Afghan National Defense and Security Forces (ANDSF ... · Documents and reviews: ... This acquisition is to provide a common ID Card System to the Ministries of Defense ... taken

Page1of29

Afghan National Defense and Security Forces (ANDSF)

Identification Card (ID CARD) System

Performance Work Statement (PWS)

10 SEPTEMBER 2016

Page2of29

TABLE OF CONTENTS

Contents 1. GENERAL ...................................................................................................................................... 5

1.10. Type of Contract: ........................................................................................................................... 7

1.11. Security Requirements: .................................................................................................................. 7

1.12. Post Award Conference: ................................................................................................................ 9

1.13. Key Personnel: ............................................................................................................................... 9

1.14. Identification of Contractor Employees: ...................................................................................... 11

PART 2 ................................................................................................................................................. 12

DEFINITIONS & ACRONYMS .......................................................................................................... 12

2. DEFINITIONS AND ACRONYMS: ........................................................................................... 12

2.1.Definitions: .................................................................................................................................... 12

3. GOVERNMENT FURNISHED ITEMS AND SERVICES: ........................................................ 15

3.1. Services: ......................................................................................................................................... 15

3.2. Facilities: ........................................................................................................................................ 15

3.3. Utilities: .......................................................................................................................................... 15

3.4. Equipment: ........................................................................................................................................ 15

3.5. Materials: ....................................................................................................................................... 15

4. CONTRACTOR FURNISHED FACILITIES, SUPPLIES, EQUIPMENT, AND SERVICES: .16

4.1. Equipment: ........................................................................................................................................ 16

Page3of29

4.2. Software: ........................................................................................................................................... 16

4.3. Data Rights: .................................................................................................................................... 16

4.4. Contractor Responsibilities: .............................................................................................................. 16

5. SPECIFIC TASKS: ....................................................................................................................... 17

5.1. Documents and reviews: ................................................................................................................ 17

5.2. System Capability .......................................................................................................................... 19

5.3. Card Production and Initial Supply .................................................................................................. 20

5.4. Equipment Purchase: ...................................................................................................................... 21

5.5. Deployable Support Team ................................................................................................................ 21

5.6. Additional Cards: ........................................................................................................................... 21

5.7. Program Management Support: ..................................................................................................... 21

5.8. Travel: ............................................................................................................................................ 21

5.9. System Fielding: ............................................................................................................................ 21

5.9.1 MoI: .............................................................................................................................................. 21

5.10. Training ........................................................................................................................................... 22

5.11. System Sustainment: .................................................................................................................... 23

5.12. Security Control Assessment: ...................................................................................................... 23

5.13. Information Security ....................................................................................................................... 23

5.14. REPORTING ............................................................................................................................... 25

5.15. PERFORMANCE REQUIREMENTS SUMMARY ................................................................... 25

5.16. Deliverables Schedule: ................................................................................................................. 26

Page4of29

Page is Intentionally Left Blank

Page5of29

Part 1 General Information

1. GENERAL

1.1. Contract: This is a non-personal services contract to list the requirements for the purchase,

integration, maintenance, training and sustainment of the Afghan National Security and Defense

Forces (ANDSF) Identification (ID) Card System. The U.S. Government shall not exercise any

supervision or control over the contract service providers performing the services herein. Such

contract service providers shall be accountable solely to the Contractor who, in turn is responsible to

the U.S. Government.

1.2. Description of Services/Introduction: The current ID Card System is aged and has been facing

obsolescence. This acquisition is to provide a common ID Card System to the Ministries of Defense

(MoD) (Afghan National Army (ANA)) and at the Ministries of Interior (MoI) (Afghan National

Police (ANP)) as one of the enabling capabilities that will allow automated payroll from

authorization to the person being paid. The top level requirements for this acquisition are as follows:

1) the ID Card System must be able to interoperate with the current biometric system, the Afghan

Personnel and Pay System (APPS)/ Afghan Human Resource Information Management

System (AHRIMS) and Electronic National Identification Card (e-NID) or e-Taskira; 2) the ID Card

System must be capable of producing biometrically-linked ID Cards which incorporate the latest

anti-fraud features, and have Dari, Pashtu, and English on them, with the database capturing

pertinent data in those three (3) languages; 3) proficiently train the ANDSF users of various

echelons of command, so they can initially issue approximately 500K ID Cards; and 4) provide

initial sustainment for the ID Card System and provide efficient transition of the ID Card System

sustainment with the required documents, source codes, hardware and software to ANDSF. The

Contractor shall provide all personnel, equipment, supplies, facilities, transportation, tools,

materials, supervision, and non-personal services necessary to perform the following key functions

in this PWS except in the event of GFE. The Contractor shall perform to the standards in this

contract.

1.3. Objectives: The Contractor shall expeditiously integrate the ID Card System with the biometric

system and APPS/AHRIMS, and field and train ID Card System to ANDSF users to enable ANDSF

to issue approximately 500K biometrically-linked ID Cards to all biometrically validated ANDSF

personnel within the base year; then transition the system with required documents, source codes,

software and hardware to ANDSF for continuation of ID Card issue, system management and

maintenance. During the base year, the contractor shall build the required interface in the ID Card

System to interoperate with e-NID but not required to complete the actual integration for operational

use.

1.4. Scope: This PWS requires the Contractor to perform acquisition of an ID Card System, integrate

with other systems as described in Para 1.3. (Objectives), and field and train users to print and issue

ID Cards to all eligible ANDSF personnel across both MoI and MoD of Afghanistan. Each job

Page6of29

function listed herein is to be accompanied with a plan for the integration, fielding, sustainment,

training, and transition of the following objectives to be performed during the period of performance

(PoP). At the end of fielding and training, the ANDSF shall be capable of not only issuing ID Cards,

but also managing and maintaining the ID Card System. The transition of functions from the

Contractor to ANDSF personnel shall occur in a phased manner as described herein. Following

transition, the Contractor shall maintain a support function until the expiration of the sustainment

options.

1.5. Period of Performance: One (1) year basic contract with two (2) one (1) year options for sustainment

only tasks.

1.6. Quality Assurance: The U.S. Government will evaluate the contractor’s performance under this

contract in accordance with the Quality Assurance Surveillance Plan (QASP). The QASP is

primarily focused on what the U.S. Government must do to ensure that the Contractor has performed

in accordance with the performance standards. It defines how the performance standards shall be

applied, the frequency of surveillance, and the minimum acceptable defect rate(s).

1.6.1 Performance evaluation will be accomplished by monitoring compliance with the performance

requirements as described in the contract and in the QASP.

