NIA 21-010651MD

Post Date/ Solicitation Issue Date

August 26, 2021 12:00 pm

Closing Response Date

September 6, 2021 12:00 pm

Proposed Award Date

September 9, 2021 12:00 pm

Project Title

Consensus Conference Research Diagnoses of Cognitive Impairment and Dementia in Participants in the Baltimore Longitudinal Study of Aging (BLSA)

Contracting Office

National Institute on Aging (NIA)

FPDS Classification Code

Q301

Estimated Period of Performance

09/30/2021-09/29/2022

Competition Status

Non-Competitive

Single-Sole Source Determination

Acquisition Authority: This acquisition is conducted under the authority of Federal Authority Regulation (FAR) Part 13 - Simplified Acquisition Procedures, Subpart 13. 106-1 (b)(1), Soliciting from a single source and is not expected to exceed the Simplified Acquisition threshold. Contracts awarded using FAR Part 13- Simplified Acquisition Procedures and at a dollar value less than the simplified acquisition threshold are exempt from the requirements of FAR Part 6- Competition Requirements.

No source other than Dr. Moghekar’s group at Johns Hopkins Hospital can meet the requirements of this project because they will build upon longitudinal assessments already performed by his group. Dr. Moghekar’s is able to meet the continuing requirements of the Government need and a change to another Contractor would result in at least a one year delay in deliverables, with redundant cost to the Government.

Background/Description of Requirement

Acquisition Authority: This acquisition is being conducted under Federal Acquisition Regulations (FAR) Part 13 – Simplified Acquisition Procedures, and the resultant contract award will include all applicable provisions and clauses in effect through Federal Acquisition Circular 2021-06 published in the Federal Register on July 12,2021.

The overall goal is to identify early markers of Alzheimer’s disease (AD) and cognitive impairment.  Laboratory of Behavioral Neuroscience (LBN) investigators perform cognitive and neuroimaging assessments in participants in the BLSA to investigate accelerated changes that are associated with cognitive decline and impairment and to identify predictors of cognitive impairment and cognitive resilience (maintenance of cognitive health).  An important component of these investigations is the consensus diagnostic evaluation of participants within a research context.  These consensus conferences utilize both participant and informant-based information on the cognitive health of participants, using the CDR, as well as summary medical, medication, neurological and neuropsychological assessment information on participants for evaluation by the case conference team.

A Firm Fixed Price (FFP) Purchase Order award not exceeding the Simplified Acquisition Threshold is anticipated from any contract resulting from this requirement.

The period of performance shall be September 30, 2021 through September 29, 2022

SCOPE OF WORK

General Requirements:

Independently and not as an agent of the Government, the Contractor shall furnish all the necessary services, qualified personnel, material, equipment, and facilities, not otherwise provided by the Government as needed to perform the Statement of Work below:The purpose of this procurement is to perform neuropsychometric evaluations using the CDR scale on autopsy study participants in the BLSA, perform home visit assessments for selected autopsy and non-autopsy BLSA participants where these, otherwise would not be completed and to prepare summaries of participant information for research consensus case conferencing. 

Specific Requirements:

Specifically, the following are required to be performed at the NIA Research and Clinical Facilities or through home visits to participants: 

• The contractor will perform 5 to 10 CDR scale evaluations per week on BLSA autopsy study participants, which will take 30 minutes to one hour each.
• The contractor will score and rescore the CDRs and enter and verify them in the xforms data entry system developed by the NIA.
• The contractor will prepare summary information for consensus case conferences for these autopsy study participants. 
• The contractor will enter the consensus case conference results into an Excel spreadsheet and deliver it to the NIA Project Officer or his representative after each case conference.
• The contractor will perform 5 to 10 home visit neuropsychological/neurological assessments on autopsy study participants (70 years and older) who either need to be seen in-between their usual BLSA visits or who would otherwise not be seen by the BLSA home visit program.
• The contractor will score and rescore the neuropsychological assessments and enter and verify them in the xforms data entry system developed by the NIA.
• The contractor  will review the videotapes of the neurological examination.
• The contractor will enter and verify the neurological examination in the xforms data entry system developed by the NIA.

 

LEVEL OF EFFORT:

The contractor will perform approximately 5-10 CDR scale evaluations per year performed by two psychometricians with a 12% effort each. The BLSA autopsy study participants evaluations will take between 30 minutes and 1 hour each.

