Accessibility Information

Users of assistive technologies such as screen readers should use the following link to activate Accessibility Mode before continuing: Learn more and Activate accessibility mode.

National Tobacco Education Campaign

Solicitation Number: 2012-N-14321
Agency: Department of Health and Human Services
Office: Centers for Disease Control and Prevention
Location: Procurement and Grants Office (Atlanta)
  • Print


There have been modifications to this notice. To view the most recent modification/amendment, click here
Combined Synopsis/Solicitation
Added: May 25, 2012 11:56 am Modified: Jun 28, 2012 10:25 amTrack Changes
This amendment is to provide revised Attachment 2- PWS deleting Oral Presentation technical evaluation criteria and adding Expert Recommendations for CDC's Consideration.  

This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in FAR 12.6, as supplemented with additional information included in this notice. In conjunction with FAR 12.6, the government intends to use the policies and procedures in accordance with FAR 15 Contract By Negotiation. This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will not be issued. Solicitation No. 2012-N-14321 is issued as a request for proposal (RFP). This solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-51. This procurement is Total Small Business Set-Aside. The associated NAICS code 541890. The total period of performance under this contract shall be base period of 12 months with two (2) option periods twelve (12) months each. This is a Firm-Fixed-Price contract with not to exceed travel line item. The resultant contract will be funded using Prevention and Public Health Funds (PPHF). Additional PPHF reporting as required per Health and Human Services Acquisition Regulation (HHSAR) clause 352.204-16 is incorporated in full text.
The purpose of the National Tobacco Education Campaign is to educate the public about the harmful effects of tobacco use and encourage smokers to quit. Our objectives will be to raise awareness of the health consequences of tobacco use; encourage cessation of tobacco products; and to direct people to free resources to help them quit. This campaign will support and reinforce the messages delivered by state and community media campaigns. The primary target audience for this campaign is the adult smoker ages 18-54. Secondary audiences include adult and young adult non-smokers, parents, family members, and adolescents. Coordinated mass media, public and private sector partnerships, and earned and social media strategies are core elements of the campaign.
This is a Performance Base Award. The main purpose of this contract is to conduct a paid national media campaign which will run for three to six months (per performance period). The contractor should describe in its proposal a strategy for implementing a paid national media campaign, recognizing that with limited funds available, an emphasis would need to be placed on leveraging media dollars to the greatest extent possible and considering the best ratio of national to localized placement. Contractors are encouraged to include budgets for the costs of running a 12- vs. 24-week buy (3 vs. 6 month campaign) in all 200+ designated market areas (DMAs).
The contractor shall develop up to fifteen (15) ad packages (5 in the Base year, 5 in Option period one and 5 in Option period two) that may target particular underserved populations at high risk for tobacco use. For the purposes of this contract, an ad package refers to the comprehensive development of an ad concept, with at least one execution in these mediums: television, radio, print, out of home, and digital executions. Note that certain executions will have multiple variations in sizes, etc. The contractor is also free to propose additional creative ad assets.
For the campaign to be successful, a thorough understanding of the target audiences, the health behaviors promoted, and the barriers and motivators for the target audiences taking action is essential. This understanding will inform the placement of media, facilitate the development of messages, and enhance the campaign strategies and tactics that resonate with the target audiences. Contractors are encouraged to be creative and offer their best ideas to CDC.
The following attached documents are an integral component of this synopsis/solicitation:
1. Attachment 1- Contract Line Items
2. Attachment 2- Performance Work Statement
3. Attachment 3- Quality Assurance Surveillance Plan

