D--PACS upgrade
4 Request for Information- Sources Sought Physical Access Control Systems THIS IS A REQUEST FOR INFORMATION (RFI), ONLY, issued in accordance with Federal Acquisition Regulation 15.201(e), for the pur... 4 Request for Information- Sources Sought Physical Access Control Systems THIS IS A REQUEST FOR INFORMATION (RFI), ONLY, issued in accordance with Federal Acquisition Regulation 15.201(e), for the purpose of conducting market research. Accordingly, this RFI constitutes neither a Request for Proposal (RFP) nor a promise to issue an RFP in the future, and it does not commit the Government to contract for any supply or service described herein. The Department of Veterans Affairs (VA) is not, at this time, seeking proposals and therefore, will not accept, review or evaluate unsolicited proposals received in response hereto. Please be advised that the U.S. Government will not reimburse Respondents for any costs incurred in the preparation and/or submission of responses to this RFI; all costs associated with responding to this RFI will solely be at the Respondent s expense. Companies are encouraged to respond if they have the capability and/or capacity to provide the items identified below. Not responding to this RFI does not preclude participation in any future RFP, if issued. Any information submitted by respondents to this RFI is strictly voluntary; however, any information received shall become the property of the Government and will not be returned to the Respondent. Interested parties are responsible for adequately and clearly marking proprietary, restricted, or competition sensitive information contained in their response. Please send all correspondence, questions or feedback to William.Freer@va.gov. Thank you very much for your time and efforts, have a great holiday and New Year s. INTRODUCTION Background Physical Access Control Systems (PACS) Homeland Security Presidential Directive 12 (HSPD-12) requires federal agencies to issue secure and reliable identification to all employees and Contractors. FIPS Publication 201-1 Personal Identify Verification (PIV) of Federal Employees and Contractors, issued by The National Institute of Standards and Technology (NIST), establishes the technical specifications for the smart cards that respond to this requirement. HSPD-12 requires Federal agencies to provide a common ID credential system for all federal employees and Contractors. PIV badges are electronically verifiable and protected by digital certificates, biometric data, and a Personal Identification Number (PIN) code. These credentials are issued, managed, and revoked from a central management system and require applicant background checks. On February 3, 2011, the Office of Management and Budget (OMB) released Memorandum 11-11 , HSPD 12 that requires all federal agency systems be enabled to use PIV credentials in accordance with NIST guidelines. OMB directs agencies to use PIV badges in daily operations and integrate centrally managed PIV badge systems with the physical access control systems (PACS). PACS readers must, at a minimum, extract unique token identifier information from the PIV badge and by FY 2012 the existing federal physical and logical access control systems must be upgraded to use PIV credentials. Electronic Security Systems (ESS) Related to the HSPD-12 requirements, is the overall security modernization that provides the level of security protection necessary in Veterans Affairs (VA) facilities such as hospitals, regional offices, and related. These modernizations include the remediation and/or upgrade of ESS functions that include; CCTV (Camera s and related recording devices) Intrusion Detection Systems (IDS) (Devices to detect non-approved access) Duress (Emergency alerts and general interaction with law enforcement for support) Visitor Management Option (Control Access and Identify of Visitors) These functions are critical for maintaining a proper security posture at this various VA facilities and allow local and regional law enforcement the tools needed to support their security operations. Related Infrastructure In addition to the systems and devices that create the secure environment desired by the VA are the related physical construction infrastructure assemblies and equipment that are controlled and monitored by the security environment. Remediation of entrance/exit locations, Information Operation Centers and Information Technology (IT) facility equipment can be included as needed in the overall remediation project. The following construction materials and assemblies are common installed equipment, but are not limited as to what may be needed at a location related to construction activities. This can include: Physical Access Entry Points Entrance/Exit(s) Doors Door Frames Door Locking Mechanisms Complete Door Assemblies Perimeter Gates Physical Monitoring Locations Operation Centers Monitoring Racks Specific Operation Center Furniture Audio/Video Monitoring Devices Computer Facility Locations Racks Raceway Objective The objective of this Statement of Work (SOW) will be to provide all material, labor, and cost associated to bring each facility into compliance with VA s enterprise PACS/ESS requirements and HSPD-12 specifications. Applicable Documents The following documents form a part of the requirements of this Statement of Work to the