GOVERNMENT RESPONSIBILITIES

The Government will provide a list of autopsy study BLSA participants who have met criteria for CDR administration and case conference review and a list and contact information for participants requiring home visits.  NIA has an externally accessible website specifically to collect data. The contractor puts information into the website and NIA then uses this information for our research.The contractor has no access to NIA information. This is simply a one way transfer of data.

The Government will provide government-furnished property (a laptop) to be used by the contractor.

DELIVERY OR DELIVERABLES

• Hard copies of CDR scales administered to autopsy participants.
• Weekly to biweekly summary reports for availability at research case conferences.   
• Electronic files containing data on CDR scales and research diagnoses based on research case conferences.
• Electronic files containing data on neuropsychological assessments and neurological examinations collected during home visits.
• The Contractor shall also provide the following Security Deliverables:

Deliverable Title/Description	Due Date/Details
Contractor Employee Non-Disclosure Agreement (NDA)	Prior to performing any work on behalf of NIH. Form available for download here: https://irtsectraining.nih.gov/NIH_Non-Disclosure_Agreement.pdf

OTHER CONSIDERATIONS

Key Personnel

• Neurologist, Senior Researcher, Psychometricians

Contractor Non-Disclosure Agreement (NDA)-   Each Contractor (and/or any subcontractor) employee having access to non-public government information under this contract shall complete the NIH non-disclosure agreement
 https://ocio.nih.gov/aboutus/publicinfosecurity/acquisition/Documents/Nondisclosure.pdf  , as applicable. A copy of each signed and witnessed NDA shall be submitted to the Contracting Officer (CO) and/or CO Representative (COR) prior to performing any work under this acquisition. 

Information System Security Plan:

NIA has an externally accessible website specifically to collect this information. The contractor puts information into the website and NIA then uses this information for our research.The contractor has no access to NIA information. This is simply a one way transfer of data.

Data Rights:

The National Institute on Aging shall have unlimited rights to and ownership of all deliverables provided under this contract including reports, recommendations, briefings, work plans and all other deliverables. This includes the deliverables provided under the basic contract and any optional task deliverables exercised by the contracting officer.  In addition, it includes any additional deliverables required by contract change. The definition of “unlimited rights” is contained in Federal Acquisition Regulation (FAR) 27.401, “Definitions.” FAR clause 52.227-14, “Rights in Data-General, ” is hereby incorporated by reference and made a part of this contract/order.

Information Security and/or Physical Access Security

Baseline Security Requirements

Applicability. The requirements herein apply whether the entire contract or modification (hereafter "contract"), or portion thereof, includes either or both of the following:

Access (Physical or Logical) to Government Information: A Contractor (and/or any subcontractor) will have or will be given the ability to have, routine physical (entry) or logical (electronic) access to              government information. 

Operate a Federal System Containing Information: A Contractor (and/or any subcontractor) will operate a federal system and information technology containing data that supports the HHS mission. In addition to the Federal Acquisition Regulation (FAR) Subpart 2.1 definition of "information technology" (IT), the term as used in this section includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources.

Safeguarding Information and Information Systems. All government information and information systems must be protected in accordance with HHS/NIH policies and level of risk. At a minimum, the Contractor (and/or any subcontractor) must:

Protect the:

Confidentiality, which means preserving authorized restrictions on access and disclosure, based on the security terms found in this contract, including means for protecting personal privacy and proprietary information;

Integrity, which means guarding against improper information modification or destruction, and ensuring information non-repudiation and authenticity; and

Availability, which means ensuring timely and reliable access to and use of information.
 

Categorize all information owned and/or collected/managed on behalf of HHS/NIH and information systems that store, process, and/or transmit HHS information in accordance with FIPS 199 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-60, Volume II: Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories. Based on information provided by the ISSO, CISO, NIH SOP, or other representative, the impact level for each Security Objective (Confidentiality, Integrity, and Availability) and the Overall Impact Level, which is the highest watermark of the three factors of the information or information system are the following:

Confidentiality: [ X ] Low [  ] Moderate [  ] High

Integrity: [  ] Low [ X ] Moderate [  ] High

Availability: [ X ] Low [  ] Moderate [  ] High

Overall Impact Level: [  ] Low [ X ] Moderate [  ] High

Based on the agreed-upon level of impact, implement the necessary safeguards to protect all information systems and information collected and/or managed on behalf of HHS/NIH regardless of location or purpose.

