instructions that interfere with or delay the operation of computer software in order todisplay a restrictive rights legend or other license statement at any time prior to or during use ofthe computer software, or otherwise cause such interference or delay, shall not be inserted insoftware that will or might be used in combat or situations that simulate combat conditions,unless the Contracting Officer's written permission to deliver such software has been obtainedprior to delivery. Reproductions of computer software or any portions thereof subject toasserted restrictions, shall also reproduce the asserted restrictions.

(2) Government purpose rights markings. Computer software delivered or otherwise furnishedto the Government with Government purpose rights shall be marked as follows:

GOVERNMENT PURPOSE RIGHTS

Contract No.

Contractor Name

Contractor Address

Expiration Date

The Government's rights to use, modify, reproduce, release, perform, display, or disclose thissoftware are restricted by paragraph (b)(2) of the Rights in Noncommercial Computer Softwareand Noncommercial Computer Software Documentation clause contained in the above identifiedcontract. No restrictions apply after the expiration date shown above. Any reproduction of thesoftware or portions thereof marked with this legend must also reproduce the markings.

(End of legend)

CONTRACT NO.


N0017817F3010 PAGE

96 of 101 FINAL

(3) Restricted rights markings. Software delivered or otherwise furnished to the Governmentwith restricted rights shall be marked with the following legend:

RESTRICTED RIGHTS

Contract No.

Contractor Name

Contractor Address

The Government's rights to use, modify, reproduce, release, perform, display, or disclose thissoftware are restricted by paragraph (b)(3) of the Rights in Noncommercial Computer Softwareand Noncommercial Computer Software Documentation clause contained in the above identifiedcontract. Any reproduction of computer software or portions thereof marked with this legendmust also reproduce the markings. Any person, other than the Government, who has beenprovided access to such software must promptly notify the above named Contractor.

(End of legend)

(4) Special license rights markings.

(i) Computer software or computer software documentation in which the Government's rightsstem from a specifically negotiated license shall be marked with the following legend:

SPECIAL LICENSE RIGHTS

The Government's rights to use, modify, reproduce, release, perform,display, or disclose these data are restricted by Contract No._____(Insert contract number)____, License No. ____(Insert licenseidentifier)____. Any reproduction of computer software, computersoftware documentation, or portions thereof marked with this legendmust also reproduce the markings.

(End of legend)

(ii) For purposes of this clause, special licenses do not include Government purpose licenserights acquired under a prior contract (see paragraph (b)(5) of this clause).

(5) Pre-existing markings. If the terms of a prior contract or license permitted the Contractor torestrict the Government's rights to use, modify, release, perform, display, or disclose computersoftware or computer software documentation and those restrictions are still applicable, theContractor may mark such software or documentation with the appropriate restrictive legend forwhich the software qualified under the prior contract or license. The marking procedures inparagraph (f)(1) of this clause shall be followed.

(g) Contractor procedures and records. Throughout performance of this contract, the Contractorand its subcontractors or suppliers that will deliver computer software or computer software

CONTRACT NO.


N0017817F3010 PAGE

97 of 101 FINAL

documentation with other than unlimited rights, shall—

(1) Have, maintain, and follow written procedures sufficient to assure that restrictive markingsare used only when authorized by the terms of this clause; and

(2) Maintain records sufficient to justify the validity of any restrictive markings on computersoftware or computer software documentation delivered under this contract.

(h) Removal of unjustified and nonconforming markings.

(1) Unjustified computer software or computer software documentation markings. The rights andobligations of the parties regarding the validation of restrictive markings on computer software orcomputer software documentation furnished or to be furnished under this contract are containedin the Validation of Asserted Restrictions--Computer Software and the Validation of RestrictiveMarkings on Technical Data clauses of this contract, respectively. Notwithstanding anyprovision of this contract concerning inspection and acceptance, the Government may ignore or,at the Contractor's expense, correct or strike a marking if, in accordance with the procedures ofthose clauses, a restrictive marking is determined to be unjustified.

(2) Nonconforming computer software or computer software documentation markings. Anonconforming marking is a marking placed on computer software or computer softwaredocumentation delivered or otherwise furnished to the Government under this contract that is notin the format authorized by this contract. Correction of nonconforming markings is not subject tothe Validation of Asserted Restrictions--Computer Software or the Validation of RestrictiveMarkings on Technical Data clause of this contract. If the Contracting Officer notifies theContractor of a nonconforming marking or markings and the Contractor fails to remove or correctsuch markings within sixty (60) days, the Government may ignore or, at the Contractor'sexpense, remove or correct any nonconforming markings.

