Professional Documents
Culture Documents
Statement of Work
1.0 GENERAL
The U.S. Department of Homeland Security (DHS) Science & Technology Directorate (S&T)
Office of the Chief Information Officer (OCIO) focuses on providing the tools, technologies, and
knowledge products for the nation’s Homeland Security Enterprise. S&T strives to enable
effective, efficient, and secure operations across all homeland security missions by applying
scientific, engineering, analytics, and innovative approaches to deliver timely solutions in support
of DHS's mission.
The S&T OCIO supports S&T by providing the right people, technology, property, security, and
processes. S&T includes approximately 2000 staff in Washington, D.C. and laboratories in New
York, New Jersey, Maryland, Alabama and Florida. DHS S&T employs approximately 22 distinct
information technology (IT) Systems with currently 2000 endpoints and projects. By the end of
this period of performance, these numbers are anticipated to grow to 40 systems with
approximately 4000+ endpoints. These systems include multiple General Support Systems (or
networks), three distinct Cloud-based deployments, a presence within two Federally Funded
Research and Development Centers and a number of standalone and experimental systems
supporting Laboratory Operations.
DHS S&T OCIO requires professional technical support services to assist the organizations,
missions, functions, and objectives enabling DHS S&T to integrate innovative technology into
everyday use by the DHS operational Components. DHS S&T requires this support to maintain
and evolve its organizations.
1.1 BACKGROUND
1
RFQ 70RSAT22Q00000040 – Attachment I
Statement of Work
1.2 SCOPE
The scope of work is to support the Information Assurance Compliance function within S&T
OCIO. This contract is limited to S&T staffing only.
The Contractor shall support the S&T Chief Information Security Officer (CISO) and shall
facilitate Federal Information Security Modernization Act (FISMA, 2014) compliance for all
S&T IT systems. Compliance support, including testing and engineering services, will ensure
that all Information Systems Security Officers (ISSOs) have the necessary information
throughout the life cycle of each system. The Contractor shall ensure adherence of S&T IT
operations to all DHS rules and regulations associated with DHS Management Directive 4300
and FISMA compliance. https://www.dhs.gov/publication/dhs-4300a-sensitive-systems-
handbook.
It is anticipated that work will occur at S&T locations in Washington DC, but travel may be
needed to other S&T locations specified in Section 4.10 Place of Performance.
The base effort shall be awarded as a firm fixed price Contract Line-Item Number (CLIN).
Surge support may be required and shall be awarded as a time-and-materials CLIN. The
Contractor shall meet the performance objectives listed below in the completion of the tasks
detailed below.
and authorization cycle and authority to operate status. Analyze systems for potential
vulnerabilities that may result from improper system configuration, hardware or software
flaws, or operational weaknesses. Respond to vulnerability issues within 5 Calendar days of
occurrence. Present any security issues that are found to the system owner with an
assessment of their impact and a recommendation for mitigation or technical solution.
• Providing penetration testing and ethical hacking services in network, wireless and web
application environments; these shall include Social Engineering (including but not limited to
the ability to perform Phishing and Spear Phishing); these services should be performed
following a documented and standardized methodology. The goals and objectives for each
exercise will be determined by the S&T CISO.
• Performing static code reviews as required, based on a given system’s status within the
security assessment and authorization cycle, authority to operate status, and estimated risk
profile. Static code review includes analyzing systems for potential vulnerabilities that may
result from improper system configuration, hardware or software flaws, or operational
weaknesses. The Contractor shall also perform static code analysis on software developed
in-house and by contracted developers. The Contractor shall present any security issues that
are found to the ISSO, Compliance Officer, system owner, authorizing official, and the S&T
CISO along with an impact assessment and a recommendation for mitigation and technical
solution.
• Reviewing National Institute of Standards and Technology (NIST) publications applicable to
FISMA and other directives for applicability to the DHS IT Security Program.
• Ensuring coordination among the DHS Security Operations Center and the Information
Security Vulnerability Management Program when vulnerability assessments cross multiple
Component responsibilities.
• Ensuring DHS encryption policy is implemented and enforced and advising project managers
on the implementation of DHS encryption standards.
• Maintaining an appropriate security management posture for all S&T IT systems and assets.
• Conducting annual IT security refresher training for all S&T members (Fed and Contract).
• Coordinating cyber training for S&T personnel and other specialized admin training.
