Performance Work Statement SPAWAR 4.0 Database Applications Hardware and Software Engineering Support Services 07 May 2014

1.0 INTRODUCTION SPAWAR 4.0 Database Applications Hardware and Software Engineering Support Services 07 May 2014 The Department of the Navy, Space and Naval Warfare Systems Command (SPAWAR) 4.0 Logistics and Fleet Support Directorate is acquiring Hardware and Software Engineering services to include hardware and software maintenance for the Human Analysis and Requirements Planning System (HARPS), Technical Documentation Acquisition and Development (TDAD), SPAWAR Acquisition Integrated Logistics Online Repository (SAILOR), and SPAWAR Casualty Response Action Tracker (SCRAT) database applications. In addition, SPAWAR 4.0 is acquiring database architecture expertise, information assurance support, Technical Manual Management Program (TMMP) expertise, technical data maintenance services, customer support services, training services, and program support services. 2.0 BACKGROUND The SPAWAR 4.0 Logistics and Fleet Support Directorate provides SPAWAR corporate policies, processes, tools, leadership, and qualified resources that manage and execute Fleet support and Logistics work conducted by SPAWAR in support of Program Executive Offices, Program Managers, Navy and Joint Commands, and other customers. 2.1 SPAWAR 4.0 Applications The Human Analysis and Requirements Planning System (HARPS) is a standardized tool designed to track Human Systems Integrated requirements throughout the lifecycle of a system, including Navy Training System Plans (NTSPs), Job Task Analysis (JTA) data, and gap analysis functionality. The HARPS database provides automated business processes and workflow to collaboratively define, analyze and document demand signals for Manpower, Personnel, Training and Education (MPT&E). HARPS provides visibility for MPT&E planning and programming requirements early in a system's lifecycle, streamlining validation processes and eliminating redundancies in building acquisition documentation. The Technical Documentation Acquisition and Development (TDAD) system simplifies and communicates standards and policy for all SPAWAR programs developing, delivering and disposing of technical manuals. TDAD enables SPAWAR compliance with the Department of Navy (DON) policy that requires technical manuals be developed in Extensible Markup Language (XML) and delivered to the fleet in Portable Document Format (PDF). TDAD is also used to transfer Preliminary Issue and Final Issue technical manuals from SPAWAR programs to the Naval Systems Data Support Activity (NSDSA) for distribution to the fleet. TDAD provides the following critical functions to Navy and SPAWAR users: (1) Provides the Technical Manual Management Plan (TMMP) and 1

Technical Manual Quality Assurance Plan (TMQAP) templates; (2) Provides the forms to request a Technical Manual Contract Requirement (TMCR) number; (3) Acts as the authoritative repository for technical manuals and associated media files; and (4) Enables transfer of technical manual presentation files to SPAWAR's technical manual distribution authority, NSDSA for final distribution to fleet users. The SPAWAR Acquisition Integrated Logistics Online Repository (SAILOR) is a centralized repository that provides both classified and unclassified Final Issue technical, logistics, and configuration documentation to fleet combatants and Navy support personnel. SAILOR also provides a single point of entry to retrieve system support information for SPAWAR programs of record. The SPAWAR Casualty Response Action Tracker (SCRAT) provides near-real-time, collaborative, and validated SPAWAR C4ISR Casualty Report (CASREP) status/resolution information for Fleet, Regional Maintenance Centers (RMCs), Fleet Support Officers (FSOs), In-Service Engineering Activities (ISEAs), and ship maintenance personnel. It is a consolidated database of C4ISR CASREPs for the entire SPAWAR enterprise of products, i.e., software, hardware, and equipment components, produced and installed on U.S. Navy ships, Military Sealift Command (MSC) ships, U.S. Coast Guard (USCG) ships and vessels, U.S. Marine Corps (USMC) aircraft and vehicles, and various shore sites, e.g., Command Centers, training centers, communication stations, Navy Data Centers, Joint Command Centers, etc. 3.0 SCOPE The objective of this Task Order is to support the SPAWAR Logistics and Fleet Support Directorate by providing the full range of engineering services to maintain, modify, deploy, and sustain the HARPS, TDAD, and SAILOR development, test, and production servers, source code, documentation, technical data, and interface specifications. The Contractor shall perform engineering reviews of technical data; provide requirements analysis for maintaining the HARPS, TDAD and SAILOR database computer software; propose courses of action to resolve software changes in accordance with configuration management process; provide subject matter expertise and interact with SPAWAR stakeholders regarding HARPS, TDAD and SAILOR database performance; provide information assurance support for HARPS, TDAD, SAILOR, and SCRAT; and provide program support services. The Contractor shall also provide training services, customer support services, and testing of software releases. 4.0 APPLICABLE DOCUMENTS The Contractor shall adhere to the following documentation in accordance with paragraph 5.0, Performance Requirements: Military handbooks, instructions, standards and specifications and DoD adopted non- Government standards may be obtained in accordance with the Federal Acquisition Regulation (FAR) Subpart 52.211-2. Copies of specifications, standards, and data item descriptions cited in this solicitation, if listed in the DoD Index of Specifications and 2

