U.S. Department of Justice Memorandum Federal Bureau of Prisons MGC New York MGC New York 150 Park Row New York, NY 10007 September 6, 2018 MEMORANDUM CC FROM: icting Facility Manager MCC New York SUBJECT: Request to Exceed Work Order Finding Limitation MWR #8158 - Replace Camera Recorders MCC New York As described in the Facilities Operations Manual PS$4200.12, Chapter 2, Page 4, I am requesting your approval to exceed the $10,000.00 work request funding limitation for Minor Work Request (MWR) #8158. This MWR is required to replace (2) DVRs for the NICE camera system, the encoders and decoders 4s well as rack mounts and power supply, the server, purchase a recorder redundancy license for 350 channels, install 272 cameras and upgrade software for said systems. The vendor will also provide 4 hours of on-site training for operators and administrators. I certify that materials have not been ordered and construction work has not been performed on MWR #8158. MWR Estimated Cost: $800,000 Funding Decision Unit: El Estimated Staff Man Hours: 800 Estimated Start Date: December 1, 2018 Estimated Completion Date: February 9, 2019 I have included MWR #8158, Schedule of Cost Input (SCI) and Independent Government Estimate (IGE) for your reference. If you have any questions or concerns regarding this matter, please contact me directly. Se eee EFTA00141789

--=PAGE_BREAK=--

Py pe.) U.S. Department of Justice Memorandum Federal Bureau of Prisons Se MCC New York MCC New York 150 Park Row New York, NY 10007 September 6, 2018 MEMORANDUM FOR FY REGIONAL DIRECTOR NORTHEAST REGION FROM: MCC New York SUBJECT: Request to Exceed Work Request Funding Limitation MWR #8158 - Replace Camera System MCC New York It has come to my attention that the work request referenced above will require MCC New York to exceed the $10,000.00 work request funding limitation. Therefore, I am submitting this request for approval to exceed the funding limit policy. This request is submitted in accordance with the guidelines set forth in Facilities Operations Manual, PS4200.12, Chapter 2, Page 4. The statement of work for this project is as follows: This MWR is required to replace (2) DVRs for the NICE camera system, the encoders and decoders as well as rack mounts and power supply, the server, purchase a recorder redundancy license for 350 channels, install 272 cameras and upgrade software for said systems. The vendor will also provide 4 hours of on-site training for operators and administrators. been ordered and construction I certify that materials have not ro the minor work request referenced work has not been performed on above. Work Order Estimated Cost: $800,000 Funding by Decision Unit: El Estimated Staff Man-Hours: 800 Estimated Start Date: December 1, 2018 Estimated Completion Date: February 9, 2019 EFTA00141790

--=PAGE_BREAK=--

All supporting documentation is attached for your reference. If you have any further questions or concerns regarding this matter, please contact me. Attachments: SCI, IGE EFTA00141791

--=PAGE_BREAK=--

a - Schedule of Cost Input (SCI) Date ____Javaapzois Cn insetution JCC NEW YORK [category |General Repairs 1.1 Full-Time Permanent 1.5 Other Personal Compensation 2.1 Personal Benefits: Civilian 1.0 Travel and Transportation of Persons 2.0 Transportation of Things 3.2 Rental Payments to Others 3.3 Communication, Utilities and Miscellaneous Charges 4.0 Printing and Reproduction 5.0 Other Contract Services 6.0 Supplies and Materials 1.0 Minor Equipment 2.0 Land Structures Currently, MCC New York has two ninety six (96) channel DVR’s which have failed repeatedly, leaving critical areas of the institution without video coverage. There are no OEM replacement parts Current available for purchase to repair the recorders. The current recorders use obsolete technology which WLWINININRININ|N[N]eP Tele 4 c = — Conditions cannot be upgraded without upgrading equipment. They are unsupportable, unreliable, and have exceeded their life expectancy. Cameras and recorders are an essential component which supports a safe and secure environment for both inmates and staff. We propose to hire a contractor to replace two existing ninety six (96) channel DVR’s with a new three hundred fifty (350) channel NVR systems configured at 4CIF, 1SFPS to RAID 6 array for 14 days, provide a redundant recorder in a Plus (1) one configuration, replace the existing AMS server and Decoder, install two hundred seventy two (272) cameras, and provide four (4) hours total of on- site training for operators and administrators on the latest software package. a. MCC New York, 150 Park Row, NY, NY b. N/A c. N/A d. N/A e. N/A f. Quote g. Contractor, In-House h. Contractor: Communications ($767,421.25), In-House: Electrical ($325,78.75) i. N/A j. This project will comply with all FBOP Technical Design Guidelines, seismic zone requirements, environmental compliance, Life Safety, NFPA, ADA-ABA, and Federal, State, and Local codes and regulations as applicable to this project.j. Compliance has been addressed as applicable to this project, inclusive of FBOP Technical Design Guidelines, seismic zone requirements, environmental compliance, Life Safety, NFPA, ADA-ABA, and Federal, State, and Local codes and regulations. Page 1 EFTA00141792

--=PAGE_BREAK=--

Independent Government Estimate (IGE Replace Camera System Sn EFTA00141793

--=PAGE_BREAK=--

FBOP WO Tech Facility Minor Work Request 8158 NYM cM2 TO: FACILITY MANAGER (Entered by:) (Department) (Phone) (Department Hoad Signature) Sito: NYM Bullding: GEN Location: INSTITUTIO - THROUGHOUT THE Work Location: Dato Active: 4/24/2018 Status: CMPLT PriorityNo: 1 TMSNo: 8158 Facility Manager: You are authorized to perform the above work: To Foreman: CM2-Comm Tech/. J Skil Communication Signature for greater than $10,000 IF WORK ORDER WAS CREATED FROM A PM, ENTER PM WORK ORDER #: List below al materials used: Grand Total: ~___ W Applicable, ensure that the equipment has @ MWI label affixed in clear view and togibte, MWI &: C Asbestos Abatoment Is required or has been completed. Foreman’s Total Hours: 3.00 C1 FITARA process is roquired. Dato Completed: 4/24/2018 Upon complotion of work, complote form and return to the Facility Manager. Staff Signature Completion Comments: OEM, parts no longer produced by man segate contacted manufacture. All available hard drive are second hand or reman, EFTA00141794

--=PAGE_BREAK=--

U.S. Department of Justice Federal Bureau of Prisons Wishington, DC 205.44 September 14, 2018 MEMORANDUM FOR FACILITIES ADMINISTRATOR NORTHEAST REGION FROM: Facilities/ Operations SUBJECT: Request to Purchase Electronic Equipment CCTV Metropolitan Correctional Center (MCC) New York This is in response to your request for a technical review of the equipment listed below for MCC New York. As required by Facilities Operations Manual, your request to purchase Electronic Equipment that exceeds $25,000 has been reviewed and approved. For reference purposes, this document is assigned as EEA 2018-0913-b. 350) Enterprise software upgrade for video channels from pre-Net 2 -0 to Net 3.1, NV-ENT-CHVUPG-PNET2 NET31 POS 1) Enterprise software package major version upgrade for site, users and channels from NET 3.0 to Net3 .1, NV-ENT-MJVUPG -NET2X NET 3.1 4) VisionHub Smart Video Recorder 9820, 2U with internal RAID6 + Raidl 80TB net storage, NV-SVR9820-RIN 6-RIN1-80TB 11) NiceVision Encorder/Decorder rack mont kit, supporting 4 NVE/NVD 1002 (for non-XT models) , 6 NVE/NVD 1002 Power Supply (for non-XT models) , 5 NVE1008 and NVE2016 or 5 AED1016 Power Supply , NV-ED-RMKIT 22) NiceVision H.264 Encoder supporting 16 cameras at 30/25fps in 4CIF resolution includes dual NV-NVE-2016 22) NiceVision Decoder 5204 supporting up to 4 video outputs (10), NV-NVD-5204 AM 1) AMS Sever, SGT-AMS EFTA00141795

--=PAGE_BREAK=--

17) Outdoor PTZ/1080P/xX32/IP, Q6055-E 75) Corner/VANCAM/1.3MM, Q8414LVS 180) Indoor/Outdoor mini dome, 1080P, Q3515-LVE Please note that additional approval is required through the Information, Policy, and Public Affairs (IPPA) Division before purchase If you have any questions please call me, or have your staff contact EE, Telecommunication Specialist, at EFTA00141796

--=PAGE_BREAK=--

U.S. Department of Justice Federal Bureau of Prisons September 20, 2018 i st t a W k t Funding Lim e Ca a S e I Nev sy 5 y exceed ’ >| tne spe ty 1 #0 °| t eC r , a Y k } a urreé graded came t WOY isr t € ee $8 Pao er e at 1 r u 1 ther 1 , a ion ease 1 ave your staffc 4 ‘ 4 jer U ranch, at g ImMmLn1is 1 EFTA00141797