1.6.2 The surveillance methods to assess and evaluate the contractor will be used by the US

Government and described in the QASP. These methods are, but not limited to:

1.6.2.1. 100% Inspection - The US Government will evaluate 100% designated tasks.

1.6.2.2. Partial Inspection - The US Government will evaluate less than 100% of designated

tasks and on a selective basis.

1.6.2.3. Random Sampling - The US Government will evaluate less than 100% of designated

tasks on a random basis.

1.6.2.4. Independent Verification and validation (IV&V) - Verification and validation

performed by an IV&V contractor engaged by APPS PMO may be used to determine that

the work product delivered by the contractor matches the content requirement in the

contract.

1.6.3 Operational Monitoring - The US Government will examine reports generated by automated

tools and logs and websites.

1.6.4 Customer Feedback - The US Government will evaluate survey and random sampling, which

will be used to evaluate customer satisfaction.

1.7. Recognized Holidays:

New Year’s Day First Day of Ramadan

Mohammad’s Birthday Eid Days (3 Days)

Victory Day of Islamic Revolution Big Eid (4 Days)

Independence Day Ashura Day

Masood’s Day Ramadan (~30 Days)

Parliamentary Elections

Page7of29

1.8. Hours of Operation: The Contractor personnel co-located at ANDSF facilities shall provide services

during normal ANDSF working hours, matching the hours of the associated Ministries where they

work at. Normally, these hours are Saturday through Thursday from 0800–1700 Kabul local time

zone. Few exceptions exist, and these include but are not limited to Ramadan, and when a team is

traveling. Generally, the contractor shall match the ministries unless deemed necessary to deviate by

PMO and written notice will be given by the COR in these events.

1.9. Place of Performance: The work shall be performed at, but not limited to, the MoD/MoI and their

associated units throughout Afghanistan, HQ Resolute Support, and the Contractor’s facility.

1.9.1 In addition, the Contractor shall perform site visits as deemed appropriate by PMO to provide

training, oversight, and assistance as required. This shall include help desk assistance; inter-

operability issues with APPS/AHRIMS and e-NID; trouble-shooting; and continuity for on-site

personnel. The Contract employees shall work within the Force Protection umbrella of ANDSF

when conducting tasks at MoD/ANA and MoI/ANP sites.

1.10. Type of Contract: The U.S. Government will make a single award using Firm Fixed Price contract.

1.11. Security Requirements:

1.11.1 Contractor Security

1.11.1.1. Physical Security: The Contractor shall be responsible for safeguarding all contractor

acquired property and property provided for contractor use in this contract. At the close of

each work period, facilities, equipment, and materials shall be secured.

1.11.1.2. Any contractual tasks in this PWS required to be performed within Afghanistan should

be conducted, to the fullest extent possible, by an Afghanistan partner who has been

selected and vetted by the prime contractor and is approved by PMO.

1.11.1.3. Transportation and security below the Corps HQ or Provincial HQ shall be provided

by the ANDSF local commander in coordination with the Afghanistan Partner, the

contractor and PM APPS.

1.11.1.4. The contractor shall ensure that their individuals requiring ID card program access will

have the proper background investigations conducted by the MoI or MoD personnel office

respectively and obtain necessary training. Additionally, the contractor will have at the

supervisory level and above already vetted and approved personnel by the IBR so they can

expedite handling PII and other sensitive information.

1.11.1.5. PMO retains the right to remove any contractor personnel, regardless of prior

clearance or adjudication status, whose actions while assigned to this contract conflict with

the interests of the US Government or that of the Government of Afghanistan. The reason

for removal will be documented in writing by the COR and submitted to the KO for

approval and action.

1.11.2 Protecting Personally Identifiable Information (PII)

1.11.2.1. PII is information that can be used on its own or with other information to identify,

contact, or locate a single person, or to identify an individual in context.

Page8of29

1.11.2.2. All PII should be protected according to industry best practices, and by the

Recommendations of the National Institute of Standards and Technology, “Guide to

Protecting Confidential of Personally Identifiable Information (PII), NIST Special

Publication 800-122.

1.11.2.3. System shall have the following safe guards to limit access to PII:

1.11.2.3.1. All access or reports generated with PII shall be captured in the system

audit log to include, at a minimum:

1.11.2.3.1.1. User accessing the information/report

1.11.2.3.1.2. Date and time of access

1.11.2.3.1.3. Terminal used for access

1.11.2.3.1.4. Action generated by user: query, display, download, or print information

1.11.2.3.2. Repeated requests for an excessive amount of data (excessive is

defined as > 500 records) or similar PII reports shall be flagged in the system

upon the second request for such information within a seven (7) day period

with a report generated to the appropriate MoI or MoD designated security

officer and PM APPS.

1.11.3 Data at Rest (DAR) security and protection: Data at rest will be implemented on all

computers; removable storage devices (thumb drives, data CD, portable hard drives, etc.) used

on the network to access, store, or transport ID card personnel data. All encryption will comply

with Advanced Encryption Standard (AES) 192 at a minimum.

1.11.3.1. Full Disk Encryption (FDE): The FDE solution will protect against unauthorized

reading or copying of data off a protected hard drive or other components. Steps shall be

taken to ensure that pre-boot authentication (PBA) is also implemented which will allow

only registered users to boot workstations following token or other authentication methods.

1.11.3.2. Removable Storage Encryption (RSE): Mandatory encryption is required for data

copied to removable storage devices, such as USB thumb drives, external hard drives,

compact discs (CDs), digital versatile discs (DVDs), etc. This encryption must protect all

data transferred off of a DAR protected work station. Where necessary, and for official use

only, an inter-operability utility must be installed on removable storage devices that may be

used to decrypt data.

1.11.4 Safeguarding Classified Information and Materials. The contract is unclassified but some of

the information handled by the contractor will be Sensitive (FOUO).

1.11.4.1. The contractor will ensure requirements for safeguarding sensitive information and

sensitive materials, for obtaining and verifying personnel / background check, for verifying

security clearances and indoctrination of visitors, for controlling access to restricted areas,

for the security of automated and non-automated management information systems and

data are fulfilled.

Page9of29

1.11.4.2. The US Government (via PM APPS) shall be immediately notified of any security

incident or any indication of a potential unauthorized disclosure or compromise of sensitive

unclassified information.

1.12. Post Award Conference: The Contractor shall attend a post-award (“kick-off”) conference to be

conducted within seven (7) days after contract award. The conference date, place and time shall be

coordinated by the Contracting Officer upon contract award and obtaining Defense Base Act

insurance.