Report any discovered or unanticipated threats or hazards by either the agency or contractor, or if existing safeguards have ceased to function immediately after discovery, within one (1) hour or less, to the government representative(s).

Adopt and implement all applicable policies, procedures, controls, and standards required by the HHS/NIH Information Security Program to ensure the confidentiality, integrity, and availability of government information and government information systems for which the Contractor is responsible under this contract or to which the Contractor may otherwise have access under this contract. Obtain all applicable security and privacy policies by contacting the CO/COR or HHS/NIH security and/or privacy officials.

Privacy Act. Comply with the Privacy Act requirements (when applicable), and tailor FAR and HHSAR clauses as needed.

Privacy Compliance. Comply with the E-Government Act of 2002, NIST SP 800-53, and applicable HHS/NIH privacy policies, and complete all the requirements below:
 

Per the Office of Management and Budget (OMB) Circular A-130, Personally Identifiable Information (PII), is "information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual." Examples of PII include, but are not limited to the following: Social Security number, date and place of birth, mother's maiden name, biometric records, etc.

To ensure that the public's personal information is protected in a manner commensurate with the privacy risks, HHS uses a privacy analysis process to assess the risks associated with HHS's collection and maintenance of PII and to ensure information is handled in accordance with applicable legal, regulatory, and policy requirements. PTAs analyze how information is handled in IT systems and electronic information collections and determines if the IT system or electronic information collection collects, disseminates, maintains, or disposes of PII. PIAs are used to assess the privacy risks of IT systems and electronic information collections that collect, disseminate, maintain, or dispose of PII about members of the public. PIAs also provide transparency into how HHS collects, disseminates, maintains, or disposes of the public's PII.

The Contractor must support the agency with conducting a Privacy Threshold Analysis (PTA) for the information system and/or information handled under this contract to determine whether or not PII is collected, disseminated, maintained, or disposed as part of the contract. The PTA will determine if a full Privacy Impact Assessment (PIA) needs to be completed.

If the results of the PTA show that a full PIA is needed, the Contractor must support the agency with completing a PIA for the system or information within 2 days after completion of the PTA and in accordance with HHS policy and OMB M-03-22, Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002.

The Contractor must support the agency in reviewing the PIA at least every three years throughout the system development lifecycle (SDLC)/information lifecycle, or when determined by the agency that a review is required based on a major change to the system, or when new types of PII are collected that introduces new or increased privacy risks, whichever comes first.

Controlled Unclassified Information (CUI). Executive Order 13556 defines CUI as "information that laws, regulations, or Government-wide policies require to have safeguarding or dissemination controls, excluding classified information." The Contractor (and/or any subcontractor) must comply with Executive Order 13556, Controlled Unclassified Information, (implemented at 3 CFR, part 2002) when handling CUI. 32 C.F.R. 2002.4(aa) As implemented the term "handling" refers to "…any use of CUI, including but not limited to marking, safeguarding, transporting, disseminating, re-using, and disposing of the information." 81 Fed. Reg. 63323.  The requirements below apply only to nonfederal systems that process, store, or transmit CUI, or that provide security protection for such components. All sensitive information that has been identified as CUI by a regulation or statute, handled by this solicitation/contract, must be:

Marked appropriately;

Disclosed to authorized personnel on a Need-To-Know basis;

Protected in accordance with NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations applicable baseline if handled by a Contractor system operated on behalf of the agency, or NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations if handled by internal Contractor system; and

Returned to HHS control, destroyed when no longer needed, or held until otherwise directed. Information and/or data must be disposed of in accordance with NIST SP 800-88, Guidelines for Media Sanitization.

Protection of Sensitive Information. For security purposes, information is or may be sensitive because it requires security to protect its confidentiality, integrity, and/or availability. The Contractor (and/or any subcontractor) must protect all government information that is or may be sensitive by securing it with a solution that is validated with current FIPS 140 validation certificate from the NIST CMVP.