extent specified FIPS 201-1(x) - Personal Identity Verification (PIV) of Federal Employees and Contractors SP 800-73 - Interfaces for Personal Identify Verification SP 800-116 - A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) VA Physical Access Control Systems (PACS) Requirements VA Master Construction Specifications 28 13 00 Physical Access Control System (PACS) 28 13 16 Physical Access Control System and Database Management 01 00 00 General Requirements 28 05 00 Common Work Results for Electronic Safety and Security 28 05 13 Conductors and Cables for Electronic Safety and Security 28 08 00 Commissioning of Electronic Safety and Security VA Directives and Handbooks Technical Reference Model 6500 Information Security Handbook Continuous Readiness Information Security Program Note: If location facilities have specific requirements related to construction, all work shall comply with those VA departmental construction standards and applicable manufacturer's installation and user manuals. Period of Performance The Period of Performance (PoP) shall be 180 days for installation and 12-months maintenance with four option periods for continued maintenance of the system. Place of Performance All site activities and future compliance will be performed in Austin and/or Waco, TX. Licenses and Regulations The Contractor will ensure that the company and ALL assigned personnel are cleared in accordance with the VA requirements. The minimum standard is a National Agency Check with Inquires (NACI), licensed in accordance with state and local requirements, and that all work performed complies with ALL known applicable regulations and codes. Personnel Unless specifically noted otherwise, the performance of work shall be the responsibility of the Contractor. The Contractor shall be responsible for all site assessment activities as well as the final design and installation of all elements and systems, including items for which the VA may have a role in construction and/or installation. Confidentiality and Non-Disclosure All data collection instruments, drafts and final reports, all data files and associated working papers, and other material deem relevant by VA which have been generated by the Contractor or provided to the Contractor by VA in the performance of this contract are the exclusive property of the US Government and are to be submitted to the VA Contracting Officer Representative (COR) at the completion of the project. All Government information made available to the Contractor shall be used by the Contractor only for the purpose of carrying out the requirements of the contract. Unless explicitly authorized by the VA, government information made available to the Contractor shall not be divulged or made known in any manner to any person except as may be necessary in the performance of this contract. STATEMENT OF WORK Program Management The Contractor shall perform all management tasks that are required to execute tasks identified herein in accordance with the established schedule and to report the status/progress of these tasks to the local VA site/facility point-of-contact, the VA HSPD-12 Program Management Office, the Contracting Officer (CO), and to the COR. The Contractor will provide a Program Manager for the duration of this contract that will be considered Key Personnel. As the Program Manager, this member of the Contractor s team will oversee all work and be the key contact for VA staff. A kick-off meeting will be schedule once the contract has been awarded. At this meeting, all stakeholders can be present to go over the various activities and timelines associated with the project. This meeting will be held ten days after award. Communications The Contractor will schedule, supervise, and manage all personnel required to monitor the performance of all activities required by statement of work. The Contractor shall be responsible for any delays or other impact due to misconduct on the part of its employees or sub-contractors. Applicable personnel shall wear VA issued identification badges when working in Government facilities The Contractor shall be required to communicate and coordinate with other VA personnel (e.g., VA IT, construction workers, physical security specialists, etc.) in the performance of the requirements identified in this SOW. The Contractor shall participate in, cooperate with, and contribute to discussions involving various VA PACS/ESS Contractors. At no time, shall direction be provided by or given to a Contractor by another Contractor, except where there is privity of contract. Should direction or resolution of issues be required, the Contractor(s) shall immediately notify the COR. Technical direction may only be provided to the Contractor, in writing, by the CO. Should direction or resolution of issues be required, the Contractor(s) shall immediately notify the COR so they can obtain the proper guidance to proceed. To ensure a successful and productive work environment, Contractor shall establish and foster: a) formal information sharing, including requirement coordination forums and b) collaborative interface to facilitate application solution services in an integrated fashion. Planning The Contractor will provide a project plan to identifying the various tasks to be performed and the resources, facilities, tools, and materials needed to accomplish these