• Supporting S&T CISO continuous monitoring initiatives by collecting, compiling and
providing monthly Compliance & Testing submissions for inclusion within Cyber Scope.
2.2 Surge support may be required for all services listed in 2.1 if unanticipated support needs
arise. Surge support shall be awarded as a time-and-materials CLIN.
3
RFQ 70RSAT22Q00000040 – Attachment I
Statement of Work
The Contractor shall ensure that the contractually required level of support for this requirement is
maintained at all times. The Contractor shall ensure that all contract support personnel are
available for all hours of the workday. If for any reason the Contractor staffing levels are not
maintained due to vacation, leave, appointments, etc., and replacement personnel will not be
provided, the Contractor shall provide e-mail notification to the Contracting Officer’s
Representative (COR) prior to employee absence. Otherwise, the Contractor shall provide a
fully qualified replacement.
Below is a listing of anticipated Key Personnel required for fulfillment of this contract.
Before replacing any individual designated as Key by the Government, the Contractor shall
notify the Contracting Officer no less than 14 days in advance, submit written justification for
replacement, and provide the name and qualifications of any proposed substitute(s). All
proposed substitutes shall possess qualifications equal to or superior to those of the Key person
being replaced, unless otherwise approved by the Contracting Officer. The Contractor shall not
replace Key Personnel without approval from the Contracting Officer. Key Personnel shall not
be assigned by the Contractor as a key personnel on any other contract for this requirement. The
following Contractor personnel are designated as Key for this requirement.
Contractor employees visiting Government facilities shall wear an identification badge that, at a
minimum, displays the Contractor name, the employee’s photo, name, clearance-level and badge
expiration date. Visiting Contractor employees shall comply with all Government escort rules
and requirements. All Contractor employees shall identify themselves as Contractors when their
status is not readily apparent and display all identification and visitor badges in plain view above
the waist at all times
4
RFQ 70RSAT22Q00000040 – Attachment I
Statement of Work
Contractor employees working on-site at Government facilities shall wear a Government issued
identification badge. All Contractor employees shall identify themselves as Contractors when
their status is not readily apparent (in meetings, when answering Government telephones, in e-
mail messages, etc.) and display all identification and visitor badges in plain view above the
waist at all times.
Contractor’s employees shall comply with all applicable Government regulations, policies, and
procedures including, but not limited to the following: e.g., fire, safety, sanitation, environmental
protection, security, “off limits” areas, wearing of parts of DHS uniforms (Badges), and
possession of weapons) when visiting or working at Government facilities. The Contractor shall
ensure Contractor employees present a professional appearance at all times and that their conduct
shall not reflect discredit on the United States or the DHS. The Project Manager shall ensure
Contractor employees understand and abide by DHS established rules, regulations and policies
concerning safety and security.
The Government may, at its sole discretion, direct the Contractor to remove any Contractor
employee from DHS facilities for misconduct or security reasons. Removal does not relieve the
Contractor of the responsibility to continue providing the services required under the contract.
The Contracting Officer will provide the Contractor with a written explanation to support any
request to remove an employee.
4.1 Security
The contract requires access to sensitive information. Homeland Security Acquisition Regulation
(HSAR) 15-01 Safeguarding of Sensitive Information (March 2015) and HSAR 15-01
Information Technology Security and Privacy Training (March 2015) apply to this requirement.
DHS may exercise full control over granting, denying, withholding, or terminating unescorted
access to DHS facilities, DHS systems, and/or sensitive DHS information for government/con-
tract employees. Access will be based upon the results of a DHS fitness/suitability investigation.
DHS may, as appropriate, make favorable entry of duty (EOD) decision based on preliminary
security checks. The favorable EOD decision would allow the government/contract employee to
commence work temporarily prior to the completion of the full investigation. The granting of a
favorable EOD decision shall not be considered as assurance that a full DHS fitness/suitability
5
RFQ 70RSAT22Q00000040 – Attachment I
Statement of Work
authorization will follow. The granting of a favorable EOD decision or a full DHS fitness/suita-
bility authorization determination shall in no way prevent, preclude, or bar the withdrawal or
termination of any such access by DHS, at any time during the term of the contract. No
employee of the Government/Contractor shall be allowed unescorted access to a DHS facility,
access to any sensitive DHS information, or access to DHS Systems without a favorable EOD
decision or DHS fitness/suitability determination by the DHS HQ Office of Security.