Confidentiality and Nondisclosure of Information. Any information provided to the contractor (and/or any subcontractor) by HHS or collected by the contractor on behalf of HHS must be used only for the purpose of carrying out the provisions of this contract and must not be disclosed or made known in any manner to any persons except as may be necessary in the performance of the contract. The Contractor assumes responsibility for protection of the confidentiality of Government records and must ensure that all work performed by its employees and subcontractors must be under the supervision of the Contractor. Each Contractor employee or any of its subcontractors to whom any HHS records may be made available or disclosed must be notified in writing by the Contractor that information disclosed to such employee or subcontractor can be used only for that purpose and to the extent authorized herein.

The confidentiality, integrity, and availability of such information must be protected in accordance with HHS and NIH policies. Unauthorized disclosure of information will be subject to the HHS/NIH sanction policies and/or governed by the following laws and regulations:

18 U.S.C. 641 (Criminal Code: Public Money, Property or Records);

18 U.S.C. 1905 (Criminal Code: Disclosure of Confidential Information); and

44 U.S.C. Chapter 35, Subchapter I (Paperwork Reduction Act).

Government Websites. All new and existing public-facing government websites must be securely configured with Hypertext Transfer Protocol Secure (HTTPS) using the most recent version of Transport Layer Security (TLS). In addition, HTTPS must enable HTTP Strict Transport Security (HSTS) to instruct compliant browsers to assume HTTPS at all times to reduce the number of insecure redirects and protect against attacks that attempt to downgrade connections to plain HTTP. For internal-facing websites, HTTPS is not required, but it is highly recommended. Consult the HHS Policy for Internet and Email Security for additional information.

Contract Documentation. The Contractor must use provided templates, policies, forms and other agency documents NIH will specify which documents/forms will be required to comply with contract deliverables as appropriate.

Standard for Encryption. The Contractor (and/or any subcontractor) must:

Comply with the HHS Standard for Encryption of Computing Devices and Information to prevent unauthorized access to government information.

Encrypt all sensitive federal data and information (i.e., PII, protected health information [PHI], proprietary information, etc.) in transit (i.e., email, network connections, etc.) and at rest (i.e., servers, storage devices, mobile devices, backup media, etc.) with encryption solution that is validated with current FIPS 140 validation certificate from the NIST CMVP.

Secure all devices (i.e.: desktops, laptops, mobile devices, etc.) that store and process government information and ensure devices meet HHS and OpDiv-specific encryption standard requirements. Maintain a complete and current inventory of all laptop computers, desktop computers, and other mobile devices and portable media that store or process sensitive government information (including PII).

Verify that the encryption solutions in use have been validated under the Cryptographic Module Validation Program to confirm compliance with current FIPS 140 validation certificate from the NIST CMVP. The Contractor must provide a written copy of the validation documentation to the COR 5 days.

Use the Key Management system on the HHS personal identification verification (PIV) card or establish and use a key recovery mechanism to ensure the ability for authorized personnel to encrypt/decrypt information and recover encryption keys http://csrc.nist.gov/publications/. Encryption keys must be provided to the COR upon request and at the conclusion of the contract.

Contractor Non-Disclosure Agreement (NDA). Each Contractor (and/or any subcontractor) employee having access to non-public government information under this contract must complete the OpDiv non-disclosure agreement.  (https://irtsectraining.nih.gov/NIH_Non-Disclosure_Agreement.pdf) Contractors (and/or subcontractors) must submit a copy of each signed and witnessed NDA to the Contracting Officer (CO) and/or CO Representative (COR) prior to performing any work under this acquisition.

Training Requirements

Mandatory Training for All Contractor Staff. All Contractor (and/or any subcontractor) employees assigned to work on this contract must complete the applicable HHS/OpDiv Contractor Information Security Awareness, Privacy, and Records Management training (provided upon contract award) before performing any work under this contract. Thereafter, the employees must complete [OpDiv-specified] Information Security Awareness, Privacy, and Records Management training at least annually, during the life of this contract. All provided training must be compliant with HHS training policies.

Role-based Training. All Contractor (and/or any subcontractor) employees with significant security responsibilities (as determined by the program manager) must complete role-based training annually commensurate with their role and responsibilities in accordance with HHS policy and the HHS Role-Based Training (RBT) of Personnel with Significant Security Responsibilities Memorandum.