--=PAGE_BREAK=--

U.S. Department of Justice Federal Bureau of Prisons Memorandum } .) N ZN ‘ MCC New York September 11, 2019 MOD 0321-19 MOD 0002 MEMORANDUM FOR CONTRACTING Reply TO ATTN OF cility Manager SUBJECT: Modification Request Vendor: Anixter Fund Control Number: TP120240 RP Number: 1128-18 Total Amount of Current Purchase Order: $34,089.28 Requesting Amount (+/-): -$9,171.00 New Amount of Purchase Order: $24,918.28 Reason for Mod: Please remove line item 6 from modification 1 ($13,350.00) and add line item 12 from the attached quote ($4,179.00) to the purchase order. The cost per unit of several items within the quote have changed resulting in a significant difference in the purchase amounts. Please see attached quote. Please modify line item(s): Enter Enter Enter Enter Service Current Enter Unit Change in New Dollar Item No.: or Supply: Qty: Price: Qty (+/-): New Qty: Subtotal: 6 Supply 7500 $1.7800 -7500 Q -$13,350.0000 32 Supply i) --$0:560080.5572 7500 7500 $4,179.0000 0 $0.0000 0 $0.0000 RECEIVED By ER «1 9:44 am, sep 18, 2019 EFTA00141798

--=PAGE_BREAK=--

1SBNYM18FTP120240/P00002 Page 1 of 6 1. CONTRACT ID CODE AMENDMENT OF SOLICITATION/MODIFICATION OF CONTRACT GS-07F-6060R TAMENOMENTIMODIFICATION NUMBER 3 EPPECTIVE DATE @ REGUNSITIONPURCHASE REQUISITION roi: “1128-18 1SSUEO f° ERED (if offer than Rem 6) Federal Bureau of Prisons (O) 718-420-4200 Federal Bureau of Prisons | MDC Brooklyn BRO/ NE Finance Center- FCI Fort Dix P.O. Box 329001 AccountingNYM~@bop.gov NE FINANCE CENTER Brooklyn, NY 11232 BLDG 5756 HARTFORD ROAD loint B MDL. NJ 08640 & NAME AND ADDRESS OF CONTRACTOR (Mumber, street, country, state and 2° Code) SA AMENDMENT OF SOUCITATION NUMBER ANIXTER INC. Doing Business As: ANIXTER ‘98. OATED (SEE TEM 11) 2301 PATRIOT BLVD GLENVIEW, IL 60026-8020 DUNS: 047583851 NUMBER BNYMI8FTP120240 108, CATED (SEE [TEM 13) one 16236128 in 11, THIS ITEM ONLY APPLIES TO AMENDMENTS OF SOLICITATIONS [__] The above numbered solicitation is amended as set forth in tiem 14. The hour and date specified for receipt of Offers [_] senoncea, [_] ntentencea. Offers must acknowledge receipt of this emendment prior to the hour and date specified in the solicitation or as amended, by one of the following methods: (a) By completing tems 8 and 15, and returning copies of the arnendment; (b) By acknowledging receipt of this amendment on each copy of the offer submitted; or (c) By separate letter or electronic communication which includes a reference to the solicitation and amendment numbers. FAILURE OF YOUR ACKNOWLEDGMENT TO BE RECEIVED AT THE PLACE DESIGNATED FOR THE RECEIPT OF OFFERS PRIOR TO THE HOUR AND DATE SPECIFIED MAY RESULT IN REJECTION OF YOUR OFFER. if by virtue of this amendment you desire to change an offor already submitied, such change may be made by letier or electronic communication, provided each letter or electronic communication makes reference to the solicitation and this amendment, and is received prior to the opening hour and date specified. 12. ACCOUNTING AND APPROPRIATION DATA (if required) SA-2018-02-FP021452P1-2699-2018 13. THIS ITEM APPLIES ONLY TO MODIFICATIONS OF CONTRACTS/ORDERS. IT MODIFIES THE CONTRACT/ORDER NUMBER AS DESCRIBED IN ITEM 14. CHECK ONE | A THIS CHANGE ORDER IS ISSUED PURSUANT TO: (Specify euthonty) THE CHANGES SET FORTH IN ITEM 14 ARE MADE IN THE CONTRACT ORDER NUMBER IN ITEM 10A. B. THE ABOVE NUMBERED CONTR ORDER (ODIFIED TO REFLECT THE ADMINISTRATIVE CHANGES (such as changes in paying offic appropriation date, etc.) SET FORTH IN ITEM 14, PURSUANT TO THE AUTHORITY OF FAR 43.103(b). Pris SUPPLEMENTAL AGREEMENT IS ENTERED INTO PURSUANT TO AUTHORITY OF D. OTHER (Spocily type of modification and authority) x SEE BLOCK 14. E. IMPORTANT: Contractor [x] *** [sree sin i document and rum capone emg co. 14, DESCRIPTION OF AMENOMENTIMODIFICATION (Oranized by UCF section headings, including soictaton/contract subject matier where fessibie.) MODIFICATION TO DECREASE FUNDS. ORIGINAL PO: $ 34,089.28 DECREASE BY: $-9,171.00 NEW AMOUNT: $24,918.28 NO OTHER CHANGES NEEDED AT THIS TIME. Srowtes pede ae 120A. cs hesvtaheve cnenand, rometas exchanged ante fel fee ent afin. EFTA00141799

--=PAGE_BREAK=--

wne 4 5BNYM18FTP120240/P00002 Page 2 of 6 Table of Contents Description Page Number Commodity or Services Schedule... 52.232-18 Avalbiliy Of of Funds ( (Apr | 1984. List of Attachments...... sennansenanassnnass eens tennsansansnssansanestes EFTA00141800

--=PAGE_BREAK=--

15BNYM18FTP120240/P00002 Page 3 of 6 Section 2 - Commodity or Services Schedule MCC New York FIBER Quote# Q002ROBV GSA: GS-07F-6060R SCHEDULE OF SUPPLIES/SERVICES CONTINUATION SHEET ITEM NO. SUPPLIES/SERVICES = ca UNIT PRICE AMOUNT 0001 | MFR PART #CCH-OIU Previous: Previous: $3,250.65 PART+ 180626 Closet Connector Hou Black. One Rack Unit 15.000000 $216.7100 Change: $0.00 (ign (1 a Radu), Hic Holds Two js Tw ws SoH . Emon ge: 0.000000! Change: $0.0000} Current: $3,250.65 Current: Current: 15.000000 $216.7100 0002 | MFR PART + VFL-350 Previous: EA Previous: Previous: $959.96 Visual Fault Locator, 2.5 mm adapter 2,000000 $479,9800 Change: $0.00 Change: 0.000000 Change: $0.0000} Current: $959.96 (Current: 2.000000) Current: $479.9800 c003 | FCC-WIPES Previous: EA Previous: Previous: $28.44 348034 . Fiber Optic Cleaning Wipes,90 Wipes per Canister Lint free 2.000000 $14.2200 Change: $0.00 hange: 0.000000 Change: $0.0000 Current: $28.44 Current: 2.000000) Current: $14.2200 0004 | MFR PART + 2412010a1000 Previous: Bx Previous: Previous: $4,912.40 PART + CM 0042IBON-7RB-02 Multi-Conductor .Enhanced 6 Nonbonded- 20.000000 $245.6200 Change: $0.00 Pair Cables 4-pair U/UTP CMR in-Box Black hange: 0.000000 Change: $0.0000} Current: $4,912.40 Current: Current: 20,000000 $245.6200 0005 | AX103253 Previous: EA Previous: Previous: $3,780.40 PART# 371650 CAT6+ KeyConnect Patch Panel,24-port 1U, Black 20.000000 $189.0200 Change: $0.00 Change: 0.000000 Change: $0.0000} Current: $3,780.40 Current: Current: 20.000000 $189.0200 EFTA00141801

--=PAGE_BREAK=--

0011 15BNYM18FTP120240/P00002 Page 4 of 6 373-COR8.3-TBRA- : Previous: Previous: $13,350.00 CORNING-C DrSeBr31131-At 12-F 8.3/125 SMTB IN/OUT RISER1.0/1.0/0.75 DB/KM ARMORI . $1.7800 Change: ($13,350.00) FREEDM ONE Current: $0.00 2020105 Previous: $227.70 387791 om Serecen.Plece.Cet 6, RJ45,0.26" Cable Outer Diameter Change: $0.00 per Current: $227.70 100054C Previous: $186.50 408271 EZ-RJ PRO HD Crimp Toot,(Cat5 & Cat6). Clamshell Change: $0.00 Current: $186.50 MM02-BNTEC6-02 Previous: $2,676.00 BELDENENT C601100002 CBL ASSY MOD 24-4PR SOLID CAT6+ IP5 BONDED TS68AB Change: $0.00 CMR 2FT BLACK Current: $2,676.00 RS1215-20 Previous: $1,385.80 246718 aU Rack Mount Power Sxtp.120V i20V,20A,5-20P 12 Outlets (6 Front- Change: $0.00 Facing, 6-Rear-Facing) 15 Current: $1,385.80 207404 Previous: $1,498.40 CORNING-C CCH-CP12-19T 12 PORT PANEL ST SM LOADED USE WITH CCH ENCLOSURE Change: $0.00 Current: $1,498.40 FI-500 Previous: $1,833.03 810569 Fiber Optic Inspection System includes a handheld Change: $0.00 color display auto-focus inspection scope and 4 tips for LC and SC style bulkheads and 1.25 and 2.50mm patch hange: 0. - $0. Current: $1,833.03 EFTA00141802