Standards (DoDISS) or the Acquisition Management Systems and Data Requirements Control List, DoD 5010.12-L (Dec 2003) may be obtained from: (a) ASSIST database via the Internet at http://assist.daps.dla.mil/; (b) By submitting a request to the Department of Defense Single Stock Point (DoDSSP) Building 4, Section D, 700 Robbins Avenue, Philadelphia, PA 19111-5094 (c) https://saportal.nswc.navy.mil Document Type No./Version Title Date AMD Total Force Manpower Apr 03 Management System N12 Decision Matrix for Activity Manpower Document (AMD) Change Requests CJCSI Joint Capabilities Integration and 01 Mar 09 3170.01G Development System CJCSI 6212.01F Interoperability and Supportability of Information 21 Mar 12 Technology (IT) and National Security Systems (NSS), Manual for the Operation of the 29 Mar 12 CJCSM 3170.01C Joint Capabilities Integration and Development System Concept of Operations Version 1.0.4 Technical Document Acquisition Oct 2011 & Development (TDAD) Concept of Operations (CONOPS) DoD Directive 8570.01-M Information Assurance Workforce 19 Dec 05 Improvement Program DoD Directive 8500.01E Information Assurance 23 Apr 07 http://www.dtic.mil/whs/directive s/corres/pdf/850001p.pdf DoD Directive 4630.05 Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS) 05 May 04 Confirmed current 23 April 07 DoD Directive 5200.1r DoD Directive 5200.1r Controlled Unclassified Information, Appendix C DoD Instruction 5000.02 Operation of the Defense Acquisition System DoD Instruction 8500.2 Information Assurance (IA) Implementation http://www.dtic.mil/whs/directives/ corres/pdf/850002p.pdf 24 Feb 12 8 Dec 08 6 Feb 03 3

Document Type No./Version Title Date DoD Instruction 8510.01 DoD Information Assurance 28 Nov 07 Certification and Accreditation Process (DIACAP) http://www.dtic.mil/whs/directive s/corres/pdf/851001p.pdf DoD Instruction DoD 8570.01 Information Assurance Workforce 19 Dec 05 Improvement Program DoN Handbook Version 1.0 DON-DOD Information Assurance Certification and Accreditation Process (DIACAP) Handbook www.doncio.navy.mil/download. aspx?attachid=627 15 Jul 08 Guidebook Version 1.0 Office of the Assistant Secretary of the Navy (Research, Development and Acquisition) Guidebook for Acquisition of Naval Software Intensive Systems (available from https://acquisition.navy.mil/rda/h ome/organizations/dasns/rda_che ng) Guidebook Defense Acquisition Guidebook, Chapter 4, 8, 9 Guidebook Navy Validator Qualification Standards and Registration Guidebook (https://www.portal.navy.mil/n ETWARCOM/NavyCandA/defa ult.aspx) Handbook V1.0 Department of the Navy DoD Information Assurance Certification and Accreditation Process (DIACAP) Handbook Memorandum ASN (RD&A) Memorandum, Subject: Software Process Improvement Initiative (SPII) Guidance for Use of Software Process Improvement Contract Language Sep 08 Latest version 15 Jul 08 13 Jul 07 4

Document Type No./Version Title Date Memorandum ASN (RD&A) Memorandum, 16 Sep 08 Subject: Department of the Navy Policy for Acquisition of Naval Software Intensive Systems MIL-HDBK 61A Military Handbook 7 Feb 01 Configuration Management Guide MIL-HDBK 29612 Guidance for Acquisition of Training Data Products and Services 31 Aug 01 Certified valid 08 Jun 06 MIL-PRF 29612B Performance Specification 31 Aug 01 Training Data Products MIL-PRF 49506 Performance Specification 11 Nov 96 Logistics Management Information MPT&ECIOSWIT-ILE- 1C Integrated Learning May 09 HDBK Environment Guidebook NAVEDTRA 130B - 137 Task Based Curriculum 29 Aug 11 Development Manuals NAVMAC Navy Total Force Manpower 1 Apr 00 Requirements Handbook OPNAV P-751-1-9-97 Navy Training Requirements Documentation Manual 21 Jul 98 (NTRDM) OPNAV P-751-2-9-97 Training Planning Process 21 Jul 98 Methodology (TRPPM) Guide OPNAVINST 1500.76C Naval Training Systems 14 Aug 13 Requirements, Acquisition, and Management 11102.2 Training System Installation and 31 Oct 07 OPNAVINST Transfer OPNAVNOTE 1500 Training Transfer Agreement 07 Mar 11 Project Charter SAILOR 2.1.2.0 Project Charter 10 Mar 10 Record Message R072303Z Jun 05/NAVAD MIN 124/05 Registration of Navy Networks and Servers and Termination of Server Applications Jun 05 SECNAV Instruction Software Development Plan SECNAVINS T 5239.3B Department of the Navy Information Assurance (IA) Policy TDAD Software Development Plan (SDP) 17 Jun 09 30 Sep 11 5