Your submission should include three separate proposals: technical, business and past performance. Evaluation of Offeror's proposals shall occur in a two stage process. In Stage One, the offeror's written technical and business proposals will be evaluated based on the criteria listed below. After initial evaluation, and for the purposes of efficiency, the Government may elect to establish a competitive range limited to those Offerors that are the most highly rated, based only on the Offeror's written technical and business proposal.
In Stage Two, Offerors in the Competitive Range will be invited to participate in Oral presentations. During this stage the Offeror's Oral Presentation will be evaluated and the scoring thereof added to the Offeror's written proposal (Stage One score) to form the overall rating for the Offeror. Past Performance will be evaluated for all offerors in the Competitive Range on performance documentation or any other pertinent information available to the Government.
This contract will be awarded to the Offeror whose proposal is considered to be the best value to the Government, price and other factors considered. For purposes of this evaluation, technical factors are more important than price in making the award determination. The Government will not make an award at a higher overall cost to the Government to achieve only slightly superior performance.
Quality Assurance Surveillance
The contractor evaluation of this contract will be subject to the terms and conditions of the Quality Assurance Surveillance Plan (QASP) per attachment 3. The QASP is a Government developed document and the purpose is used to ensure that the Government receives quality services, and pays only for services actually provided. The QASP provides a systematic method to evaluate the services the Contractor is required to furnish. The QASP includes a Performance Requirement Summary, which will be used to gauge the Contractor's commitment to successful performance, its willingness to stand behind its products and services during the course of the contract, as well as its confidence and ability to perform.
Part I: Technical Proposal:
The Contractor shall limit the technical proposal to 50 single-sided pages (not including appendices and exhibits), 8 1/2 by 11 inch paper of 12-point font. Pages exceeding the specified limit will be removed and not forwarded for evaluation. The narrative plan must include a technical approach & plan of operation, staffing & management work plan, proposed deliverables, and key deadline dates. In addition, the Contractor must provide a description of corporate qualifications and past/similar experience to demonstrate the company's ability to successfully complete assignments of comparable size and complexity.
Proposals which merely offer to conduct a program in accordance with the requirements of the Government's statement of work will not be eligible for award. The technical proposal should be in as much detail as considered necessary to reflect a clear understanding of the nature of the work being undertaken.
The technical proposal must not contain reference to cost; however, resource information, such as data concerning labor hours and categories, materials, subcontracts, etc., must be contained in the technical proposal so that the Offeror's understanding of the work can be evaluated. For purposes of the requirements set forth under this contract, the evaluation will be based upon the following criteria in descending order of importance:
Criteria Value of criteria
Similar Experience-40%
Technical Approach and Plan of Operation-30%
Staffing and Management Plan-20%
Expert Recommendations for CDC consideration -10% 
Total value of criteria:100%
Part II: Business Proposal
The business proposal shall include the total price for the entire project, and shall be broken down by the task activities as set forth in the performance work statement. Pricing shall be a firm fixed priced, with a not to exceed Travel Line Item. The price should be included as an appendix in an Excel spreadsheet itemized per task including cost for any subcontracted work. Budgets, staff hours, and other direct costs should be organized around the tasks and related deliverables described in the PWS. Offerors shall propose a payment schedule based on completion of defined milestones or specified deliverables in accordance with the PWS.
Part III: Past Performance

The Government will evaluate the quality of the Offeror's past performance as it relates to accomplishing the requirements of the Statement of Work. Evaluation of past performance will be a subjective assessment based on a consideration of all relevant facts and circumstances. By past performance, the Government means the Offeror's record of conforming to specifications and standards of good workmanship; the Offeror's record of forecasting and controlling costs; the Offeror's adherence to contract schedules and terms, including the administrative aspects of performance; the Offeror's reputation for reasonable and cooperative behavior and commitment to customer satisfaction; and generally, the Offeror's business-like concern for the interest of the customer and the degree of quality of deliverables and performance
A list of no more than three (3) most current (within the last 5 years), relevant contracts and/or subcontracts (completed or currently in progress) for the prime offeror and any subcontractors (3 each for prime and significant subcontract(s)). Contracts listed may include those entered into with the Federal Government, agencies of state and local governments and commercial customers. The offeror shall provide the following information for each reference cited in the Corporate Experience section of the Technical Proposal. Include the following information for each contract/subcontract:
1) Name of Contracting Activity
2) Contract Number
3) Contract Type
4) Total Contract Value
5) Contract Description
6) Contracting Officer Name, Email and Telephone Number

FAR Clauses

All FAR clauses and provisions can be obtained at
FAR 52.212-1 Instructions to offerors -- Commercial Items
FAR 52.212-4 Contract Terms and Conditions - Commercial Items
FAR52.212-5 Contract Terms and Conditions Required to Implement Statutes or Executive Orders Commercial Items apply to this acquisition.