--=PAGE_BREAK=--

15BNYM18FTP120240/P00002 Page 5 of 6 0013 | 373- COR8.3-TBRD-12 Previous: $0.00 12-F Banas $B INOUT RISER 1.0/0.75 DB/KM FREEDM ONE : Change: $4,179.00 Current: $4,179.00 ($9,171.00) $24,918.28 FUNDING DETAILS: Previous: $34,089.28 SA-2018-02-FP021452P 1-2699-2018 Change: ($9,171.00) Current: $24,918.28 CHANGE: ($9,171.00) CURRENT: $24,918.28 Smail Business Set Aside Section 3 - Contract Clauses Clauses By Full Text 5$2.232-18 Availability Of Funds (Apr 1984) Funds are not presently available for this contract, The Government's obligation under this contract is contingent upon the availability of appropriated funds from which payment for contract purposes can be made. No legal liability on the part of the Government for any payment may arise until funds are made available to the Contracting Officer for this contract and until the Contractor receives notice of such availability, to be confirmed in writing by the Contracting Officer. (End of clause) EFTA00141803

--=PAGE_BREAK=--

15BNYM18FTP120240/P00002 Page 6 of 6 | Section 4 - List of Attachments No Clauses EFTA00141804

--=PAGE_BREAK=--

LIMITED-SOURCES JUSTIFICATION IAW FAR 8.4 13.106-3 1. REQUIRING AGENCY: DOJ/Bureau of Prisons. MCC New York, 150 Park Row, New York, NY 10007 2. NATURE/DESCRIPTION OF ACTION: Limited Sources Justification in accordance with FAR 8.405-6(a)(1)(A) and 13.106-3(b)(3)(i), Urgent and Compelling Need 3. DESCRIPTION OF SUPPLIES OR SERVICES REQUIRED TO MEET THE AGENCY'S: The Agency requires two (2) Nicevision Professional Smart Video Recorder Digital Video Systems to be supplied and installed at MCC New York. This requirement includes the provision of all equipment and labor for the replacement of existing DVR system with an upgraded NVR system. MCC New York has two ninety six (96) channel DVR's which have failed repeatedly, leaving Critical areas of the institution without video coverage. There are no OEM replacement parts available for purchase to repair the recorders. The current recorders use obsolete technology that cannot be upgraded without upgrading the equipment. The current equipment is unsupportable, unreliable, and has exceeded its life expectancy. Cameras and records are an essential component that support a safe and secure environment for both inmates and staff. It is unusual and compelling urgency to meet this requirement to maintain supervision of exit doors in the inmate housing areas, safeguarding government property, and to avoid seriously bodily harm The estimated value of this requirement is $696,108.99 4. AUTHORITY: Acquisition is conducted under the authority of the Multiple-Award Schedule Program - 41 U.S.C. 152(3) In accordance with FAR 8.405-6(a)(1)(A) and 13.106-3(b)(3)(i) an urgent and compelling need exists, and following the procedures would result in unacceptable delays. 5. DEMONSTRATION THAT THE PROPOSED CONTRACTOR'S UNIQUE QUALIFICATIONS OR THE NATURE OF THE ACQUISITION REQUIRES USE OF THE AUTHORITY CITED: MCC New York is a Federal Prison and safety and security is of the utmost importance. A proper functioning security system is vital to carrying out our mission. The procurement of the NICE Vision upgrade will allow appropriate video storage. playback and still images capture, as well as the ability to control the PTZ camera for security needs within a prison setting where video footage is reviewed routinely to determine improper activity within the institution and is often used to support legal cases. Failure to have this capability puts the institution at an extreme risk and liability. Additionally, we lost recording capabilities in some areas which made this an urgent and compelling need. Failure to make this award immediately would result in safety and security concerns for staff and inmates and increase liability to the government. SigNet Technologies, Inc, (SigNet) is the current provider of all Digital Video Recording Systems Maintenance Services for the Bureau of Prisons (BOP). These services are procured under Blanket Purchase Agreement DJBPOO700NASBPA113. SigNet is also an approved distributor of NICE products and can provide the required supply of equipment and installation of the upgraded system under the terms and conditions of Federal Supply Schedule GS-07F0322T The recording system, required to be connected to the existing BOPNET (Bureau of Prisons Network) WAN system, must follow strict IP'V6 protoco! standards. Currently, the NICE Whole System is approved for BOPNET and is maintained by SigNet under the terms and conditions of GS-07F0322T. Any other system that has not been approved must be vetted and evaluated prior to utilization. This process would take between six months to one year. SigNet is ready to receive the delivery order for the supply and installation of the NICE recording system. 6. BEST VALUE: Pricing proposed is comparable to previous prices paid for similar requirements and is in line with the government estimate provided by Bureau's facility staff. It is in the government's interest and in my determination, issuing an order under the terms of GS-07F-0322T represents the best value for this requirement consistent with FAR 8 404(d) 7. ADESCRIPTION OF MARKET RESEARCH CONDUCTED AND THE RESULTS: A brief review of the contractor listing for FSS 84, SIN 246 60 1 revealed SigNet holds a current FSS contract. SigNet is a known contractor who has established a record of satisfactory performance in servicing security systems across the Bureau. SigNet is capable of meeting the requirement at a reasonable price and due to the urgency in obtaining this equipment, no other sources were considered. EFTA00141805

--=PAGE_BREAK=--

8. ANY OTHER FACT SUPPORTING THE JUSTIFICATION: in accordance with FAR8 405-6(a)(2)(iv), this justification will not be posted to the Government Point of Entry (GPE) due to security risks. A public posting that MCC New York currently has an unstable and often-inoperable video recording system, could potentially endanger inmates and staff safety 9. ACTIONS TO REMOVE OR OVERCOME ANY BARRIERS TO COMPETITION BEFORE ANY SUBSEQUENT ACQUISITIONS: This action is necessary due to existing security concerns of failing equipment that is essential to the safety of staff and the inmate population incarcerated at MCC New York. Future requirements of similar magnitude will be ordered in accordance with the procedures at FAR 8.405-1(d) on a competitive basis as circumstances allow TECHNICAL CERTIFICATION: | hereby certify that the supporting data provided by the technical and requirements personne! that for the basis for the best of my knowledge MCC New York, NY CONTRACTING OFFICER'S CERTIFICATION: in accordance with FAR 8.405-6(d) and BPAP 8 405-6. | certify this justification is accurate and complete to the best of knowledge and belief SUBMITTED BY: I eCcialist Date MCC New York, NY ontracting 1eld Acquisition Office ENCE aia lig Date MCC New York, NY Chief Date Field Acquisition Office a Date Acting Procurement Executive EFTA00141806