Government/contract employees assigned to the contract not needing access to sensitive DHS
information, DHS systems, or access to DHS facilities will not be subject to DHS
fitness/suitability screening. Government/contract employees waiting for an EOD decision may
not begin work on the contract. Limited access to DHS facilities is allowable prior to the EOD
decision if the government/contract employee is escorted by an approved DHS employee. This
limited access is to allow government/contract employees to attend briefings, nonrecurring
meetings, and begin transition work. During one’s limited access, the government/contract
employee will not have access to sensitive or classified DHS information.
Work on this contract cannot be performed unless the contractor personnel assigned to the labor
categories are cleared at the appropriate levels.
A DD Form 254 with a facility security clearance level of Secret that gives the Quoter the ability
to hold clearances for its employees up to and including Secret will be completed and
incorporated into the contract. The Quoter will not need to store classified information at its
facility.
Prior to performing work, all contractor personnel must complete the suitability check process.
All contractor personnel must execute non-disclosure agreements (NDAs, DHS Form 11000-6).
While contractor personnel are on-boarding and going through the suitability check process, the
Contractor shall submit weekly reports to the COR indicating the progress, status, and action
items for each individual going through the suitability check. The COR will further specify the
format and due dates for the reports at award.
All work performed under this contract should be considered unclassified unless specified
otherwise. When classified work is required, DHS will provide specific guidance to the
Contractor. The Contractor shall adhere to all applicable government laws, regulations, orders,
guides, and directives pertaining to Secret, Sensitive But Unclassified, For Official Use Only
(FOUO), or personally identifiable information. The Contractor shall safeguard Sensitive But
6
RFQ 70RSAT22Q00000040 – Attachment I
Statement of Work
The Contractor shall establish and implement appropriate administrative, technical, and physical
safeguards to ensure the security and confidentiality of classified and sensitive government
information, data, and/or equipment. If contractor personnel are ever uncertain about the
handling or treatment of any information or data, they shall consult the COR.
All contractor personnel will be required to receive DHS Security Awareness Training and IT
system rules of behavior training when performance commences, and thereafter. Contractor
personnel with significant security responsibilities may be required to receive specialized
training. All personnel who access government IT systems will be monitored in their use. Any
unauthorized access, sharing of passwords, or other questionable security procedures should be
reported to the local Security Office or ISSO.
Contractor personnel assigned to work at DHS S&T facilities may be issued a proximity pass
that permits unescorted entry to the facilities without going through a daily visitor access
process. Contractor personnel may also be granted certain other privileges such as email
accounts and access to DHS information systems.
Contractor employees assigned to work at DHS S&T facilities shall obtain a government
contractor identification card. The application for the card will be obtained through the COR or
as directed by the Contracting Officer. The Contractor shall provide the COR written notice
when all IDs have been processed and received. This card is in addition to contractor provided
IDs. This access shall be provided solely at the discretion of DHS, and may be revoked or
withdrawn at any time, without notice or cause, by the COR or Contracting Officer. The
Contractor shall report in writing to the COR to request termination of personnel access to DHS
facilities, email accounts, and information systems if:
• At any time during the term of this contract, contractor personnel issued a DHS pass or
granted access to DHS email or any other DHS information system no longer require
any further access; and/or
• At the completion, expiration, or termination of any such contract where access has been
granted. Contractor personnel will be considered not to require access to DHS facilities
for work performance upon expiration of this contract.
The Contractor shall prepare and maintain a roster of its employees (both former and current)
that have had government IDs issued in their names at any time during the term of this contract.
This roster shall be submitted monthly, prior to the last day of each month, to the COR, or on
request by the COR. The Contractor may submit this report with the monthly progress report.
Each contractor employee shall have the ID in his/her possession at all times when in the
government facility. Contractor employees shall surrender the card to the COR or issuing office
7
RFQ 70RSAT22Q00000040 – Attachment I
Statement of Work
at the end of employment, upon completion of this contract, or upon expiration of the form,
whichever is sooner.
Contractor personnel must report the loss of a government ID as soon as possible to the COR or
issuing office. Report the same day if lost during duty hours and by 9:00 a.m. the next workday
if lost during non-working hours. A temporary badge and access can be provisioned if required.
4.5 Encryption
All encryptions shall be Federal Information Processing Standards (FIPS) 197 Advanced
Encryption Standard (AES) that has been FIPS 140-2 verified.