tasks. The Contractor shall deliver electronically, a detailed project two-week look ahead in addition to the modified project schedule for all tasks that will be accomplished. The Contractor shall furnish to the CO and COR the project schedule and two-week look ahead by the first business day of each week by 11 AM CST The Contractor shall coordinate scheduling of work with the COR. Reporting The Contractor shall supply a Weekly Status Report on the overall project status, progress, and issues to the COR during the term of this contract. The Contractor shall provide all reports and/or updates via electronic means to the CO, Contract Specialist (CS) Project Manager (PM) and COR. The list of reports can be found within Deliverables listed below. Change Management The Contractor shall formally document and obtain CO approval for any project changes (i.e. scope and/or requirements). All changes will be process with collaboration among the customer, other stakeholders, PM, COR, the VA facility security representative (FSR), and the CO responsible for the project s success. The Contractor shall reference the project change management approach over the life of the contract. The CO will determine if the change necessitates an update to the contracted task. Corrective Action The Contractor will strictly adhere to the deliverables and project plan/schedules specified in this contract. In the event of any anticipated or actual delay, the Contractor will promptly: Notify the VA CO, CS and COR in writing of the reasons for the delay and the actions being taken to overcome or minimize the delay Provide VA CO, CS and COR with a written recovery process within one (1) day after delay or anticipated delay is known. The VA shall not be liable for excess procurement costs pursuant incurred by Contractor because of any failure to perform this contract under its terms. If the failure arises from causes beyond the control and without the fault or negligence of Contractor, the VA will review the item on a case by case clause. Projected Deliverables and Milestone Dates PERFORMANCE REQUIREMENTS SUMMARY Task Paragraph Tasks Delivery Date Performance Standard 1.5.2 Personnel Trained/Licensed/ PIV Badged At all times 2.1 Program Management 2.1 Kick-Off Meeting 10 days after award One time 2.1.2 Project Plan - Develop and maintain a Project Plan that identifies tasks to be performed and the resources, facilities, tools, and materials needed to accomplish these tasks effectively 10 days after award One time (update if needed at later day) 2.1.2 Reporting Weekly Status 1st business day of week Weekly 2.2.5 As Built Documentation Deliver a Certificate of Completion Within 5 days of acceptance of the site For each site Scope of Work Physical Access Control System Objective CONTROL PANELS Upgrade of panel firmware to support CCure 9000 PRIMARY POWER/UPS Replacement of PACS panel batteries PIV CARD ENROLLMENT EQUIP Update of PIV enrollment Software Support Agreements and Expansion of PIV enrollment software to Austin security office and Waco PIV CARD STATUS Database partitioning / archiving setup Video Management System Objective SYSTEMS SERVERS Upgrade for Victor VMS software (includes software support agreement)* WORKSTATIONS Upgrade workstations to support new video hardware / software VIDEO RECORDERS Change of NVRs to support all IP camera configuration CAMERA POWER SUPPLIES Trace and relocate camera power supplies CAMERAS ASSESSED Upgrade of all cameras to higher resolution and IP transmission and Reconfiguration of exterior camera views. ADD CAMERA TO VIEW ROOF ACCESS Repurpose existing camera (x2) LICENSE PLATE RECOGNITION CAMERA License Plate Recognition camera main entrance (guard shack mounted) FIBER REPAIR Replace with new fiber cable to include EMT/Flex, Box Fittings, Box Tampers, etc. Installation labor, programming and testing required. PACS and ESS System Compliance PACS/ESS System Compliance Project A Kick-Off Meeting will be held within 10 business days after award of contract. The Contractor will supply a preliminary project plan to be used as the guideline for project development. The project plan shall identify each activity, its planned start date and duration, and any dependencies that affect the initiation or completion of each task. The project schedule shall utilize Work Breakdown Structure (WBS) as this defines and groups the projects discrete work elements that organize and defines the total scope of work for the project. The project schedule shall incorporate at a minimum, all tasks and elements that are identified in the Statement of Work. After the initial review of the preliminary project schedule, The Contractor shall deliver a formalized project schedule to the CO, CS, PM and COR within 10 days after project kick-off. The Contractor shall update the project schedule weekly to reflect actual progress and shall submit to the CO, CS, PM and COR. Installation Preparation The Contractor shall investigate and acquire all permits required by Federal, State, Municipal, and/or local code requirements for fire alarm, electrical, alarm and hazardous material. The Contractor shall develop all supporting documentation required for obtaining necessary permits and provide documentation to permitting authorities. The Contractor shall notify the CO, CS, PM and COR prior to the start of the