NATIONAL ARCHIVES
AND
RECORDS ADMINISTRATION
STATEMENT OF OBJECTIVES (SOO)
NARA ENTERPRISE INFORMATION
TECHNOLOGY SERVICES (NEITS)
Version 1.6
12/06/2021
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
Introduction and Instructions
This Statement of Objectives (SOO) describes the objectives and tasks for NARA Enterprise Information
Technology Services
Offerors will use this SOO and other applicable portions of the RFQ as the basis for preparing their
Performance Work Statement. Vendors shall ensure that all aspects of the SOO are thoroughly
addressed in their proposals.
Vendor will submit their Quotation in their own format but must clearly address and communicate each
section and pricing information must detail Labor Categories, Labor Rates, Labor hours, anticipated
ODCs, and the annual costs for each performance period and the total cost for the requirement.
Point of Contact
Damon Nevils,
NARA Office of the Chief Acquisition Officer
Phone: 301-525-8329
Email: damon.nevils@nara.gov
1
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
Contents
No table of contents entries found.
2
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
1. Executive Summary
1.1. The National Archives and Records Administration (NARA) requires the ability to
efficiently acquire Enterprise Information Technology Support Services on an ongoing
basis. This acquisition will select an enterprise services vendor to partner with the NARA
Information Services, Service Operations Delivery Division (IO) to manage enterprise
service across multiple platforms (cloud included), and geographically dispersed sites
throughout the USA.
1.2. This statement of objectives (SOO) presents a framework for supporting the NARA
enterprise from its current state of network technologies, which is a mix of old and new, to a
modern, scalable and flexible infrastructure. We define the current enterprise, identify key
objectives, and define goals in terms of how to move forward to set the stage for moving
towards a modernized identity management construct with zero-trust enterprise security
model. This will result in far reaching changes to the NARA IT enterprise. Leveraging
existing cloud efforts, NARA seeks to forge a path on moving the enterprise to cloud
adoption in order to enhance NARA’s mission to provide public access to Federal
Government records in NARA’s custody and create a seamless IT enterprise where we
work as one NARA and not just a component of parts. NARA’s Office of Information
Services (OCIO) is looking to use a proven Virtual desktop infrastructure (VDI) to
significantly improve delivery of IT services teleworking employees, while driving down IT
sustainment costs and freeing up resources to fund new and priority emerging requirements.
1.3. Cloud services provide a wealth of benefits that OCIO can leverage to provide the right
services, at the right place, at the right time. NARA’s current cloud services are a sound
technical platform and are poised to lead the growth of the NARA enterprise in the future.
OCIO is looking to partner with a vendor that can rapidly grasp the IT legacy systems
environment and fashion a sound roadmap to the cloud while meeting and aligning with
DHS Directives, NIST Cyber Security Publications, and NARA directives.
1.4. NARA needs a consistent approach to reviewing, securing, managing and deploying
upgrades to IT enterprise services. This approach must ensure coordination and integration
between NARA’s various legacy systems support vendors. The vendor with the ability to
understand and optimize this approach will provide best value for NARA.
3
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
2. Background
2.1. The National Archives and Records Administration (NARA) is an independent agency
established in 1934 to identify, protect, preserve, and make publicly available the
historically valuable records of all three branches of the Federal government. NARA
manages the Federal government’s archives, administers a system of Presidential Libraries,
operates museums, conducts education and public programs, provides oversight of
government-wide records management activities, and provides temporary storage of other
agencies’ records on their behalf. NARA holds over 5 million cubic feet (equivalent to 12.5
billion pages) of permanently valuable archival Federal and Presidential records in
traditional (analog) formats, and 795 terabytes of electronic archival records. NARA
provides access to archival records at public research rooms located across the country,
through the online National Archives Catalog, and in response to written correspondence,
email, and telephone requests. NARA engages the public with archival records through our
website, archives.gov, educational and public programs, and museum exhibits at the
National Archives Museum in Washington, DC and fourteen Presidential Libraries. NARA
holds over 700,000 artifacts, primarily Presidential materials. NARA provides a variety of
services to other Federal agencies. NARA serves American democracy by safeguarding and
preserving the records of our Government, thus ensuring that people can discover, use, and
learn from this documentary heritage.