In performing this requirement, the Contractor shall abide by the following requirement, set forth
in DHS Management Directive 4300A:
Components shall divide and separate duties and responsibilities of critical IT system functions
among different individuals to minimize the possibility that any one individual would have the
necessary authority or system access to be able to engage in fraudulent or criminal activity.
Independent Validation and Verification is but one critical systems function that needs to be
performed by a provider (either government or contractor) other than the system designer-
developer-operator.
4.7 Public Health Security and Bioterrorism Preparedness Response Act Requirements
All contractor personnel shall be subject to certain sections of the Public Health Security and
Bioterrorism Preparedness Response Act of 2002. Specifically, as part of the suitability check
process each contractor employee must complete a Federal Bureau of Investigation background
check information form (OMB No. 1110-0039). Each contractor employee will be required to
complete a training covering his or her responsibilities under the Act.
Section 508 of the Rehabilitation Act, as amended by the Workforce Investment Act of 1998
(P.L. 105-220) (codified at 29 U.S.C. § 794d) requires that when Federal agencies develop,
procure, maintain, or use information and communications technology (ICT), it shall be
accessible to people with disabilities. Federal employees and members of the public with
disabilities must be afforded access to and use of information and data comparable to that of
Federal employees and members of the public without disabilities.
All products, platforms and services delivered as part of this work statement that, by definition,
are deemed ICT shall conform to the revised regulatory implementation of Section 508
Standards, which are located at 36 C.F.R. § 1194.1 & Appendix A, C & D, and available at
https://www.gpo.gov/fdsys/pkg/CFR-2017-title36-vol3/pdf/CFR-2017-title36-vol3-part1194.pdf.
8
RFQ 70RSAT22Q00000040 – Attachment I
Statement of Work
In the revised regulation, ICT replaced the term electronic and information technology (EIT)
used in the original 508 standards. ICT includes IT and other equipment.
Exceptions for this work statement have been determined by DHS and only the exceptions
described herein may be applied. Any request for additional exceptions shall be sent to the
Contracting Officer and a determination will be made according to DHS Directive 139-05,
Office of Accessible Systems and Technology, dated November 12, 2018 and DHS Instruction
139-05-001, Managing the Accessible Systems and Technology Program, dated November 20,
2018, or any successor publication.
9
RFQ 70RSAT22Q00000040 – Attachment I
Statement of Work
format, the Contractor shall demonstrate conformance to the applicable Section 508 standards
(including WCAG 2.0 Level A and AA Success Criteria) by conducting testing using the DHS
Trusted Tester for Web Methodology Version 5.0 or successor versions, and shall ensure testing
is conducted by individuals who are certified by DHS on version 5.0 or successor versions (e.g.,
“DHS Certified Trusted Testers”). The Contractor shall provide the Trusted Tester Certification
IDs to DHS upon request. Information on the DHS Trusted Tester for Web Methodology
Version 5.0, related test tools, test reporting, training, and tester certification requirements is
published at https://www.dhs.gov/trusted-tester.
4.8.1.9. When developing or modifying electronic documents and forms provided in a Microsoft
Office or Adobe PDF format, the Contractor shall demonstrate conformance to the applicable
Section 508 standards (including WCAG Level A and AA Level 2.0 Success Criteria) by
conducting testing using the test methods published under “Accessibility Tests for Documents”
at https://www.dhs.gov/compliance-test-processes.
4.8.1.10. When developing or modifying ICT deliverables that contain the ability to
automatically generate electronic documents and forms in Microsoft Office and Adobe formats,
or when the capability is provided to enable end users to design and author web based electronic
content (i.e., surveys, dashboards, charts, data visualizations, etc.), the Contractor shall
demonstrate the ability to ensure these outputs conform to the applicable Section 508 standards
(including WCAG 2.0 Level A and AA Success Criteria). The Contractor shall demonstrate
conformance by conducting testing and reporting test results based on representative sample
outputs. For outputs produced as Microsoft Office and Adobe PDF file formats, the Contractor
shall use the test methods published under “Accessibility Tests for Documents”, which are
published at https://www.dhs.gov/compliance-test-processes. For outputs produced as web
based electronic content, the Contractor shall use the DHS Trusted Tester for Web Methodology
Version 5.0, or successor versions. This methodology is published at
https://www.dhs.gov/trusted-tester.