1.13. Key Personnel: Those people considered essential to successful contractor performance. These key

personnel shall be designated in writing and such shall be provided to the Contracting Office and the

Requiring Activity. A formal, written request for Key Personnel changes shall be sent to the

Contracting Office as well as the Requiring Activity for written, Government approval. Such

written request shall contain a copy of the resume for the proposed replacement Key Personnel. No

change outs of personnel will take place without a written approval, signed by the Contracting Office

and the Requiring Activity.

1.13.1 Program Manager (PM)

1.13.1.1. The contractor shall provide a PM who shall be responsible for the performance of the

work. The name of this person and an alternate who shall act for the contractor when the

manager is absent shall be designated in writing to the government contracting officer. The

PM shall have a minimum of 10 years of program management experience and 5 years of

experience in Afghanistan.

1.13.1.2. The PM shall be overseeing the team using best business practices and working as an

integrated team and shall be responsible for all contractual responsibilities and delivery of

all contract deliverables listed in the Deliverable Schedule.

1.13.1.3. The PM shall work side-by-side with Government personnel and shall ensure an

efficient, effective and economical level of support is provided to the US Government.

1.13.1.4. The PM is responsible for translating high-level business requirements into detailed

functional specifications and managing requests for changes to the design specifications,

and assists the business in determining which business requirements can and should be

automated and how they are then integrated with other business and technical processes.

1.13.1.5. PM shall provide oversight of staff and support activities, oversee contract costs and

coordinate with the COR.

1.13.2 Technical Lead

1.13.2.1. The Technical Lead is responsible for developing, communicating, maintaining, and

enforcing the overall architecture of ID Card System, to include:

1.13.2.2. Applications

1.13.2.3. Data

1.13.2.4. Third Party products

1.13.2.5. Technical Infrastructure

Page10of29

1.13.2.6. The Technical Lead is responsible for program activities related to analysis, design

(including fit/gap analysis), documentation, development, testing of the ID Card System,

including but not limited to:

1.13.2.6.1. Presenting proposed ID card design options to ANDSF leadership.

1.13.2.6.2. Generating detailed ID card design documentation.

1.13.2.6.3. Documenting requirements or changes within the scope of this PWS.

1.13.2.7. The Technical Lead will be expected to understand all solutions components and how

they inter-operate to support business processes and management information needs.

1.13.2.8. The Technical Lead shall be responsible for interface and integration strategies with

external systems processes, including determining, understanding and maintaining business

requirement for those interactions.

1.13.2.9. The Technical Lead shall be responsible for ensuring compliance with external

requirements.

1.13.2.10. Serves as direct liaison to function process owners in order to translate and prioritize

requirements for assigned area project and maintenance work.

1.13.3 Life-Cycle and Configuration Manager

1.13.3.1. Responsible for configuration management (CM) tasks to include use of Software

Configuration Management tools for identification, control, status accounting, verification,

audits, product release, delivery, preparing / migrating builds and fielding.

1.13.3.2. Manages all ID Card System environments and enforces strict version control process

to ensure all environments are consistently configured.

1.13.3.3. Is responsible for managing and directing the system test activities for ID Card System

implementation.

1.13.3.4. Determine and execute the contingency requirements and solutions to ID Card System

and interface partners.

1.13.3.5. Determine integrated logistic support activities, roles, responsibilities, sequences and

timelines.

1.13.3.6. Participate in the creation of procedure and communication material that document

logistic practices.

1.13.4 Training Lead.

1.13.4.1. The Training Lead is responsible for the analysis, design, development, testing and

fielding of training artifacts, guides, classroom instruction and Computer Based Training

(CBT) offering in Dari, Pashtu, and English.

1.13.4.2. The Training Lead shall ensure quality control checks are built into the successful

implementation of training plans, deliverable and strategies.

1.13.4.3. The Training Lead must understand and translate business requirements and the

system configuration/solution into training artifacts for the ID Card System

implementation, and has demonstrated experience and strong knowledge of software

training development, implementation, and maintenance.

Page11of29

1.13.5 Fielding Lead.

1.13.5.1. The Fielding Lead is responsible for ensuring the training the Users and fielding of the

ID Card System at various MoI and MoD locations for operation.

1.13.5.2. The Fielding Lead shall ensure quality control checks are built into the successful roll

out of ID Card System and training of the Users.

1.13.5.3. The Fielding Lead must have the technical knowledge and concept of operation of the

ID card system, and has demonstrated experience and strong knowledge of program

implementation, and maintenance, including Help-Desk implementation and operation.

1.14. Identification of Contractor Employees: All contract personnel attending meetings, answering U.S.

Government telephones, and working in other situations where their contractor status is not obvious

to third parties are required to identify themselves as such to avoid creating an impression in the

minds of members of the public that they are U.S. Government officials. They must also ensure that

all documents or reports produced by contractors are suitably marked as contractor products or that

contractor participation is appropriately disclosed. The contractor shall be responsible for obtaining

security / identification badges for all employees within the scope of this PWS.

Page12of29

PART 2 DEFINITIONS & ACRONYMS

2. DEFINITIONS AND ACRONYMS:

2.1. Definitions:

2.1.1 Contractor: A supplier or vendor awarded a contract to provide specific supplies or service to

the U.S. Government. The term used in this contract refers to the prime.

2.1.2 Contracting Officer: A person with authority to enter into, administer, and or terminate

contracts, and make related determinations and findings on behalf of the U.S. Government.

2.1.3 Contracting Officer Representative (COR): An employee of the U.S. Government appointed

by the contracting officer to administer the contract. Such appointment shall be in writing and

shall state the scope of authority and limitations. This individual has authority to provide

technical direction to the Contractor as long as that direction is within the scope of the contract,

does not constitute a change, and has no funding implications.

2.1.4 Deliverable: Anything that can be physically delivered, but may include non-manufactured

things such as meeting minutes or reports.

2.1.5 Key Personnel: Contractor personnel that are evaluated in a source selection process and that

may be required to be used in the performance of a contract by the Key Personnel listed in the

PWS. When key personnel are used as an evaluation factor in best value procurement, an offer

can be rejected if it does not have a firm commitment from the persons that are listed in the

proposal.

2.1.6 Physical Security: Actions that prevent the loss or damage of U.S. Government property.

2.1.7 Quality Assurance: The U.S. Government procedures to verify that services being performed

by the Contractor are performed according to acceptable standards.