The following FAR clauses identified in FAR 52.212-5 are applicable to this acquisition; 52.219-27 Notice of Total Service-Disabled Veteran-Owned Small Business Set-Aside; 52.222-3 Convict Labor; 52.222-19 Child Labor - Cooperation with Authorities and Remedies; 52.222-21 Prohibition of Segregated Facilities; 52.222-26 Equal Opportunity; 52.222-50 Combating Trafficking in Persons; 52.232-36 Payment by Third Party (May 1999); 52.225-1 Buy American Act-Supplies; 52.225-13, Restrictions on Certain Foreign Purchases; 52.232-33 Payment by Electronic Funds Transfer Central Contractor Registration (CCR), 52.246-2 Inspection of Supplies-Fixed-Price.
FAR 52.212-3 Offeror Representations and Certifications - Commercial Items applies to this solicitation. The contractor shall either complete the on-line Offeror Representations and Certifications or return a completed copy of the Offeror Representations and Certifications with their quotation. The Online Reps and Certs Application Representations and Certifications Application (ORCA) can be found at, or a hard copy of the provision may be attained from
The Consolidated Appropriations Act, 2012 Pub L112-74 and the Consolidated and Further Continuing Appropriations Act, Pub L. 112-55 prohibit covered agencies from using funds to enter into contracts with corporation that have unpaid federal tax delinquencies or certain felony convictions unless certain conditions are met.
(a) The Offeror represents that:
1. It is [ ] is not [ ] a corporation that was convicted of a felony criminal violation under a Federal or State law within the preceding 24 months.
It is [ ] is not [ ] a corporation that has any unpaid Federal tax liability that has been assessed, for which all judicial and administrative remedies have been exhausted or have lapsed, and that is not being paid in a timely manner pursuant to an agreement with the authority responsible for collecting the tax liability.
FAR 52.219-14 Limitations on Subcontracting (NOV 2011)
(a) This clause does not apply to the unrestricted portion of a partial set-aside.
(b) Applicability. This clause applies only to-
(1) Contracts that have been set aside or reserved for small business concerns or 8(a) concerns;
(2) Part or parts of a multiple-award contract that have been set aside for small business concerns or 8(a) concerns; and
(3) Orders set aside for small business or 8(a) concerns under multiple-award contracts as described in 8.405-5 and 16.505(b)(2)(i)(F).
(c) By submission of an offer and execution of a contract, the Offeror/Contractor agrees that in performance of the contract in the case of a contract for-
(1) Services (except construction). At least 50 percent of the cost of contract performance incurred for personnel shall be expended for employees of the concern.
(2) Supplies (other than procurement from a nonmanufacturer of such supplies). The concern shall perform work for at least 50 percent of the cost of manufacturing the supplies, not including the cost of materials.
(3) General construction. The concern will perform at least 15 percent of the cost of the contract, not including the cost of materials, with its own employees.
(4) Construction by special trade contractors. The concern will perform at least 25 percent of the cost of the contract, not including the cost of materials, with its own employees.
(End of clause)
FAR 52.221-41 Service Contract Act of 1965 (Nov 2007)
Applicable Service Contract Act Wages (Jul 1999)

The attached Wage Determination, No. 2005-2134 dated 06/13/2011 specifies hourly rates of wages that shall be paid to all employees performing work required under this contract. These rates have been determined by the Secretary of Labor in accordance with the provisions of the Service Contract Act of 1965, as amended.
(End of Clause)
FAR 52.217-8 Option to Extend Services (Nov 1999)

The Government may require continued performance of any services within the limits and at the rates specified in the contract. These rates may be adjusted only as a result of revisions to prevailing labor rates provided by the Secretary of Labor. The option provision may be exercised more than once, but the total extension of performance hereunder shall not exceed 6 months. The Contracting Officer may exercise the option by written notice to the Contractor within 60 days.
FAR 52.217-9 Option to Extend the Term of the Contract (Mar 2000)