4.8.1.11. Contractor personnel shall possess the knowledge, skills and abilities necessary to
address the accessibility requirements in this work statement.
4.8.2 Section 508 Deliverables
4.8.2.1. Section 508 Test Plans: When developing or modifying ICT pursuant to this contract,
the Contractor shall provide a detailed Section 508 Conformance Test Plan. The Test Plan shall
describe the scope of components that will be tested, an explanation of the test process that will
be used, when testing will be conducted during the project development life cycle, who will
conduct the testing, how test results will be reported, and any key assumptions.
4.8.2.2. Section 508 Test Results: When developing or modifying ICT pursuant to this contract,
the Contractor shall provide test results in accordance with the Section 508 Requirements for
Technology Services provided in this solicitation.
4.8.2.3. Section 508 Accessibility Conformance Reports: For each ICT item offered through this
contract (including commercially available products, and solutions consisting of ICT that are
developed or modified pursuant to this contract), the Offeror shall provide an ACR to document
conformance claims against the applicable Section 508 standards. The ACR shall be based on
the Voluntary Product Accessibility Template Version 2.0 508 (or successor versions). The
template can be found at https://www.itic.org/policy/accessibility/vpat. Each ACR shall be
completed by following all of the instructions provided in the template, including an explanation
of the validation method used as a basis for the conformance claims in the report.
10
RFQ 70RSAT22Q00000040 – Attachment I
Statement of Work
4.8.2.4. Other Section 508 Documentation: The following documentation shall be provided upon
request for ICT items offered through this contract:
• Documentation of features provided to help achieve accessibility and usability for
people with disabilities.
• Documentation on how to configure and install the ICT item to support accessibility.
• Documentation of core functions that cannot be accessed by persons with disabilities.
• Documentation of remediation plans to address non-conformance to the Section 508
standards
In accordance with DHS Management Directive 142-02, Information Technology being planned,
designed, developed, and maintained for the DHS S&T, its customers, and/or with DHS data,
shall be:
• Aligned with DHS and/or S&T Federal Enterprise Architecture (EA). All solutions and
services shall meet DHS EA policies, standards and procedures.
• In compliance with appropriate Office of Management and Budget (OMB) Circulars,
including but not limited to OMB Circulars A-11 and A-130 as implemented by the S&T
CIO.
• In compliance with Federal Regulations including but not limited to the E-Government
Act (including Privacy Impact Assessment), Paperwork Reduction Act, FISMA, and
Section 508 of the Rehabilitation Act of 1973, per the 1998 Amendments, and the
Architectural and Transportation Barriers Compliance Board’s Electronic and
Information Technology Accessibility Standards at 36 CFR 1194.
• In compliance with DHS Management Directives including 0007.1, 4010.2, 1400,
4300.1, (and 4300A), 4900, and others as appropriate.
All solutions and services shall meet DHS EA policies, standards and procedures. Specifically,
the Contractor shall comply with the following DHS EA requirements:
• All developed solutions and requirements shall be compliant with the DHS EA.
• All IT hardware and software shall be compliant with the DHS EA Technical Reference
Model (TRM) Standards and Products Profile.
• Description information for all data assets, information exchanges and data standards,
whether adopted or developed, shall be submitted to the Enterprise Data Management
Office (EDMO) for review, approval and insertion into the DHS Data Reference Model
and EA Information Repository.
• Development of data assets, information exchanges and data standards will comply with
the DHS Data Management Policy MD 103-01 and all data-related artifacts will be
developed and validated according to DHS data management architectural guidelines.
• Applicability of Internet Protocol Version 6 (IPv6) to DHS-related components
(networks, infrastructure, and applications) specific to individual acquisitions shall be in
accordance with the DHS EA (per OMB Memorandum M-05-22, August 2, 2005)
regardless of whether the acquisition is for modification, upgrade, or replacement. All
EA-related component acquisitions shall be IPv6 compliant as defined in the U.S.
Government Version 6 (USGv6) Profile (National Institute of Standards and Technology
11
RFQ 70RSAT22Q00000040 – Attachment I
Statement of Work
The primary place of performance is the S&T headquarters located in the National Capital
Region. Additional performance sites for some tasks are listed in Table 2 below. The
Government may add additional places of performance over the life of the contract.