Document Type No./Version Title Date Software Process ASN Software Process 16 Sep 08 Improvement Initiative Improvement Initiative (SPII) Guidance for Use of Software Process Improvement Contract Language SPAWAR Instruction 3432.100A-16 Operations Security (OPSEC) 2 Feb 05 Policy SPAWAR Instruction 4130.3 SPAWAR Life Cycle 28 Mar 13 Configuration Management Policy SPAWAR Instruction 5230.44 00P Security and Policy Review of 9 Sep 04 Information Intended for Public Release SPAWAR Instruction 5720.4CH1 (or SPAWAR Web Policy 9 Oct 02 latest edition) SPAWAR Instruction 5721.1B SPAWAR Section 508 17 Nov 09 Implementation Policy SPAWAR Instruction 5728.1 Establishment of SPAWAR 7 Aug 09 Branding Guidelines SPAWAR Instruction 4160.3C SPAWAR, PEO C4I, PEO 13 Feb 13 SPACE and PEO EIS Policy, Procedures and Responsibilities for Technical Manual Management Operations and Product/Technical Data Lifecycle Support SPAWAR Instruction 4121.1 Establishment of Policy and Use 18 Oct 12 of SPAWAR Acquisition Integrated Logistics Online Repository (SAILOR) SPAWAR Instruction 1500.1A Team SPAWAR Training 14 Jan 09 Management and Delivery Process SPAWAR Instruction 1500.2A Team SPAWAR Training 18 Aug 09 Transition Process and Milestones SPAWAR Instruction 1500.3A Team SPAWAR Manpower, 24 Feb 10 Personnel, and Training Analysis and Planning Process SPAWAR Instruction 1500.4A Team SPAWAR Performance 24 Feb 10 Solution Design Process SPAWAR Instruction 5400.3 Systems Engineering Technical 9 Oct 07 Review Process Specification Version 4.0 S1000D Specification Jan 09 6

Document Type No./Version Title Date Standard IEEE/EIA Systems and Software 2008 12207-2008 Engineering Software Lifecycle processes Standard IEEE 1058-1998 IEEE Standard for Software 1998 Project Management Plans Standard Operating TDAD Standard Operating June 12 Procedures Standard Operating Procedures Technical Design Description Technical Design Description E0005-AC-H BK-01 0/TMMP Version 2.0 Version 1.0.4 5.0 PERFORMANCE REQUIREMENTS Procedures (SOP) NAVSEA/SPAWAR TMMP Operations and Lifecycle Support Procedures USM CMC Technical Design Description Technical Document Acquisition & Development (TDAD) Technical Design Description July 00 The Contractor shall provide HARPS, TDAD and SAILOR life cycle support services in the work areas listed below. 5.1 Software Maintenance (O&MN) 5.1.1 Software Maintenance The Contractor shall implement software fixes. The Contractor shall edit the impacted system source code on the developmental server with updated source code to implement required fixes. The Contractor shall perform requirements analysis and design analysis as necessary to determine the software fix. The Contractor shall maintain Software Requirements Specifications (SRS) and drawings, and update source code using documented processes and procedures to ensure the quality and maintainability of the HARPS, TDAD and SAILOR database systems. The Contractor shall update all of the HARPS, TDAD and SAILOR database design and architecture documentation to comply with software engineering procedures. 5.1.2 HARPS, TDAD, and SAILOR Development and Production System Administration, Maintenance, and Management The Contractor shall ensure the HARPS, TDAD and SAILOR production servers configuration remain operational on the Navy Enterprise Data Center (NEDC) SPAWAR Systems Center (SSC) Pacific CLIN27 Hosting Environment (SCHE) enclave and the Extended Demilitarized Zone (edmz) environment. The Contractor shall ensure the HARPS, TDAD and SAILOR development and test server configurations remain operational on the SSC Pacific Research, Development, and Test Environment (RDT&E) as necessary for system maintenance and testing purposes. The contractor shall maintain the HARPS, TDAD and SAILOR developmental, test, and production servers including hardware/software upgrades, security patches, systems administration, and system 7