(a) The Government may extend the term of this contract by written notice to the Contractor within 30 days; provided, that the Government gives the Contractor a preliminary written notice of its intent to extend at least 60 days before the contract expires. The preliminary notice does not commit the Government to an extension.
(b) If the Government exercises this option, the extended contract shall be considered to include this option clause.
(c) The total duration of this contract, including the exercise of any options under this clause, shall not exceed 60 months.
(End of Clause)
52.227-17 Rights in Data-Special Works (DEC 2007)
(a) Definitions. As used in this clause-
"Data" means recorded information, regardless of form or the media on which it may be recorded. The term includes technical data and computer software. The term does not include information incidental to contract administration, such as financial, administrative, cost or pricing, or management information.
"Unlimited rights" means the rights of the Government to use, disclose, reproduce, prepare derivative works, distribute copies to the public, and perform publicly and display publicly, in any manner and for any purpose, and to have or permit others to do so.
(b) Allocation of Rights.
(1) The Government shall have-
(i) Unlimited rights in all data delivered under this contract, and in all data first produced in the performance of this contract, except as provided in paragraph (c) of this clause.
(ii) The right to limit assertion of copyright in data first produced in the performance of this contract, and to obtain assignment of copyright in that data, in accordance with paragraph (c)(1) of this clause.
(iii) The right to limit the release and use of certain data in accordance with paragraph (d) of this clause.
(2) The Contractor shall have, to the extent permission is granted in accordance with paragraph (c)(1) of this clause, the right to assert claim to copyright subsisting in data first produced in the performance of this contract.
(c) Copyright-
(1) Data first produced in the performance of this contract.
(i) The Contractor shall not assert or authorize others to assert any claim to copyright subsisting in any data first produced in the performance of this contract without prior written permission of the Contracting Officer. When copyright is asserted, the Contractor shall affix the appropriate copyright notice of 17 U.S.C. 401 or 402 and acknowledgment of Government sponsorship (including contract number) to the data when delivered to the Government, as well as when the data are published or deposited for registration as a published work in the U.S. Copyright Office. The Contractor grants to the Government, and others acting on its behalf, a paid-up, nonexclusive, irrevocable, worldwide license for all delivered data to reproduce, prepare derivative works, distribute copies to the public, and perform publicly and display publicly, by or on behalf of the Government.
(ii) If the Government desires to obtain copyright in data first produced in the performance of this contract and permission has not been granted as set forth in paragraph (c)(1)(i) of this clause, the Contracting Officer shall direct the Contractor to assign (with or without registration), or obtain the assignment of, the copyright to the Government or its designated assignee.
(2) Data not first produced in the performance of this contract. The Contractor shall not, without prior written permission of the Contracting Officer, incorporate in data delivered under this contract any data not first produced in the performance of this contract and that contain the copyright notice of 17 U.S.C. 401 or 402, unless the Contractor identifies such data and grants to the Government, or acquires on its behalf, a license of the same scope as set forth in paragraph (c)(1) of this clause.
(d) Release and use restrictions. Except as otherwise specifically provided for in this contract, the Contractor shall not use, release, reproduce, distribute, or publish any data first produced in the performance of this contract, nor authorize others to do so, without written permission of the Contracting Officer.
(e) Indemnity. The Contractor shall indemnify the Government and its officers, agents, and employees acting for the Government against any liability, including costs and expenses, incurred as the result of the violation of trade secrets, copyrights, or right of privacy or publicity, arising out of the creation, delivery, publication, or use of any data furnished under this contract; or any libelous or other unlawful matter contained in such data. The provisions of this paragraph do not apply unless the Government provides notice to the Contractor as soon as practicable of any claim or suit, affords the Contractor an opportunity under applicable laws, rules, or regulations to participate in the defense of the claim or suit, and obtains the Contractor's consent to the settlement of any claim or suit other than as required by final decree of a court of competent jurisdiction; and these provisions do not apply to material furnished to the Contractor by the Government and incorporated in data to which this clause applies.
(End of clause)
HHS Clauses
HHSAR 352.203-70 Anti-Lobbying (MAR 2012)
Pursuant to the current HHS annual appropriations act, Public Law 112-74, except for normal and recognized executive-legislative relationships, the Contractor shall not use any HHS contract funds for:
• Publicity or propaganda purposes
• the preparation, distribution, or use of any kit, pamphlet, booklet, publication, electronic communication, radio, television, or video presentation, designed to support or defeat the enactment of legislation before the Congress or any State or local legislature or legislative body or designed to support or defeat any proposed or pending regulation, administrative action, or order issued by the executive branch of any State or local government itself
• Paying the salary or expenses of the Contractor, or agent acting for the Contractor, related to any activity designed to influence the enactment of legislation, appropriations, regulation, administrative action, or Executive order proposed or pending before the Congress or any State government, State legislature or local legislature or legislative body, other than normal and recognized executive-legislative relationships or participation by an agency or officer of a State, local or tribal government in policymaking and administrative processes within the executive branch of that government.