2.2. The OCIO currently provides information technology support across the NARA enterprise
to ensure that the Mission, the Vision, and NARA Values are met. In alignment with these
goals, the OCIO’s mission is to provide adaptable, secure, and cost-effective information
technology products and services to NARA customers. The OCIO is looking to partner for
the technology and the resources required to support NARA’s continued move to cloud
services, while ensuring the continuity and availability of critical IT services. The ability of
NARA to meet this mission is largely dependent on timely and consistently delivered IT and
telecommunications support services. NARA currently uses Vendor staff to assist in
meeting this mission and deliver these services. The Vendor provides all personnel and
supervision to accomplish NARA’s IT Support Services, managing the quality of services,
while supporting approved products.
2.3. Vendor performance will be managed by the COR and CO, NARA anticipates data from
the NEITS Vendor reporting in the performance work statements, outputs from NARA
OCIO’s monitoring tools/dashboards including the service management system, as well as
surveying techniques (to be defined) will be used to provide data to the Government on
performance, service level metrics, and quality assurance as required.
4
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
3. Partnering Philosophy
3.1. A major intent of a SOO is to create a "partnership" between OCIO and the vendor. Superior
performance by the vendor will be determined by the extent to which its services advance
NARA’s mission through the completion, use, and documented results from NARA
infrastructure services and systems.
3.2. Within the context of this SOO, "partnership" means an interactive, mutually supportive
professional relationship that is open, collaborative, agile, and customer oriented. In
addition to meeting the objectives described herein, the vendor will be expected to:
3.3. Consistently take steps to understand NARA’s crucial business issues and opportunities
3.4. Identify and propose improvements to frameworks, processes, and services throughout the
performance period of the contract
3.5. Share the risks and responsibilities of joint implementations and initiatives
3.6. Ensure its products and services deliver tangible and meaningful business benefits
3.7. Work collaboratively with other vendors, government agencies, and business partners to
ensure project success
4. Purpose
4.1. To deliver increasing value to NARA, the OCIO is continuing the modernization of its
IT infrastructure across the enterprise. The purpose of this effort is to acquire
professional services that the OCIO requires in order to adequately support the
modernization of the NARA Enterprise IT Infrastructure and ensure compliance with
enterprise strategy for cloud migration, data center consolidation, unified
communications, and IT Security.
4.2. NARA requires a vendor who brings a mission focus to this program and can
continuously identify methods for applying IT processes to improve NARA’s IT
Enterprise performance and execution. NARA requires a vendor with the expertise to
continuously analyze, research, identify, and recommend the most effective and efficient
application of technology to meet NARA’s stated requirements as well as the capability
to recommend, engineer, install, and integrate IT infrastructure hardware, software and
service components.
5
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
4.3. This SOO describes NARAs goals, objectives and performance requirements to aid the
vendor in developing a comprehensive Statement of Work (PWS) that will achieve bestvalue on the total cost of ownership (TCO) related to the NARA Enterprise IT
Infrastructure, while maintaining the highest levels of availability, system integrity, and
ability to implement commercially available enhancements. The requested vendor’s
PWS must cover the vendor services to fully address the primary program objectives.
4.4. A PWS and associated cost quotes will be accepted for a single vendor that can
contribute to reducing the TCO without compromising objectives or requirements; have
existing partnerships with industry leading technology vendors and service providers;
and demonstrate the ability to accomplish tasks and deliverables in accordance with
stated or desired service levels and performance objectives.
4.5. Under a performance-based services contract, service level agreements (SLAs) and
performance metrics will be used extensively to monitor the performance of this contract
and tasks. The CO, COR, and the vendor will baseline and monitor progress using
agreed-upon performance metrics and service level agreements. The NARA expects the
vendor to propose performance and quality assurance metrics and performance
incentives in its PWS that will best advance the purposes of this contract on a costeffective basis and ones which will be meaningful to NARA and the vendor.
5. Scope and Objectives
5.1. The Vendor is responsible for providing trained and skilled personnel to design,
implement, manage, and administer solutions as outlined in this SOO and the Vendor’s
PWS. The vendor shall provide IT professional services to NARA as directed by the
OCIO’s Contracting Officer’s Representative (COR) through the issuance of task orders.
The vendor is required to address in their PWS the NARA Objectives as outlined in the
SOO.
5.2. Objective 1: Program Management and Quality Assurance.
5.2.1. The Vendor shall provide the technical and functional activities necessary for the
management of the requirements in this SOO. The Vendor shall employ a technical
approach, organizational resources and management controls to achieve cost,
schedule and performance requirements throughout the engagement. NARA
requires the Vendor to develop and maintain throughout the engagement, a Program
Management Plan (PMP) that describes how they will implement NARA’s overall
target objectives, a roadmap to achieving those target objectives with major
milestones, and an integrated master schedule that presents a detailed work
breakdown structure.