4.11 Telework
Telework may be allowed under this contract as authorized by the COR. Full time telework is
currently allowed for most employees due to COVID-19 restrictions, but full time telework is not
anticipated on a permanent basis. Remote work is not allowed under this contract. Employees
should be based in the National Capital Region.
The standard DHS S&T business day is 8:00 AM to 5:00 PM, Monday through Friday. All
Contractor personnel shall work for eight hours during the business day not including lunch or
other breaks (for example, an employee working 8:00 AM to 4:00 PM is working an eight-hour
day; if a half-hour lunch is to be included, the hours would be extended to 8:00 AM to 4:30 PM).
These eight work hours must be spent performing work under the contract. Certain work may be
performed offsite during COVID-19 restrictions. The COR may approve deviations from the
standard eight-hour day and work locations.
12
RFQ 70RSAT22Q00000040 – Attachment I
Statement of Work
4.13 Travel
Travel, both within and outside of the local area, may be required, including to the S&T
laboratories. The meaning of local travel within the Washington DC metropolitan area is defined
by the General Services Administration (GSA); it will not be reimbursed. All travel is subject to
advance Government approval, by the Contracting Officer or COR. Approved travel outside of
the defined local area will be reimbursed in accordance with the limits set forth in FAR Part 31
and the Federal Travel Regulation (FTR). This travel expense shall not be burdened with profit
or fee, overhead, or G&A.
Basic facilities such as workspace and associated operating requirements (e.g., phones, desks,
utilities, computers, and consumable and general-purpose office supplies) will be provided to the
Contractor personnel working in S&T’s office in Washington, D.C. and the labs. Parking
facilities are not provided; however, several commercial parking facilities are located near
S&T’s office.
All system documentation will be provided to the Contractor at the kick-off meeting. All system
documentation shall be returned to the COR in accordance with the end of the contract.
Information provided on the government furnished encrypted IronKey is considered GFI and
shall be returned to the Government, with the return of the IronKey.
4.17 Invoicing
13
RFQ 70RSAT22Q00000040 – Attachment I
Statement of Work
The period of performance (including options) is 5 years starting September 1, 2022. The base
period will be September 1, 2022 to March 31, 2023, followed by four full year option periods
and a 5-month option period for an overall period of performance of 9/1/2022-8/31/2027.
5.0 DELIVERABLES
The Contractor shall provide all deliverables electronically, unless otherwise specified, directly
to the COR. The Contractor shall deliver all technical reports and all code or other data
developed under this SOW, along with the appropriate documentation, to the COR as they are
completed, and as directed by the COR to others including to the S&T CIO.
All deliverables become the property of the Government and may not be further disseminated
without prior written approval from DHS.
Table 3
Description Format Due Date
Compliance Kick-Off Meeting to be held at S&T Meeting 5 business days after award
headquarters
Hold Transition Planning Meeting with Incumbent Word or as directed by the 15 business days after award
Contractor and Prepare Transition Strategy COR
Weekly reports including a summary of all Word or as directed by the Weekly
Contractor work performed, a breakdown of labor COR
hours by labor category (for T&M awards), all
direct costs by line item, an assessment of
technical progress, schedule status, any travel
conducted, and any Contractor concerns or
recommendations for the previous reporting
period.
Monthly reports including a summary of all Word or as directed by the Monthly
Contractor work performed, a breakdown of labor COR
hours by labor category, all direct costs by line
item, an assessment of technical progress, schedule
status, any travel conducted, and any Contractor
concerns or recommendations for the previous
reporting period.
Project Plans for major tasks or groups of tasks to Could include but not As directed by COR
include but not limited to: Security Control limited to Word, Excel, MS
Assessment, Auditing of Systems, Code Analysis Project, Power BI, Maestro,
and testing, Penetration Testing, FISMA JIRA, Tableau or as directed
Compliance Reporting, Phishing Exercises, by the COR
Software Exception/TRM Services, and Security
Operation Center (SOC) Services (for 24/7 ops)
Agendas for meetings Word 3 business days before
meeting
Official Meeting Minutes Word; posted on intranet at Within 1-2 business days after
direction of COR meeting
Project Initiation Documentation Word, PowerPoint, or MS As directed by COR
Project
FISMA Compliance Report Word; posted on intranet at Monthly
direction of COR
14
RFQ 70RSAT22Q00000040 – Attachment I
Statement of Work
15