2.1.8 Quality Assurance Surveillance Plan (QASP): An organized written document specifying the

surveillance methodology to be used for surveillance of contractor performance. This plan is

primarily focused on what the Government must do to ensure that the Contractor has performed

in accordance with the performance standards. It defines how the performance standards will

be applied, the frequency of surveillance, and the minimum acceptable defect rate(s).

2.1.9 Quality Control: The Contractor shall develop and maintain an effective quality control

program to ensure services are performed in accordance with the PWS. The Contractor shall

develop and implement procedures to identify, prevent, and ensure non-recurrence of defective

services. A draft is due 5 (five) days after contract award. The Contractor’s quality control

program is the means by which they assure themselves that their work complies with the

requirement of the contract. As a minimum, the Contractor shall develop quality control

procedures that address the areas identified in the Section 5 and submit to the Contracting

Officer for approval prior to the start of work.

Page13of29

2.1.10 Work Day: The number of hours per day the Contractor provides services in accordance with

the contract.

2.1.11 Work Week: Sunday through Thursday

2.1.12 Portable ID Card System terminal(s): The portable ID Card System terminal(s) will have the

same capability to the fixed ID Card System terminal(s) that have the enrollment ability, with

one exception. The portable ID Card System must be easily deployable to austere locations.

2.1.13 Initial Operational Capability (IOC): IOC is defined as the proposed ID Card system fielded

in complete configuration to MOI and MOD and their designated operators trained for full

operation to issue ID cards at a PHQ and a Corps.

2.1.14 Full Operational Capability (FOC): FOC is defined as 90% of MOI and MOD units

trained/fielded for full operation.

2.1.15 Level 3 Language Definition: Can translate texts that contain not only facts but also abstract

language, showing an emerging ability to capture their intended implications and many

nuances. Such texts usually contain situations and events which are subject to value judgments

of a personal or institutional kind, as in some newspaper editorials, propaganda tracts, and

evaluations of projects. Linguistic knowledge of both the terminology and the means of

expression specific to a subject field is strong enough to allow the translator to operate

successfully within that field. Word choice and expression generally adhere to target language

norms and rarely obscure meaning. The resulting product is a draft translation, subject to

quality control.

2.2. Acronyms:

AHRIMS Afghanistan Human Resources Information Management System

ANA Afghanistan National Army

ANDSF Afghanistan National Defense and Security Forces

ANP Afghanistan National Police

APPS Afghan Personnel and Pay System

COR Contracting Officer Representative

DAR Data at Rest

DBA Database Administrator

e-NID Electronic National Identification Card or e-Taskira

FDE Full Disk Encryption

FOC Full Operational Capability

FOUO For Official Use Only

HR Human Resources

ID card Identification Card

Page14of29

IOC Initial Operational Capability

KO Contracting Officer

MoD Ministries of Defense

MoI Ministries of Interior

PHQ Provincial Headquarters

PM Project or Program Manager

PMO Program Management Office

PoP Period of Performance

PRS Performance Requirements Summary

PWS Performance Work Statement

QA Quality Assurance

QASP Quality Assurance Surveillance Plan

RSE Removable Storage Encryption

TCN Transaction Control Number

TLS Transport Layer Security

Page15of29

PART 3 GOVERNMENT FURNISHED PROPERTY, EQUIPMENT, AND SERVICES

3. GOVERNMENT FURNISHED ITEMS AND SERVICES:

3.1. Services: No services shall be provided.

3.2. Facilities: No facilities shall be provided.

3.3. Utilities: No utilities shall be provided.

3.4. Equipment: No equipment shall be provided.

3.5. Materials: No materials shall be provided.

Page16of29

PART 4 CONTRACTOR FURNISHED ITEMS AND SERVICES

4. CONTRACTOR FURNISHED FACILITIES, SUPPLIES, EQUIPMENT, AND SERVICES:

4.1. Equipment: The Contractor shall acquire, install, maintain and provide any equipment required to

accomplish tasks in the PWS. At termination of completion of the contract or designated transition,

all equipment, software, and processes shall become the property of the U.S. Government.

4.2. Software: The Contractor shall acquire, install, maintain, and provide any additional software

products needed to accomplish the tasks related to the PWS. Contractor shall coordinate with the

U.S. Government to transfer all items procured and developed (such as source codes for interfaces

developed to meet integration requirements), and their respective documents, to the Afghan

Government at completion of the contract. The Contractor shall analyze and implement

commercially available solutions as well as Open Source software and hardware solutions when

applicable to meet user requirements as provided by the Government of Afghanistan.

4.3. Data Rights: The U.S. Government retains unlimited data rights to all efforts and products

developed in direct support of the ANDSF ID Card System effort, including but not limited to all

software, source code and documentation, without any restrictions whatsoever by the Contractor.

Does not include commercial off the shelf software that was not modified or customized to meet the

requirements of this PWS.

4.4. Contractor Responsibilities: The Contractor is responsible for providing its employees with base life

support and travel in order to achieve the objectives outlined in this PWS.

Page17of29

PART 5 SPECIFIC TASKS

5. SPECIFIC TASKS:

5.1. Documents and reviews:

5.1.1 Within seven (7) days after contract award, the contractor shall conduct Post-Award

Conference, where the contractor will present technical scope of work in accordance with

authorizing documents and current understanding of project risk.

5.1.2 Within thirty (30) days after contract award: The Contractor shall submit the following

products as a minimum, and execute the reviews (i.e., presentation) with the Program

Management Office (PMO):

5.1.2.1. Initial Baseline Review (IBR) shall cover the following items:

5.1.2.1.1. Key schedule milestones are identified

5.1.2.1.2. Supporting schedules reflect a logical flow to accomplish the technical

work scope

5.1.2.1.3. Resources (budgets, facilities, personnel, skills, etc.) are adequate and

available for the assigned tasks

5.1.2.1.4. Tasks are planned and can be measured objectively, relative to

technical progress

5.1.2.2. Work Breakdown Structure (WBS) should be down to level 3 which includes the major

elements listed in level 2 and all hardware and software services

5.1.2.3. Integrated Master Schedule (IMS) - An integrated and networked multi-layered

schedule of program tasks required to complete the work effort captured with specific

IOC/FOC referenced.

5.1.2.4. Requirements Traceability Matrix (RTM) - The purpose of the RTM is to show where

requirements, including the interface requirements, are satisfied by the design and the

design is satisfied by the code. The RTM is also used to assist in the analysis of proposed

changes. The RTM also shows where requirements are verified (tested) prior to fielding.