project any conditions that may impact the project, equipment and schedule. The Contractor shall coordinate scheduling of all work at the site with the COR and VA site lead. The Contractor shall follow all Federal and VA Rules of Conduct. Firearms, smoking, alcoholic beverages, illegal drugs, fighting, horseplay, and cursing on VA property by Contractor personnel are not allowed; shall not be tolerated; and may result in complete contract termination for cause. The Contractor shall leave the site at the end of the day removing all trash and debris created by the removal of existing PACS/ESS and installation of the new PACS/ESS. Every VA site will be treated with care for infection control. The Contractor shall consult with the VA POC to verify the removal and disposal of any existing security devices that need removal. The Contractor shall dispose of all electronic equipment via an authorized electronics recycler. The Contractor may not propose significant deviations from the equipment locations noted on the design document unless the VA identifies and verifies design flaws or when functional improvements will be realized which result from such deviations and are reviewed and accepted by the VA. The Contractor shall document in their design submission all such changes to the design documents that accommodate the program and functional requirements defined herein. The CO will approve in writing the changes that are acceptable to the VA. The VA will provide the Contractor sample drawings of most, but not all building spaces. The VA sample drawings will be in Portable Document Format (PDF) and are intended to be used as reference documents only. The Contractor may use these reference drawings to identify the locations of the doors, door position switches, locks, request-to-exit (RTE) devices, PIV smart card readers, workstations, report printers and server locations. The Contractor shall develop, subject to in-depth coordination and approval by the COR, the complete design of all aspects of the project including the final locations of all equipment, and testing of the equipment to ensure all pieces of equipment are operational, and function according to manufacturer s specifications. The Contractor shall provide the CO, CS, PM and COR 90% design drawings within 45 days of contract award. Facility Access The installation plan shall specify any tasks that require access to VA facilities outside normal working hours. Tasks that interfere with, or disrupt, VA operations shall be scheduled before or after normal working hours. Work outside normal working hours shall be approved by and coordinated with VA at least two weeks in advance and is subject to VA approval. The Contractor is required to pre coordinate access and escorts (as applicable). The physical project will not begin until an agreed upon access plan is presented to the COR with agreement between the local site and the Contractor. The Contractor is responsible for identifying any higher access requirement that may be levied by the local facility. (This information is typically governed by local the Facility Chief Information Officer.) Equipment Acquisition The Contractor shall procure all PACS/ESS Server and related equipment and software to provide a complete Server replacement accord to the contract specifics. (The equipment must be procured within the most recent VA Office of Information Technology standard upon initiating the physical installation.) (E.G. No new old stock will be used just in time procurement is essential.) The PACS/ESS IT equipment must mirror what is in use at the site. The Contractor shall possess manufacturer s certification for the proposed PACS/ESS. [Typically, this is known as Value Added Reseller designation] The Contractor shall ensure that each PACS/ESS software and hardware component is the latest version released by their manufacturer and shall include al field engineering changes and/or software updates at time of project completion. The Contractor shall ensure that all PACS/ESS software and hardware components include all features and capabilities provided by the manufacturer for those products in support of VA requirements. Storage Space on site should be expected to be limited or non-existent in some buildings. Therefore, the Contractor shall be prepared for all required storage for equipment and materials prior to and during installation Inspections and Acceptance The Contractor shall perform incoming inspections and tests as required to ensure that the equipment and software are complete, functional, and in compliance with manufacturer specifications prior to beginning installation. This shall include all parts and components that are required to replace existing inoperative or missing equipment as identified in the proposed design. The Contractor shall perform all actions necessary to correct or replace defective components and materials prior to installation. Procurement Records The Contractor shall maintain records that document the receipt and inspection of all equipment components/software for the project and provide these records which shall include: packing slips, product nomenclature, serial number(s), and quantity and develop an equipment receiving report containing all information. The Contractor shall deliver this equipment receiving report to the COR and VA POC after each phase