6
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
5.2.2. The vendor shall address in their PWS the following Program Management
Quality Assurance Objectives:








Organizational Structure and Vendor Roles
Vendor Management Plan
Transition (60 days after award)
Quality Management Plan
Risk Management Plan
Service Level Management Plan
Reporting
Vendor Projects
5.3. Objective 2: End User Support and Customer Experience
The end user support and customer experience objectives include work required to operate
and maintain a Tiered Approach to Services. The Vendor shall provide skilled and trained
personnel to provide leadership and all tasks as described in the SOO.
The vendor shall address in their PWS the following End User Support and Customer
Experience Objectives:
5.3.1. Tier 0 Services (Customer Service Portal, Self-Service Portal and Knowledge
Management)
5.3.2. Tier 1 Services (Service Desk, Incident Management, Customer Service
Operations, Directory Database Administration, Conference Call Services,
Telephone Service Request)
5.3.3. Tier 2 Services (Deskside Support, Installs, Moves, Adds and Changes,
Wireless/Cellular Support, Refresh, Remote Access, Telecommunications, Printer
Management, and Field Support).
5.3.4. Tier 3 Services (Engineering, SME level support to Tier 2 Services and Network
operation and maintenance to include OS, device deployments, upgrades, and
installations)
5.4. Objective 3: Infrastructure Operations
7
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
5.4.1. The vendor must support the entire NARA Enterprise; therefore, internal users,
Agency partners, and NARA external customers must be provided a robust, agile,
interoperable infrastructure that provides connectivity and computing capability to
deliver integrated services. The overall infrastructure objective is to perform as an
enterprise continuously improving using emerging technology and opportunities for
service and benefits delivery that currently do not exist.
5.4.2. NARA currently leverages technologies that provide elasticity and scalability
such as cloud technologies to allow the sharing of capacity and support mobility,
data analytics, and authoritative data. Enterprise applications are built as dynamic
websites that adapt to how various browsers need to translate and display
information. Maintaining browser compatibility is key for exchanging, processing
and presenting information to improve interoperability and accelerate delivery.
5.4.3. The Government requires the Vendor to use GFE software and tools The
Government strives to maintain industry standards by staying abreast of the latest
technology through available products and services in the environment. If these
software and tools are replaced and/or changed (per the reference attachments), the
Vendor will be required to update, maintain, and enhance the new tool(s) as part of
their ongoing support for operations and maintenance within the NARA Enterprise.
The Government does not intend to be responsible for training the Vendor on
systems or tools.
6. Security Operations Center (SOC)
6.1. This team works to identify, protect, detect, respond, and recover within NARA's
cybersecurity assets in accordance with NARA approved IT Security policies, standards,
and guidance framework. In addition, the NOC/SOC is responsible for the ongoing
operational components of enterprise information security.
6.2. Security operations staff are members of the Security Operations Center (SOC). They
are composed primarily of security analysts and engineers who work together to
detect, analyze, respond to, report on, and prevent cybersecurity incidents. Additional
security operations include but are not limited to advanced forensic analysis,
cryptanalysis, malware and antivirus management, and incident response.
6.3. The Vendor shall utilize current NARA security tools to identify, protect, and prevent
cybersecurity threats. Monitoring, detection, and prevention security tools are used to
protect and prevent exploits, analyze logs, deter threats, and remove vulnerabilities
from the environment. Additionally, the SOC will use these security tools and
8
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
methodologies to track, mitigate, contain, and eradicate any incidents or issues across
the agency. The vendor will address support for the below security areas in their
submitted PWS.
6.4. Network Perimeter Security
6.4.1. The Vendor’s SOW shall show the vendor’s methodology in protecting the NARA
network perimeter using firewalls, Intrusion Prevention Systems (IPS), and
Intrusion Detection Systems (IDS) and shall analyze security event information
using audit logs. As requested, the Vendor shall collect data from data flows,
telemetry, packet capture, audit logs to correlate and analyze security events. In
addition, the Vendor shall monitor the network and endpoints for Data Loss
Prevention (DLP) to reduce the egress of sensitive data and comply with industry or
Government regulations. The vendor plan shall list vendor responses to security
incidents. The Vendor shall ensure that perimeter and internal network devices
are operated and maintained according to NARA and Federal policies. In addition,
the Vendor shall coordinate security activities with other Vendors that may
manage other network devices or systems for NARA. The Vendor shall operate the
network to prevent unauthorized devices from connecting to the network.