Requirements traceability refers to the ability to follow the life of a requirement, in both

forwards and backwards direction, i.e., from its origins, through its development and

specification, to its subsequent fielding and use, and through periods of ongoing refinement

and iteration. Requirements traceability is used to capture the relationships between

requirements, design, test, and implementation of a system.

5.1.3. Within forty-five (45) days after contract award: The contractor shall submit the following

documents and execute the reviews (i.e., presentation) with the PMO:

5.1.3.1. System Fielding Plan (SFP). The contractor shall detail how they are going to field and

train MoI and MoD ANDSF users on ID Card Systems, so that ANDSF users can effectively

issue new ID cards to all members of MoD and MoI.

Page18of29

5.1.3.2. Configuration Management Plan. The contractor shall create and maintain a software

and hardware configuration management plan. The plan will include management of interfaces

required to interoperate with the biometric system, APPS/AHRIMS and e-NID.

5.1.3.3. Preliminary Design Review (PDR) - The Preliminary Design Review (PDR) ensures the

preliminary design and basic system architecture are complete, and that there is technical

confidence the capability need can be satisfied within cost and schedule goals. The PDR

provides the acquisition community, end user, and other stakeholders with an opportunity to

understand the trade studies conducted during the preliminary design, and thus confirm that

design decisions are consistent with the user’s performance and schedule needs prior to formal

validation of the Capability Development Document (CDD). The PDR also establishes the

system’s allocated baseline.

5.1.3.4. Functional Configuration Audit (FCA) - An audit formally examines that each

configuration item meets the functional characteristics stated in its item performance

specification. For a system as a whole, the audit examines the system functional characteristics

has achieved the requirements in the allocated baseline.

5.1.3.5. System Requirements Specification

5.1.4. Within sixty (60) days after contract award: The contractor shall submit the following

documents and execute the reviews (i.e., presentation) with the PMO:

5.1.4.1. Critical Design Review (CDR)

5.1.4.2. Integrated Test Plan

5.1.4.3. Data Archiving Plan. The contractor shall include but not limited to the following:

Roles and responsibilities, archiving strategy, archiving frequency and archive recovery strategy.

5.1.5. Monthly and Weekly requirements: The contractor shall provide the following:

5.1.5.1. Monthly - Execute Program Management Review

5.1.5.2. Weekly - Submit Weekly Status Report

5.1.6. No later than ninety (90) days prior to Initial Operational Capability (IOC) Date, submit first

draft for the following documents and all are required to be finalized and submitted no later than

thirty (30) days prior to IOC date: The contractor shall also execute the reviews (i.e., presentation)

with the PMO with the first draft and the final draft in accordance with the document submission

timeline:

5.1.6.1. System Fielding and Training Plan

5.1.6.2. System Security Plan

5.1.6.3. System Performance Assessment with risk assessment on IOC fielding and training.

5.1.6.4. Sustainment Plan that includes maintenance and help-desk implementation (Tiers I-III)

and transition of these sustainment activities to ANDSF.

5.1.7. No later than thirty (30) days before IOC and training, the contractors shall execute the

following at a minimum:

5.1.7.1. Conduct Physical Configuration Audit with the PMO.

Page19of29

5.1.7.2. Provide source codes for all software development; interface control documents; and

other documents required for training, maintenance and sustainment.

5.1.8. The contractor shall develop and maintain the following documents and artifacts, and

submitted at two different time periods. First will be thirty (30) days prior to Initial Operational

Capability (IOC). Second submission will include any updates and will be submitted thirty (30)

days before meeting Full Operational Capability (FOC).

5.1.8.1. System Architecture: Update and maintain the detailed system architectures to include:

5.1.8.2. System schematics

5.1.8.3. System Use Cases

5.1.8.4. Key interfaces

5.1.8.5. Hardware and Software Specifications: Update and maintain hardware and software

specifications to include:

5.1.8.5.1. Sizing and performance requirements

5.1.8.5.2. Interface control documents

5.1.8.5.3. Systems control requirements

5.1.8.5.4. Source code for any software development

5.1.8.6. Database and File Structures Maintenance: Update and maintain database and file

structures to include:

5.1.8.6.1. Definitions of file characteristics

5.1.8.6.2. Entry Relationship Diagram

5.1.8.6.3. Data dictionary

5.1.8.6.4. Maintenance manual on database

5.1.9. Preventive Maintenance Service Plan: The contractor shall develop and deliver a preventive

maintenance service plan based on the hardware and software components developed and delivered

as part of the ID Card System. Plan shall at a minimum shall include detailed requirements for

routine and non-routine maintenance. Preventative maintenance inspections and work shall be

conducted on a weekly basis with a monthly report to the ministries and U.S. Government.

5.1.10. The contractor shall provide meeting support and data analysis as directed by the PMO.

5.2. System Capability:

5.2.1. System Integration: The contractor shall integrate the ID Card System with the following 3rd

party systems: biometric system, APPS/AHRIMS, and e-NID. At a minimum, the contractor shall

integrate the ID Card system with the biometric system and APPS (based on Odoo open ERP

platform)/AHRIMS before the system gets fielded for operational use. While integration with e-

NID aka: Electronic Taskira (e-Taskira) does not have to be completed before the fielding begins,

the contractor shall, during the base year of the contract, build the required interface in the ID Card

System to interoperate with e-NID but is not required to complete the actual integration with e-NID

for operational use. Additionally, the ID Card System must be compatible with the existing/current

ID card system to migrate all the necessary data. The contractor shall finalize the required data

migration with the PMO before the IBR.

Page20of29

5.2.1.1. ID Card System shall be able to receive/import all data including the unique biometric

number known as Transaction Control Number (TCN) from the current biometric system. The

actual data required to import will be finalized at the Post Award Conference.

5.2.1.2. ID Card System shall be able to transmit and receive personnel data to and from

APPS/AHRIMS.

5.2.2. The ID Card System shall have the capability to take fingerprints and facial photos.

5.2.3. The ID Card System shall have the capability to print ID Cards with anti-fraud security

features. The security features of ID card will be in accordance with the ISO for ID cards. The

security features may include, but are not limited to:

5.2.3.1. All information stored on the magnetic strip and 2D bar code will be encrypted.

5.2.3.2. Cross-Link elements for a multi-layered approach

5.2.3.3. Laser Engraved Photo

5.2.3.4. Optically Variable Ink

5.2.3.5. Ultraviolet Luminescent Ink in card body, variable personalization and security

laminate

5.2.3.6. Built in visual and electronic verification

5.2.4. The ID Card System must be backward compatible with the current magnetic strip readers

used at ministries, and be flexible to be compatible with other commercial-off-the-shelf (COTS)

strip readers and bar code scanners to read ANSI/ISO/AAMVA standards and programmable

custom formats.