problem troubleshooting. The Contractor shall provide recommendations regarding software license renewal options as required, and include the recommendations in the Monthly Status Report (MSR) (CDRL A001). The Contractor shall provide recommendations regarding commercial software license renewal options that are available via the Navy Enterprise Licensing Agreement, Enterprise Software Initiative (ESI) (http://www.esi.mil), or GSA SmartBUY Program (http://www.gsa.gov/smartbuy) to the maximum extent possible. The Contractor shall ensure the HARPS, TDAD and SAILOR developmental server configurations remain consistent with production and test server configurations. The Contractor shall ensure the development environment is up-to-date and mirrors the test environment s technical configurations, to include hardware/software, security patches, and system accreditations. The Contractor shall execute the process and procedures in the Continuity of Operations Plan for HARPS, TDAD and SAILOR, in conjunction with NEDC as required. 5.1.2.1 The Contractor shall maintain daily incremental backups and weekly full backups for HARPS, TDAD, and SAILOR. 5.1.2.2 The Contractor shall serve as HARPS, TDAD and SAILOR Account Administrator to establish, maintain, and control user accounts. 5.1.2.3 The Contractor shall serve as HARPS, TDAD and SAILOR Systems Administrator to monitor system performance and critical system parameters on a regular basis. The Systems Administrator shall also perform software application and server configuration maintenance as needed. The Contractor shall maintain, and keep an up-todate offline users contact list. 5.1.2.4 Information Assurance Vulnerability Alerts/Bulletins (IAVAs/IAVBs) and Computer Tasking Orders (CTOs). The Contractor shall log onto the DOD Online Compliance Reporting System (OCRS) website (https://www.iava.navy.mil/ocrs/start.aspx) on a regular basis for notifications of the latest DOD IAVAs, IAVBs, and CTOs. The Contractor shall evaluate each IAVA, IAVB, and CTO for system applicability and compatibility issues. The Contractor shall work jointly with NEDC to incorporate updates to mitigate or remediate the specified vulnerabilities. The Contractor shall work jointly with NEDC to report IAVA, IAVB, and CTO compliance data directly to the OCRS by the required deadline. The Contractor shall work jointly with NEDC on Information Assurance tasks pertaining to HARPS, TDAD and SAILOR. 5.1.2.5 As required, the Contractor shall perform a software audit of the development, test and production servers, document the results, and deliver a report containing a plan to synchronize the software versions of the development, test and production services (CDRL A004). The Contractor shall execute approved actions to perform synchronization of the development, test and production servers as required. The 8

Contractor shall ensure the development, test and production servers remain synchronized. 5.1.2.6 The Contractor shall maintain a record of software licenses and associated licensing agreements, and maintain Department of the Navy (DoN) Application and Database Management System (DADMS) records for all application versions being used within the HARPS, TDAD, and SAILOR architecture (CDRL A009). The Contractor shall contact the appropriate Program Manager/License Key Holder identified in Section 15.0 for access to software licenses for the purpose of installing licenses on Government servers only in support of the efforts in this PWS, 5.1.3 Training The Contractor shall update and maintain existing training materials and user manuals for job-skills type training to enable customers to use the HARPS, TDAD and SAILOR applications. Training material and presentations shall also address the associated policies and processes for which the HARPS, TDAD, and SAILOR systems support. All training materials and user manuals required for instruction shall be developed and validated by the Contractor (CDRL A005). 5.1.4 Technical Documentation The Contractor shall update and maintain technical documentation for all of the HARPS, TDAD and SAILOR applications to reflect the current version of the architecture, ensure compliance to information assurance requirements, and maintain accurate acquisitionrelated information (CDRL A008). 5.1.5 User Support The Contractor shall provide help desk support on the use of all HARPS, TDAD and SAILOR applications in response to telephone or email contacts Monday through Friday during normal business hours. 5.1.5.1 The Contractor shall provide metrics that detail the operational usage and sustainment for each of the application systems. Metrics shall include the number of new users account creation, number of Help Desk Tickets Open and Closed, individual user s usage information, and associated detailed description including time spent repairing problems to operating software (CDRL A004). The Contractor shall assist the government in coordinating support for and providing a monthly schedule of all sustainment efforts to include cost, schedule and performance issues. 5.2 Software Modification (O&MN) 5.2.1 Engineering Analysis and Review The Contractor shall perform engineering evaluations and reviews of the existing HARPS, TDAD and SAILOR product baseline architectures, drawings, and documentation to determine where changes may be recommended to correct deficiencies, meet security/information Assurance (IA) requirements, achieve cost savings, and/or 9

improve the architecture and/or operations of the applications. The Contractor shall update the document repositories with the results of the evaluations and reviews. In support of this effort, the Contractor shall provide product evaluations, security engineering expertise, maintainability and reliability requirements reviews, recommend adequate algorithms and protocols, and operational concepts. 5.2.2 Configuration Management The Contractor shall implement a configuration management process in accordance with the Software Development Plan for the sustainment of the development, test, and production servers. In addition, the Contractor shall implement a configuration management process for the sustainment and maintenance release of software baselines, commercial-off-the-shelf software (COTS), all HARPS, TDAD and SAILOR documentation, all HARPS, TDAD and SAILOR training materials, acquisition artifacts, information assurance artifacts and technical data. The Contractor shall update existing HARPS, TDAD and SAILOR documentation to ensure compliance to acquisition, information assurance, and accuracy of the contents (CDRL A008). 5.2.2.1 As required, the Contractor shall assess Engineering Change Requests (ECRs) in accordance with the configuration management process identified in the Software Development Plan, including reviewing the ECRs, performing a technical assessment, and documenting one or more recommended technical courses of action for resolution (CDRL A004). The analysis for each ECR shall contain the following items: a. Number, Title and Priority of ECR b. Description of ECR c. Software versions affected by the ECR d. Applicability does the reported problem still exist, or should closure of the ECR be recommended e. Description of the level of effort involved to correct or implement the ECR. The Contractor shall participate in review meetings and provide technical input detailing the recommended solution(s) as required. Solutions shall be implemented on the development servers before entering the testing environment. 5.2.3 Software Modification and Testing The Contractor shall perform software modifications, configure software, perform software installation and check-out activities, and perform system administration services for the development, test, and production servers. The Contractor shall test the modified software, review the test results, and interact with stakeholders regarding their experience with the capabilities and/or features. As required, the Contractor shall implement the government-approved recommendations into the software solution on the test/production servers and field government approved code changes to the production server. 5.3 Database Modification and Maintenance (O&MN) 5.3.1 The Contractor shall perform database modifications as required to support software modifications, including database schema re-design and re-coding of database objects, including stored procedures, triggers, constraints, etc. 10