6.4.2. The Vendor shall develop and deploy secure configurations for network
infrastructure devices based on NARA approved checklists such as those found at
the NIST National Vulnerability Database Checklist website. After deployment, the
Vendor shall monitor the infrastructure to ensure that the devices maintain their
security status.
6.5. Zero Trust Architecture
6.5.1. The Vendor shall present their plan to work with NARA to implement a Zero
Trust Architecture (ZTA), which is an enterprise cybersecurity architecture based
on zero trust principles designed to prevent data breaches and limit internal lateral
movement. The Vendor shall support the implementation of a ZTA in modernizing
the network and operational security by design, system boundary, and data flow
using the following Zero Trust concepts:



Strict enforcement of a least privileged access control policy.
Reduce the exfiltration of classified agency and personally identifiable
information (e.g., Data Loss Prevention).
Devices on the network may not be owned or configurable by NARA.
9
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only





No resource is inherently trusted.
Not all NARA resources operate on NARA-owned infrastructure.
Remote users and assets should not fully trust their local network connection
(e.g., public or private WIFI)
Maintain a consistent security policy and posture between assets and
workflows moving between agency and non-agency networks.
Support NARA business driven IT initiatives, such as secure remote access,
virtualization, and cloud services.
6.6. Access Control Management
6.6.1. The Vendor PWS shall address managed access to the network, including but not
limited to system interconnections, account privileges, and physical access to the
data center and computer rooms. The Vendor shall continuously restrict access to
only authorized users by providing NARA management with asset, user, and data
flow surveys for review of ZTA access controls. The Vendor shall ensure that the
data fields contained in the Identity Vault (IDV) are accurate through the Quality
Inspection Processes in the Quality Assurance Surveillance Plan (QASP). NARA will
approve the data fields. The Vendor shall ensure that logical and physical access
logs have complete data entry fields for NARA to review as requested. The Vendor
shall enforce Multi Factor Authentication (MFA) to all supported NARA information
systems. The Vendor shall implement network access control by optimizing the
configuration of NARA's Cisco Identity Services Engine (ISE), a user profile, and
device authorization tool. Once complete, the Vendor shall quarantine and restrict
access to devices that do not meet NARA approved security requirements. Once
the device is compliant and authorized, it should be allowed access to the
production environment.
6.6.2. The Vendor shall assist in the annual recertification of computer rooms and the
datacenter from the Government developed SOP. In addition, the Vendor shall
ensure that account privileges and access to data follow the principle of "least
privilege," as required by NARA policy. The Vendor shall document all system
interconnections with NARA according to NARA procedures in the Active Directory
Identity Management Plan.
6.7. Privileged Account Management
6.7.1. The Vendor shall deliver annual and quarterly reports of standard and elevated
credential accounts. The Vendor shall install, configure, and implement the
10
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
CyberArk identity management solution. CyberArk's privileged access security
manages privileged account access and SSH keys. CyberArk enables NARA to
secure, provision, manage, control, and monitor all privileged account activities
such as Windows Administrator, Linux/Unix Root, Cisco Enabled, and embedded
passwords in applications and scripts. Additionally, the Vendor shall provide
enterprise engineering, operations, administration, and system support and
maintenance.
6.8. Hardware & Software Asset Management
6.8.1. The Vendor shall mitigate or eliminate all unsupported software and hardware
to reduce NARA's exposure. The Vendor shall assist with the application control
process that denies known, unknown, and suspicious combinations of system
processes from execution.
6.9. Data-at-Rest & Data-in-Transit
6.9.1. The Vendor shall support the automation of encryption and decryption to
protect the confidentiality and integrity of sensitive data on NARA information
systems. The Vendor shall implement a technical system and document a process
to track lost and stolen devices. In addition to tracking and remote control of lost
and stolen devices, they shall provide the capability to remotely reset, wipe, or
harden the device. The Vendor shall provide asset management and configuration
management (CM) services to maintain technical and administrative control of the
technology asset functional and physical characteristics and provide continuous
visibility into the asset types and numbers of assets throughout the enterprise.
6.10.