5.2.5. The ID Card System must have inherent capability to conduct data analysis and queries to

generate reports which can be exported to Microsoft Office Products.

5.2.6 Contractor shall invoice at the following stages of completion: 20%, 40%, 60%, 80%, 100%

completion. Contractor may submit multiple invoices for payment during the period of

performance. Contractor shall submit backup documentation for the completed work with each

invoice for review and approval by the COR and Contracting Officer.

5.3. Card Production and Initial Supply: The ID Card system must be capable of producing the cards in

the following manner.

5.3.1 Basic description of the ID Card:

5.3.1.1. Size for the ID Card in accordance with codified International Organization for

Standards (ISO) in the specification document ISO 7810 (Identification Cards–Physical

Characteristics). Referring to the card type as ID-1, the dimensions were defined as 3.370

inches wide and 2.125 inches high.

5.3.1.2. High Resolution Color Photo (standard passport dimensions).

5.3.1.3. At a minimum one additional image on the front and back of the card as decided by the

respective ministries.

5.3.1.4. Magnetic Strip and Barcode capable of storing pertinent data for electronic verification

of the card owner’s identity. Data should include the following:

Page21of29

5.3.1.4.1. APPS/AHRIMS Number

5.3.1.4.2. ID card number

5.3.1.4.3. Biometric number known as TCN

5.3.1.4.4. Full Name

5.3.1.4.5. Father’s Name

5.3.1.4.6. Grandfather’s Name

5.3.1.4.7. Date of Birth (DOB)

5.3.1.4.8. Blood Type

5.3.1.4.9. Facial Photo

5.3.1.5. The data on the card must be in ANSI/ISO/AAMVA standards and programmable

custom format and be able to be read by COTS magnetic strip readers and bar code

scanners.

5.3.2 The contractor shall provide initial supply of cards for the ANDSF users to produce and issue

up to 500K ID cards to ANDSF.

5.4. Equipment Purchase: The contractor shall purchase all equipment under this PWS IAW the goals

and objectives identified wherein, this includes but is not limited to the projected quantity of 125 ID

card systems to be placed throughout Afghanistan; final quantity will be finalized after the contract

award and at the Post-Award Conference. Any purchase under this paragraph will be approved in

writing by the KO. The contractor shall develop and implement equipment accountability

procedures in their quality control system to ensure no equipment is lost or misplaced and not used

by unauthorized persons.

5.5. Deployable Support Team: Will consist of any miscellaneous tasks that need to be addressed after

initial fielding has taken place. Examples of this include additional training, or if a unit requires

additional support. A support team will consist of five (5) personnel in support of a given task for a

week.

5.6. Additional Cards: The contractor shall on notice from the contracting office provide additional cards

in increments of 100K that can be used beyond the initial 500K.

5.7. Program Management Support: Contractor shall provide program management support. This

support includes but is not limited to administrative support, such as brief(s) at various locations

throughout Afghanistan, briefing preparation, and video teleconference with various government

officials.

5.8. Travel: The contractor will conduct travel in accordance with this PWS and the deliverable timeline

which has been described herein.

5.9. System Fielding: (The number of sites and system quantities in Para 5.9.1 and 5.9.2 are projected

and they will be finalized after the contract award and at the Post-Award Conference)

5.9.1 MoI: The contractor shall field eighty-eight (88) ID Card Systems to the following locations as

a minimum. This includes two (2) at each PHQ (68 total) and 20 locations at the central

department(s) (11 for the mobile teams, 3 spares, and 6 at MoI).

Page22of29

5.9.2 MoD: The contractor shall field thirty seven (37) ID Card Systems to the following locations

as a minimum. This includes two (2) systems and one (1) spare at each of the six (6) Corps

Regional Training Center(s) (RMTC); three (3) systems for ANATEC; three (3) systems for

ANAREC; and three (3) systems for the Kabul Military Training Center. MoD HQ’s will

receive an additional ten (10) systems to replace the six (6) terminals associated with the old

system with four (4) as a back-up reserve or traveling terminals if needed.

5.9.3 Fielding: This will include ID Card System installation, training of ANDSF users, and transfer

of equipment ownership for the installed system to the ministries. The contractor shall be

capable to field concurrently to both MoI and MoD.

5.10. Training:

5.10.1 The contractor shall develop training manuals in three languages (English, Dari and Pashtu)

for the ID Card System in digital form and provide hard copies upon request or as appropriate

for training. The contractor shall develop the training and be able to conduct training in three

mentioned languages. At minimum, the training shall include the following;

5.10.1.1. ID Card transaction processes, including enrollment and issuance of the cards.

5.10.1.2. Analytical capability inherent in the ID Card System that allows data queries.

5.10.1.3. Reports generation from the data queries which can be exported into MS Office

Product.

5.10.1.4. Information assurance (IA)

5.10.1.5. Role-Based Training to support distinct classes of users, and at a minimum, the

training shall provide each class of users with all essential training and user manuals to

perform their duties as listed below:

5.10.1.5.1. Operators: Personnel assigned to input, update, and manage

individual and unit activities and transactions.

5.10.1.5.2. Leaders: Personnel who require the ability to review and/or approve

operator transactions and activities and generate reports for their

organization.

5.10.1.5.3. Audit and Inspectors: Personnel required to conduct audits of ID card

data to ensure compliance with applicable policy and law governing all

aspect of human resource management. i.e., Inspector General Personnel,

internal, and external auditors.

5.10.1.5.4. Help Desk Operators (Tier I, II and III level): Personnel assigned to

the ministries to provide real time responses to operators, leaders, and

auditors/inspectors providing them with assistance in performing their duties

or ensuring the system is available and ready for use.

5.10.1.5.5. Database Administrators: Personnel assigned to the ministries

responsible for the database administration and maintenance.

5.10.1.5.6. System Administrators: Personnel assigned to the ministries or

contractor responsible for the routine maintenance, sustainment, and upgrade

Page23of29

of the ID Card System at all locations. This shall the database to ensure

security, policy compliance, and make changes required to keep the ID Card

System application.

5.10.1.5.7. Train-the-Trainer: Personnel at the ministerial level, PHQ and Corps

levels, who will train all types of users (Operators, Leaders,

Audit/Inspectors, Help-Desk Operators, Network Administrators and System

Administrators).

5.10.1.6. Assessment of training: The contractor shall assess all trainees of their comprehension

level of the training on written documents for submission.