The prohibitions above shall include any activity to advocate or promote any proposed, pending or future Federal, State or local tax increase, or any proposed, pending, or future requirement for, or restriction on, any legal consumer product, including its sale or marketing, including, but not limited to, the advocacy or promotion of gun control.

352.204-16 Prevention and Public Health Fund- Reporting Requirements (MAR 2012)

(a) Pursuant to Public Law 112-74, FY2012 Labor, HHS and Education Appropriations Act, Sec. 220, this contract requires the contractor to provide products and/or services that are funded from the Prevention and Public Health Fund (PPHF), Public Law 111-148, sec. 4002. Section 220(a)(5) requires each contractor to report on its use of these funds under this contract. These reports will be made available to the public.

(b) Semi-annual reports from the Contractor for all work funded, in whole, or in part, by the PPHF, are due no later than 20 days following the end of each six-month period. The six-month reporting periods are January through June and July through December. The first report is due no later than 20 days after the end of each reporting period. If applicable, the Contractor shall submit its final report for the remainder of the contract period no later than 20 days after the end of the reporting period in which the contract ended.

(c) The Contractor shall provide the following information in electronic and 508 compliant format to the Contracting Officer.
(1) The Government contract and order number, as applicable.

(2) The amount of the PPHF funds invoiced by the contractor for the reporting period and the cumulative amount invoiced for the contract or order period.

(3) A list of all significant services performed or supplies delivered, including construction, for which the contractor invoiced in the reporting period.

(4) Program or project title, if any.

(5) The Contractor shall report any subcontract funded in whole or in part with PPHF funding, that is valued at $25,000 or more. The Contractor shall advise the subcontractor that the information will be made available to the public. The Contractor shall report

(i) Name and address of the subcontractor.

(ii) Amount of the subcontract award.

(iii) Date of the subcontract award.

(iv) A description of the products or services (including construction) being provided under the subcontract.

352.237-73 Non-Discrimination in Service Delivery (MAR 2012)

It is the policy of the Department of Health and Human Services that no person otherwise eligible will be excluded from participation in, denied the benefits of, or subjected to discrimination in the administration of HHS programs and services based on non-merit factors such as race, color, national origin, religion, sex, gender identity, sexual orientation, or disability (physical or mental). By acceptance of this contract, the contractor agrees to comply with this policy in supporting the program and in performing services called for under this contract. The contractor shall include this clause in all sub-contracts awarded under this contract for supporting or performing the specified program and services. Accordingly, the contractor shall ensure that each of its employees, and any sub-contractor staff, is made aware of, understands, and complies with this policy.

(End of clause)

HHSAR 352.239-70 Standard for Security Configurations (Oct 2009)

(a) The Contractor shall configure its computers that contain HHS data with the applicable Federal Desktop Core Configuration (FDCC) (see and ensure that its computers have and maintain the latest operating system patch level and anti-virus software level.

Note: FDCC is applicable to all computing systems using Windows XPTM and Windows VistaTM, including desktops
and laptops--regardless of function--but not including servers.

(b) The Contractor shall apply approved security configurations to information technology (IT) that is used to process information on behalf of HHS. The following security configuration requirements apply:
Approved security configurations are identified in NIST checklists ( or contained in a DoD DISA security technical implementation guide or security checklist If CDC specific security configuration requirements are later determined to apply, they will be provided subsequent to contract award and incorporated by contract modification.

Note: The Contracting Officer shall specify applicable security configuration requirements in solicitations and contracts based on information provided by the Project Officer, who shall consult with the OPDIV/STAFFDIV Chief Information Security Officer.