--=PAGE_BREAK=--

APPROVAL: | | SS nee s for Administration Compatiion Adeccaie EFTA00141807

--=PAGE_BREAK=--

MCC NEW YORK 15SBNYM18FTP120150 Page 1 of 15 SOLICITATION/ICONTRACT/ORDER FOR COMMERCIAL ITEMS 1. REQUISITION NUMBER OFFEROR TO COMPLETE BLOCKS 12, 17, 23, 24 & 30 1064-18 2. CONTRACT NO. SAARIETTOOTNS 4, ORDER NUNBER (ON NUMBER = TATION GS-07F-0322T 09/21/2018 1SBNYM18FTP120150 7 POR oma TELEPHONE NUMBER (No colfect cals) 8. OFFER QUE OATE / LOCAL INFORMATION CALL: ®. ISSUED BY ‘CODE 10. THE ACQUISITION IS UNRESTRICTED OR SET ASIDE: % FOR Federal Bureau of Prisons LISBNYM _| S = 150 Park Row SMAL BUSINESS PROGRAM = waics: 334512 New York, NY 10007 SIZE STANDARD: Employees 11, DELIVERY FOR FOB DESTINATION | 12. DISCOUNT TERMS UNLESS BLOCK IS MARKEO oO see NET 30 RATED ORDER UNDER OPAS 4 weTHOD OF SOLICITATION SCHEDULE (95 CFR 700) Tera |" hed 15, DELIVER TO coos =| ISBNYM _f'¢. ADMINIS: cooe =| BNEF Federal Bureau of Prisons Federal Baws of Prisons FY MCC New York ( NE Finance Center- FCI Fort Dix 150 Park Row NE FINANCE CENTER New York, NY 10007 BLDG 5756 HARTFORD ROAD Joint Base MDL, NJ 08640 17a. CONTRACT ‘OW CODE 1421578695 maoanry ia. PAYMENT WILL BE MADE BY SIGNET TECHNOLOGIES, INC, Federal Bureau of Prisons ATTN: NYM ACCOUNTS 12300 KILN COURT FCI Fort Dix PAYARE SUITE E P.O. Box 38 BELTSVILLE, MD 20705-1357 NER Finance Center - Acccounting OUNS: 171856222 Joint Base MDL, NJ 08640 TELEPHONE NO. 240-264-3295 ‘SUBMIT INVOICES TO ADDRESS SHOWN IN BLOCK 16a UNLESS BLOCK BELOW IS i __eabieenienieieeenientesiaasiemeents CHECKED ] SEE ADDENDUM 24. min [ | wmasocnmenee | ww | oe [wee [nthe See Continuation Sheet(s) ery Date: (cor Ronen ner sch Aon! Sees w Neer?) | MCC NEW YORK - CAMERA SYSTEM 25, ACCOUNTING AND APPROPRIATION DATA 20, TOTAL AWARD AMOUNT (For Govt. Uso Only) 20 18-02-FP021452P1-29F-3100-2018 698,108.99 : 27a. SOUCITATION INCORPORATES BY REPERENGE FAR 62 212-1, 62.2124, FAR 62.2129 ANO 62212.6 ARE ATTACHED. ADOENDA |] ARE NOT ATTACHED [x] 27>. CONTRACTIPURCHASE ORDER INCORPORATES BY REFERENCE FAR $2212-4. FAR $2.212-5 1S ATTACHED. ADDENDA [| ARE NOT ATTACHED Provide services in accordance with the FSS, SOW and technical proposal. GSA: GS-07F-0322T x 28. CONTRACTOR IS REQUIRED TO SIGN THIS OOCUMENT AND RETURN I COPIES TO pops tet CONTRACTOR AGREES TO FURNISH AND OGLIVER ALL ITEMS SET FORTH IDENTIFIED ABOVE AND ON ANY ADDITIONAL SHEETS SUBJECT TO THE o 28. AWARD OF CONTRACT: REF. OFFER YOUR OFFER GN SOLICITATION IBLOCK 5) OR CHANGES WHICH ARE SET FORTH HEREIN, OR OTHERWISE TERMS AND CONDITIONS SPECIFIED: \S ACCEPTED AS TO ITEMS: ‘Wa. SIGNATURE OF OFFERORICONTRACTOR 318. ee ‘30c. DATE SIGNED Bic. OATE SIGNED Section Chief, FAO 09/21/2018 pay FORM 1449 (REV. 2/2012) Prescibed by GSA - FAR (48 53.212 30d. NAME AND TITLE OF SIGNER (TYPE OR PRINT) AUTHORIZED FOR LOCAL REPRODUCTION PREVIOUS EDITION IS NOT USABLE EFTA00141808

--=PAGE_BREAK=--

15BNYM18FTP120150 Page 2 of 15 oO ACCEPTED, AND CONFORMS TO THE CONTRACT, EXCEPT AS NOTED: ab. SIGNATURE OF AU N jad. PRINTED NAME AND TITLE OF AUTHORIZED GOVERNMEN REPRESENTATIVE REPRESENTATIVE 320. MAILING ADORESS O ORIZED GOVERNMENT REPRESENTATIVE 3a. TELEPHONE NUMBER O HORIZED GOVERNMEN REPRESENTATIVE 29 M OF AUTHORIZED GOVERNMENT REPRESEN VE 3. SHIP NUMBEI 41a. | CERTIFY THIS ACCOUNT IS CORRECT AND PROPER FOR PAYMENT ‘2a. RECEIVED BY (Prini) b. SIGNATURE AND TITLE OF CERTIFYING OFFICER DF 5b. RECEIVED AT (Location) (2c. DA REC'D (YYMMDD} i2d. TOTAL CONTAINERS STANDARD FORM 1449 (REV. 02/2012) BACK EFTA00141809

--=PAGE_BREAK=--

wne 15BNYM18FTP120150 Page 3 of 15 Table of Contents Page Number 52.21-603-70 Contracting Officer's Representative (COR) (June 2012)... 2852.223-70 Unsafe Conditions Due to the Presence of Hazardous Material (June 1996) 52.24-403-70 Notice of Contractor Personne! Security Requirements (OCT 2005) §2.27-103-72 DOJ CONTRACTOR RESIDENCY REQUIREMENT BUREAU OF PRISONS (JUNE DJAR-PGD-1 5-02-1B Contractor Internal Confidentiality Agreements or Statements Prohibiting or Reporting of Waste, Fraud, and Abuse - Solicitation - (DEVIATION 2015-02) (March 1 4 6 6 6 6 AIA IIT Who sanaccssccnnnas xocene reves renevornezemscnssmannes eorenen emvennos reves asa esse nasensessssnsss uasuassscessasasstsssamssses 13 DJAR-PGD-15-02-2A Corporate ntation Regarding Felony Conviction Under Any Federal Law Represe! or Unpaid Delinquent Tax Liability - Award (DEVIATION 2015-02) (March 2015) List of Attachments EFTA00141810

--=PAGE_BREAK=--

15BNYM18FTP120150 Page 4 of 15 Section 2 - Commodity or Services Schedule SCHEDULE OF SUPPLIES/SERVICES CONTINUATION SHEET NV-ENT-1CH y $83,790.00 Single | License for Nice Vision Enterprise package video/audio NV-SVR9520-RING-RIN1-80TB A 184. $88,737.60 VISIONHUB SMART VIDEO GSCORDER 9820, 2U WITH INTERNAL RAID6 + RAID 1 80TB NET ST! NV-ENT-RSVR-1CH J $23,275.00 RECORDER REDUNDANCY LICENSE PER 1 CHANNEL NV-ENT-MJVUPG-NET2X_NET31 { $0.00 ENTERPRISE SOFTWARE PACKAGE MAJOR UPGRADE FOR SITE, USERS AND CHANNELS F FROM N NET 2.X TO NET 3.1 NV-NVD-5204 $3,800.48 NICEVISION DECODER 5204 SUPPORTING UP TO 4 VIDEO OUTPUTS (1U) SGT-AMS { $4,389.0000 $4,389.00 AMS SERVER NV-NVE-2016 $2,493.7500 $54,862.50 NICEVISION H.264 ENCODER SUPPORTING 16 CAMERAS AT 30/25FPS IN 4CIF RESOLUTION. INCLUDES DUAL PS 1QM62WR-BS $517.3700 $69,844.95 IP CAMERA SIGNET LABOR : $243,523,0000 $243,523.00 NICE Vion Sen e ™ : $119.7000 $1,316.70 UPPORTING 4 ene 1002 FOR NOT RT Mot MP MODELS), OR6 NVEINVD 1002 POWER Q6055-E A . $42,500.00 OUTDOOR PTZ/1080P/X32/IP Q8414LVS J s $78,750.00 CORNER /VANCAM/1.3MM T91L61 A J $1,394.00 WALL MOUNT FOR Q6055-E $1,925.76 T9BA18-VE MEDIA CONVERTER CABINET FUNDING DETAILS: Ce TOTAL: | TOTAL: $698,108.99 | 108.99 EFTA00141811