5.3.2 The Contractor shall perform database maintenance, including measuring database transaction performance, diagnosing and resolving database performance issues, performing periodic database data backup and when required, database recovery. 5.4 Information Assurance (IA) Support (O&MN) The Contractor shall conduct Certification and Accreditation (C&A) activities. The Contractor shall ensure that the HARPS, TDAD, SAILOR, and SCRAT application systems are accreditable from an IA perspective. As required, the Contractor shall provide IA technical strategies and plans. The Contractor shall provide documentation necessary to obtain IA Certification/re-C&A (e.g. DIACAP C&A Package) and lead required C&A validation and collaboration events. The Contractor shall update data repositories such as DADMS, DITPR-DON, OCRS, and emass (IATS replacement system). The Contractor shall generate and/or update metrics and reports, maintain required artifacts to ensure continued compliance to current DoD 5000 series acquisition, information assurance requirements, and SPAWAR enterprise reporting requirements (CDRL A004). 5.4.1 Federal Information Security Management Act (FISMA). The Contractor shall support SPAWAR FISMA reporting requirements, including assessment of current FISMA reporting requirements and guidance for SPAWAR. Assessments shall include review of current FISMA IT Registry reporting requirements, and shall include recommendations in coordination with SPAWAR 8.2 Information Technology Management for updates required to comply with FISMA guidance, IT registry, and FISMA reporting. The Contractor shall review and assess status of IT Registry entries and FISMA reports. The Contractor shall create a FISMA Status Report that consolidates recommended updates to the IT registry (CDRL 004). The report shall consider and address the following: Identify current FISMA reporting requirements. Assess current FISMA IT registry requirements including accreditation. Review and assess status of the annual FISMA report. Review, assess and provide monthly accreditation status. Review, assess and provide monthly security metrics status. Support SPAWAR IT registry reporting and completion of Chief Information Officer (CIO) FISMA report (including the results of Gold disk and retina security scans). The Contractor shall provide SPAWAR FISMA support in accordance with the SPAWAR Business Rules for C&A and FISMA. 5.4.2 The Contractor shall maintain the DOD Information Assurance Certification & Accreditation Process (DIACAP) package. As directed, the Contractor shall maintain the 11

DIACAP package and artifacts in the applicable databases. The Contractor shall update the artifacts as required when changes occur (CDRL A007). At a minimum, the Contractor shall perform annual reviews of the package. The Contractor shall conduct C&A validation and collaboration events as required. 5.5 TDAD Unique Requirements (Technical Support Services) (O&M, N) 5.5.1 The Contractor shall maintain and upgrade the capabilities and functionality of the Content Management Capability (CMC) application within TDAD. 5.5.1.1 The Contractor shall make recommendations to SPAWAR 4.3.3 on Unified System Manual (USM) CMC changes required to support policies and procedures on technical data, acquisition, development, and distribution in accordance with SPAWARINST 4160.3C. The Contractor shall maintain, revise, and implement requirements documentation to reflect functionality and content requests from SPAWAR 4.3.3 (CDRL A004). 5.5.1.2 The Contractor shall make recommendations to SPAWAR 4.3.3 on S1000D CMC changes required to support policies and procedures on technical data, acquisition, development, and distribution in accordance with SPAWARINST 4160.3C. The Contractor shall review and provide recommendations on SYSCOM, program of record, and DON S1000D practices and their impact on Joint Service, DON, and SPAWAR business rules, information codes and information set. The Contractor shall maintain, revise, and implement requirement documentation to reflect functionality and content requests from SPAWAR 4.3.3 (CDRL A004). 5.5.1.3 The Contractor shall maintain Data Type Definitions (DTDs), stylesheets, and applications used to develop and render SPAWAR-approved XML content chunks into a PDF technical manual. 5.5.2 The Contractor shall maintain the Technical Manual Library (TML) capability within TDAD. 5.5.2.1 The Contractor shall provide recommendations to SPAWAR 4.3.3 on TML changes required to support policies and procedures on technical data acquisition, development, and distribution in accordance with SPAWARINST 4160.3C. The Contractor shall maintain and revise requirements documentation as needed to reflect functionality and content requests approved by SPAWAR 4.3.3 (CDRL A004). 5.5.2.2 The Contractor shall maintain the TML s usability and functionality in compliance with all requirements, to include configuring Technical Manual Manager rooms to support the technical manual management activities (TMMAs) acquisition, development, delivery, and configuration management of all TDAD artifacts. 12