(c) The Contractor shall ensure IT applications operated on behalf of HHS are fully functional and operate correctly on systems configured in accordance with the above configuration requirements. The Contractor shall use Security Content Automation Protocol (SCAP)-validated tools with FDCC Scanner capability to ensure its products operate correctly with FDCC configurations and do not alter FDCC settings--see The
Contractor shall test applicable product versions with all relevant and current updates and patches installed. The Contractor shall ensure currently supported versions of information technology products meet the latest FDCC major version and subsequent major versions.

(d) The Contractor shall ensure IT applications designed for end users run in the standard user context without requiring elevated administrative privileges.
(e) The Contractor shall ensure hardware and software installation, operation, maintenance, update, and patching will not alter the configuration settings or requirements specified above.

(f) The Contractor shall (1) include Federal Information Processing Standard (FIPS) 201-compliant (see, Homeland Security Presidential Directive 12 (HSPD-12) card readers with the purchase of servers, desktops, and laptops; and (2) comply with FAR Subpart
4.13, Personal Identity Verification.

(g) The Contractor shall ensure that its subcontractors (at all tiers) which perform work under this contract comply with the requirements contained in this clause.

(End of clause)

HHSAR 352.239-71 Standard for Encryption Language (Oct 2009)

(a) The Contractor shall use Federal Information Processing Standard (FIPS) 140-2-compliant encryption (Security Requirements for Cryptographic Module, as amended) to protect all instances of HHS sensitive information during storage and transmission. (Note: The Government has determined that HHS information under this contract is considered ``sensitive'' in accordance with FIPS 199, Standards for Security Categorization of Federal Information and Information Systems, dated February 2004.)

(b) The Contractor shall verify that the selected encryption product has been validated under the Cryptographic Module Validation Program (see to confirm compliance with FIPS 140-2 (as amended). The Contractor shall provide a written copy of the validation documentation to the Contracting Officer and the Contracting Officer's Technical Representative.

(c) The Contractor shall use the Key Management Key (see FIPS 201, Chapter 4, as amended) on the HHS personal identification verification (PIV) card; or alternatively, the Contractor shall establish and use a key recovery mechanism to ensure the ability for authorized personnel to decrypt and recover all encrypted information (see The Contractor shall notify the Contracting Officer and the Contracting Officer's Technical Representative of personnel authorized to decrypt and recover all
encrypted information.

(d) The Contractor shall securely generate and manage encryption keys to prevent unauthorized decryption of information in accordance with FIPS 140-2 (as amended).

(e) The Contractor shall ensure that this standard is incorporated into the Contractor's property management/control
system or establish a separate procedure to account for all laptop computers, desktop computers, and other mobile devices and portable media that store or process sensitive HHS information.

(f) The Contractor shall ensure that its subcontractors (at all tiers) which perform work under this contract comply with the requirements contained in this clause.

(End of clause)

HHSAR 352.239-72 Security Requirements for Federal Information Technology Resources (Oct 2009)

(a) Applicability. This clause applies whether the entire contract or order (hereafter ``contract''), or portion thereof,
includes information technology resources or services in which the Contractor has physical or logical (electronic) access to, or operates Department of Health and Human Services (HHS) system containing, information that directly supports HHS' mission. The term ``information technology (IT)'', as used in this clause, includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software,
firmware and similar procedures, services (including support services) and related resources. This clause does not apply to national security systems as defined in FISMA.

(b) Contractor responsibilities. The Contractor is responsible for the following:
(1) Protecting Federal information and Federal information systems in order to ensure their--
(i) Integrity, which means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity;
(ii) Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and.
(iii) Availability, which means ensuring timely and reliable access to and use of information.
(2) Providing security of any Contractor systems, and information contained therein, connected to an HHS network or operated by the Contractor, regardless of location, on behalf of HHS.
(3) Adopting, and implementing, at a minimum, the policies, procedures, controls, and standards of the HHS Information Security Program to ensure the integrity, confidentiality, and availability of Federal information and Federal information systems for which the Contractor is responsible under this contract or to which it may otherwise have access under this contract. The HHS Information Security Program is outlined in the HHS Information Security Program Policy, which is available on the HHS Office of the Chief Information Officer's (OCIO) Web site.