--=PAGE_BREAK=--

Page 5 of 15 Large Busin | | | | | | | EFTA00141812

--=PAGE_BREAK=--

15BNYM18FTP120150 Page 6 of 15 Section 3 - Contract Clauses Clauses By Full Text 52.21-603-70 C ing Officer's ive (COR) (June 2012 (a)LIEFF COLTON ,FACILITES MANAGER , MCC NEW YORK. [Area Code and Telephone Number], is hereby designated as the Officer's Representative (COR) under this contract. (b) The COR is responsible, as applicable, for: receiving all deliverables, inspecting and accepting the supplies or services provide hereunder in accordance with the terms and conditions of this contract; providing direction to the contractor which clarifies the con- tractor effort, fills in details or otherwise serves to accomplish the contractual Scope of Work; evaluating performance; and certifying all invoices/vouchers for acceptance of the supplies or services furnished for payment. (c) The COR does not have the authority to alter the contractor's obligations under the contract, and/or modify any of the expressed terms, conditions, specifications, or cost of the agreement. If as a result of technical discussions it is desirable to alter/change contrac- tual obligations or the Scope of Work, the Contracting Officer shall issue such changes. 2852.223-70 Unsafe Conditions Due to the Presence of Hazardous Material Gune 1996) (a) "Unsafe condition" as used in this clause means the actual or potential exposure of contractor or Government employees to a haz- ardous material as defined in Federal Standard No. 313, and any revisions thereto during the term of this contract, or any other materi- Seowekna Settien Ceneetal hy Se Ceneeieg Sees a a ing safety controls. (b) The Occupational Safety and Health Administration (OSHA) is responsible for issuing and administering regulations that require contractors to apprise its employees of all hazards to which they may be exposed in the course of their employment; proper conditions and precautions for safe use and exposure; and related symptoms and emergency treatment in the event of exposure. (c) Prior to commencement of work, contractors are required to inspect for and report to the contracting officer or designee the pres- ence of, or suspected presence of, any unsafe condition including asbestos or other hazardous materials or working conditions in areas in which they will be working. (d) If during the performance of the work under this contract, the contractor or any of its employees, or subcontractor employees, dis- covers the existence of an unsafe condition, the contractor shall immediately notify the contracting officer, or designee, (with written notice provided not later than three (3) working days thereafter) of the existence of an unsafe condition. Such notice shall include the contractor's recommendations for the protection and the safety of Government, contractor and subcontractor personnel and property that may be exposed to the unsafe condition. (ce) When the Government receives notice of an unsafe condition from the contractor, the parties will agree on a course of action to mitigate the effects of that condition and, if necessary, the contract will be amended. Failure to agree on a course of action will consti- tute a dispute under the Disputes clause of this contract. (f) Nothing contained in this clause shall relieve the contractor or subcontractors from complying with applicable Federal, State, and local laws, codes, ordinances and regulations (including the obtaining of licenses and permits) in connection with hazardous material including but not limited to the use, disturbance, or disposal of such material. (End of Clause) 52,24-403-70 Notice of Contractor Personnel Security Requi its (OCT 2005 Compliance with Homeland Security Presidential Directive-12 (HSPD-12) and Federal Information Processing Standard Publication 201 (FIPS 201) ' entitled "Personal Identification Verification (PIV) for Federal Employees and Contractors," Phase I. 1, Long-Term Contractor Personnel: In order to be compliant with HSPD-12/PIV I, the following investigative requirements must be met for each new long-term ? con- tractor employee whose background investigation (BI) process begins on or after October 27, 2005: a. Contractor Personnel must present two forms of identification in original form prior to badge issuance (acceptable documents are listed in Form 1-9, OMB No. 1615-0047, "Employment Eligibility Verification,” and at least one document must be a valid State or EFTA00141813

--=PAGE_BREAK=--

1SBNYM18FTP120150 Page 7 of 15 Federal government-issued picture ID); b. Contractor Personnel must appear in person at least once before a DOJ official who is responsible for checking the identification documents. This identity proofing must be completed sometime during the clearance process but prior to badge issuance and must be documented by the DOJ official; c. Contractor Personnel must undergo a BI commensurate with the designated risk level associated with the duties of each position. Outlined below are the minimum BI requirements for each risk level: * High Risk - Background Investigation (5 year scope) * Moderate Risk - Limited Background Investigation (LB!) or Minimum Background Investigation (MBI) + Low Risk - National Agency Check with Inquiries (NACI) investigation d. The pre-appointment BI waiver requirements for all position sensitivity levels are a: 1) Favorable review of the security questionnaire form; 2) Favorable fingerprint results; 3) Favorable credit report, if required; 4) Waiver request memorandum, including both the Office of Personnel Management schedule date and position sensitivity/rsk level, 5) Favorable review of the National Agency Check (NAC) * portion of the applicable BI that is determined by position sensitivity/risk level. A badge may be issued following approval of the above waiver requirements. If the NAC is not received within five days of OPM's scheduling date, the badge can be issued based on a favorable review of the Se- curity Questionnaire and the Federal Bureau of Investigation Criminal History Check (i.e., fingerprint check results). e. Badge re-velidation will occur once the investigation is completed end favorsbly adjudicated. If the BI results so justify, badges is- sued under these procedures will be suspended or revoked. 2. Short-Term Contractor Personnel: It is the policy of the DOJ that short-term contractors having access to DOJ information systems and/or DOJ facilities or space for six months or fewer are subject to the identity proofing requirements listed in items 1a. and Ib. above. The pre-appointment waiver re- quirements for short-term contractors are: a. Favorable review of the security questionnaire form; b. Favorable fingerprint results; c. Favorable credit report, if required;* and d. Waiver request memorandum indicating both the position sensitivity/risk level and the duration of the appointment. The commen- surate BI does not need to be initiated. A badge may be issued following approval of the above waiver requirements and the badge will expire six months from the date of is- suance. This process can only be used once for a short-term contractor in a twelve month period. This will ensure that any consecutive short-term appointments are subject to the full PIV-I identity proofing process. For example, if a contractor employee requires daily access for a three or four-week period, this contractor would be cleared according to the abcwe short-term requirements. However, ifa second request is submitted for the same contractor employee within a twelve- month period for the purpose of extending the initial contract or for employment under a totally different contract for another three or four-week period, this contractor would now be considered “long-term” and must be cleared according to the long-term requirements as stated in this interim policy. 3. Intermittent Contractors: An exception to the above-mentioned short-term requirements would be intermittent contractors. a. For purposes of this policy, "intermittent" is defined as those contractor employees needing access to DOJ information systems and/ or DOJ facilities or space for a maximum of one day per week, regardless of the duration of the required intermittent access, For ex- ample, the water delivery contractor that delivers water one time each week and is working on a one-year contract. b. Contractors requiring intermittent access should follow the Department's escort policy. Please reference the August 11, 2004, and January 29, 2001, Department Security Officer policy memoranda that conveys the requirements for contractor facility escorted ac- cess. c. Due to extenuating circumstances, if a component requests unescorted access or DOJ IT system access for an intermittent contract- or, the same pre-employment background investigation waiver requirements that apply to short-term contractors are required. d. If an intermittent contractor is approved for unescorted access, the contractor will only be issued a daily badge. The daily badge will be issued upon entrance into a DOJ facility or space and must be returned upon exiting the same facility or space. ¢. If an intermittent contractor is approved for unescorted access, the approval will not exceed one year. If the intermittent contractor requires unescorted access beyond one year, the contractor will need to be re-approved each year. 4. ‘An individual transferring from another department or agency shall not be re adjudicated provided the individual has a current (within the last five years), favorably adjudicated BI meeting HSPD-12 and DOJ's BI requirements. 5. The DOJ's current escorted contractor policy remains unchanged by this acquisition notice. Notes: 1. FIPS 201 is available at: www.csrc.nist.gov/publications/fips/fips201/FIPS-201-022505.pdf 2. Under HSPD-12, long-term contractors are contractors having access to DOJ information systems and/or DOJ facilities or space for six months or longer. The PIV-I identity proofing process, including initiation and adjudication of the required background investiga- tion, is required for all new long-term contractors regardless of whether it is the current practice to issue a badge. The second phase of HSPD-12 implementation (PTV-II) requires badge issuance to all affected long-term contractors. 3. For contractors in position sensitivity/risk levels above level 1, a favorable review of a credit check is required as part of the pre- appointment waiver package. EFTA00141814