of the equipment procurement and comprehensive equipment receiving report at project completion. The Contractor shall develop and deliver to the COR, a manufacturing BOM that specifies each piece of equipment, software component and its associated labor factor. The Contractor shall deliver the BOM to the COR prior to equipment acquisition and the COR will review and approve the BOM after receipt within five days. Photographic Documentation The Contractor shall provide to the COR, electronic photographic documentation, in JPEG format, minimum of 1600 x 1200 pixels, of the installation demonstrating that all components have been installed in accordance with the Statement of Work. The Contractor shall provide, on a monthly basis, photographic documentation during the installation/testing phase of the project. The Contractor shall format and label the photographic documentation and annotate all photographs with appropriate text to enable easy recognition of features, locations, and devices. If the Contractor s photographs fail to provide sufficient clarity to clearly identify all components, the Contractor shall provide higher quality photographs that clearly show all components. The Contractor shall not post any VA physical security system pictures, drawings or documents on a non-VA web or ftp site. The Contractor shall send photographic documentation via E-mail, or via upload to the VA-supplied secure portal. The COR will provide access to the Contractor to the VA secure portal. System Functionality and Performance Requirements The Contractor shall be responsible for ensuring that the remediation provided is designed and configured in such a manner to meet manufacturer specifications and FIPS 201-1/2 requirements, and is acquired, installed, and configured to meet, at a minimum, the requirements identified in the VA Physical Access Control Requirements document and VA Master Construction Specifications Division 28 Electronic Safety and Security. Access control will be determined by the Contractor during the assessment. The Contractor is the sole entity responsible for ensuring the entire system is 99% reliable. Additionally, the vendor is singularly required to ensure that ALL of the supporting licenses are valid for a minimum of one year after the final certificate of completion. (a) Functionality. The Contractor shall support all functions provided by the existing access control system except where specifically approved by VA. The Contractor shall specifically identify any features supported by the currently installed systems that will not be adequately addressed by the proposed design and will identify alternatives for addressing those features. Examples of such functions might include automatic data transfer to data warehouses, automatic transfer of employee data and photographs to other systems, or external interfaces with visitor pre-registration and management systems. The intent of this requirement is to ensure that VA facilities maintain the operationally functionality provided by their existing PACS/ESS after the replacement, upgrade, or modification work performed under this Statement of Work. (b) Performance. The Contractor shall provide performance that is, at a minimum, comparable to the existing system or that is specified in the VA Physical Access Control Requirements document and VA Master Construction Specifications Division 28 Electronic Safety and Security, tailored to the specific facility. Performance specifications include (i) number of cardholders supported, (ii) number of secured areas supported, (iii) number of readers supported, (iv) card holder throughput rate, (v) amount of history data retained, (vi) length of battery operation, and (vii) reliability, operational availability, and maintainability characteristics, (viii) data interchange rates and responsiveness with external systems including, but not limited to, the Identity Management System (IDMS) and/or PIV Issuance System. (c) System Scope. The Contractor shall provide access control functionality at every door, turnstile, vehicle gate, or other controlled entry/exit portal that is controlled by the existing access control system except where specifically excluded by VA. In addition, the system shall provide intrusion detection monitoring that is equivalent to the existing installed system. VA may identify additional access control requirements and/or intrusion detection monitoring requirements during the design phase of this project, which the Contractor shall mark as additional need and include in the system replacement/upgrade/modification activities, subject to additional funding in accordance with prices established in this contract. The Contractor shall identify all components of the proposed design, their quantities, and their applications. Related Systems The Contractor shall specify its design for interconnecting with any systems that are connected to, or interoperate with, the existing access control system except where specifically directed otherwise by VA. This shall also include the capability to easily integrate the facility system into a larger Enterprise PACS/ESS environment as well as interfaces with VA s IDMS and/or PIV Issuance System. The Contractor s design approach will address all characteristics of the interface including cable and connectors, data link protocols, operating