5.5.3 The Contractor shall provide Subject Matter Expertise (SME) in support of the Technical Manual Management Program (TMMP). The Contractor shall assess and provide input pertaining to technical data, Technical Manual Contract Requirements (TMCR), and contract statements of work in accordance with the DON Digital Data Policy, SPAWARINST 4160.3C, and the SPAWAR TMMP Operations and Lifecycle Support Procedures. 5.6 Software Engineering Approach (SPII) (O&M, N) The Contractor shall define a software development approach appropriate for the software effort to be performed under this Task Order. The term software development is meant to include new development, modification, reuse, reengineering, maintenance, and all other activities resulting in software products. This approach shall be documented in a Software Development Plan (SDP) (CDRL A006) utilizing the Data Item Description (DID) provided. The Contractor shall follow this SDP for all software to be modified or maintained under this effort. 5.7 Project Management (O&MN) The Contractor shall provide expertise to accomplish program planning and milestones. 5.7.1 Kick-Off Meeting The Contractor shall schedule and conduct a joint Government and Contractor kick-off meeting to review contract PWS requirements. The kick-off meeting may be conducted via several methods. The method of the meeting shall be determined by the government. In coordination with the Government, the Contractor shall develop and submit meeting agendas and presentation materials and prepare and submit meeting minutes (CDRL A002). 5.7.2 Project Schedule The Contractor shall deliver and maintain an integrated project schedule using Microsoft Project that shows all resource-loaded tasks through Level 2, durations, dependencies, and deliverables (CDRL A003). The Contractor shall include a section in the Monthly Status Report (MSR) any Contractor-originated suggestions for technical improvements or technical efficiencies for the HARPS, TDAD and SAILOR applications. Meeting Support. The Contractor shall support the sustainment of the HARPS, TDAD and SAILOR database systems by participating in technical reviews, SPAWAR enterprise forums, customer events, configuration control boards, and status reviews meetings (minimum 1 per work week per system, lasting an average of 1 hour.) During these meetings the Contractor shall actively participate by providing technical input to include, but not limited to, suggested courses of action for software changes, pros and cons of each option and resulting user impact(s), source code modification progress, internal testing status, configuration/integration status, and operator use of the HARPS, TDAD and SAILOR applications. 13

The Contractor shall actively participate in weekly Integrated Product Team (IPT) meetings and interact in technical discussions between programmers and the user community regarding the technical vision, tradeoffs, interface considerations, and other technical matters involving active technical reviews and evaluations. The Contractor shall support ad hoc meetings between engineers, the user community, and NEDC to ensure efficiencies in building the software updates (estimate 1 per work week per system, lasting an average of 1 hour). Project Management Reviews (PMRs). The Contractor shall conduct quarterly PMRs to discuss the technical and schedule progress of the tasks in this PWS and to establish a forum for the interchange of technical information. The Contractor shall develop agendas and minutes for the PMRs (CDRL A002). The Government will have the right to modify or add items to the PMR agenda. 5.7.3 Monthly Status Report (MSR) The Contractor shall provide, on monthly basis, a report (CDRL A001) detailing the schedule of events and the integrated cost and schedule status of work progress on the contract. The report shall be prepared for planning work, controlling costs, and generating timely, reliable and valuable information for SPAWAR 4.0. Supporting schedules detailing the sub-events required to achieve milestones in the schedule shall also be prepared and maintained. Changes to the schedule shall be highlighted, with reasons for the changes. The Contractor shall address the effect of the changes on interrelated milestones. The Contractor shall also relate technical accomplishment with cost and schedule accomplishment. The MSR shall be also briefed and discussed at any In-Process Reviews (IPRs). 5.7.4 Certification/Data Report The Contractor shall provide, on a quarterly basis, a report (CDRL A010) detailing the percentage of subcontracted labor costs. 5.8 Future Capability Experimentation and Demonstration (RDT&E) The Contractor shall support the delivery of HARPS, TDAD, and SAILOR future capability planning, management, and engineering products and services in order to support special projects experimentation, demonstration, and/or the introduction of advanced technology. The Contractor shall research, develop, test, and evaluate the proposed solution and capability and submit in accordance with CDRL A004. Upon government approval, the contractor shall implement the approved solution. 6.0 DELIVERABLES All deliverables become the property of the United States Government. The Contractor shall provide the following deliverables in accordance with the timeframes specified in the CDRL. The Contractor shall notify the COR if a proposed delivery schedule listed within a CDRL is unacceptable. If a mutually satisfactory 14

delivery schedule cannot be identified, the issue shall be referred to the Contracting Officer (CO) for resolution. Copies of all deliverables shall be provided to the COR. Deliverable CDRL Number Contractor s Progress, Status and A001 Management report Meeting Agendas/Presentation A002 Materials/Minutes Integrated Project Master Schedule A003 Technical Report - Studies/ A004 Services Training Materials A005 Software Development Plan A006 DIACAP C&A Package A007 Program Technical Documentation A008 Software License List A009 Certification Data Report A010 Subcontracting Status Report 7.0 GOVERNMENT-FURNISHED PROPERTY AND INFORMATION 7.1 Government Furnished Property (GFP) No GFP will be provided on this Task Order. 7.2 Government Furnished Information (GFI) The Government will provide required familiarization and orientation training for new tools and required processes employed in the PWS tasking that were unknown at the time of award of this PWS. 8.0 DATA All data produced or modified by the Contractor during the performance of this PWS is the property of the government and shall be marked accordingly. All data produced or modified by the Contractor during the performance of this PWS shall be marked in accordance with Appendix C of DoD Directive 5200.1R Controlled Unclassified Information. All technical data produced or modified by the Contractor during the performance of this PWS shall be marked Distribution Statement D. Distribution Authorized to Department of Defense (DoD) and U.S. DoD Contractors only. All other requests must be referred to the SPAWAR 4.0. 9.0 SECURITY REQUIREMENTS 9.1 OPSEC Requirements 15