(c) Contractor security deliverables. In accordance with the timeframes specified, the Contractor shall prepare and submit the following security documents to the Contracting Officer for review, comment, and acceptance:
(1) IT Security Plan (IT-SP)--due within 30 days after contract award. The IT-SP shall be consistent with, and further detail the approach to, IT security contained in the Contractor's bid or proposal that resulted in the award of this contract. The IT-SP shall describe the processes and procedures that the Contractor will follow to ensure appropriate security of IT resources that are developed, processed, or used under this contract. If the IT-SP only applies to a portion of the contract, the Contractor shall specify those parts of the contract to which the IT-SP applies.
(i) The Contractor's IT-SP shall comply with applicable Federal laws that include, but are not limited to, the Federal Information Security Management Act (FISMA) of 2002 (Title III of the E-Government Act of 2002, Public Law 107-347), and the following Federal and HHS policies and procedures:
(A) Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, Appendix III, Security of Federal Automated Information Resources.
(B) National Institute of Standards and Technology (NIST) Special Publication (SP) 800-18, Guide for Developing Security Plans for Federal Information Systems, in form and content, and with any pertinent contract Statement of Work/Performance Work Statement (SOW/PWS) requirements. The IT-SP shall identify and document appropriate IT security controls consistent with the sensitivity of the information and the requirements of Federal Information Processing Standard (FIPS) 200, Recommended Security Controls for Federal Information Systems. The Contractor shall review and update the IT-SP in accordance with NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems and FIPS 200, on an annual basis.
(C) HHS-OCIO Information Systems Security and Privacy Policy.
(ii) After resolution of any comments provided by the Government on the draft IT-SP, the Contracting Officer shall accept the IT-SP and incorporate the Contractor's final version into the contract for Contractor implementation and maintenance. On an annual basis, the Contractor shall provide to the Contracting Officer verification that the IT-SP remains valid.
(2) IT Risk Assessment (IT-RA)--due within 30 days after contract award. The IT-RA shall be consistent, in form and content, with NIST SP 800-30, Risk Management Guide for Information Technology Systems, and any additions or augmentations described in the HHS-OCIO Information Systems Security and Privacy Policy. After
resolution of any comments provided by the Government on the draft IT-RA, the Contracting Officer shall accept the IT-RA and incorporate the Contractor's final version into the contract for Contractor implementation and maintenance. The Contractor shall update the IT-RA on an annual basis.
(3) FIPS 199 Standards for Security Categorization of Federal Information and Information Systems Assessment (FIPS 199 Assessment)--due within 30 days after contract award. The FIPS 199 Assessment shall be consistent with the cited NIST standard. After resolution of any comments by the Government on the draft FIPS 199 Assessment, the Contracting Officer shall accept the FIPS 199 Assessment and incorporate the Contractor's final version into the contract.
(4) IT Security Certification and Accreditation (IT-SC&A)--due within 3 months after contract award. The Contractor shall submit written proof to the Contracting Officer that an IT-SC&A was performed for applicable information systems--see paragraph (a) of this clause. The Contractor shall perform the IT-SC&A in accordance with the HHS Chief Information Security Officer's Certification and Accreditation Checklist; NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems; and NIST SP 800-53, Recommended Security Controls for Federal Information Systems. An authorized senior management official shall sign the draft IT-SC&A and provide it to the Contracting Officer for review, comment, and acceptance.
(i) After resolution of any comments provided by the Government on the draft IT-SC&A, the Contracting Officer shall accept the IT-SC&A and incorporate the Contractor's final version into the contract as a compliance requirement.
(ii) The Contractor shall also perform an annual security control assessment and provide to the Contracting Officer verification that the IT-SC&A remains valid. Evidence of a valid system accreditation includes written results of:
(A) Annual testing of the system contingency plan; and
(B) The performance of security control testing and evaluation.

(d) Personal identity verification. The Contractor shall identify its employees with access to systems operated by the Contractor for HHS or connected to HHS systems and networks. The Contracting Officer's Technical Representative (COR) shall identify, for those identified employees, position sensitivity levels that are commensurate with the responsibilities and risks associated with their assigned positions. The Contractor shall comply with the HSPD-12 requirements contained in ``HHS-Controlled Facilities and Information Systems Security'' requirements specified in the SOW/PWS of this contract.