system and network configurations, and software application interfaces. This will not include non-access systems such as fire control or other alert systems. Power The Contractor shall specify its design approach for providing primary and redundant power to system components. The Contractor shall identify where existing power components will be reused and describe any resulting impact on the operation of the existing PACS/ESS during the installation of the replacement, modified, or upgraded PACS/ESS. The Contractor shall identify requirements for additional facility power, if required, and shall identify its proposed approach for installing additional power. If the Contractor proposes to re-use existing batteries, he/she shall warrant the operation for the same length of time as new equipment that he/she installs. Batteries that do not meet safety requirements may not be re-used, and the Contractor shall remove and dispose of such batteries. Definition and Dependencies The installation plan shall describe the specific tasks that the Contractor will perform and the dependencies among these tasks. The plan shall include a schedule that reflects these dependencies and the resources available for performing the work. These tasks will be defined at a level of detail that provides visibility on a weekly basis, at a minimum. Coordination with Smart Card Distribution VA employees and Contractors may need to retain legacy access control cards that are compatible with the existing PACS until this PACS replacement/modification/upgrade is completed. The Contractor shall coordinate migration from legacy cards to the new FIPS 201-1 smart cards with facility representatives. Transition Approach This plan shall specifically identify the approach for transitioning from the installed system to the upgraded/replacement system in a manner that minimizes disruption to VA facilities and maintains security. The plan shall identify, in particular, how cardholder, configuration, and history event data will be migrated to the new/upgraded system and how new data or modifications to data are accurately reflected in both the existing PACS/ESS and the replacement/upgraded/modified PACS/ESS with minimal redundant data entry. Security The Contractor shall include provisions for minimizing disruption to VA s facilities during the installation/upgrade activities. It shall specifically include provisions for maintaining an acceptable level of security during this project. The installation plan shall specifically describe how the installation of new/upgraded hardware and/or software will be performed such that security is maintained at the existing level without requiring additional security operations personnel. Support from Other Organizations The installation plan shall identify and describe all support required from the VA, VA Contractors, or other organizations not under the direct control of the Contractor. The installation schedule shall include specific milestones that identify where inputs from external organizations or VA are required and shall identify the Contractor tasks that will be adversely affected by delays in such support. Software Data Conversion The Contractor may have to assist with the import of cardholder data as required to populate the access control system cardholder database. The primary source of credential data are the cardholder s PIV cards. Additional data may or may not be available from VA s IDMS and/or PIV Systems. The Contractor shall extract other cardholder and equipment configuration data, such as demographics, access rights, and door schedules, from the existing access control system. Data conversion may require a manual re-enrollment of employees and affiliates of the facility. The vendor should be prepared to propose a methodology to support VA staff with equipment and personnel to make this happen. System Configuration The Contractor shall identify and enter all configuration data into the PACS Server and other related equipment that are required to specify the installed equipment configuration or other parameters required to operate the system. The Contractor shall make backup copies of all configuration data and shall provide these backups, and instructions for using them, to restore the system in the event that the configuration is corrupted to the VA COR. The VA shall have administrator privileges for the operating system for the PACS server. The Contractor shall assign administrator and operator log-on for each PACS workstation. The FSR shall have PACS application administrator privileges. The site operator log-on shall allow the operator to view, acknowledge and reset only their controlled devices. The site administrator log-on shall have the ability to make changes to all controlled devices. All administrator/operator logon and actions shall be recorded in the PACS database and logged. Contractor Testing The Contractor will test and verify that all devices, configurations, power, and operating systems are in good high performance working order before any closure of the site project. The Contractor shall develop missing performance criteria and submit them to the COR, for review and approval, 2 weeks prior to the commencement of formal testing. Four weeks prior to testing, the Cont...
Links ()
Attachments ()
Data sourced from SAM.gov.
View Official Posting »