--=PAGE_BREAK=--

15BNYM18FTP120150 Page 8 of 15 4. In order to avoid a delay in the hiring process, components should request an Advance NAC Report when initiating investigations to OPM. Per OPM ' s instructions, to obtain an Advance NAC Report, a Code " 3" must be placed in block " B " of the " Agency Use Only " section of the investigative form, This report is available for all case types. 5.For contractors in position sensitivity/risk levels above level 1, a favorable review of a credit check is required as part of the pre- appointment waiver package. [End of Clause] 52.27-103-72_ DOJ CONTRACTOR RESIDENCY REQUIREMENT BUREAU OF PRISONS (JUNE 2004) For three of the five years immediately prior to submission of an offer/bid/quote, or prior to performance under a contract or commit- ment, individuals or contractor employees providing services must have: 1. Legally resided in the United States (U.S.); 2. worked for the U.S. overseas in a Federal or military capacity; or 3. been a dependent of a Federal or military employee serving overseas. If the individual is not a U.S. citizen, they must be from a country allied with the U.S. The following website provides current inform- pri sere allied countries: http://www.opm.gov/employ/html/citizen.htm re ede hae nt emer document, or ly commencing perfirmance, te contractor agrees to tis vesuiticn, nd of Clause DJAR-PGD-15-02-1B Contractor Internal Confidentiality Agreements or Statements Prohibiting or Restricting Reporting of Waste, Fraud, and Abuse - Solicitation - (DEVIATION 2015-02) (March 2015) None of the funds appropriated to the Department under its current Appropriations Act may be used to enter into a contract, grant, or cooperative agreement with an entity that requires employess or contractors of such entity that requires employees or contractors of such entity seeking to report fraud, waste, and abuse to sign internal confidentiality agreements or statements prohibiting or otherwise restricting such employees or contractors from lawfully reporting such waste, fraud, ora buse to a designated investigative or law en- forcement representative of a Federal department or agency authorized to receive such information. By submitting a response to this solicitation, the contractor certifies that it does nof require employees or contractors of the contractor seeking to report fraud, waste, and abuse to sign internal confidentiality agreements or statements prohibiting or otherwise restricting such employees or contractors from lawfully reporting waste, fraud, and abuse to a designated investigative or law enforcement representative of a Federal depart- ment or agency authorized to receive such information. (End of Provision) DJAR-PGD-15-03 ity of Information and S L Applicability to Contractors and Subcontractors ee aera subcontractors, including cloud service providers (“CSPs”), and personnel of contractors, subcontractors, and CSPs (hereinafter collectively, “Contractor”) that may access, collect, store, process, maintain, use, share, retrieve, disseminate, transmit, or dispose of DOJ Information. It establishes and implements specific DOJ requirements applicable to this Con- tract. The requirements established herein are in addition to those required by the Federal Acquisition Regulation (“FAR”), including FAR 11.002(g) and 52.239-1, the Privacy Act of 1974, and any other applicable laws, mandates, Procurement Guidance Documents, and Executive Orders pertaining to the development and operation of Information Systems and the protection of Government Informa- tion. This clause does not alter or diminish any existing rights, obligation or liability under any other civil and/or criminal law, rule, regulation or mandate. Il. General Definitions The following general definitions apply to this clause. Specific definitions also apply as set forth in other paragraphs. A. Information means any communication or representation of knowledge such as facts, data, or opinions, in any form or me- dium, including textual, numerical, graphic, cartographic, narrative, or audiovisual. Information includes information in an electronic format that allows it be stored, retrieved or transmitted, also referred to as “data,” and “personally identifiable information” (“PII”), re- gardless of form. B. Personally Identifiable Information (or PII) means any information about an individual maintained by an agency, includ- ing, but not limited to, information related to education, financial transactions, medical history, and criminal or employment history and information, which can be used to distinguish or trace an individual's identity, such as his or her name, social security number, EFTA00141815

--=PAGE_BREAK=--

15BNYM18FTP120150 Page 9 of 15 date and place of birth, mother's maiden name, biometric records, etc., including any other personal information which is linked or linkable to an individual. c. DOJ Information means any Information that is owned, produced; controlled, protected by, or otherwise within the custody or responsibility of the DOJ, including, without limitation, Information related to DOJ programs or personnel. It includes, without lim- itation, Information (1) provided by or generated for the DOJ, (2) managed or acquired by Contractor for the DOJ in connection with the performance of the contract, and/or (3) acquired in order to perform the contract. D. Information System means any resources, or set of resources organized for accessing, collecting, storing, processing, main- taining, using, sharing, retrieving, disseminating, transmitting, or disposing of (hereinafter collectively, “processing, storing, or trans- mitting”) Information. E. Covered Information System means any information system used for, involved with, or allowing, the processing, storing, or transmitting of DOJ Information. Il. Confidentiality and Non-disclosure of DOJ Information A. Preliminary and final deliverables and all associated working papers and material generated by Contractor containing DOJ Information are the property of the U.S, Government and must be submitted to the Contracting Officer (“CO”) or the CO’s Represent- ative (“COR”) at the conclusion of the contract. The U.S. Government has unlimited data rights to all such deliverables and associated working papers and materials in accordance with FAR 52.227-14. B. All documents produced in the performance of this contract containing DOJ Information are the property of the U.S. Gov- ernment and Contractor shall neither reproduce nor release to any third-party at any time, including during or at expiration or termina- tion of the contract without the prior written permission of the CO. Cc, Any DOJ information made available to Contractor under this contract shall be used only for the purpose of performance of this contract and shall not be divulged or made known in any manner to any persons except as may be necessary in the performance of this contract. In performance of this contract, Contractor assumes responsibility for the protection of the confidentiality of any and all DOJ Information processed, stored, or transmitted by the Contractor. When requested by the CO (typically no more than annually), Contractor shall provide a report to the CO identifying, to the best of Contractor’s knowledge and belief, the type, amount, and level of sensitivity of the DOJ Information processed, stored, or transmitted under the Contract, including an estimate of the number of indi- viduals for whom PII has been processed, stored or transmitted under the Contract and whether such information includes social secur- ity numbers (in whole or in part). IV. Compliance with Information Technology Security Policies, Procedures and Requirements A. For all Covered Information Systems, Contractor shall comply with all security requirements, including but not limited to the regulations and guidance found in the Federal Information Security Management Act of 2014 (“FISMA”), Privacy Act of 1974, E- Government Act of 2002, National Institute of Standards and Technology (“NIST”) Special Publications (“SP”), including NIST SP 800-37, 800-53, and 800-60 Volumes I and Il, Federal Information Processing Standards (“FIPS”) Publications 140-2, 199, and 200, OMB Memoranda, Federal Risk and Authorization Management Program (“FedRAMP"), DOJ IT Security Standards, including DOJ Order 2640.2, as amended. These requirements include but are not limited to: 1. Limiting access to DOJ Information and Covered Information Systems to authorized users and to transactions and functions that authorized users are permitted to exercise; 2. Providing security awareness training including, but not limited to, recognizing and reporting potential indicators of insider threats to users and managers of DOJ Information and Covered Information Systems; 3. Creating, protecting, and retaining Covered Information System audit records, reports, and supporting documentation to en- able reviewing, monitoring, analysis, investigation, reconstruction, and reporting of unlawful, unauthorized, or inappropriate activity related to such Covered Information Systems and/or DOJ Information; 4. Maintaining authorizations to operate any Covered Information System; 5. Performing continuous monitoring on all Covered Information Systems; 6. Establishing and maintaining baseline configurations and inventories of Covered Information Systems, including hardware, software, firmware, and documentation, throughout the Information System Development Lifecycle, and establishing and enforcing security configuration settings for IT products employed in Information Systems; 7. Ensuring appropriate contingency planning has been performed, including DOJ Information and Covered Information Sys- tem backups; EFTA00141816

--=PAGE_BREAK=--

15BNYM18FTP120150 Page 10 of 15 8. Identifying Covered Information System users, processes acting on behalf of users, or devices, and authenticating and veri- fying the identities of such users, processes, or devices, using multifactor authentication or HSPD-12 compliant authentication meth- ods where required; 9. Establishing an operational incident handling capability for Covered Information Systems that includes adequate prepara- tion, detection, analysis, containment, recovery, and user response activities, and tracking, documenting, and reporting incidents to ap- propriate officials and authorities within Contractor's organization and the DOJ; 10. Performing periodic and timely maintenance on Covered Information Systems, and providing effective controls on tools, techniques, mechanisms, and personnel used to conduct such maintenance; 12, Protecting Covered Information System media containing DOJ Information, including paper, digital and electronic media; limiting access to DOJ Information to authorized users; and sanitizing or destroying Covered Information System media containing DO) Information before disposal, release or reuse of such media; 13, Limiting physical access to Covered Information Systems, equipment, and physical facilities housing such Covered Informa- tion Systems to authorized U.S. citizens unless a waiver has been granted by the Contracting Officer (“CO”), and protecting the phys- ical facilities and support infrastructure for such Information Systems; 14, Screening individuals prior to authorizing access to Covered Information Systems to ensure compliance with DOJ Security standards; 15. Assessing the risk to DOJ Information in Covered Information Systems periodically, including scanning for vulnerabilities and remediating such vulnerabilities in accordance with DOJ policy and ensuring the timely removal of assets no longer supported by the Contractor; 16, Assessing the security controls of Covered Information Systems periodically to determine if the controls are effective in their application, developing and implementing plans of action designed to correct deficiencies and eliminate or reduce vulnerabilities in such Information Systems, and monitoring security controls on an ongoing basis to ensure the continued effectiveness of the controls; 17, Monitoring, controlling, and protecting information transmitted or received by Covered Information Systems at the external boundaries and key internal boundaries of such Information Systems, and employing architectural designs, software development techniques, and systems engineering principles that promote effective security; and 18. Identifying, reporting, and correcting Covered Information System security flaws in a timely manner, providing protection from malicious code at appropriate locations, monitoring security alerts and advisories and taking appropriate action in response. B. Contractor shall not process, store, or transmit DOJ Information using a Covered Information System without first B Authosts a» Open CATO") ter bach Covered bnfosootion Syetems The AYO chal bo olgned by he Acthortsing Official or DOJ component responsible for maintaining the security, confidentiality, integrity, and availability of the DOJ Information under this contract. The DOJ standards and requirements for obtaining an ATO may be found at DOJ Order 2640.2, as amended. (For Cloud Computing Systems, see Section V, below.) Cc. Contractor shall ensure that no Non-U.S. citizen accesses or assists in the development, operation, management, or mainten- ance of any DOJ Information System, unless a waiver has been granted by the by the DOJ Component Head (or his or her designee) responsible for the DOJ Information System, the DOJ Chief Information Officer, and the DOJ Security Officer. D. When requested by the DOJ CO or COR, or other DOJ official as described below, in connection with DOJ’s efforts to en- sure compliance with security requirements and to maintain and safeguard against threats and hazards to the security, confidentiality, integrity, and availability of DOJ Information, Contractor shall provide DOJ, including the Office of Inspector General (“OIG™) and Federal law enforcement components, (1) access to any and all information and records, including electronic information, regarding a Covered Information System, and (2) physical access to Contractor's facilities, installations, systems, operations, documents, records, and databases. Such access may include independent validation testing of controls, system penetration testing, and FISMA data re- views by DOJ or agents acting on behalf of DOJ, and such access shall be provided within 72 hours of the request. Additionally, Con- tractor shall cooperate with DOJ’s efforts to ensure, maintain, and safeguard the security, confidentiality, integrity, and availability of DOJ Information, E. The use of Contractor-owned laptops or other portable digital or electronic media to process or store DOJ Information covered by this clause is prohibited until Contractor provides a letter to the DOJ CO, and obtains the CO’s approval, certifying com- pliance with the following requirements: 1. Media must be encrypted using a NIST FIPS 140-2 approved product; 2. Contractor must develop and implement a process to ensure that security and other applications software is kept up-to-date; EFTA00141817