(i) Relation to patents. Nothing contained in this clause shall imply a license to the Governmentunder any patent or be construed as affecting the scope of any license or other right otherwisegranted to the Government under any patent.

(j) Limitation on charges for rights in computer software or computer software documentation.

(1) The Contractor shall not charge to this contract any cost, including but not limited to licensefees, royalties, or similar charges, for rights in computer software or computer softwaredocumentation to be delivered under this contract when—

(i) The Government has acquired, by any means, the same or greater rights in the software ordocumentation; or

(ii) The software or documentation are available to the public without restrictions.

(2) The limitation in paragraph (j)(1) of this clause—

(i) Includes costs charged by a subcontractor or supplier, at any tier, or costs incurred by theContractor to acquire rights in subcontractor or supplier computer software or computer

CONTRACT NO.


N0017817F3010 PAGE

98 of 101 FINAL

software documentation, if the subcontractor or supplier has been paid for such rights under anyother Government contract or under a license conveying the rights to the Government; and

(ii) Does not include the reasonable costs of reproducing, handling, or mailing the documents orother media in which the software or documentation will be delivered.

(k) Applicability to subcontractors or suppliers.

(1) Whenever any noncommercial computer software or computer software documentation is tobe obtained from a subcontractor or supplier for delivery to the Government under this contract,the Contractor shall use this same clause in its subcontracts or other contractual instruments, andrequire its subcontractors or suppliers to do so, without alteration, except to identify the parties.No other clause shall be used to enlarge or diminish the Government's, the Contractor's, or ahigher tier subcontractor's or supplier's rights in a subcontractor's or supplier's computersoftware or computer software documentation.

(2) The Contractor and higher tier subcontractors or suppliers shall not use their power to awardcontracts as economic leverage to obtain rights in computer software or computer softwaredocumentation from their subcontractors or suppliers.

(3) The Contractor shall ensure that subcontractor or supplier rights are recognized and protectedin the identification, assertion, and delivery processes required by paragraph (e) of this clause.

(4) In no event shall the Contractor use its obligation to recognize and protect subcontractor orsupplier rights in computer software or computer software documentation as an excuse for failingto satisfy its contractual obligation to the Government.

(End of clause)

252.239-7000 PROTECTION AGAINST COMPROMISING EMANATIONS (JUN 2004)

(a) The Contractor shall provide or use only information technology, as specified by theGovernment, that has been accredited to meet the appropriate information assurancerequirements of—

(1) The National Security Agency National TEMPEST Standards (NACSEM No. 5100 orNACSEM No. 5100A, Compromising Emanations Laboratory Test Standard, Electromagnetics(U)); or

(2) Other standards specified by this contract, including the date through which the requiredaccreditation is current or valid for the contract.

(b) Upon request of the Contracting Officer, the Contractor shall provide documentationsupporting the accreditation.

(c) The Government may, as part of its inspection and acceptance, conduct additional tests toensure that information technology delivered under this contract satisfies the information

CONTRACT NO.


N0017817F3010 PAGE

99 of 101 FINAL

assurance standards specified. The Government may conduct additional tests—

(1) At the installation site or Contractor's facility; and

(2) Notwithstanding the existence of valid accreditations of information technology prior to theaward of this contract.

(d) Unless otherwise provided in this contract under the Warranty of Supplies or Warranty ofSystems and Equipment clause, the Contractor shall correct or replace accepted informationtechnology found to be deficient within 1 year after proper installations.

(1) The correction or replacement shall be at no cost to the Government.

(2) Should a modification to the delivered information technology be made by the Contractor,the 1-year period applies to the modification upon its proper installation.

(3) This paragraph (d) applies regardless of f.o.b. point or the point of acceptance of thedeficient information technology.

CONTRACT NO.


N0017817F3010 PAGE

100 of 101 FINAL

SECTION J LIST OF ATTACHMENTS

Exhibit A -- CDRLs

Attachment J.1 DD Form 254

Attachment J.2 COR Appointment Letter

Distribution:

tsizemore@simven ons.com

anthony.s nne [email protected]

CONTRACT NO.


N0017817F3010 PAGE

101 of 101 FINAL