IT Security Standard Operating Procedures
The Vendor shall develop, update, and manage the following security related SOPs to include but
not limited to:



6.11.
Account Management
Vulnerability Management
Incident Response Management
System Security Baselines
6.11.1. The Vendor shall apply all NARA approved baseline security configurations on all
NARA IT assets in accordance with the NARA IT Security Architecture,
11
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
Methodology, and Cybersecurity Framework (CSF). The Vendor shall harden all
NARA IT assets following its system specific baseline documentation following
technical security implementation guides from the Center for Internet Security
(CIS) or Defense Information Systems Agency (DISA) benchmarks.
6.11.2. Annually, the Vendor shall review, update, and document system specific
baseline configurations, deviations, and exceptions from CIS or DISA benchmarks
across all endpoints within its system boundary. Upon completion, the Vendor
shall submit all officially signed baseline documentation to the Enterprise Change
Advisory Board (ECAB) for final review and approval.
6.12.
System Security Assessment & Authorization
6.12.1. The Vendor shall assist in reporting for Assessment & Authorization (A&A),
Federal Information Security Management Act (FISMA), and Plan of Actions &
Milestones (POA&M) activities for supported systems. NARA uses a methodology
that includes continuous diagnostics and mitigations for the continuous
authorization of the system.
6.12.2. The Vendor shall update the General Support System (GSS) System Security Plan
annually. The Vendor shall provide support for the annual Security Test &
Evaluation (ST&E). The Vendor shall document the processes used to support
NARA's A&A, FISMA, and POA&M activities. The Vendor shall report on the status
of POA&M activities as requested.
6.13.
Vulnerability & Patch Management
6.13.1. The Vendor shall apply patches, security configurations, and system updates to
all NARA supported hardware and software platforms. The Vendor shall use
NARA's current Patch Management Systems (ZENworks and SCCM) to identify,
manage, and deploy software and security updates. With the removal of ZENworks
from the NARA environment, the Vendor shall recommend a patch management
system to supplement the use of SCCM.


The Vendor shall remediate vulnerabilities discovered within the given time
constraints as follows:
The Vendor shall remediate critical vulnerabilities within 15 calendar days of
initial detection.
12
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only




6.14.
The Vendor shall remediate high vulnerabilities within 30 calendar days of
initial detection.
The Vendor shall remediate medium vulnerabilities within 90 calendar days of
initial detection.
The Vendor shall remediate low vulnerabilities within 120 calendar days of
initial detection.
The Vendor shall adhere to all NARA approved changes in its current patching
schedules, levels of severity, and follow the ECAB change management
processes.
Security Event and Incident Response
6.14.1. The Vendor shall manage the antivirus and antimalware systems and respond to
incidents according to NARA policies and procedures. The Vendor shall investigate
all suspicious and potentially suspicious activity identified through audit log
reviews. The Vendor shall follow the requirements for incident reporting if the
suspicious activity is determined to be a security incident. The Vendor shall follow
the NARA approved incident response SOPs for problem management for
suspicious activity determined to be an operations incident. The Vendor shall
proactively initiate containment, isolation, and remediation activities within two
hours of notification or discovery of malware or suspicious activity on NARA
systems.
6.14.2. The Vendor shall implement solutions to mitigate system and network attacks
within the periods specified by NARA. The Vendor shall respond to detected
malware or viruses for all supported systems, including servers, laptops, desktops,
and mobile devices. The Vendor shall proactively discover and respond to attack
activity in accordance with approved SOPs. The Vendor shall investigate the
reported suspicious activity.
6.14.3. The Vendor shall track and report security incidents using a standard reporting
mechanism compliant with incident response reporting procedures. The Vendor
shall support the analytical activities of the SOC Incident response (IR) team in
conjunction with the Chief Information Security Officer (CISO) team as described in
NARA's Computer Security Incident Response Handling Guide.
6.14.4. The Vendor shall provide technical recommendations to the remediation plan for
identified events. The Vendor shall install, configure, and manage malware and
13
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
virus protection for all supported systems, including servers, laptops and desktops,
and network devices.
6.14.5. The Vendor shall provide protection measures for NARA resources following
NARA, NIST, and other Federal policies, requirements, and mandates. The Vendor
shall provide protection measures when the Vendor discovers malicious activity.
The Vendor shall provide updated antivirus definitions through automated
processes and periodically verify the status of the antivirus software and
definitions.