--=PAGE_BREAK=--

15BNYM18FTP120150 Page 11 of 15 3. Where applicable, media must utilize antivirus software and a host-based firewall mechanism; 4. Contractor must log all computer-readable data extracts from databases holding DOJ Information and verify that each ex- tract including such data has been erased within 90 days of extraction or that its use is still required. All DOJ Information is sensitive information unless specifically designated as non-sensitive by the DOJ; and, 5. A Rules of Behavior (“ROB”) form must be signed by users. These rules must address, at a minimum, authorized and offi- cial use, prohibition against unauthorized users and use, and the protection of DOJ Information. The form also must notify the user that he or she has no reasonable expectation of privacy regarding any communications transmitted through or data stored on Contract- or-owned laptops or other portable digital or electronic media. F. Contractor-owned removable media containing DOJ Information shall not be removed from DOJ facilities without prior ap- proval of the DOJ CO or COR. G. When no longer needed, all media must be processed (sanitized, degaussed, or destroyed) in accordance with DOJ security requirements. H. Contractor must keep an accurate inventory of digital or electronic media used in the performance of DOJ contracts. L Contractor must remove all DOJ Information from Contractor media and return all such information to the DOJ within 15 days of the expiration or termination of the contract, unless otherwise extended by the CO, or waived (in part or whole) by the CO, and all such information shall be returned to the DOJ in a format and form acceptable to the DOJ. The removal and retum of all DOJ Information must be accomplished in accordance with DOJ IT Security Standard requirements, and an official of the Contractor shall provide a written certification certifying the removal and return of all such information to the CO within 15 days of the removal and return of all DOJ Information. J. DOJ, at its discretion, may suspend Contractor's access to any DOJ Information, or terminate the contract, when DOJ sus- pects that Contractor has failed to comply with any security requirement, or in the event of an Information System Security Incident (see Section V.E. below), where the Department determines that either event gives cause for such action. The suspension of access to DOJ Information may last until such time as DOJ, in its sole discretion, determines that the situation giving rise to such action has been corrected or no longer exists. Contractor understands that any suspension or termination in accordance with this provision shall be at no cost to the DOJ, and that upon request by the CO, Contractor must immediately return all DOJ Information to DOJ, as well as any media upon which DOJ Information resides, at Contractor's expense. Vv. Cloud Computing A. Cloud Computing means an Information System having the essential characteristics described in NIST SP 800-145, The NIST Definition of Cloud Computing. For the sake of this provision and clause, Cloud Computing includes Software as a Service, Platform as a Service, and Infrastructure as a Service, and deployment in a Private Cloud, Community Cloud, Public Cloud, or Hybrid Cloud. B. Contractor may not utilize the Cloud system of any CSP unless: 1. The Cloud system and CSP have been evaluated and approved by a 3PAO certified under FedRAMP and Contractor has provided the most current Security Assessment Report (“SAR”) to the DOJ CO for consideration as part of Contractor’s overall Sys- tem Security Plan, and any subsequent SARs within 30 days of issuance, and has received an ATO from the Authorizing Official for the DOJ component responsible for maintaining the security confidentiality, integrity, and availability of the DOJ Information under contract; or, 2. If not certified under FedRAMP, the Cloud System and CSP have received an ATO signed by the Authorizing Official for the DOJ component responsible for maintaining the security, confidentiality, integrity, and availability of the DOJ Information under the contract. Cc. Contractor must ensure that the CSP allows DOJ to access and retrieve any DOJ Information processed, stored or transmit- ted in a Cloud system under this Contract within a reasonable time of any such request, but in no event less than 48 hours from the re- quest. To ensure that the DOJ can fully and appropriately search and retrieve DOJ Information from the Cloud system, access shall in- clude any schemas, meta-data, and other associated data artifacts. Vi. Information System Security Breach or Incident 1. Confirmed Security Breach (hereinafter, “Confirmed Breach”) means any confirmed unauthorized exposure, loss of con- trol, compromise, exfiltration, manipulation, disclosure, acquisition, or accessing of any Covered Information System or any DOJ In- formation accessed by, retrievable from, processed by, stored on, or transmitted within, to or from any such system. EFTA00141818

--=PAGE_BREAK=--

1SBNYM18FTP120150 Page 12 of 15 2. Potential Security Breach (hereinafter, “Potential Breach”) means any suspected, but unconfirmed, Covered Information System Security Breach. 3. Security Incident means any Confirmed or Potential Covered Information System Security Breach, B. Confirmed Breach. Contractor shall immediately (and in no event later than within | hour of discovery) report any Con- firmed Breach to the DOJ CO and the CO's Representative (“COR”). If the Confirmed Breach occurs outside of regular business hours and/or neither the DOJ CO nor the COR can be reached, Contractor must call DOJ-CERT at 1-866-US4-CERT (1-866-874-2378) im- mediately (and in no event later than within | hour of discovery of the Confirmed Breach), and shall notify the CO and COR as soon as practicable. c. Potential Breach. 1, Contractor shall report any Potential Breach within 72 hours of detection to the DOJ CO and the COR, unless Contractor has (a) completed its investigation of the Potential Breach in accordance with its own internal policies and procedures for identification, investigation and mitigation of Security Incidents and (b) determined that there has been no Confirmed Breach. 2. If Contractor has not made a determination within 72 hours of detection of the Potential Breach whether an Confirmed Breach has occurred, Contractor shall report the Potential Breach to the DOJ CO and COR within one-hour (i.¢., 73 hours from detec- tion of the Potential Breach). If the time by which to report the Potential Breach occurs outside of regular business hours and/or neither the DOJ CO nor the COR can be reached, Contractor must call the DOJ Computer Emergency Readiness Team (DOJ-CERT) at 1-866-US4-CERT (1-866-874-2378) within one-hour (i.c., 73 hours from detection of the Potential Breach) and contact the DOJ CO and COR as soon as practicable. D. Any report submitted in accordance with paragraphs (B) and (C), above, shall identify (1) both the Information Systems and DOJ Information involved or at risk, including the type, amount, and level of sensitivity of the DOJ Information and, if the DOJ In- formation contains PII, the estimated number of unique instances of PII, (2) all steps and processes being undertaken by Contractor to minimize, remedy, and/or investigate the Security Incident, (3) any and all other information as required by the US-CERT Federal In- cident Notification Guidelines, including the functional impact, information impact, impact to recoverability, threat vector, mitigation details, and all available incident details; and (4) any other information specifically requested by theDOJ. Contractor shall continue to provide written updates to the DOJ CO regarding the status of the Security Incident at least every three (3) calendar days until in- formed otherwise by the DOJ CO. E. All determinations regarding whether and when to notify individuals and/or federal agencies potentially affected by a Secur- ity Incident will be made by DOJ senior officials or the DOJ Core Management Team at DOJ's discretion. F. Upon notification of a Security Incident in accordance with this section, Contractor must provide to DOJ full access to any affected or potentially affected facility and/or Information System, including access by the DOJ OIG and Federal law enforcement or- ganizations, and undertake any and all response actions DOJ determines are required to ensure the protection of DOJ Information, in- cluding providing all requested images, log files, and event information to facilitate rapid resolution of any Security Incident. G. DOJ, at its sole discretion, may obtain, and Contractor will permit, the assistance of other federal agencies and/or third party contractors or firms to aid in response activities related to any Security Incident. Additionally, DOJ, at its sole discretion, may require Contractor to retain, at Contractor’s expense, a Third Party Assessing Organization (3PAO), acceptable to DOJ, with expertise in in- cident response, compromise assessment, and federal security control requirements, to conduct a thorough vulnerability and security assessment of all affected Information Systems. H. Response activities related to any Security Incident undertaken by DOJ, including activities undertaken by Contractor, other federal agencies, and any third-party contractors or firms at the request or direction of DOJ, may include inspections, investigations, forensic reviews, data analyses and processing, and final determinations of responsibility for the Security Incident and/or liability for any additional response activities. Contractor shall be responsible for all costs and related resource allocations required for all such re- sponse activities related to any Security Incident, including the cost of any penetration testing. Vil. Personally Identifiable Information Notification Requirement Contractor certifies that it has a security policy in place that contains procedures to promptly notify any individual whose Personally Identifiable Information (“PII”) was, or is reasonably determined by DOJ to have been, compromised. Any notification shall be co- ordinated with the DOJ CO and shall not proceed until the DOJ has made a determination that notification would not impede a law en- forcement investigation or jeopardize national security. The method and content of any notification by Contractor shall be coordinated with, and subject to the approval of, DOJ. Contractor shall be responsible for taking corrective action consistent with DOJ Data Breach Notification Procedures and as directed by the DOJ CO, including all costs and expenses associated with such corrective ac- tion, which may include providing credit monitoring to any individuals whose PII was actually or potentially compromised. VIII. Pass-through of Security Requirements to Subcontractors and CSPs EFTA00141819