All work is to be performed in accordance with DoD and Navy Operations Security (OPSEC) requirements and in accordance with the OPSEC attachment to the DD254. The Contractor shall adhere to the requirements in SPAWARINST 3432.1 00A-16 of 2 Feb 05 Operations Security (OPSEC) Policy including annual training requirements in paragraph 4i. The nature of this task requires access up to SECRET information. The work performed by the Contractor will include access up to SECRET data, information, and spaces. The Contractor will be required to attend meetings classified up to the SECRET level. The Contractor will be required to access to Classified, For Official Use Only (FOUO), Business Sensitive Information (BSI), Sensitive But Unclassified (SBU), Personally Identifiable Information (PII), and Controlled Unclassified Information (CUI) information. In addition, the work in this PWS will include access to classified and unclassified spaces. The Contractor shall comply with procedures established for each of the facilities as stated in the Certification and Accreditation (C&A) package. All Contractor personnel accessing the SPAWAR claimancy workspaces shall obtain and display a Common Access Card (CAC). The Contractor shall obtain a CAC (https://www.homeport.navy.mil/support/articles/obtain-cac/) with a DoD public key infrastructure (PKI) certificate (https://www.homeport.navy.mil/support/articles/cacgeneral-info/). The Contractor shall adhere to Government and program regulations, policies and procedures controlling the access of program facilities, information and systems by visitors. Contractor personnel should be aware at all times of any unusual persons or packages in their work area and immediately report those to the building security staff. If Contractor personnel become aware of any person seeking unauthorized access to Controlled Unclassified Information materials, they should immediately report this to the COR. The Contractor shall provide the Government IA and Security Team the names and pertinent information of each individual working the program, at least 2 weeks prior to their arrival or 2 weeks prior to their departure such that all security relevant program activities can occur. 9.2 Security Clearance All Contractor personnel shall be United States citizens and possess a current DoD Industrial Security Secret clearance. The work in this PWS requires access to Classified, For Official Use Only (FOUO), Business Sensitive Information (BSI), and Sensitive But Unclassified (SBU) information. In addition, the work in this PWS will include access to classified and unclassified spaces. The Contractor shall comply with such procedures as are established for each of the facilities as stated in the System Security Authorization Agreement. The Contractor shall ensure that all personnel requiring access to any DoD information system meet the minimum criteria specified in DoD 5200.2-R, DoD Personnel Security Program. As an example, Information Assurance personnel and system administrators shall be designated as ADP-II (IT-II). Current requirements are that other contractor 16

personnel assigned to this PWS shall be designated as ADP-III (IT-III). ADP-II requires a DNACI/NACI; ADPIII requires a NAC/ENTNAC. To initiate a NAC or NACI, go to the Defense Security Service website at the following address: http://www.dss.mil/epsq/patch.htm. All Contractor personnel requiring access to the Government workspaces will complete a National Agency Check (NAC). If an emergency situation exists, and the contractor requires access to the Government workspace in advance of completing the NAC, the Contractor employee may begin work with a waiver from the Contracting Officer. Completion of submission requirement for the NAC is required for waiver approval. 10.0 PLACE OF PERFORMANCE 10.1.1 As needed, the Network Engineer (SysAdmin), Database Management Specialist, and Information Engineer (IA) shall provide on-site support for the HARPS, TDAD and SAILOR servers located at the Navy Enterprise Data Center (NEDC) San Diego, on site at the Bayside facility of SSC Pacific. Network Engineer (SysAdmin) and Information Engineer (IA) shall have the capability to respond within one hour driving time of the Space and Naval Warfare Systems Center-San Diego (SSC-SD), Bayside location, when on-site system administration, hardware, or Continuity of Operations services are needed. The Contractor shall be capable of hosting the Program Management Reviews, technical reviews, and ad hoc meetings between programmers and the user community within one hour driving time of the Space and Naval Warfare Systems Command, Old Town San Diego, CA. 11.0 SPAWAR IT POLICIES The Contractor shall work with government personnel to ensure compliance with all current Navy Information Technology (IT) and Information Assurance (IA) policies, including those pertaining to the Cyber Asset Reduction and Security (CARS) effort (a Navy-wide initiative under the Naval Network Warfare Command s direction to reduce the Navy's IT SECRET and below footprint for shore-based networks by at least 51 percent by September 2010). The Contractor shall work with Government personnel to ensure that no Functional Area Manager (FAM) disapproved applications are integrated, installed or operational on Navy networks. The Contractor shall work with Government personnel to ensure that all networks, servers, or associated devices procured and/or connected to a Navy network complete DON Application and Database Management System (DADMS) and DoD IT Portfolio Registry (DADMS) registration and receive FAM approval. The Contractor shall work with Government personnel to ensure that no production systems are operational on any Research, Development, Test & Evaluation (RDT&E) 17