6.14.6. The Vendor shall continuously monitor NARA assets, ensuring endpoint
protection is current with the latest threat definitions containing but not limited to
spyware, viruses, and all forms of malicious code.
6.14.7. The Vendor shall follow all "Applicable Federal Directives and Regulations,"
included but not limited to the list can be found in Appendix E. The Vendor shall
continuously maintain the list during the life of this effort.
7. Core Team
7.1. The Vendor shall provide a core team of leaders (Key Personnel) led by a single key
individual who will serve as the vendor Liaison to NARA Information Services for all
matters pertaining to the performance of this contract to provide program management,
quality control, project management, and operational management services throughout
this contract. Key Personnel shall be the following:
7.1.1.
7.1.2.
7.1.3.
7.1.4.
7.1.5.
7.1.6.
7.1.7.
7.1.8.
Program Manager
Transition Manager
Service Desk Manager
Infrastructure Ops Manager
Quality Assurance Manager
Engineering Lead
IT Security Lead
Networking Lead
7.2. The Vendor shall provide direct supervision to vendor personnel. The Vendor shall
ensure adequate levels of staffing to meet all requirements. All staffing levels shall be
approved by NARA. The Vendor shall provide all deliverables in accordance with the
Quality Assurance Surveillance Plan and Deliverable List.
14
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
7.3. The Vendor shall provide a Program Management Plan (PMP), updated monthly, that
includes a narrative description of services completed after the last PMP was submitted,
a Work Breakdown Structure (WBS) and narrative description and status of services in
progress, and a narrative description and estimated timeframe (with WBS, if drafted) of
planned services.
7.4. The Vendor shall provide a Concept of Operations (CONOPS) that conforms to contract
requirements and documents the Vendor's approach for operating and maintaining
NARA’s network, and for providing adequate program management processes and
procedures required to meet contractual requirements. The CONOPS shall address the
following areas:
7.5. NARA specifications including infrastructure diagrams, configurations and capacity by
location, or type of location:
7.5.1.
7.5.2.
7.5.3.
7.5.4.
7.5.5.
7.5.6.
7.5.7.
Baseline services provided
User support and Service Desk procedures
Staffing coverage
Technology refresh methodology
Service assurance
Management team
Vendor roles and responsibilities
7.6. At the request of the Contracting Officer (CO) and/or the COR, the Vendor shall provide
ad hoc verbal progress briefings on any task order service being performed and shall
provide ad hoc written progress briefings on any task order service being performed.
7.7. The Vendor shall participate in and provide support for monthly In Progress Reviews
(IPRs). The Vendor shall prepare briefing slides for the monthly IPR that include the
current and planned activities for the major task areas.
7.8. The Vendor shall manage the Service Level Agreements (SLAs). The Vendor shall
implement a vendor provided, NARA approved Service Level Agreement Management
Plan. The SLA Management Plan shall include the responsibilities of the SLA Manager
and tasks to be performed by the SLA Manager.
7.9. All information provided in the Vendors PWS are considered deliverables whether they
are listed in NARA Attachments to this effort. All information provided by the Vendor
to NARA is subject to inspection and acceptance. Deliverables are not separately priced
items. The labor provided for in the schedule of prices shall encompass the preparation
of all deliverables.
15
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
7.10.
The Vendor shall follow all Government furnished Standard Operating
Procedures (SOPs) for a minimum of six (6) months. All vendor created SOPs will be
reviewed by NARA and shall not be implemented until it has been approved by NARA.
The Vendor shall not include any proprietary data in the SOPs, or any other documents
created. Upon approval of any document NARA will own the document.
7.11.
Throughout the contract, the Vendor shall update SOPs as necessary with
NARA’s input and approval. The Vendor shall proactively notify the COR of any
problems it identifies within any given SOP. The Vendor shall create other procedures or
plans as requested by NARA. The Vendor shall fully implement all SOPs, procedures
and plans as directed by NARA.
7.12.
The Vendor shall support IOs participation in the following processes: Capital
Planning and Investment Control, Configuration Management, Change Management,
Architecture Review Board, and NARA Operations for management, planning and
operational purposes.
8. Key Personnel
8.1. NARA has identified key personnel (KP) that are essential to the successful execution of
this contract. The Vendor must be responsible for identifying and assigning key
personnel, as necessary, to accomplish timely completion of the requirements set forth in
this PWS.
8.2. Detailed resumes of key personnel must be submitted by the Vendor and approved by
NARA prior to any authorization and approval to perform services under this contract.