--=PAGE_BREAK=--

15BNYM18FTP120150 Page 13 of 15 The requirements set forth in the preceding paragraphs of this clause apply to all subcontractors and CSPs who perform work in con- nection with this Contract, including any CSP providing services for any other CSP under this Contract, and Contractor shall flow down this clause to all subcontractors and CSPs performing under this contract. Any breach by any subcontractor or CSP of any of the provisions set forth in this clause will be attributed to Contractor. BOP 2852.242-71 EVALUATION OF CONTRACTOR PERFORMANCE UTILIZING CPARS (APR 2011) The services, although not directly supervised, shall be reviewed by Federal Bureau of Prisons (BOP) staff to ensure contract compli- ance. The contractor's performance will be evaluated in accordance with FAR 42.15. Contract monitoring reports will be prepared by the Contacting Officer's Representative (COR) and maintained in the contract file. In accordance with FAR 42.1502 and 42.1503, agencies shall prepare an evaluation of contractor performance and submit it to the Past Performance Information Retrieval System (PPIRS). The BOP utilizes the Department of Defense (DOD) web-based Contractor Performance Assessment Reporting System (CPARS) to provide contractor performance evaluations. The contractor shall provide and maintain a current e-mail address throughout the life of the contract. The contractor will receive an e-mail from the Focal Point thru the following website address webptsmh@navy.milwhen the contract is registered in CPARS. The e-mail will contain a “user ID" and temporary password to register in the CPARS system. The contractor must be registered to access and review its evaluation and/or provide a response. If assistance is required when registering, please contact the Contracting Staff/Focal Point. (End of Clause) 508 COMPLIANCE WITH SECTION 508 OF THE REHABILITATION ACT OF 1973, 1998 AMENDMENTS All electronic and information technology (EIT) procured through this solicitation and any resulting contract, task order, delivery or- der, or purchase order must meet the applicable accessibility standards at 36 CFR 1194, 36 CFR implements Section 508 of the Re- habilitation Act of 1973, as amended, and viewable at http://www.sectionS08.gov (See Standards-Part 1194). Part 1194.21 - Software applications and operating systems Part 1194.22 - Web-Based Intranet and Internet Information and Applications Part 1194.23 —- Telecommunications Products Part 1194.24 — Video and Multimedia Products Part 1194.25 — Self-Contained, Closed Products Part 1194.26 — Desktop and Portable Computers Part 1194.31 - Functional Performance Criteria Part 1194.41 - Information, documentation, and Support The contractor shall indicate for each line item in the schedule of items whether each product is compliant or noncompliant with the accessibility standards at 36 CFR 1194. Further, the offer must indicate where full details of compliance can be found (e.g., with of- fer, vendor's website or other location). (End of Clause) DJAR-PGD-15-02-2A Corporate Representation Regarding Felony Conviction Under Any Federal Law or Unpaid Delinquent Tax Liability - Award (DEVIATION 2015-02) (March 2015) (a) None of the funds made available by the Department's current Appropriations Act may be used to enter into a contract, memorandum of understanding, or cooperative agreement with a corporation - (1) convicted of a felony criminal violation under any Federal law within the preceding 24 months, where the awarding agency is aware of the conviction, unless an agency has considered suspension or debarment of the corporation and made a determina tion that this further action is not necessary to protect the interests of the vernment, or (2) that has any unpaid Federal tax liability that has been assessed, for which all judicial and administrat- ive remedies have been exhausted or have lapsed, and that is not being paid in a timely manner pursuant to an ae * wits Oe eten rity responsible for collecting the tax liability, where the awarding agency is aware of e UN} tax liability , melas an agency has considered suspension or debarment of the corporation and made a determination that this further action is not necessary to protect the interests of the Government. (b) By accepting this award or order, in writing or by performance, the offeror/contractor represents that- (1) _ the offeror is not a corporation convicted of a felony criminal violation under any Federal or State law EFTA00141820

--=PAGE_BREAK=--

1SBNYM18FTP120150 Page 14 of 15 within the preceding 24 months; and, (2) _ the offeror is not a corporation that has any unpaid Federal or State tax liability th that has been assessed, for which all judicial and administrative remedies have been exhausted or have lapsed, and that is not being paid in a timely manner pursuant to an agreement with the authority responsible for collecting the tax liability. (End of Clause) EFTA00141821

--=PAGE_BREAK=--

15BNYM18FTP120150 Page 15 of 15 Section 4 - List of Attachments This Section Is Intentionally Left Blank EFTA00141822

--=PAGE_BREAK=--

The request covers materials, supplies, equipment, or services PRICING IS CONSIDERED for which there is an Immediate FAR §2.232-18, AVAILABILITY TO BE FAIR AND REASONABLE heed: and then, only in the OF FUNDS IS INCLUDED BY - “DFPM =] —«REQUmeanibotR enithAcBee? REFERENCE PURCHASE CARD AC eels t- oa | Devaseeore oF aes QUISITION (Not for Personal use Itens) FEDERAL BUREAU OF PRIS: MCC New York | Factmes Enterpnse software upgrade for video channels from pre-Net 2.0 to Net 31 updale pack at the point of sale Recorder redundancy license per 1 channe Enterprise software package mayor version upgrade for site. users ang channels Bureau of Prisons Tax ID: #53-0205705 4 ISANMISF TP 120190 : —— a oe wt Apprnet by Cem { faz] 207€ WARNING! AMUNITION/ WEAPONS /HAZARDOUS MATERIAL FOR PENAL INSTITUTION - DELIVER TO ARMORY/SPECIFIED STATE ONLY EFTA00141823

--=PAGE_BREAK=--

UNITED STATES DEPARTMENT OF JUSTICE Page of FEDERAL BUREAU OF PRISONS O request FOR PURCHASE (CD PURCHASE CARD ACQUISITION (Not for Personal Use Items) CONTINUATION PAGE Institution/Pacility MCC New York Receiving Report # (Warehouse Use) Requestor Name/Telephone Number Werehouse Signature Bureau of Prisons Tax ID #53-0205705 Contracting Officer / Cardholder YREGDOC / RP ee 2 EFTA00141824

--=PAGE_BREAK=--

U.S. Department of Justice Federal Bureau of Prisons Office of Information Technology Washington, D.C. 20534 September 13, 2018 MEMORANDUM FORME, WARDEN MCC NEW YORK FROM: rd Senior Deputy Assistant Director Information, Policy and Public Affairs Division SUBJECT: Purchase of Computer Equipment, Supplies, and Services (BOPNet) The following information technology-related equipment purchase is authorized per your recent request: SA No: SA18-0117 LOCATION ITEM DESCRIPTION ESTIMATED PRICE New York Purchase hardware and software to $800,000.00 upgrade the NICE camera system Contracting officers should be familiar with FAR Part 8, required sources of supplies and services. This procurement is authorized in accordance with requirements as set forth by the Federal Information Technology Acquisition Reform Act (FITARA). Chief, IT Planning and Development Approved By: EFTA00141825

--=PAGE_BREAK=--

U.S. Department of Justice Memorandum Federal Bureau of Prisons Northeast Regional Off Inited States Custom House 700 Chestnut Street - 7 Floor Philadelphia, PA 19106 Sept 17 Oo mber 25, 2 o MEMORANDUM FOR (WARDEN NEW YORK FROM: t 0 for WO d Please note that additional approval is required through the Information, Policy, and Public Affairs (IPPA) Division before purchase. EFTA00141826

--=PAGE_BREAK=--

US. Department of Justice Federal Bureau of Prisons September 20. 2018 EFTA00141827