network. The Contractor shall follow SECNAVINST 5239.3B of 17 June 2009 & DoD 8500.2 of 6 Feb 2003 prior to integration and implementation of IT solutions or systems 11.1 Connections between SPAWAR and Contractor Facilities If there is a requirement for interconnection (e.g., link level or Virtual Private Network (VPN)) between any facilities and/or Information Systems (ISs) owned or operated by the Contractor and ISs owned or operated by USN/NMCI, such interconnection shall take place only after approval in accordance with SPAWAR Information Assurance Office. All such connections as well as the ISs connected thereto shall follow SECNAVINST 5239.3 of 17 June 2009/SPAWAR Remote Access Policy of 20 Dec 2004 and DoD 8500.2 of 6 Feb 2003. 12.0 NAVY MARINE CORPS INTRANET (NMCI) The nature of this task does not require the Contractor to procure NMCI seats for personnel working at the Contractor site. The Contractor must maintain eligibility for a Common Access Card. HARPS, TDAD and SAILOR are a web based applications hosted on the NMCI network. NMCI services and solutions at https://www.homeport.navy.mil/services/clin/ will be reviewed to determine whether any current NMCI CLIN offerings can provide the required HARPS, TDAD and SAILOR services, products, or solutions. 15.0 POINTS OF CONTACT Contracting Officer s Representative (COR): HARPS Program Manager: Janet Fuller; E-mail: janet.fuller@navy.mil; 858-537-8950 TDAD Program Manager: Elle Bergeron; E-mail: elle.bergeron@navy.mil; 619-221- 7819 SAILOR Program Manager: Elle Bergeron; E-mail: elle.bergeron@navy.mil; 619-221- 7819 SCRAT Program Manager: Tim Green; E-mail: tim.green@navy.mil; 619-221-7174 Financial Point of Contact: Marlon Smith; E-mail: marlon.smith@navy.mil; 619-221-7105 18

ATTACHMENT 1 DEFINITIONS & ACRONYMS CIO CISN CPARS CPFF DCO Defective Service Delivery Date DOD DODAF DODI ECM FFP GENADMIN GFM HARPS IEEE/EIA JCIDS Metrics SCRAT SAILOR SPAWAR OSD Performance Objective Performance Requirement Performance Standard Performance Threshold Chief Information Officer Communications, Information Systems, Contractor Performance Assessment Reporting System Cost Plus Fixed Fee Defense Connection On-Line A service output that does not meet the PWS standard of performance. The specific time of delivery and/or performance. Department of Defense Department of Defense Architecture Framework Department of Defense Instruction Enterprise Content Management Firm Fixed Price General Administrative Global Force Management Human Analysis and Requirements Planning System Electrical and Electronic Engineers/Electronic Industries Alliance (IEEE/EIA) Standard 12207 Joint Capability Integration and Development System A system of parameters or means of quantitative and periodic assessment of a process that is to be measured along with the procedures to carry out and interpret such measurement and assessment. SPAWAR Casualty Response Action Tracker SPAWAR Acquisition and Integrated Logistics Online Repository Provides contracting and acquisition support to the Navy and other various Department of Defense (DOD) organizations in the San Diego area. The acquisition and contracting support provided to Joint Staff customers span from pre-award through contract close-out. Office of the Secretary of Defense The service and/or activity required. The outcomes, or results, that lead to satisfaction of the objective(s). Establishes the performance level that the Government requires for the accomplishment of contract requirements. The standards shall be measurable and structured to permit an assessment of the Contractor s performance. Minimum acceptable level, error rate and/or deviation from standard. 19

(PWS) A detailed work statement for performance-based acquisitions that describes the required results in clear, specific and objective terms with measurable outcomes. POC Point of Contact PPBEP Quality Assurance (QA) Planning, Programming, Budgeting and Execution Process Those actions taken by the Government to assure services meet the requirements of the PWS. Quality Assurance Surveillance Plan (QASP) A document organizing how the Government will apply performance standards, the frequency of surveillance and the minimum acceptable defect rate(s). Quality Control (QC) Those actions taken by a Contractor to control the performance of services so that they meet the requirements of the PWS. Quality Control Plan (QCP) A Contractor generated document outlining and describing the performance control processes to be applied in delivering the level of service required by the PWS. RSS SOA Task Really Simple Syndication Service Oriented Architecture How the contracting effort fits within the existing or intended customer environment both technically and organizationally; a specific piece of work to be completed within a certain time period. Task Order Manager (TOM) A representative from the requiring activity assigned by the Contracting Officer to perform surveillance and to act as a liaison between the Contracting Officer and the Contractor. TDAD Technical Document Acquisition and Development WG Working Group Wide Area Work Flow (WAWF) A secure Web-based system to allow Contractors to submit electronic invoices, and provide the Government a means to electronically receipt for and accept supplies and services. 20