Training Records. The Contractor (and/or any subcontractor) must maintain training records for all its employees working under this contract in accordance with HHS policy. A copy of the training records must be provided to the CO and/or COR within 30 days after contract award and annually thereafter or upon request.

Rules of Behavior

The Contractor (and/or any subcontractor) must ensure that all employees performing on the contract comply with the HHS Information Technology General Rules of Behavior, HHS Rules of Behavior for Privileged Users, and NIH requirements.

All Contractor employees performing on the contract must read and adhere to the Rules of Behavior before accessing Department data or other information, systems, and/or networks that store/process government information, initially at the beginning of the contract and at least annually thereafter, which may be done as part of annual OpDiv Information Security Awareness Training. If the training is provided by the contractor, the signed ROB must be provided as a separate deliverable to the CO and/or COR per defined timelines above.

Incident Response

The Contractor (and/or any subcontractor) must respond to all alerts/Indicators of Compromise (IOCs) provided by HHS Computer Security Incident Response Center (CSIRC)/NIHIRT teams within 24 hours, whether the response is positive or negative. In accordance with FISMA and OMB M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information (PII), an incident is "an occurrence that (1) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (2) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies" and a privacy breach is "the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where (1) a person other than an authorized user accesses or potentially accesses personally identifiable information or (2) an authorized user accesses or potentially accesses personally identifiable information for an other than authorized purpose." For additional information on the HHS breach response process, please see the HHS Policy and Plan for Preparing for and Responding to a Breach of Personally Identifiable Information (PII)."

In the event of a suspected or confirmed incident or breach, the Contractor (and/or any subcontractor) must:

Protect all sensitive information, including any PII created, stored, or transmitted in the performance of this contract, with encryption solution that is validated with current FIPS 140 validation certificate from the NIST CMVP.

NOT notify affected individuals unless so instructed by the Contracting Officer or designated representative. If so instructed by the Contracting Officer or representative, the Contractor must send NIHapproved notifications to affected individuals 10 days.

Report all suspected and confirmed information security and privacy incidents and breaches to the OpDiv Incident Response Team (IRT) NIH 301-881-9726 and IRT@nih.gov COR, CO, OpDiv SOP (or his or her designee), and other stakeholders, including breaches involving PII, in any medium or form, including paper, oral, or electronic, as soon as possible and without unreasonable delay, no later than one (1) hour, and consistent with the applicable OpDiv and HHS policy and procedures, NIST standards and guidelines, as well as US-CERT notification guidelines. The types of information required in an incident report must include at a minimum: company and point of contact information, contact information, impact classifications/threat vector, and the type of information compromised. In addition, the Contractor must:

Cooperate and exchange any information, as determined by the Agency, necessary to effectively manage or mitigate a suspected or confirmed breach;

Not include any sensitive information in the subject or body of any reporting e-mail; and

Encrypt sensitive information in attachments to email, media, etc.

Comply with OMB M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information, and HHS/OpDiv and NIHprivacy breach response policies when handling PII breaches.

Provide full access and cooperate on all activities as determined by the Government to ensure an effective incident response, including providing all requested images, log files, and event information to facilitate rapid resolution of sensitive information incidents. This may involve disconnecting the system processing, storing, or transmitting the sensitive information from the Internet or other networks or applying additional security controls. This may also involve physical access to contractor facilities during a breach/incident investigation.

Position Sensitivity Designations

All Contractor (and/or any subcontractor) employees must obtain a background investigation commensurate with their position sensitivity designation that complies with Parts 1400 and 731 of Title 5, Code of Federal Regulations (CFR). The following position sensitivity designation levels apply to this solicitation/contract: Level 5C- Sensitive- Moderate Risk

Homeland Security Presidential Directive (HSPD)-12

The Contractor (and/or any subcontractor) and its employees must comply with Homeland Security Presidential Directive (HSPD)-12, Policy for a Common Identification Standard for Federal Employees and Contractors; OMB M-05-24; OMB M-19-17; FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors; HHS HSPD-12 policy; and Executive Order 13467, Part 1 §1.2.