5.10.1.7. Training Materials:

5.10.1.7.1. Contractor shall prepare materials to support an average class size of

twenty (20) students per location for user and leader classes, and an average

class size of ten (10) students for Administrator class. The exact number of

student sizes for each type of user group will be determined prior to start of

the training.

5.10.1.7.2. Contractor shall prepare the training materials in three languages:

Dari, Pashtu and English.

5.10.1.8. Language Requirements: Supervisory personnel and help desk operators at a minimum

shall speak at a level 3 in Pashtu and Dari. Additionally, as deemed appropriate by the

contractor it is preferred that of these positions have a level 3 understanding in English.

5.10.1.9. Refresher Training: The contractor shall provide quarterly refresher training for

database administrators, system administrators, help desk operators and ID Card System

operators for both ministries

5.11. System Sustainment: The contractor shall be responsible for the sustainment and support of all

hardware peripherals and software fielded with the ID Card System during the PoP of the contract.

5.11.1 The contractor shall stand up a Help Desk (Tiers I-III) and be fully operational no later than

first fielding of the system. The contractor shall transition the sustainment operation including

Help Desk operation to both ministries before the Full Operational Capability.

5.11.2 The contractor shall resolve sustainment and support issues from the time of receipt of the

problem within 24 hours for 90% of the reported issues.

5.12. Security Control Assessment: The contractor shall develop and submit a Security Control

Assessment Plan that defines the security methodology employed prior to the fielding of the system

or any workstation. This plan shall be presented for approval to the PMO prior to implementation

and before any updates/changes are implemented.

5.13. Information Security: The Contractor shall provide adequate security for all unclassified

information passing through non-government information system(s) including all subcontractor

information systems utilized on contract. Unclassified information shall only be disseminated within

the scope of assigned duties and with a clear expectation that confidentiality will be preserved.

Examples of such information include the following: non-public information provided to

Page24of29

contractors, information developed during the course of the contract, and privileged contract

information (e.g., program schedules, contract-related tracking).

5.13.1 Safeguards: The Contractor shall protect government information and shall provide

compliance documentation validating the requirements are being met. The Contractor and all

utilized subcontractors shall abide by the following safeguards:

5.13.1.1. Do not process information on public computers (e.g., those available for use by the

general public in kiosks or hotel business centers) or computers that do not have access

control.

5.13.1.2. Protect information by at least one physical or electronic barrier (e.g., locked container

or room, login and password) when not under direct individual control.

5.13.1.3. Sanitize media before external release or disposal.

5.13.1.4. Encrypt all information that has been identified as controlled unclassified information

when it is stored on mobile computing devices such as laptops and personal digital

assistants, or removable storage media such as portable hard drives and digital optical

disks, using Authorized Data-at-Rest encryption technology.

5.13.1.5. Limit information transfer to subcontractors or teaming partners with a need to know

and a commitment to at least the same level of protection.

5.13.1.6. Transmit e-mail, text messages, and similar communications using technology and

processes that provide the best level of privacy available, given facilities, conditions, and

environment. Examples of recommended technologies or processes include closed

networks, virtual private networks, public key-enabled encryption, and TLS. Encrypt

organizational wireless connections and use encrypted wireless connection where available

when traveling. If encrypted wireless is not available, encrypt application files (e.g.,

spreadsheet and word processing files), using at least application-provided password

protection level encryption.

5.13.1.7. Transmit voice and fax transmissions only when there is a reasonable assurance that

access is limited to authorized recipients.

5.13.1.8. Do not post information to Web site pages that are publicly available or have access

limited only by domain or Internet protocol restriction. Such information may be posted to

Web site pages that control access by user identification or password, user certificates, or

other technical means and provide protection via use of TLS or other equivalent

technologies. Access control may be provided by the intranet (vice the Web site itself or the

application it hosts).

5.13.1.9. Provide protection against computer network intrusions and data exfiltration,

minimally including the following:

5.13.1.9.1. Current and regularly updated malware protection services.

5.13.1.9.2. Monitoring and control of inbound and outbound network traffic as

appropriate (e.g., at the external boundary, sub-networks, individual hosts)

including blocking unauthorized ingress, egress, and exfiltration through

Page25of29

technologies such as firewalls and router policies, intrusion prevention or

detection services, and host-based security services.

5.13.1.9.3. Prompt application of security-relevant software patches, service

packs, and hot fixes.

5.13.1.10. As applicable, comply with other current best practices of information protection and

reporting requirements for specified categories of information.

5.13.1.11. Report loss or unauthorized disclosure of information in accordance with contract or

agreement requirements and mechanisms.

5.13.2 The Contractor shall ensure in their quality processes and procedures are compliant with

standard best practices security requirements.

5.14. REPORTING:

5.14.1 Reports should be generated on a daily, weekly, monthly, and yearly basis with the exception

of the audit reports which is on an as needed basis as per the deliverable schedule.

5.14.2 Reports shall be generated automatically via the ID card system, including but not limited to:

5.14.2.1. Initial ID Cards issued

5.14.2.2. Number of ID Cards destroyed

5.14.2.3. Number of ID Cards replaced due to expiration

5.14.2.4. Number of ID Cards replaced due to loss

5.14.2.5. Operational Audit Reports

5.15. PERFORMANCE REQUIREMENTS SUMMARY: The Contractor service requirements are

summarized into performance objectives that relate directly to mission essential items. The

performance threshold briefly describes the minimum acceptable levels of service required for each

requirement. These thresholds are critical to mission success.

Performance Objective Performance Standards

Acceptable Quality Levels (AQL)

Method Of Surveillance

The contractor shall provide all facilities, equipment with trained and vetted personnel in order to complete all tasks associated with this PWS according to the agreed timeline.

Full (100%) Compliance

No more than one (1) discrepancy per inspection

Observation by COR/KO & Stakeholder Input

The contractor shall establish in the new ANDSF-IDC System the ability to transfer data between systems listed in this PWS.


No discrepancies permitted

100% Inspection of Contractor file by the COR/KO

The contractor shall migrate and load all records from the existing ID system to the ANDSF-IDC system relatively free of errors in accordance with the fielding plan.


95% of all fields are migrated or loaded complete and free of error (a useable record)


The contractor will ensure that all data will remain encrypted with best industry standards for every system, especially systems that are being fielded or transported in any way.




The contractor in accordance with this PWS will provide all training, and fielding of this



Observation by COR/KO &

Page26of29

system in all locations within Afghanistan. Stakeholder Input

The contractor must transition the ANDSF- IDC system to MoD and MoI by the end of the base/option year(s).




The Contract shall provide and maintain workers’ compensation insurance before commencing performance under and during the entire performance of this contract for the payment of disability compensation and medical benefits to covered employees and death benefits to their eligible survivors. Proof of DBA insurance shall be submitted to the Contracting Officer 15 days after contract award and within 15 days of after exercising the option year period.



100% Inspection of Contractor file by the KO

Acceptable surveillance methods:

100%Inspection and File Review: Performance is inspected/evaluated at each occurrence. This method is necessary due to health, safety and other considerations. Random Inspection: This method will be used as an efficient way to obtain an unbiased, comprehensive evaluation of performance. Some task/deliverables will be randomly selected to determine if the level of performance is acceptable. Observation: This method will be used to document relatively few observations from which the quality the task can be consistently projected from one observation period and throughout the next. Periodic Inspection: This method will be used to check the Contractor’s quality control to ensure the Contractor is capable of meeting the Government’s quality requirements. Inspection may vary based on the Contractor’s compliance to the PWS requirements; the frequency may increase or decrease based on inspection findings. Stakeholder Input: Stakeholder input can be used when written or telephonic evidence is provided and substantiated by the COR/KO in certain situations when the quality of performance poses a risk to the contract.

5.16. Deliverables Schedule:

PWS Task Deliverable Item Due Date Post-Award Conference

5.1.1 Post-Award Slides Within seven (7) business days

of contract award. Initial Baseline Review (IBR)

5.1.2.1 Work Breakdown Structure (WBS) Integrated Master Schedule (IMS) Requirements Traceability Matrix

(RTM)

Review(s) will be within thirty (30) days of contract award

(Not all presented on the same day)

System Fielding Plan (SFP) 5.1.3.1

Fielding Plan Due within forty-five (45) days of contact award

Configuration Management Plan

5.1.3.2

Software and Hardware configuration management plan

Due within forty-five (45) days of contract award

Preliminary Design Review (PDR) 5.1.3.3

Preliminary Design Review Due within forty-five (45) days of contract award

Functional Configuration Audit (FCA) 5.1.3.4

Functional Configuration Audit Due within forty-five (45) days of contract award

Page27of29

System Requirements Specification

5.1.3.5

System Requirements Specification Due within forty-five (45) days of contract award

Critical Design Review (CDR) 5.1.4.1

Critical Design Review Review(s) will be within sixty (60) days after contract award

Integrated Test Plan (ITP) 5.1.4.2

Integrated Test Plan Document Review(s) will be within sixty (60) days after contract award

Data Archiving Plan 5.1.4.3

Data Archiving Plan Review(s) will be within sixty (60) days after contract award

Program Management Review (PMR) 5.1.5.1

Program Management Review Meeting PMR Meeting will be conducted monthly, with

weekly updates and status reports.

Project Transition Review 5.1.6.1

Project Transition Review Review to be completed within ninety (90) days prior to Initial Operational Capability (IOC)

Training Plan 5.1.6.2

Training Plan Review to be completed within ninety (90) days prior to Initial Operational Capability (IOC)

Sustainment Plan 5.1.6.3

Sustainment Plan that includes Help Desk

Review to be completed within ninety (90) days prior to Initial Operational Capability (IOC)

Final submission will include any updates and be submitted

to PMO before Full Operational Capability (FOC)

System Performance Assessment

5.1.6.5

System Performance Assessment including associated risks

Review to be completed within ninety (90) days prior to Initial Operational Capability (IOC)

Physical Configuration Audit 5.1.7.1

Report findings of configuration audit Completed thirty (30) days before IOC and training

Source Code 5.1.7.2

Provide Source Code for all software development, interface control

documents, with all associated training, maintenance and sustainment

Completed thirty (30) days before IOC and training

Database Migration 5.2.1

Report Complete all legacy data migrated to the new ID Card system

Completed thirty (30) days before IOC and training

Refresher Training 5.10.1.7

Quarterly Refresher Training Report This report will be completed after training is conducted and

submitted to the PMO. System Architecture

5.11.3 Detailed System Architecture Report Review to be completed within

ninety (90) days prior to Initial Operational Capability (IOC)

Security Control Assessment 5.13

Security Control Assessment Plan Due within forty-five (45) days of contact award

Reporting 5.15

Standard Reporting as outlined in the PWS

Daily, Weekly, Monthly, and Yearly, reported automatically within the system for review by

PMO, MoD, MoI

15.17. Contracting Manpower Reporting

The Office of the Assistant Secretary of the Army (Manpower & Reserve Affairs) operates and maintains a secure Army data collection site where the contractor will report all contractor manpower (including subcontractor manpower) required for performance of this requirement. The contractor is required to

Page28of29

completely fill in all the information in the format using the following web address https://contractormanpower.army.pentagon.mil. Clause 5152.225-5904 applies.

Contractor shall provide monthly employee census information to the Contracting Officer, by province, for this contract. Information shall be submitted either electronically or by hard-copy. Information shall be current as of the 25th day of each month and received by the Contracting Officer no later than the first day of the following month.

The following information shall be provided for each province in which work was performed:

The total number (prime and subcontractors at all tiers) employees.

The total number (prime and subcontractors at all tiers) of U.S. citizens.

The total number (prime and subcontractors at all tiers) of local nationals (LN).

The total number (prime and subcontractors at all tiers) of third-country nationals (TCN). Name of province in which the work was performed.

The names of all company employees who enter and update employee data in the Synchronized Pre- deployment & Operational Tracker (SPOT) IAW DFARS 252.225-7995 or DFARS DoD class deviation 2014-O0018.

EXHIBIT A

PRICE LIST ANDSF-IDC System

This list is exclusive of the proposed CLINS 0003, 1003, and 2003. This is separate individual pricing for reference purposes. Intent is to understand all cost(s), or fee(s) associated with software renewal for the ANDSF-IDC system for both option years.

Software License Fee(s) Base Year Description Part Number Brand Name UOM QTY Unit Price Total

Software License Fee (if required)

Software License Fee(s) Option Period 1 Description Part Number Brand Name UOM QTY Unit Price Total

Software renewal (if required)

Page29of29

Software License Fee(s) Option Period 2

Description Part Number Brand Name UOM QTY Unit Price Total Software

renewal (if required)

EXHIBIT B

Identification Card System

Contractor shall complete PWS Exhibit B, Identification Card System,

below.

CLIN Description Brand

Name Part

Number Country of

Origin Unit Quantity

0002 Identification Card System

Each