(e) Contractor and subcontractor employee training. The Contractor shall ensure that its employees, and those of its subcontractors, performing under this contract complete HHS-furnished initial and refresher security and privacy education and awareness training before being granted access to systems operated by the Contractor on behalf of HHS or access to HHS systems and networks. The Contractor shall provide documentation to the COR evidencing that Contractor employees have completed the required training.

(f) Government access for IT inspection. The Contractor shall afford the Government access to the Contractor's and subcontractors' facilities, installations, operations, documentation, databases, and personnel used in performance of this contract to the extent required to carry out a program of IT inspection (to include vulnerability testing), investigation, and audit to safeguard against threats and hazards to the integrity, confidentiality, and availability, of HHS data or to the protection of information systems operated on behalf of HHS.

(g) Subcontracts. The Contractor shall incorporate the substance of this clause in all subcontracts that require protection of Federal information and Federal information systems as described in paragraph (a) of this clause, including those subcontracts that--
(1) Have physical or electronic access to HHS' computer systems, networks, or IT infrastructure; or
(2) Use information systems to generate, store, process, or exchange data with HHS or on behalf of HHS, regardless of whether the data resides on a HHS or the Contractor's information system.

(h) Contractor employment notice. The Contractor shall immediately notify the Contracting Officer when an employee either begins or terminates employment (or is no longer assigned to the HHS project under this contract), if that employee has, or had, access to HHS information systems or data.

(i) Document information. The Contractor shall contact the Contracting Officer for any documents, information, or forms necessary to comply with the requirements of this clause.

(j) Contractor responsibilities upon physical completion of the contract. The Contractor shall return all HHS information and IT resources provided to the Contractor during contract performance and certify that all HHS information has been purged from Contractor-owned systems used in contract performance.

(k) Failure to comply. Failure on the part of the Contractor or its subcontractors to comply with the terms of this clause shall be grounds for the Contracting Officer to terminate this contract.

(End of clause)

The Defense Priorities and Allocations System (DPAS) does not apply.

Questions regarding this requirement shall be emailed to Thaddeus Rollins at by noon EST on 06/14/12. Follow-up/additional questions will not be accepted after this date. Answers to submitted questions will be posted to FedBizOpps by 06/22/12. Proposals are due noon EST on 07/20/12. Facsimile and email proposals are not authorized.

Offerors are required to submit two (2) hard copies and (3) Compact Disc (CD) copies of the technical, business and past performance proposals on separate CDs to:

Centers for Disease Control and Prevention
ATTN: Thaddeus Rollins, MS-E09
2920 Brandywine Road,
Atlanta, GA 30341-5539

Please consult the list of document viewers if you cannot open a file.

Contract Line Items

Other (Draft RFPs/RFIs, Responses to Questions, etc..)
Contract Line Items
Posted Date:
May 25, 2012
Description: Contract Line Items
Description: Performance Work Statement
Description: Quality Assurance Surveillance Plan

Amendment 1

Posted Date:
June 5, 2012
Description: Attachment 1- Contract Line Items 06-05-12
Description: Attachment 2- Performance Work Statement 06-05-12
Description: Attachment 3 - Quality Assurance Surveillance Plan 06-05-12

Responses to Questions

Other (Draft RFPs/RFIs, Responses to Questions, etc..)
Responses to Questions
Posted Date:
June 25, 2012
Description: Amendment is the responses to potential offerors questions.

Attachment 2 - PWS National Tobacco Education Campaign revised 06-28-12

Other (Draft RFPs/RFIs, Responses to Questions, etc..)
Attachment 2 - PWS National Tobacco Education Campaign revised 06-28-12
Posted Date:
June 28, 2012
Description: Attachment 2 - PWS National Tobacco Education Campaign revised 06-28-12
2920 Brandywine Road, Room 3000
Atlanta, Georgia 30341-4146
Contractor's Facility

United States
Thaddeus E Rollins,
Contract Specialist
Phone: 770-488-1971
Fax: 770-488-2778
Natasha Y Rowland,
Contracting Officer
Phone: 770-488-2601
Fax: 770-488-2671