At a minimum, the Vendor must submit resumes of key personnel with detailed
employment history, current and past security clearances, company and supervisor
names and telephone numbers, copies of the credentials, certifications and licenses,
including other key personnel information in accordance with the Minimum
Qualifications identified in [Table 1] Expertise and Qualifications.
Title
Primary Responsibilities
Minimum Qualifications
(Required)
Program
Manager
The primary point of contact
between the Government and
the Vendor shall be the
Program Manager (PM). The
●
A minimum of 7
years’ experience
Program Management
Experience
16
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
PM shall be responsible for
performance of the entire
contract, regardless of other
key personnel assigned to
specific functions or duties
and shall be full time.
●
Knowledge of
managing large
programs
●
Strong
organizational skills
●
Strong written
and oral communication
●
Strong
interpersonal and
relationship building
skills.
Quality
Assurance
Manager
Service Desk
Manager
Serves the point of contact for
IT Quality Assurance, analyzes
deficiencies in service or
performance and
recommends improvements
to address problems.
Implements defect reduction
programs. Ensures that
milestones/goals are met.
● 5 years Quality
Assurance Management
Experience.
Provides onsite Service Desk
support at Archives II in
College Park, MD, staffing the
help desk in support of the
day-to-day operations and
support of the applications.
●
A minimum of 5
years’ experience
managing a service desk
●
Experience setting
targets for milestones
and adhering to
deadlines
●
Expert knowledge
of desktop and server
operating systems and
applications
●
Strong written
and oral communication
●
Excellent
interpersonal and
relationship building
skills
17
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
Infrastructure Serves as a technical expert
Operations
and main point of contact for
Manager
all things related to operations
and infrastructure.
●
A minimum of 7
years’ experience in
networking managing
LANs, WANs, helpdesk,
and infrastructure.
●
Expert knowledge
of IT systems
●
Strong written
and oral communication
●
Strong
interpersonal and
relationship building
skills
Transition
Manager
Serves as the main point of
contact and expert in
transitioning of contract. This
position is for transition only
and will end upon completion
of transition in.
●
A minimum of 5
years’ experience in
transitioning of
contracts
●
Expert knowledge
of contract transitions
Engineering
Lead
Serves as the main point of
contact and expert enterprise
architecture and managing
projects related.
●
A minimum of 7
years’ experience in
enterprise architecture
projects
IT Security
Lead
Serves as a technical expert
and main point of contact for
all things related to
cybersecurity.
●
A minimum of 5
years’ experience
managing cybersecurity
●
Expert knowledge
of Federal cybersecurity
Mandates
18
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
●
Strong written
and oral communication
●
Strong
interpersonal and
relationship building
skills
Networking
Lead
Serves as a technical expert
and main point of contact for
all things related to network
environments.
●
A minimum of 7
years’ experience in
networking managing
LANs, WANs, and WIFI.
●
Expert knowledge
of network systems
●
Strong written
and oral communication
●
Strong
interpersonal and
relationship building
skills
9.
Period and Place of Performance
The base Period of Performance will be a base performance period (including transition-in and
three (3), one-year options. Services will be provided at NARA and vendor locations within the
United States (US).
The SOO will have individual task orders associated with the tasks within each objective.
10.
Locations
10.1. The requirement is for the Vendor to provide enterprise IT services required by NARA at
its multiple facilities. Activities include the full lifecycle for desktops, infrastructure,
telecommunications, and network including but not limited to planning and implementing
telecommunications and information technology infrastructures; network administration which
includes network access and security; server management; emergency preparedness planning; IT
disaster recovery planning and execution; IT inventory control; system administration; user
support; workstation management; wireless services; and voice and data services.
19
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only
10.2. NARA’s primary facility for IT and telecommunications support is the National Archives
at College Park (“A2”). A2 has one data center, one digitization lab; and hosts the enterprise
storage area networks (SAN). The Allegany Ballistics Laboratory (ABL) at Rocket Center, WV,
and the National Personnel Records Center in St. Louis, MO facilities both have data centers.
ABL also has a backup enterprise SAN. There are 29 regional archives and record centers, the
Federal Register, and 15 Presidential Libraries; all of which have comparatively smaller
technology footprints. All of NARA’s locations are connected via a Wide Area Network (WAN).
See Appendix B for a full listing of NARA locations.
20
Working Draft, Pre-Decisional, Deliberative Document – Internal Information Services NARA Use Only