Roster

The Contractor (and/or any subcontractor) must submit a roster by name, position, e-mail address, phone number and responsibility, of all staff working under this acquisition where the Contractor will develop, have the ability to access, or host and/or maintain a government information system(s). The roster must be submitted to the COR and/or CO within 10 days of the effective date of this contract. Any revisions to the roster as a result of staffing changes must be submitted within 10 days of the change. The COR will notify the Contractor of the appropriate level of investigation required for each staff member. 

If the employee is filling a new position, the Contractor must provide a position description and the Government will determine the appropriate suitability level.

Contract Initiation and Expiration

General Security Requirements. The Contractor (and/or any subcontractor) must comply with information security and privacy requirements, Enterprise Performance Life Cycle (EPLC) processes, HHS Enterprise Architecture requirements to ensure information is appropriately protected from initiation to expiration of the contract. All information systems development or enhancement tasks supported by the contractor must follow the HHS EPLC framework and methodology and in accordance with the HHS Contract Closeout Guide (2012).

System Documentation. Contractors (and/or any subcontractors) must follow and adhere to HHS System Development Life Cycle requirements, at a minimum, for system development and provide system documentation at designated intervals (specifically, at the expiration of the contract) within the EPLC that require artifact review and approval.

Sanitization of Government Files and Information. As part of contract closeout and at expiration of the contract, the Contractor (and/or any subcontractor) must provide all required documentation 5 days to the CO and/or COR to certify that, at the government's direction, all electronic and paper records are appropriately disposed of and all devices and media are sanitized in accordance with NIST SP 800-88, Guidelines for Media Sanitization.

Notification. The Contractor (and/or any subcontractor) must notify the CO and/or COR and system ISSO within 5 days before an employee stops working under this contract.

Contractor Responsibilities upon Physical Completion of the Contract. The contractor (and/or any subcontractors) must return all government information and IT resources (i.e., government information in non-government-owned systems, media, and backup systems) acquired during the term of this contract to the CO and/or COR. Additionally, the Contractor must provide a certification that all government information has been properly sanitized and purged from Contractor-owned systems, including backup systems and media used during contract performance, in accordance with HHS and/or NIH policies.

The Contractor (and/or any subcontractor) must perform and document the actions identified in the NIH Contractor Employee Separation Checklist when an employee terminates work under this contract within 5 days of the employee's exit from the contract. All documentation must be available to the CO and/or COR upon request.

Records Management and Retention

The Contractor (and/or any subcontractor) must maintain all information in accordance with Executive Order 13556 -- Controlled Unclassified Information, National Archives and Records Administration (NARA) records retention policies and schedules and HHS Policy for Records Management and NIH policies and must not dispose of any records unless authorized by HHS/NIH.

In the event that a contractor (and/or any subcontractor) accidentally disposes of or destroys a record without proper authorization, he/she must document and report the incident in accordance with HHS/NIH policies.

Privacy Act

It has been determined that this contract is subject to the Privacy Act of 1974, because this contract provides for the design, development, or operation of a system of records about individuals from which records are retrieved by name or other identifying particular.

The System of Records Notice that is applicable to this contract is: 09-25-000

The system of records design, development, or operation work the Contractor is to perform is: See SOW

The disposition to be made of the Privacy Act records upon completion of contract performance is: This contract will comply with all Federal, HHS, NIH, and NIA regulations and requirements.

The following provisions and clauses apply to this acquisition and are incorporated as an attachment.  Offerors MUST complete the provision at 52.204-24 and 52.204-26 and submit completed copies as separate documents with their quotation.

1. FAR 52.204-24, Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment (Oct 2020)

2. FAR 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment (Aug 2020)

3. FAR 52.204-26, Covered Telecommunications Equipment or Services-Representation (Oct 2020)

The Dun & Bradstreet Number (DUNS), the Taxpayer Identification Number (TIN), and the certification of business size must be included in the response.

All offerors must have an active registration in the System for Award Management (SAM) www.sam.gov.”

Quoter Terms and Conditions (To be completed by the Offeror):

1. Period of Performance OR Delivery Date After Receipt of Order:

2. Shipping Point (F.O.B. OR Destination):

3. Payment Discount Terms:

4. NIH BPA Number, if applicable:

5. DUNS No:

6. Name of Company:

7. Street Address, City, State, Zip code:

8. Name of Person Authorized to Provide Quote:

9. Telephone Number and Email Address of Person Authorized to Provide Quote: