state of florida cyber assessment rfi response

RFI Response

RFI Response I-i

Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal.

Cyber-Security Assessment, Remediation, and Identity Protection

Date: Sep. 3, 2015

State of Florida, Department of Management

Services, Cyber-Security Assessment,

Remediation, and Identity Protection,

Monitoring, and Restoration Services

RFI Response

Submitted to:

Joel Atkinson

Associate Category Manager

State of Florida

Department of Management Services

4050 Esplanade Way Suite 360

Tallahassee, Florida 32399

Submitted by:

Network Specialty Group, Inc.

610 Professional Drive, Suite 105

Gaithersburg, Maryland 20879

Phone: 301.208.9388

Fax: 301.208.9077

www.nsgi-hq.com

Submission Date: September 3, 2015

This response includes data that shall not be disclosed outside the Government and shall not be duplicated, used, or disclosed --

in whole or in part -- for any purpose other than to evaluate this response. If, however, a contract is awarded to Network Specialty

Group, Inc. as a result of -- or in connection with -- the submission of this data, the Government shall have the right to duplicate,

use, or disclose the data to the extent provided in the resulting contract. This restriction does not limit the Government's right to

use information contained in this data if it is obtained from another source without restriction. The data subject to this restriction

are contained in sheets marked with the following legend: "Use or disclosure of data contained on this sheet is subject to the

restriction on the title page of this response."

RFI Response

RFI Response I-ii



Date: Sep. 3, 2015

Table of Contents

1 Introduction ................................................................................................................................1

2 Background ................................................................................................................................1

3 Contact Information ...................................................................................................................1

4 Pre-Incident Services .................................................................................................................2

4.1 a) Incident Response Agreements ......................................................................................2

4.2 b) Assessments ....................................................................................................................2

4.3 c) Preparation ......................................................................................................................2

4.4 d) Developing Cyber-Security Incident Response Plans ....................................................2

4.5 e) Training ..........................................................................................................................2

5 Post-Incident Services ................................................................................................................2

5.1 a) Breach Services Toll-free Hotline ..................................................................................2

5.2 b) Investigation/Clean-up ...................................................................................................2

5.3 c) Incident response ............................................................................................................2

5.4 d) Mitigation Plans .............................................................................................................2

5.5 e) Identity Monitoring, Protection, and Restoration ...........................................................3

6 NSG Services .............................................................................................................................3

Appendix A - NSG GSA Schedule 70 Contract # GS-35F-0381L ..................................................4

Appendix B - NSG CyberSecurity Brochure ...................................................................................5

Appendix C - NSG Brochure ...........................................................................................................6

Appendix D - NSG 3PAO PreAssessment Support Brochure .........................................................7

Appendix E - NSG 3PAO Assessment Support Brochure...............................................................8

RFI Response

RFI Response I-1



Date: Sep. 3, 2015

1 INTRODUCTION

Introduction to Network Specialty Group, Inc. (NSG)

Network Specialty Group, Inc. (NSG) is a minority-owned and operated small

business established in 1994. Our core practices include: Cyber Security,

Program Support, Application Development, and IT Operations and

Maintenance. We are an Accredited FedRAMP Third Party Assessment

Organization (3PAO). We are rated at Capability Maturity Model® Integration (CMMI®)

Development Level 3 by the Software Engineering Institute (SEI). We are an SRI Registered

ISO 27001:2013, ISO 9001:2008 and ISO 20000-1:2011 certified company and an A2LA

Accredited Inspection body in accordance with ISO 17020:2012. We consistently apply the best

practices of the Information Technology Infrastructure Library (ITIL) v3. NSG is a GSA 8(a)

STARS II contract holder for Constellations I and II, for all four functional areas. Current and

past customers include the US Department of Agriculture (USDA) Forest Service (FS),

Department of Commerce (DOC) Office of the Inspector General (OIG), the Small Business

Administration (SBA), the National Institutes of Health (NIH), Department of Homeland

Security (DHS), Department of Energy (DOE), Housing and Urban Development (HUD),

Agricultural Marketing Service (AMS), and the Economic Research Service (ERS). With a vast

array of federal government experience, matured processes and customer focused solutions is

what sets us apart from the competition. As our tagline suggests, our mission is to provide

Innovative business practices and solutions, to Activate those solutions, which in turn Elevates

our clients performance levels.

2 BACKGROUND

NSG is a GSA Schedule 70 contract holder, contract # GS-35F-0381L. We employ over 60 full-

time IT and administrative personnel collectively at our headquarters in Gaithersburg, Maryland,

and various work sites across the nation. We also employ an additional 25 full-time equivalent

consultants at these sites. All of our associates have at least a technical degree from an accredited

institution of higher learning. Over 20 percent of our managers possess an advanced degree. Our

associates hold various certifications from institutions and or organizations such as the Project

Management Institute (PMI), Federal Enterprise Architecture (FEA), (ISC)², Cisco, Oracle, IBM

and Microsoft.

NSG has been consistently rated as a top IT services provider by its customers, a function of our

customer-centric focus, applauded by virtually every one of our customers. We received the

Small Disadvantaged Business Contractor of the Year award from the US Department of

Agriculture (USDA) in 2003 for delivering outstanding technical work. We have also established

relationships with such vendors as Symantec, AlienVault, CS Solutions, IBM, Microsoft, Oracle,

Stellent, Mega, Dell, BlackStratus, among others.

3 CONTACT INFORMATION

Admin POC: Prasen Vasavada

Title: President & CEO

Phone: 301-208-9388 ext 202

eMail: [email protected]

RFI Response

RFI Response I-2



Date: Sep. 3, 2015

4 PRE-INCIDENT SERVICES

4.1 a) Incident Response Agreements

Yes, NSG provides Incident Response Agreements. Terms and conditions can be negotiated in

advance to be in place ahead of time to allow for quicker response in the event of a cyber-

security incident.

4.2 b) Assessments

Yes, NSG provides Assessments to evaluate a State Agency’s current state of information

security and cyber security incident response capability. Please see Appendix X "NSG

CyberSecurity Brochure" for an overview of available CyberSecurity services.

4.3 c) Preparation

Yes, NSG provides guidance on cybersecurity requirements and industry best practices. Please

see Appendix X "NSG CyberSecurity Brochure" for an overview of available CyberSecurity

services.

4.4 d) Developing Cyber-Security Incident Response Plans

Yes, NSG provides assistance in the development of written State Agency plans for incident

response in the event of a cyber-security incident. Please see Appendix X "NSG CyberSecurity

Brochure" for an overview of available CyberSecurity services.

4.5 e) Training

Yes, NSG provides training for State Agency staff from basic user security awareness to

technical education. Please see Appendix X "NSG GSA Schedule 70 Contract # GS-35F-0381L"

for more details.

5 POST-INCIDENT SERVICES

5.1 a) Breach Services Toll-free Hotline

Provide a scalable, resilient call center for incident response information to State Agencies.

5.2 b) Investigation/Clean-up

Yes, NSG provides rapid evaluation of incidents, can lead investigations and remediation

services to restore State Agency operations to pre-incident levels. . Please see Appendix X "NSG

CyberSecurity Brochure" for an overview of available CyberSecurity services.

5.3 c) Incident response

Yes, NSG provides guidance and technical staff to assist State Agencies in response to a

cybersecurity incident. Please see Appendix X "NSG CyberSecurity Brochure" for an overview

of available CyberSecurity services.

5.4 d) Mitigation Plans

Yes, NSG provides assistance to State Agency staff in the development of mitigation plans based

on cybersecurity assessments, investigations and incident response. NSG also provides assistance

to State Agency staff with incident mitigation activities, i.e. security engineering. . Please see

Appendix X "NSG CyberSecurity Brochure" for an overview of available CyberSecurity

services.

RFI Response

RFI Response I-3



Date: Sep. 3, 2015

5.5 e) Identity Monitoring, Protection, and Restoration

Provide identity monitoring, protection, and restoration services to any individuals potentially

affected by a cyber-security incident.

6 NSG SERVICES

All services described above and requested as part of this Request for Information are provided

by NSG on an individual Statement of Work or Task Order basis.

RFI Response

RFI Response I-4



Date: Sep. 3, 2015

APPENDIX A - NSG GSA SCHEDULE 70 CONTRACT # GS-35F-0381L

Please see attached Appendix A, entitled, "Appendix A NSG GSA SCHEDULE 70

CONTRACT GS-35F-0381L.pdf".

RFI Response

RFI Response I-5



Date: Sep. 3, 2015

APPENDIX B - NSG CYBERSECURITY BROCHURE

Please see attached Appendix B, entitled, "Appendix B NSG CyberSecurity Brochure.pdf".

RFI Response

RFI Response I-6



Date: Sep. 3, 2015

APPENDIX C - NSG BROCHURE

Please see attached Appendix C, entitled, "Appendix C NSG Brochure.pdf".

RFI Response

RFI Response I-7



Date: Sep. 3, 2015

APPENDIX D - NSG 3PAO PREASSESSMENT SUPPORT BROCHURE

Please see attached Appendix D, entitled, "Appendix D

NSG_3PAO_PreAssessment_Support_Brochure.pdf".

RFI Response

RFI Response I-8



Date: Sep. 3, 2015

APPENDIX E - NSG 3PAO ASSESSMENT SUPPORT BROCHURE

Please see attached Appendix E, entitled, "Appendix E

NSG_3PAO_Assessment_Support_Brochure.pdf".

NETWORK SPECIALTY GROUP, INC. GSA SCHEDULE 70 CONTRACT # GS 35F-0381L, REFRESH 32

P a g e | i

NOTICE OF RESTRICTIONS

This document includes information that is proprietary to Network Specialty Group, Inc. and shall not be duplicated, used, or disclosed outside the customer organization named on this page.

AUTHORIZED

INFORMATION TECHNOLOGY SCHEDULE PRICELIST GENERAL PURPOSE COMMERCIAL INFORMATION TECHNOLOGY

EQUIPMENT, SOFTWARE AND SERVICES Special Item No. 132-8 Purchase of New Equipment Special Item No. 132-32 Term Software Licenses Special Item No. 132-33 Perpetual Software Licenses Special Item No. 132-34 Maintenance of Software as a Service Special Item No. 132-50 Training Courses Special Item No. 132-51 Information Technology Professional Services Note: All non-professional labor categories must be incidental to and used solely to support hardware, software and/or professional services, and cannot be purchased separately.

SPECIAL ITEM NUMBER 132-8 PURCHASE OF NEW EQUIPMENT

FSC CLASS 7010 - SYSTEM CONFIGURATION

� End User Computers/Desktop Computers

� Professional Workstations

� Servers

� Laptop/Portable/Notebook Computers

� Large Scale Computers

� Optical and Imaging Systems

� Other Systems Configuration Equipment, Not Elsewhere Classified FSC CLASS 7025 - INPUT/OUTPUT AND STORAGE DEVICES

� Printers

� Display

� Graphics, including Video Graphics, Light Pens, Digitizers, Scanners, and Touch Screens

� Network Equipment

� Other Communications Equipment

� Optical Recognition Input/Output Devices

� Storage Devices including Magnetic Storage, Magnetic Tape Storage and Optical Disk Storage

� Other Input/Output and Storage Devices, Not Elsewhere Classified FSC CLASS 7035 - ADP SUPPORT EQUIPMENT

� ADP Support Equipment FSC Class 7042 - MINI AND MICRO COMPUTER CONTROL DEVICES


P a g e | ii



� Microcomputer Control Devices

� Telephone Answering and Voice Messaging Systems FSC CLASS 7050 - ADP COMPONENTS

� ADP Boards FSC CLASS 5995 - CABLE, CORD, AND WIRE ASSEMBLIES: COMMUNICATIONS EQUIPMENT

� Communications Equipment Cables FSC CLASS 6015 - FIBER OPTIC CABLES

� Fiber Optic Cables FSC CLASS 6020 - FIBER OPTIC CABLE ASSEMBLES AND HARNESSES

� Fiber Optic Cable Assemblies and Harnesses FSC CLASS 6145 - WIRE AND CABLE, ELECTRICAL

� Coaxial Cables FSC Class 5805 - TELEPHONE AND TELEGRAPH EQUIPMENT

� Telephone Equipment

� Audio and Video Teleconferencing Equipment FSC CLASS 5810 - COMMUNICATIONS SECURITY EQUIPMENT AND COMPONENTS

� Communications Security Equipment FSC CLASS 5815 - TELETYPE AND FACSIMILE EQUIPMENT

� Facsimile Equipment (FAX) FSC CLASS 5820 - RADIO AND TELEVISION COMMUNICATION EQUIPMENT, EXCEPT AIRBORNE

� Two-Way Radio Transmitters/Receivers/Antennas

� Broadcast Band Radio Transmitters/Receivers/Antennas

� Microwave Radio Equipment/Antennas and Waveguides

� Satellite Communications Equipment FSC CLASS 5821 - RADIO AND TELEVISION COMMUNICATION EQUIPMENT, AIRBORNE

� Airborne Radio Transmitters/Receivers FSC CLASS 5825 - RADIO NAVIGATION EQUIPMENT, EXCEPT AIRBORNE

� Radio Navigation Equipment/Antennas


P a g e | iii



FSC CLASS 5826 - RADIO NAVIGATION EQUIPMENT, AIRBORNE

� Airborne Radio Navigation Equipment FSC CLASS 5830 - INTERCOMMUNICATION AND PUBLIC ADDRESS SYSTEMS, EXCEPT AIRBORNE

� Pagers and Public Address Systems (wired and wireless transmissions, including background music systems)

FSC CLASS 5841 - RADAR EQUIPMENT, AIRBORNE

� Airborne Radar Equipment FSC CLASS 5895 - MISCELLANEOUS COMMUNICATION EQUIPMENT

� Miscellaneous Communications Equipment - Special Physical, Visual, Speech, and Hearing Aid Equipment - Installation (FPDS Code N070) for Equipment Offered - Deinstallation (FPDS N070 and N058) - Reinstallation (FPDS N070 and N058) NOTE: Installation must be incidental to, in conjunction with and in direct support of the products sold under SIN 132-8 of this contract and cannot be purchased separately. If the construction, alteration or repair is segregable and exceeds $2,000, then the requirements of the Davis-Bacon Act apply. In applying the Davis-Bacon Act, ordering activities are required to incorporate wage rate determinations into orders, as applicable.

SPECIAL ITEM NUMBER 132-32 - TERM SOFTWARE LICENSES

Software maintenance as a product includes the publishing of bug/defect fixes via patches and updates/upgrades in function and technology to maintain the operability and usability of the software product. It may also include other no charge support that are included in the purchase price of the product in the commercial marketplace. No charge support includes items such as user blogs, discussion forums, on-line help libraries and FAQs (Frequently Asked Questions), hosted chat rooms, and limited telephone, email and/or web-based general technical support for user’s self diagnostics. Software maintenance as a product does NOT include the creation, design, implementation, integration, etc. of a software package. These examples are considered software maintenance as a service – which is catagorized under a difference SIN (132-34). FSC CLASS 7030 - INFORMATION TECHNOLOGY SOFTWARE


� Operating System Software

� Application Software

� Electronic Commerce (EC) Software


P a g e | iv



� Utility Software

� Communications Software

� Core Financial Management Software

� Ancillary Financial Systems Software

� Special Physical, Visual, Speech, and Hearing Aid Software

� Microcomputers








� Special Physical, Visual, Speech, and Hearing Aid Software NOTE: Offerors are encouraged to identify within their software items any component interfaces that support open standard interoperability. An item’s interfaces may be identified as interoperable on the basis of participation in a Government agency-sponsored program or in an independent organization program. Interfaces may be identified by reference to an interface registered in the component registry located at http://www.core.gov.

SPECIAL ITEM NUMBER 132-33 - PERPETUAL SOFTWARE LICENSES

Software maintenance as a product includes the publishing of bug/defect fixes via patches and updates/upgrades in function and technology to maintain the operability and usability of the software product. It may also include other no charge support that are included in the purchase price of the product in the commercial marketplace. No charge support includes items such as user blogs, discussion forums, on-line help libraries and FAQs (Frequently Asked Questions), hosted chat rooms, and limited telephone, email and/or web-based general technical support for user’s self diagnostics. Software maintenance as a product does NOT include the creation, design, implementation, integration, etc. of a software package. These examples are considered software maintenance as a service. FSC CLASS 7030 - INFORMATION TECHNOLOGY SOFTWARE








P a g e | v





� Special Physical, Visual, Speech, and Hearing Aid Software

� Microcomputers








� Special Physical, Visual, Speech, and Hearing Aid Software NOTE: Offerors are encouraged to identify within their software items any component interfaces that support open standard interoperability. An item’s interface may be identified as interoperable on the basis of participation in a Government agency-sponsored program or in an independent organization program. Interfaces may be identified by reference to an interface registered in the component registry located at http://www.core.gov.

SPECIAL ITEM NUMBER 132-34 - MAINTENANCE OF SOFTWARE AS A SERVICE

Software maintenance as a service creates, designs, implements, and/or integrates customized changes to software that solve one or more problems and is not included with the price of the software. Software maintenance as a service includes person-to-person communications regardless of the medium used to communicate: telephone support, on-line technical support, customized support, and/or technical expertise which are charged commercially. Software maintenance as a service is billed arrears in accordance with 31 U.S.C. 3324.

SPECIAL ITEM NUMBER 132-50 - TRAINING COURSES (FPDS Code U012)

SPECIAL ITEM NUMBER 132-51 - INFORMATION TECHNOLOGY (IT)

PROFESSIONAL SERVICES

� FPDS Code D301 IT Facility Operation and Maintenance

� FPDS Code D302 IT Systems Development Services

� FPDS Code D306 IT Systems Analysis Services

� FPDS Code D307 Automated Information Systems Design and Integration Services

� FPDS Code D308 Programming Services

� FPDS Code D310 IT Backup and Security Services

� FPDS Code D311 IT Data Conversion Services

� FPDS Code D313 Computer Aided Design/Computer Aided Manufacturing (CAD/CAM) Services

� FPDS Code D316 IT Network Management Services


P a g e | vi



� FPDS Code D317 Creation/Retrieval of IT Related Automated News Services, Data Services, or Other Information Services (All other information services belong under Schedule 76)

� FPDS Code D399 Other Information Technology Services, Not Elsewhere Classified

Note 1: All non-professional labor categories must be incidental to and used solely to support hardware, software and/or professional services, and cannot be purchased separately.

Note 2: Offerors and Agencies are advised that the Group 70 – Information Technology Schedule is not to be used as a means to procure services which properly fall under the Brooks Act. These services include, but are not limited to, architectural, engineering, mapping, cartographic production, remote sensing, geographic information systems, and related services. FAR 36.6 distinguishes between mapping services of an A/E nature and mapping services which are not connected nor incidental to the traditionally accepted A/E Services.

Note 3: This solicitation is not intended to solicit for the reselling of IT Professional Services, except for the provision of implementation, maintenance, integration, or training services in direct support of a product. Under such circumstances the services must be performance by the publisher or manufacturer or one of their authorized agents.

Network Specialty Group, Inc.

610 Professional Drive, Suite 105, Gaithersburg, MD, 20879 301-208-9388

www.nsgi-hq.com Contract Number: GS-35-F0381L Period Covered by Contract: May 7, 2011 through May 6, 2016 General Services Administration Federal Acquisition Service Pricelist current through Modification # 34, dated October 25, 2013 Products and ordering information in this Authorized Information Technology Schedule Pricelist are also available on the GSA Advantage! System (http://www.gsaadvantage.gov).


P a g e | vii



Table of Contents

1 Information for Ordering Activities for All SINs ......................................................................1

2 Terms and Conditions for All SINs .........................................................................................10

2.1 Terms and Conditions Applicable to Purchase of General Purpose Commercial Information Technology New Equipment (Special Item Number 132-8) ........................10

2.2 Terms and Conditions Applicable to Term Software Licenses (Special Item Number 132-32), Perpetual Software Licenses (Special Item Number 132-33) and Maintenance as a Service (Special Item Number 132-34) of General Purpose Commercial Information Technology Software ...............................................................12

2.3 Terms and Conditions Applicable to Purchase of Training Courses for General Purpose Commercial Information Technology Equipment and Software (Special Item Number 132-50) .......................................................................................................17

2.4 Terms and Conditions Applicable to Information Technology (IT) Professional Services (Special Item Number 132-51) ...........................................................................19

3 Descriptions for all SINS .........................................................................................................25

3.1 SIN 132-8 - Purchase of Equipment .................................................................................25

3.2 SIN 132-33 – Perpetual Software Licenses ......................................................................26

3.3 SIN 132-50 - Training Courses.........................................................................................27

3.4 SIN 132-51 - IT Professional Services Labor Category Descriptions ..............................47

4 Price List for All SINs .............................................................................................................62

4.1 SIN #132-8 - Purchase of Equipment ...............................................................................62

4.2 SIN #132-32 - Term Software Licenses ...........................................................................65

4.3 SIN #132-33 - Perpetual Software Licenses .....................................................................66

4.4 SIN #132-34 - Maintenance of Software ..........................................................................67

4.5 SIN #132-50 - BlackStratus Price List .............................................................................76

4.6 SIN 132-50 - Training Courses Price List ........................................................................77

4.7 SIN #132-51 - IT Professional Services ...........................................................................86

5 USA Commitment to Promote Small Business Participation Procurement Programs ............90

6 Best Value BPA Federal Supply Schedule ..............................................................................91


P a g e | 1



1 INFORMATION FOR ORDERING ACTIVITIES FOR ALL SINS

SPECIAL NOTICE TO AGENCIES: Small Business Participation

The Small Business Administration (SBA) strongly supports the participation of small business concerns in the Federal Acquisition Service. To enhance Small Business Participation, the SBA policy allows agencies to include in their procurement base and goals, the dollar value of orders expected to be placed against the Federal Supply Schedules, and to report accomplishments against these goals. For orders exceeding the micro-purchase threshold, FAR 8.404 requires agencies to consider the catalogs/pricelists of at least three schedule contractors or consider reasonably available

information by using the GSA Advantage! on-line shopping service (www.gsaadvantage.gov).

The catalogs/pricelists, GSA Advantage! and the Federal Acquisition Service Home Page (www.gsa.gov/fas) contains information on a broad array of products and services offered by small business concerns. This information should be used as a tool to assist ordering activities in meeting or exceeding established small business goals. It should also be used as a tool to assist in including small, small disadvantaged, and women-owned small businesses among those considered when selecting pricelists for a best value determination. For orders exceeding the micro-purchase threshold, customers are to give preference to small business concerns when two or more items at the same delivered price will satisfy their requirement.

Geographic Scope of Contract

Domestic delivery is delivery within the 48 contiguous states, Alaska, Hawaii, Puerto Rico, Washington, DC, and U.S. Territories. Domestic delivery also includes a port or consolidation point, within the aforementioned areas, for orders received from overseas activities. Overseas delivery is delivery to points outside of the 48 contiguous states, Washington, DC, Alaska, Hawaii, Puerto Rico, and U.S. Territories. Offerors are requested to check one of the following boxes: [X] The Geographic Scope of Contract will be domestic and overseas delivery. [ ] The Geographic Scope of Contract will be overseas delivery only. [ ] The Geographic Scope of Contract will be domestic delivery only.

Contractor's Ordering Address and Payment Information

Network Specialty Group, Inc. 610 Professional Drive, Suite 105 Gaithersburg, Maryland 20879 Phone: (301) 208-9388; Fax: (301) 208-9077


P a g e | 2



Email: [email protected] Website: http://www.nsgi-hq.com NSGI will accept the credit card for payments equal to or less than the micro-purchase for oral or written orders under this contract. The Contractor and the ordering agency may agree to use the credit card for dollar amounts over the micro-purchase threshold (See GSAR 552.232-79 Payment by Credit Card). In addition, bank account information for wire transfer payments will be shown on the invoice. The following telephone number(s) can be used by ordering activities to obtain technical and/or ordering assistance: (301) 208-9388

Liability for Injury or Damage

NSGI shall not be liable for any injury to ordering activity personnel or damage to ordering activity property arising from the use of equipment maintained by the Contractor, unless such injury or damage is due to the fault or negligence of the Contractor.

Statistical Data for Government Ordering Office

Section 1.4 applies to the completion of Standard Form 279. Block 9: G. Order/Modification under Federal Schedule Contract Block 16: Data Universal Numbering System (DUNS) Number: 869008631 Block 30: Type of Contractor: Small Disadvantaged Business Block 31: Woman-Owned Small Business - No Block 37: Contractor's Taxpayer Identification Number (TIN): 52-1878091

Block 40: Veteran Owned Small Business (VOSB): No 4a. CAGE Code: 01JL9

4b. Contractor has registered with the Central Contractor Registration Database.

FOB Destination

None

Delivery Schedule

� TIME OF DELIVERY: The Contractor shall deliver to the destination within the number of calendar days after receipt of order (ARO), as set forth below: � 132-8, 132-32, 132-33, 132-34, 132-50, 132-51 - *Days � (* To be agreed upon in the Terms and Conditions of the award)

� URGENT REQUIREMENTS: When the Federal Supply Schedule contract delivery period does not meet the bona fide urgent delivery requirements of an ordering activity, ordering activities are encouraged, if time permits, to contact the Contractor for the purpose of obtaining accelerated delivery. The Contractor shall reply to the inquiry within 3 workdays after receipt (telephonic replies shall be confirmed by the Contractor in writing). If the Contractor offers an accelerated delivery time acceptable to the


P a g e | 3



ordering activity, any order(s) placed pursuant to the agreed upon accelerated delivery time frame shall be delivered within this shorter delivery time and in accordance with all other terms and conditions of the contract.

Discounts

Prices shown are NET Prices. Basic discounts have been deducted.

� Prompt Payment: 0% - 30 days from receipt of invoice or date of acceptance, whichever is later.

� Quantity – There are no discounts related to the quantity of the order.

� Dollar Volume – There are no discounts related to the dollar volume of the order.

� Government Educational Institutions – are offered the same discounts as all other

Government customers.

� Other – No other discount is available to the ordering agency.

Trade Agreement Acts of 1979 - As Amended

All items are U.S. made end products, designated country end products, Caribbean Basin country end products, Canadian end products, or Mexican end products as defined in the Trade Agreements Act of 1979, as amended.

Statement Concerning Availability of Export Packing

NSGI does not offer any products that concern export packing.

Small Business Requirements

The minimum dollar value of orders to be issued is $100.

Maximum Order

All dollar amounts are exclusive of any discount for prompt payment.

� The Maximum Order value for the following SINs is $500,000: � SIN 132-8 - Purchase of Equipment � SIN 132-32 - Term Software Licenses � SIN 132-33 - Perpetual Software Licenses � SIN 132-34 - Maintenance of Software as a Service � SIN 132-51 - Information Technology Professional Services

� The Maximum Order value for the following SIN is $25,000: � SIN 132-50 - Training Courses

Ordering Procedures for Federal Supply Contracts

Ordering activities shall use the ordering procedures of Federal Acquisition Regulation (FAR) 8.405 when placing an order or establishing a Blanket Purchase Agreement (BPA) for supplies or services. These procedures apply to all schedules.

� FAR 8.405-1 Ordering procedures for supplies and services not requiring a statement of work.


P a g e | 4



� FAR 8.405-2 Ordering procedures for services requiring a statement of work.

Federal IT/Telecommunications Standards Requirements

Ordering activities acquiring products from this Schedule must comply with the provisions of the Federal Standards Program, as appropriate (reference: National Institute of Standards and Technology (NIST) Federal Standards Index). Inquiries to determine whether or not specific products listed herein comply with Federal Information Processing Standards (FIPS) or Federal Telecommunication Standards (FED-STDS), which are cited by ordering activities, shall be responded to promptly by the Contractor.

� FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATIONS

(FIPS PUBS): Information Technology products under this Schedule that do not conform to FIPS should not be acquired unless a waiver has been granted in accordance with the applicable "FIPS Publication." Federal Information Processing Standards Publications (FIPS PUBS) are issued by the U.S. Department of Commerce, NIST, pursuant to National Security Act. Information concerning their availability and applicability should be obtained from the National Technical Information Service (NTIS), 5285 Port Royal Road, Springfield, Virginia 22161. FIPS PUBS include voluntary standards when these are adopted for Federal use. Individual orders for FIPS PUBS should be referred to the NTIS Sales Office, and orders for subscription service should be referred to the NTIS Subscription Officer, both at the above address, or telephone number (703) 487-4650.

� FEDERAL TELECOMMUNICATION STANDARDS (FED-STDS): Telecommunication products under this Schedule that do not conform to FED-STDS should not be acquired unless a waiver has been granted in accordance with the applicable "FED-STD." Federal Telecommunication Standards are issued by the U.S. Department of Commerce, NIST, pursuant to National Security Act. Ordering information and information concerning the availability of FED-STDS should be obtained from the GSA, Federal Acquisition Service, Specification Section, 470 East L’Enfant Plaza, Suite 8100, SW, Washington, DC 20407, telephone number (202) 619-8925. Please include a self-addressed mailing label when requesting information by mail. Information concerning their applicability can be obtained by writing or calling the U.S. Department of Commerce, National Institute of Standards and Technology, Gaithersburg, MD 20899, telephone number (301) 975-2833.

Contractor Tasks/Special Requirements (C-FSS-370) (NOV 2003)

� Security Clearances: The Contractor may be required to obtain/possess varying levels of security clearances in the performance of orders issued under this contract. All costs associated with obtaining/possessing such security clearances should be factored into the price offered under the Multiple Award Schedule.

� Travel: The Contractor may be required to travel in performance of orders issued under this contract. Allowable travel and per diem charges are governed by Pub L. 99-234 and FAR Part 31, and are reimbursable by the ordering agency or can be priced as a fixed price item on orders placed under the Multiple Award Schedule. Travel in performance


P a g e | 5



of a task order will only be reimbursable to the extent authorized by the ordering agency. The Industrial Funding Fee does NOT apply to travel and per diem charges.

� Certifications, Licenses and Accreditations: As a commercial practice, the Contractor may be required to obtain/possess any variety of certifications, licenses and accreditations for specific FSC/service code classifications offered. All costs associated with obtaining/ possessing such certifications, licenses and accreditations should be factored into the price offered under the Multiple Award Schedule program.

� Insurance: As a commercial practice, the Contractor may be required to obtain/possess insurance coverage for specific FSC/service code classifications offered. All costs associated with obtaining/possessing such insurance should be factored into the price offered under the Multiple Award Schedule program.

� Personnel: The Contractor may be required to provide key personnel, resumes, or skill category descriptions in the performance of orders issued under this contract. Ordering activities may require agency approval of additions or replacements to key personnel.

� Organizational Conflicts of Interest: Where there may be an organizational conflict of interest as determined by the ordering agency, the Contractor’s participation in such orders may be restricted in accordance with FAR Part 9.5.

� Documentation/Standards: The Contractor may be requested to provide products or services in accordance with rules, regulations, OMB orders, standards and documentation as specified by the agency’s order.

� Data/Deliverable Requirements: Any required data/deliverables at the ordering level will be as specified or negotiated in the agency’s order.

� Government-Furnished Property: As specified by the agency’s order, the Government may provide property, equipment, materials, or resources as necessary.

� Availability of Funds: Many Government agencies’ operating funds are appropriated for a specific fiscal year. Funds may not be presently available for any orders placed under the contract or any option year. The Government’s obligation on orders placed under this contract is contingent upon the availability of appropriated funds from which payment for ordering purposes can be made. No legal liability on the part of the Government for any payment may arise until funds are available to the ordering Contracting Officer.

� Overtime: For professional services, the labor rates in the Schedule should not vary by virtue of the Contractor having worked overtime. For services applicable to the Service Contract Act (as identified in the Schedule), the labor rates in the Schedule will vary as governed by labor laws (usually assessed a time and a half of the labor rate).

Contract Administration for Ordering Activities

Any ordering activity, with respect to any one or more delivery orders placed by it under this contract, may exercise the same rights of termination as might the GSA Contracting Officer under provisions of FAR 52.212-4, paragraphs (l) Termination for the ordering activity’s convenience, and (m) Termination for Cause (See 52.212-4).


P a g e | 6



GSA Advantage!

GSA Advantage! is an online, interactive electronic information and ordering system that provides on-line access to vendors' schedule prices with ordering information. GSA Advantage! will allow the user to perform various searches across all contracts including, but not limited to:

� Manufacturer

� Manufacturer's Part Number

� Product Categories Agencies can browse GSA Advantage! by accessing the Internet World Wide Web utilizing a browser. The Internet address is http://www.gsaadvantage.gov.

Purchase of Open Market Items

NOTE: Open Market Items are also known as incidental items, non-contract items, non-Schedule items, and items not on a Federal Supply Schedule contract. Other Direct Costs (ODCs) are not part of this contract and should be treated as open market purchases. Ordering Activities procuring open market items must follow FAR 8.402(f). For administrative convenience, an ordering activity contracting officer may add items not on the Federal Supply Multiple Award Schedule (MAS) - referred to as open market items - to a Federal Supply Schedule BPA or an individual task or delivery order, only if-

� All applicable acquisition regulations pertaining to the purchase of the items not on the Federal Supply Schedule have been followed (e.g., publicizing (Part 5), competition requirements (Part 6), acquisition of commercial items (Part 12), contracting methods (Parts 13, 14, and 15), and small business programs (Part 19));

� The ordering activity contracting officer has determined the price for the items not on the Federal Supply Schedule is fair and reasonable;

� The items are clearly labeled on the order as items not on the Federal Supply Schedule; and

� All clauses applicable to items not on the Federal Supply Schedule are included in the order.

Contractor Commitments, Warranties, and Representations

� For the purpose of this contract, commitments, warranties, and representations include, in addition to those agreed to for the entire schedule contract: � Time of delivery/installation quotations for individual orders; � Technical representations and/or warranties of products concerning performance,

total system performance and/or configuration, physical, design and/or functional characteristics and capabilities of a product/equipment/ service/software package submitted in response to requirements which result in orders under this schedule contract.

� Any representations and/or warranties concerning the products made in any literature, description, drawings and/or specifications furnished by the Contractor.


P a g e | 7



� The above is not intended to encompass items not currently covered by the GSA Schedule contract.

Overseas Activities

The terms and conditions of this contract shall apply to all orders for installation, maintenance, and repair of equipment in areas listed in the pricelist outside the 48 contiguous states and the District of Columbia, except as indicated below: Upon request of the Contractor, the ordering activity may provide the Contractor with logistics support, as available, in accordance with all applicable ordering activity regulations. Such ordering activity support will be provided on a reimbursable basis, and will only be provided to the Contractor's technical personnel whose services are exclusively required for the fulfillment of the terms and conditions of this contract.

Blanket Purchase Agreements (BPAs)

The use of BPAs under any schedule contract to fill repetitive needs for supplies or services is allowable. BPAs may be established with one or more schedule contractors. The number of BPAs to be established is within the discretion of the ordering activity establishing the BPA and should be based on a strategy that is expected to maximize the effectiveness of the BPA(s). Ordering activities shall follow FAR 8.405-3 when creating and implementing BPA(s).

Contractor Team Arrangements

Contractors participating in contractor team arrangements must abide by all terms and conditions of their respective contracts. This includes compliance with Clauses 552.238-74; Industrial Funding Fee and Sales Reporting, i.e., each contractor (team member) must report sales and remit the IFF for all products and services provided under its individual contract.

Installation, De-Installation, and Re-Installation

The Davis-Bacon Act (40 U.S.C. 276a-276a-7) provides that contracts in excess of $2,000 to which the United States or the District of Columbia is a party for construction, alteration, or repair (including painting and decorating) of public buildings or public works with the United States, shall contain a clause that no laborer or mechanic employed directly upon the site of the work shall received less than the prevailing wage rates as determined by the Secretary of Labor. The requirements of the Davis-Bacon Act do not apply if the construction work is incidental to the furnishing of supplies, equipment, or services. For example, the requirements do not apply to simple installation or alteration of a public building or public work that is incidental to furnishing supplies or equipment under a supply contract. However, if the construction, alteration or repair is segregable and exceeds $2,000, then the requirements of the Davis-Bacon Act apply.

The ordering activity issuing the task order against this contract will be responsible for proper administration and enforcement of the Federal labor standards covered by the Davis-Bacon Act. The proper Davis-Bacon wage determination will be issued by the ordering activity at the time a request for quotations is made for applicable construction classified installation, de-installation, and reinstallation services under SIN 132-8 or 132-9.


P a g e | 8



Section 508 Compliance

If applicable, Section 508 compliance information on the supplies and services in this contract are available in Electronic and Information Technology (EIT) at the following:

The EIT standard can be found at: www.Section508.gov/.

Prime Contractor Ordering from the Federal Supply Schedule

Prime Contractors (on cost reimbursement contracts) placing orders under Federal Supply Schedules, on behalf of an ordering activity, shall follow the terms of the applicable schedule and authorization and include with each order –

� A copy of the authorization from the ordering activity with whom the contractor has the prime contract (unless a copy was previously furnished to the Federal Supply Schedule contractor); and

� The following statement: This order is placed under written authorization from dated. In the event of any inconsistency between the terms and conditions of this order and those of your Federal Supply Schedule contract, the latter will govern.

Insurance - Work on a Government Installation (JAN 1997) (FAR 52.228-5)

� The Contractor shall, at its own expense, provide and maintain during the entire performance of this contract, at least the types and minimum amounts of insurance required in the Schedule or elsewhere in the contract.

� Before commencing work under this contract, the Contractor shall notify the Contracting Officer in writing that the required insurance has been obtained. The policies evidencing required insurance shall contain an endorsement to the effect that any cancellation or any material change adversely affecting the Government's interest shall not be effective - � For such period as the laws of the State in which this contract is to be performed

prescribe; or � Until 30 days after the insurer or the Contractor gives written notice to the

Contracting Officer, whichever period is longer

� The Contractor shall insert the substance of this clause, including this paragraph (c), in subcontracts under this contract that require work on a Government installation and shall require subcontractors to provide and maintain the insurance required in the Schedule or elsewhere in the contract. The Contractor shall maintain a copy of all subcontractors' proofs of required insurance, and shall make copies available to the Contracting Officer upon request.

Software Interoperability

Offerors are encouraged to identify within their software items any component interfaces that support open standard interoperability. An item’s interface may be identified as interoperable on the basis of participation in a Government agency-sponsored program or in an independent organization program. Interfaces may be identified by reference to an interface registered in the component registry located at http://www.core.gov.


P a g e | 9



Advance Payments

A payment under this contract to provide a service or deliver an article for the United States Government may not be more than the value of the service already provided or the article already delivered. Advance or pre-payment is not authorized or allowed under this contract (31 U.S.C. 3324).


P a g e | 10



2 TERMS AND CONDITIONS FOR ALL SINS

The following terms and conditions apply for various SINs.

2.1 Terms and Conditions Applicable to Purchase of General Purpose Commercial

Information Technology New Equipment (Special Item Number 132-8)

2.1.1 Material and Workmanship

All equipment furnished hereunder must satisfactorily perform the function for which it is intended.

2.1.2 Order

Written orders, EDI orders (GSA Advantage! and FACNET), credit card orders, and orders placed under blanket purchase agreements (BPA) shall be the basis for purchase in accordance with the provisions of this contract. If time of delivery extends beyond the expiration date of the contract, the Contractor will be obligated to meet the delivery and installation date specified in the original order. For credit card orders and BPAs, telephone orders are permissible.

2.1.3 Transportation of Equipment

FOB DESTINATION: Prices cover equipment delivery to destination for any location within the geographic scope of this contract.

2.1.4 Installation and Technical Services

a) INSTALLATION: When the equipment provided under this contract is not normally self-installable, the Contractor's technical personnel shall be available to the ordering activity, at the ordering activity's location, to install the equipment and to train ordering activity personnel in the use and maintenance of the equipment. The charges, if any, for such services are listed below, or in the price schedule.

b) INSTALLATION, DEINSTALLATION, REINSTALLATION: The Davis-Bacon Act (40 U.S.C. 276a-276a-7) provides that contracts in excess of $2,000 to which the United States or the District of Columbia is a party for construction, alteration, or repair (including painting and decorating) of public buildings or public works with the United States, shall contain a clause that no laborer or mechanic employed directly upon the site of the work shall received less than the prevailing wage rates as determined by the Secretary of Labor. The requirements of the Davis-Bacon Act do not apply if the construction work is incidental to the furnishing of supplies, equipment, or services. For example, the requirements do not apply to simple installation or alteration of a public building or public work that is incidental to furnishing supplies or equipment under a supply contract. However, if the construction, alteration, or repair is segregable and exceeds $2,000, then the requirements of the Davis-Bacon Act applies. The ordering activity issuing the task order against this contract will be responsible for proper administration and enforcement of the Federal labor standards covered by the Davis-Bacon Act. The proper Davis-Bacon wage determination will be issued by the


P a g e | 11



ordering activity at the time a request for quotations is made for applicable construction classified installation, deinstallation, and reinstallation services under SIN 132-8 or SIN 132-9.

c) OPERATING AND MAINTENANCE MANUALS: The Contractor shall furnish the ordering activity with one (1) copy of all operating and maintenance manuals which are normally provided with the equipment being purchased.

2.1.5 Inspection and Acceptance

The Contractor shall only tender for acceptance those items that conform to the requirements of this contract. The ordering activity reserves the right to inspect or test any equipment that has been tendered for acceptance. The ordering activity may require repair or replacement of nonconforming equipment at no increase in contract price. The ordering activity must exercise its postacceptance rights (1) within a reasonable time after the defect was discovered or should have been discovered; and (2) before any substantial change occurs in the condition of the item, unless the change is due to the defect in the item.

2.1.6 Warranty

a) Unless specified otherwise in this contract, the Contractor’s standard commercial warranty as stated in the contract’s commercial pricelist will apply to this contract.

b) The Contractor warrants and implies that the items delivered hereunder are merchantable and fit for use for the particular purpose described in this contract.

c) Limitation of Liability - Except as otherwise provided by an express or implied warranty, the Contractor will not be liable to the ordering activity for consequential damages resulting from any defect or deficiencies in accepted items.

d) If inspection and repair of defective equipment under this warranty will be performed at the Contractor's plant, the address is as follows: N/A

2.1.7 Purchase Price for Ordered Equipment

The purchase price that the ordering activity will be charged will be the ordering activity purchase price in effect at the time of order placement, or the ordering activity purchase price in effect on the installation date (or delivery date when installation is not applicable), whichever is less.

2.1.8 Responsibilities of the Contractor

The Contractor shall comply with all laws, ordinances, and regulations (Federal, State, City or otherwise) covering work of this character, and shall include all costs, if any, of such compliance in the prices quoted in this offer.

2.1.9 Trade-In of Information Technology Equipment

When an ordering activity determines that Information Technology equipment will be replaced, the ordering activity shall follow the contracting policies and procedures in the Federal Acquisition Regulation (FAR), the policies and procedures regarding disposition of information


P a g e | 12



technology excess personal property in the Federal Property Management Regulations (FPMR) (41 CFR 101-43.6), and the policies and procedures on exchange/sale contained in the FPMR (41 CFR part 101-46).

2.1.10 BlackStratus IT Professional Services under SIN 132-8

Pre-Production License Type: Available to paid customers only. The customer will receive a 60% discount on all parts listed in the Price List. It is to be used by paid customers for a lab or test environment only and is not for full use. Note: The prices listed within this GSA Schedule represent a quantity of one (1) unless otherwise stated.

2.2 Terms and Conditions Applicable to Term Software Licenses (Special Item Number

132-32), Perpetual Software Licenses (Special Item Number 132-33) and Maintenance

as a Service (Special Item Number 132-34) of General Purpose Commercial

Information Technology Software

2.2.1 Inspection and Acceptance

The Contractor shall only tender for acceptance those items that conform to the requirements of this contract. The ordering activity reserves the right to inspect or test any software that has been tendered for acceptance. The ordering activity may require repair or replacement of nonconforming software at no increase in contract price. The ordering activity must exercise its postacceptance rights (1) within a reasonable time after the defect was discovered or should have been discovered; and (2) before any substantial change occurs in the condition of the software, unless the change is due to the defect in the software.

2.2.2 Enterprise User License Agreements Requirements (EULA)

The Contractor shall provide all Enterprise User License Agreements in an editable Microsoft Office (Word) format.

2.2.3 Guarantee and Warranty

a) Unless specified otherwise in this contract, the Contractor’s standard commercial guarantee/warranty as stated in the contract’s commercial pricelist will apply to this contract.

b) The Contractor warrants and implies that the items delivered hereunder are merchantable and fit for use for the particular purpose described in this contract.

c) Limitation of Liability. Except as otherwise provided by an express or implied warranty, the Contractor will not be liable to the ordering activity for consequential damages resulting from any defect or deficiencies in accepted items.

2.2.4 Technical Services

The Contractor, without additional charge to the ordering activity, shall provide a hot line


P a g e | 13



technical support number for the purpose of providing user assistance and guidance in the implementation of the software. The technical support number is available from ___________ to ___________.

2.2.5 Software Maintenance

a) Software maintenance as it is defined: (select software maintenance type): __________ 1. Software Maintenance as a Product (SIN 132-32 or SIN 132-33)

Software maintenance as a product includes the publishing of bug/defect fixes via patches and updates/upgrades in function and technology to maintain the operability and usability of the software product. It may also include other no charge support that are included in the purchase price of the product in the commercial marketplace. No charge support includes items such as user blogs, discussion forums, on-line help libraries, and FAQs (Frequently Asked Questions), hosted chat rooms, and limited telephone, email, and/or web-based general technical support for user’s self diagnostics. Software maintenance as a product does NOT include the creation, design, implementation, integration, etc. of a software package. These examples are considered software maintenance as a service. Software maintenance as a product is billed at the time of purchase.

__________ 2. Software Maintenance as a Service (SIN 132-34)

Software maintenance as a service creates, designs, implements, and/or integrates customized changes to software that solve one or more problems and is not included with the price of the software. Software maintenance as a service includes person-to-person communications regardless of the medium used to communicate, telephone support, on-line technical support, customized support, and/or technical expertise which are charged commercially. Software maintenance as a service is billed arrears in accordance with 31 U.S.C. 3324. Software maintenance as a service is billed in arrears in accordance with 31 U.S.C. 3324.

b) Invoices for maintenance service shall be submitted by the Contractor on a quarterly or

monthly basis, after the completion of such period. Maintenance charges must be paid in arrears (31 U.S.C. 3324). PROMPT PAYMENT DISCOUNT, IF APPLICABLE, SHALL BE SHOWN ON THE INVOICE.


P a g e | 14



2.2.6 Periods of Term Licenses (SIN 132-32) and Maintenance (SIN 132-34)

a) The Contractor shall honor orders for periods for the duration of the contract period or a lesser period of time.

b) Term licenses and/or maintenance may be discontinued by the ordering activity on thirty (30) calendar days written notice to the Contractor.

c) Annual Funding - When annually appropriated funds are cited on an order for term licenses and/or maintenance, the period of the term licenses and/or maintenance shall automatically expire on September 30 of the contract period, or at the end of the contract period, whichever occurs first. Renewal of the term licenses and/or maintenance orders citing the new appropriation shall be required, if the term licenses and/or maintenance is to be continued during any remainder of the contract period.

d) Cross-Year Funding Within Contract Period - Where an ordering activity’s specific appropriation authority provides for funds in excess of a 12 month (fiscal year) period, the ordering activity may place an order under this schedule contract for a period up to the expiration of the contract period, notwithstanding the intervening fiscal years.

e) Ordering activities should notify the Contractor in writing thirty (30) calendar days prior to the expiration of an order, if the term licenses and/or maintenance is to be terminated at that time. Orders for the continuation of term licenses and/or maintenance will be required if the term licenses and/or maintenance is to be continued during the subsequent period.

2.2.7 Conversion from Term License to Perpetual License

a) The ordering activity may convert term licenses to perpetual licenses for any or all software at any time following acceptance of software. At the request of the ordering activity the Contractor shall furnish, within ten (l0) calendar days, for each software product that is contemplated for conversion, the total amount of conversion credits which have accrued while the software was on a term license and the date of the last update or enhancement.

b) Conversion credits which are provided shall, within the limits specified, continue to accrue from one contract period to the next, provided the software remains on a term license within the ordering activity.

c) The term license for each software product shall be discontinued on the day immediately preceding the effective date of conversion from a term license to a perpetual license.

d) The price the ordering activity shall pay will be the perpetual license price that prevailed at the time such software was initially ordered under a term license, or the perpetual license price prevailing at the time of conversion from a term license to a perpetual license, whichever is the less, minus an amount equal to _% of all term license payments during the period that the software was under a term license within the ordering activity.

2.2.8 Term License Cessation

a) After a software product has been on a continuous term license for a period of _______* months, a fully paid-up, non-exclusive, perpetual license for the software product shall automatically accrue to the ordering activity. The period of continuous term license for automatic accrual of a fully paid-up perpetual license does not have to be achieved during a


P a g e | 15



particular fiscal year; it is a written Contractor commitment which continues to be available for software that is initially ordered under this contract, until a fully paid-up perpetual license accrues to the ordering activity. However, should the term license of the software be discontinued before the specified period of the continuous term license has been satisfied, the perpetual license accrual shall be forfeited.

b) The Contractor agrees to provide updates and maintenance service for the software after a perpetual license has accrued, at the prices and terms of Special Item Number l32-34, if the licensee elects to order such services. Title to the software shall remain with the Contractor.

2.2.9 Utilization Limitations - (SIN 132-32, SIN 132-33, and SIN 132-34)

a) Software acquisition is limited to commercial computer software defined in FAR Part 2.101. b) When acquired by the ordering activity, commercial computer software and related

documentation so legend shall be subject to the following: 1) Title to and ownership of the software and documentation shall remain with the

Contractor, unless otherwise specified. 2) Software licenses are by site and by ordering activity. An ordering activity is defined as

a cabinet level or independent ordering activity. The software may be used by any subdivision of the ordering activity (service, bureau, division, command, etc.) that has access to the site the software is placed at, even if the subdivision did not participate in the acquisition of the software. Further, the software may be used on a sharing basis where multiple agencies have joint projects that can be satisfied by the use of the software placed at one ordering activity's site. This would allow other agencies access to one ordering activity's database. For ordering activity public domain databases, user agencies and third parties may use the computer program to enter, retrieve, analyze, and present data. The user ordering activity will take appropriate action by instruction, agreement, or otherwise, to protect the Contractor's proprietary property with any third parties that are permitted access to the computer programs and documentation in connection with the user ordering activity's permitted use of the computer programs and documentation. For purposes of this section, all such permitted third parties shall be deemed agents of the user ordering activity.

3) Except as is provided in paragraph 8.b(2) above, the ordering activity shall not provide or otherwise make available the software or documentation, or any portion thereof, in any form, to any third party without the prior written approval of the Contractor. Third parties do not include prime Contractors, subcontractors, and agents of the ordering activity who have the ordering activity's permission to use the licensed software and documentation at the facility, and who have agreed to use the licensed software and documentation only in accordance with these restrictions. This provision does not limit the right of the ordering activity to use software, documentation, or information therein, which the ordering activity may already have or obtains without restrictions.

4) The ordering activity shall have the right to use the computer software and documentation with the computer for which it is acquired at any other facility to which that computer may be transferred, or in cases of Disaster Recovery, the ordering activity has the right to transfer the software to another site if the ordering activity site for which


P a g e | 16



it is acquired is deemed to be unsafe for ordering activity personnel; to use the computer software and documentation with a backup computer when the primary computer is inoperative; to copy computer programs for safekeeping (archives) or backup purposes; to transfer a copy of the software to another site for purposes of benchmarking new hardware and/or software; and to modify the software and documentation or combine it with other software, provided that the unmodified portions shall remain subject to these restrictions.

5) "Commercial Computer Software" may be marked with the Contractor's standard commercial restricted rights legend, but the schedule contract and schedule pricelist, including this clause, "Utilization Limitations" are the only governing terms and conditions, and shall take precedence and supersede any different or additional terms and conditions included in the standard commercial legend.

2.2.10 Software Conversions - (SIN 132-32 and SIN 132-33)

Full monetary credit will be allowed to the ordering activity when conversion from one version of the software to another is made as the result of a change in operating system, or from one computer system to another. Under a perpetual license (132-33), the purchase price of the new software shall be reduced by the amount that was paid to purchase the earlier version. Under a term license (132-32), conversion credits which accrued while the earlier version was under a term license shall carry forward and remain available as conversion credits which may be applied towards the perpetual license price of the new version.

2.2.11 Descriptions and Equipment Compatibility

The Contractor shall include, in the schedule pricelist, a complete description of each software product and a list of equipment on which the software can be used. Also, included shall be a brief, introductory explanation of the modules and documentation which are offered.

2.2.12 Right-to-Copy Pricing

The Contractor shall insert the discounted pricing for right-to-copy licenses.

2.2.13 For BlackStratus IT Professional Services under SIN 132-34

Maintenance includes software maintenance, technical telephone support, published software updates for minor and maintenance updates. All maintenance and technical support charges are billed annually in advance, and are not subject to discounts. Note: The prices listed within this GSA Schedule represent a quantity of one (1) unless otherwise stated.


P a g e | 17



2.3 Terms and Conditions Applicable to Purchase of Training Courses for General

Purpose Commercial Information Technology Equipment and Software (Special Item

Number 132-50)

2.3.1 Scope

a) The Contractor shall provide training courses normally available to commercial customers, which will permit ordering activity users to make full, efficient use of general purpose commercial IT products. Training is restricted to training courses for those products within the scope of this solicitation.

b) The Contractor shall provide training at the Contractor's facility and/or at the ordering activity's location, as agreed to by the Contractor and the ordering activity.

2.3.2 Order

Written orders, EDI orders (GSA Advantage! and FACNET), credit card orders, and orders placed under Blanket Purchase Agreements (BPAs) shall be the basis for the purchase of training courses in accordance with the terms of this contract. Orders shall include the student's name, course title, course date and time, and contracted dollar amount of the course.

2.3.3 Time of Delivery

The Contractor shall conduct training on the date (time, day, month, and year) agreed to by the Contractor and the ordering activity.

2.3.4 Cancellation and Rescheduling

a) The ordering activity will notify the Contractor at least seventy-two (72) hours before the scheduled training date, if a student will be unable to attend. The Contractor will then permit the ordering activity to either cancel the order or reschedule the training at no additional charge. In the event the training class is rescheduled, the ordering activity will modify its original training order to specify the time and date of the rescheduled training class.

b) In the event the ordering activity fails to cancel or reschedule a training course within the time frame specified in paragraph a, above, the ordering activity will be liable for the contracted dollar amount of the training course. The Contractor agrees to permit the ordering activity to reschedule a student who fails to attend a training class within ninety (90) days from the original course date, at no additional charge.

c) The ordering activity reserves the right to substitute one student for another up to the first day of class.

d) In the event the Contractor is unable to conduct training on the date agreed to by the Contractor and the ordering activity, the Contractor must notify the ordering activity at least seventy-two (72) hours before the scheduled training date.

2.3.5 Follow-Up Support

The Contractor agrees to provide each student with unlimited telephone support or online


P a g e | 18



support for a period of one (1) year from the completion of the training course. During this period, the student may contact the Contractor's instructors for refresher assistance and answers to related course curriculum questions.

2.3.6 Price for Training

The price that the ordering activity will be charged will be the ordering activity training price in effect at the time of order placement, or the ordering activity price in effect at the time the training course is conducted, whichever is less.

2.3.7 Invoices and Payment

Invoices for training shall be submitted by the Contractor after ordering activity completion of the training course. Charges for training must be paid in arrears (31 U.S.C. 3324). PROMPT PAYMENT DISCOUNT, IF APPLICABLE, SHALL BE SHOWN ON THE INVOICE.

2.3.8 Format and Content of Training

a) The Contractor shall provide written materials (i.e., manuals, handbooks, texts, etc.) normally provided with course offerings. Such documentation will become the property of the student upon completion of the training class.

b) **If applicable** For hands-on training courses, there must be a one-to-one assignment of IT equipment to students.

c) The Contractor shall provide each student with a Certificate of Training at the completion of each training course.

d) The Contractor shall provide the following information for each training course offered: 1) The course title and a brief description of the course content, to include the course format

(e.g. lecture, discussion, hands-on training); 2) The length of the course; 3) Mandatory and desirable prerequisites for student enrollment; 4) The minimum and maximum number of students per class; 5) The locations where the course is offered; 6) Class schedules; and 7) Price (per student, per class (if applicable)).

e) For those courses conducted at the ordering activity’s location, instructor travel charges (if applicable), including mileage and daily living expenses (e.g. per diem charges) are governed by Pub. L. 99-234 and FAR Part 31.205-46, and are reimbursable by the ordering activity on orders placed under the Multiple Award Schedule, as applicable, in effect on the date(s) the travel is performed. Contractors cannot use GSA city pair contracts. The Industrial Funding Fee does NOT apply to travel and per diem charges.

f) For Online Training Courses, a copy of all training material must be available for electronic download by the students.


P a g e | 19



2.3.9 "No Charge" Training

The Contractor shall describe any training provided with equipment and/or software provided under this contract, free of charge, in the space provided below.

2.3.10 BlackStratus IT Professional Services under SIN 132-50

For BLKS LogStorm, T&E actuals; additional days are priced at $2,200 per day. BLKS LogStorm User and Admin training is at the customer site for two days, with up to five students per class. Price is per 2-day class, T&E actual. Pricing is per attendee. Note: The prices listed within this GSA Schedule represent a quantity of one (1) unless otherwise stated.

2.4 Terms and Conditions Applicable to Information Technology (IT) Professional

Services (Special Item Number 132-51)

The terms and conditions within this section are applicable to information technology professional services for SIN 132-51, and identity access management professional services for SIN 132-60.

2.4.1 Scope

a) The prices, terms and conditions stated under Special Item Number 132-51 Information Technology Professional Services apply exclusively to IT Professional Services within the scope of this Information Technology Schedule.

b) The Contractor shall provide services at the Contractor’s facility and/or at the ordering activity location, as agreed to by the Contractor and the ordering activity.

2.4.2 Performance Incentives - I-FSS-60 Performance Incentives (April 2000)

a) Performance incentives may be agreed upon between the Contractor and the ordering activity on individual fixed price orders or Blanket Purchase Agreements under this contract.

b) The ordering activity must establish a maximum performance incentive price for these services and/or total solutions on individual orders or Blanket Purchase Agreements.

c) Incentives should be designed to relate results achieved by the contractor to specified targets. To the maximum extent practicable, ordering activities shall consider establishing incentives where performance is critical to the ordering activity’s mission and incentives are likely to motivate the contractor. Incentives shall be based on objectively measurable tasks.

2.4.3 Order

a) Agencies may use written orders, EDI orders, Blanket Purchase Agreements, individual purchase orders, or task orders for ordering services under this contract. Blanket Purchase Agreements shall not extend beyond the end of the contract period; all services and delivery shall be made and the contract terms and conditions shall continue in effect until the


P a g e | 20



completion of the order. Orders for tasks which extend beyond the fiscal year for which funds are available shall include FAR 52.232-19 (Deviation – May 2003) Availability of Funds for the Next Fiscal Year. The purchase order shall specify the availability of funds and the period for which funds are available.

b) All task orders are subject to the terms and conditions of the contract. In the event of conflict between a task order and the contract, the contract will take precedence.

2.4.4 Performance of Services

a) The Contractor shall commence performance of services on the date agreed to by the Contractor and the ordering activity.

b) The Contractor agrees to render services only during normal working hours, unless otherwise agreed to by the Contractor and the ordering activity.

c) The ordering activity should include the criteria for satisfactory completion for each task in the Statement of Work or Delivery Order. Services shall be completed in a good and workmanlike manner.

d) Any Contractor travel required in the performance of IT Services must comply with the Federal Travel Regulation or Joint Travel Regulations, as applicable, in effect on the date(s) the travel is performed. Established Federal Government per diem rates will apply to all Contractor travel. Contractors cannot use GSA city pair contracts.

2.4.5 Stop-Work Order (FAR 52.242-15) (AUG 1989)

a) The Contracting Officer may, at any time, by written order to the Contractor, require the Contractor to stop all, or any part, of the work called for by this contract for a period of 90 days after the order is delivered to the Contractor, and for any further period to which the parties may agree. The order shall be specifically identified as a stop-work order issued under this clause. Upon receipt of the order, the Contractor shall immediately comply with its terms and take all reasonable steps to minimize the incurrence of costs allocable to the work covered by the order during the period of work stoppage. Within a period of 90 days after a stop-work is delivered to the Contractor, or within any extension of that period to which the parties shall have agreed, the Contracting Officer shall either - 1) Cancel the stop-work order; or 2) Terminate the work covered by the order as provided in the Default, or the Termination

for Convenience of the Government, clause of this contract. b) If a stop-work order issued under this clause is canceled or the period of the order or any

extension thereof expires, the Contractor shall resume work. The Contracting Officer shall make an equitable adjustment in the delivery schedule or contract price, or both, and the contract shall be modified, in writing, accordingly, if - 1) The stop-work order results in an increase in the time required for, or in the Contractor's

cost properly allocable to, the performance of any part of this contract; and 2) The Contractor asserts its right to the adjustment within 30 days after the end of the

period of work stoppage; provided that, if the Contracting Officer decides the facts justify the action, the Contracting Officer may receive and act upon the claim submitted at any


P a g e | 21



time before final payment under this contract. c) If a stop-work order is not canceled and the work covered by the order is terminated for the

convenience of the Government, the Contracting Officer shall allow reasonable costs resulting from the stop-work order in arriving at the termination settlement.

d) If a stop-work order is not canceled and the work covered by the order is terminated for default, the Contracting Officer shall allow, by equitable adjustment or otherwise, reasonable costs resulting from the stop-work order.

2.4.6 Inspection of Services

In accordance with FAR 52.212-4 CONTRACT TERMS AND CONDITIONS – COMMERCIAL ITEMS (MAR 2009) (DEVIATION I – FEB 2007) for Firm-Fixed Price oders and FAR 52.212-4 CONTRACT TERMS AND CONDITIONS – COMMERCIAL ITEMS (MAR 2009) (ALTERNATE I – OCT 2008) (DEVIATION I – FEB 2007) applies to Time and Materials and Labor-Hour Contracts placed under this contract.

2.4.7 Responsibilities of the Contractor

The Contractor shall comply with all laws, ordinances, and regulations (Federal, State, City, or otherwise) covering work of this character. If the end product of a task order is software, then FAR 52.227-14 (Dec 2007) Rights in Data – General, may apply.

2.4.8 Responsibilities of the Ordering Activity

Subject to security regulations, the ordering activity shall permit Contractor access to all facilities necessary to perform the requisite IT Professional Services.

2.4.9 Independent Contractor

All IT Professional Services performed by the Contractor under the terms of this contract shall be as an independent Contractor, and not as an agent or employee of the ordering activity.

2.4.10 Organizational Conflicts of Interest

a) Definitions: “Contractor” means the person, firm, unincorporated association, joint venture, partnership, or corporation that is a party to this contract. “Contractor and its affiliates” and “Contractor or its affiliates” refers to the Contractor, its chief executives, directors, officers, subsidiaries, affiliates, subcontractors at any tier, and consultants and any joint venture involving the Contractor, any entity into or with which the Contractor subsequently merges or affiliates, or any other successor or assignee of the Contractor. An “Organizational conflict of interest” exists when the nature of the work to be performed under a proposed ordering activity contract, without some restriction on ordering activities by the


P a g e | 22



Contractor and its affiliates, may either (i) result in an unfair competitive advantage to the Contractor or its affiliates, or (ii) impair the Contractor’s or its affiliates’ objectivity in performing contract work. b) To avoid an organizational or financial conflict of interest and to avoid prejudicing the best

interests of the ordering activity, ordering activities may place restrictions on the Contractors, its affiliates, chief executives, directors, subsidiaries and subcontractors at any tier when placing orders against schedule contracts. Such restrictions shall be consistent with FAR 9.505 and shall be designed to avoid, neutralize, or mitigate organizational conflicts of interest that might otherwise exist in situations related to individual orders placed against the schedule contract. Examples of situations, which may require restrictions, are provided at FAR 9.508.

2.4.11 Invoices

The Contractor, upon completion of the work ordered, shall submit invoices for IT Professional services. Progress payments may be authorized by the ordering activity on individual orders if appropriate. Progress payments shall be based upon completion of defined milestones or interim products. Invoices shall be submitted monthly for recurring services performed during the preceding month.

2.4.12 Payments

For firm-fixed price orders the ordering activity shall pay the Contractor, upon submission of proper invoices or vouchers, the prices stipulated in this contract for service rendered and accepted. Progress payments shall be made only when authorized by the order. For time and materials orders, the Payments under Time and Materials and Labor Hour Contracts at FAR 52.212-4 (MAR 2009) (ALTERNATE I – OCT 2008) (DEVIATION I – FEB 2007) applies to time and materials orders placed under this contract. For labor hour orders, the Payment under Time and Materials and Labor Hour Contracts at FAR 52.212-4 (MAR 2009) (ALTERNATE I – OCT 2008) (DEVIATION I – FEB 2007) applies to labor hour orders placed under this contract. 52.216-31(Feb 2007) Time-and-Materials/Labor-Hour Proposal Requirements—Commercial Item Acquisition. As prescribed in 16.601(e)(3), insert the following provision: a) The Government contemplates award of a Time and Materials or Labor-Hour type of

contract resulting from this solicitation. b) The offeror must specify fixed hourly rates in its offer that include wages, overhead, general

and administrative expenses, and profit. The offeror must specify whether the fixed hourly rate for each labor category applies to labor performed by: 1) The offeror; 2) Subcontractors; and/or 3) Divisions, subsidiaries, or affiliates of the offeror under a common control.


P a g e | 23



2.4.13 Resumes

Resumes shall be provided to the GSA Contracting Officer or the user ordering activity upon request.

2.4.14 Incidental Support Costs

Incidental support costs are available outside the scope of this contract. The costs will be negotiated separately with the ordering activity in accordance with the guidelines set forth in the FAR.

2.4.15 Approval of Subcontracts

The ordering activity may require that the Contractor receive, from the ordering activity's Contracting Officer, written consent before placing any subcontract for furnishing any of the work called for in a task order.

2.4.16 Description of IT Professional Services and Pricing

The Contractor shall provide a description of each type of IT Service offered under Special Item Number 132-51 for IT Professional Services, and should be presented in the same manner as the Contractor sells to its commercial and other ordering activity customers. If the Contractor is proposing hourly rates, a description of all corresponding commercial job titles (labor categories) for those individuals who will perform the service should be provided. Pricing for all IT Professional Services shall be in accordance with the Contractor’s customary commercial practices; e.g. hourly rates, monthly rates, term rates, and/or fixed prices, minimum general experience, and minimum education. The following is an example of the manner in which the description of a commercial job title should be presented: EXAMPLE: Commercial Job Title: System Engineer

Minimum/General Experience: Three (3) years of technical experience which applies to systems analysis and design techniques for complex computer systems. Requires competence in all phases of systems analysis techniques, concepts and methods; also requires knowledge of available hardware, system software, input/output devices, structure and management practices Functional Responsibility: Guides users in formulating requirements, advises alternative approaches, conducts feasibility studies Minimum Education: Bachelor’s Degree in Computer Science NOTE: All non-professional labor categories must be incidental to, and used solely to support professional services, and cannot be purchased separately.


P a g e | 24



Note: The prices listed within this GSA Schedule represent a quantity of one (1) unless otherwise stated.


P a g e | 25



3 DESCRIPTIONS FOR ALL SINS

3.1 SIN 132-8 - Purchase of Equipment

3.1.1 SIEM Storm 402 (2 CPU Oracle Enterprise db)

BlackStratus SIEM Storm Framework includes all Security Information and Event Management (SIEM) functionality and the following software components: Oracle Enterprise 2-CPU DB, one distributed engine, one rules-based correlation (RBC) engine, one vulnerability correlation engine (VCE), incident response management (IRM) module, historical correlation engine (HCE), 50 device licenses, 5 user licenses, and a report portal.


BlackStratus SIM One Framework includes all SIEM functionality and the following software components: Oracle Enterprise 4-CPU DB, one distributed engine, one rules-based correlation (RBC) engine, one vulnerability correlation engine (VCE), incident response management (IRM) module, historical correlation engine (HCE), 50 device licenses, 5 user licenses, and a report portal.








P a g e | 26





3.1.7 LogStorm Enterprise Appliance

LogStorm Enterprise is designed to meet the most demanding enterprise-class log management, compliance, and security threat analysis requirements. Deployed as a stand-alone solution or as the central component(s) in large-scale global deployments, Enterprise is the ideal solution for organizations that require log collection and analysis from a multitude of locations with centralized management.

3.1.8 LogStorm Midway Appliance

LogStorm Midway is a 2U rack-mountable appliance designed for medium to large environments with higher volume data collection, correlation, and storage requirements. Midway appliances can be used as stand-alone solutions, as the centralized log storage and management component in a distributed architecture, or as regional solutions that roll-up to LogStorm Enterprise appliances.

3.1.9 LogStorm Ranger Appliance

LogStorm Ranger is a 1U rack-mountable appliance offering full scale, high performance Security Information and Event Management capabilities. Ranger appliances can be used as standalone SIEM solutions in small and medium-sized environments, or incorporated into a larger distributed architecture for enterprise-class deployments.

3.1.10 LogStorm Express Appliance

LogStorm Express is a 1U rack-mountable appliance that delivers full log aggregation and event correlation capabilities. Designed for installations with modest network traffic volumes and incident frequencies, the system offers full-featured log retention, access to threat data, and security and compliance reporting. Logs and/or security alert information collected by LogStorm Express can be rolled-up to any other LogStorm appliance for regional or global overview of activities.

3.2 SIN 132-33 – Perpetual Software Licenses

3.2.1 EventTrackerTM

EventTracker™ is a SIEM solution designed to enhance the security of critical systems, maintain confident compliance, and improves overall performance and availability. Features of


P a g e | 27



EventTrackerTM are as follows:

Complete Event Collection

EventTrackerTM enables automated collection of events from Windows Vista/XP/2003/2K/NT, syslog and syslog-ng, Solaris BSM, z/OS, SNMP and any flat file log. Optional Agents support continuous monitoring of critical system metrics such as CPU, memory, and disk utilization.

Complete Event Log Monitoring

EventTrackerTM enables automatic, un-attended consolidation of millions of events in a secure environment. EventTrackerTM supports multiple collection points with each collection point able to process over 100,000 events per minute in real time.

Centralized Event Log Management

Central Web or Windows console displays events from all systems within customized views using multiple windows and rule-based filtering. Extensive product knowledge-base provides detailed information on over 20,000 different events.

Event Correlation

Events from multiple servers and domains can be analyzed and correlated using a powerful regular expression-based rules engine to provide faster decision making and greater security. Rule wizards allow events to be analyzed based on single or multiple strings within an event description using PCRE syntax. EventTrackerTM includes over 800 pre-defined rules.

Historical Event Analysis and Forensics

Reporting engine allows powerful custom querying of the event repository. Pre-defined reports can be generated on a scheduled basis and distributed in PDF, DOC, or HTML formats.

Regulatory Compliance Support

EventTrackerTM helps regulatory compliance efforts by providing efficient, secure and tamper-proof storage of unlimited years of event data. Over 500 pre-defined report templates support multiple compliance standards such as Sarbanes-Oxley, HIPAA, GLBA, and PCI-DSS.

3.3 SIN 132-50 - Training Courses

3.3.1 ITIL® Training Course Descriptions

ITIL® Awareness Classroom Course - ITL9310CL

The ½ day ITIL® v3 Awareness course provides learners with the unique opportunity to receive an introduction to the concepts of ITIL® and ITSM. It provides an overview of the concepts within the ITIL® best practices domain while also introducing the key ITIL® processes. This

non‐certificate course explains how ITIL® processes are driven by a Service Lifecycle to

provide smooth functioning of organizations, thus ensuring high‐quality services to their customers. It has been designed for learners who need a basic awareness of ITIL® v3 as a general interest, as part of a larger program initiative as opposed to the full certification


P a g e | 28



Foundation course or for those who may not be sure of their future v3 training path and want to assess ITIL®/ITSM viability in their organization.

ITIL® Awareness e-Learning Course - ITL9310E

This non-certificate four-hour course has been designed for IT and business executives and their staff who need a brief overview and awareness of ITIL® v3 concepts. This self-paced e-Learning course structure is ideal for those who require a basic understanding of the ITIL® best practice in a time-efficient manner. It has been designed for learners who need a basic awareness of ITIL® v3 as a general interest, as part of a larger program initiative as opposed to the full certification Foundation course or for those who may not be sure of their future v3 training path and want to assess ITIL®/ITSM viability in their organization. The ITIL® v3 best practice is composed of five core disciplines: Service Strategy, Service Design, Service Transition, Service Operations, and Continual Service Improvement. These disciplines represent a Service Lifecycle framework that enhances alignment with the business while demonstrating business value, improving ROI, and enabling IT to solve specific operational needs. ITIL® is globally recognized as the preferred guidance to manage and deliver IT services within an organization.

ITIL® Extended Awareness e-Learning Course - ITL9312E

The ITIL® Extended Awareness six hour course introduces learners to the ITIL® best practices framework and the IT Service Management processes to provide an overview of the key concepts of ITIL® with a focus on the Service Lifecycle approach to managing the design and delivery of IT services to the business. This self-paced e-Learning course structure is ideal for those who require a basic understanding of the ITIL® best practice in a time-efficient manner. As the first step towards building organization-wide ITIL® competency, the ITIL® Extended Awareness Course lays down the foundation for comprehensive ITIL® understanding and specifically addresses the key IT staff and business users who might not opt to become certified for ITIL® Foundation level, but needs a critical understanding of ITIL®.

ITIL® v3 Foundation Course - Classroom - ITL9320CL

This exciting and dynamic 3‐day course introduces learners to the lifecycle of managing IT services to deliver to business expectations. As well as an engaging, case study-based approach to learning the core disciplines of the ITIL® best practice, this course also positions the student to successfully complete the associated exam, required for entry into the future ITIL® v3 intermediate level training courses. The ITIL® v3 best practice is composed of five core disciplines: Service Strategy, Service Design, Service Transition, Service Operations, and Continual Service Improvement. These disciplines represent a service life cycle framework that further enhances alignment to the business while demonstrating business value, ROI, and enabling IT to solve specific operational needs.


P a g e | 29



ITIL® v3 Foundation e-Learning Course - ITL9320E

The ITIL® v3 Foundation e-Learning course offers scenario-based training with real-life connects. Learners will attend a Virtual Training Conference at the majestic Royal Chao Phraya Hotel in Bangkok. In this virtual atmosphere, the learners will attend conference sessions hosted by two ITIL® experts who will explain the foundations of ITIL® v3. As part of the learner’s stay at the hotel, they will have the opportunity to assist the hotel management team with different projects and scenarios that will test their new ITIL® knowledge. This course has been created while keeping in mind the requirements of today’s learners - those looking for a fun and engaging learning environment that offers hands-on experience. The scenarios are geared to provide both theoretical and practical knowledge, facilitating an effective method for reinforcement and self-assessment. This self-paced course introduces the learners to the Lifecycle of managing IT Services to deliver to business expectations. It offers concrete foundation knowledge of the core disciplines of ITIL® v3. The ITIL® v3 best practice is composed of five core disciplines: Service Strategy, Service Design, Service Transition, Service Operations, and Continual Service Improvement. These disciplines represent a Service Lifecycle framework that enhances alignment with the business while demonstrating business value, improving ROI, and enabling IT to solve specific operational needs.

ITIL® v3 Foundation Exam Preparation Guide - ITL9320EP

The v3 Foundation Exam Preparation Guide contains a summary of the ITIL® concepts and processes and provides the learner with the tools to prepare to write the ITIL® v3 Foundation exam. This exam preparation guide offers you a content refresher tool, an overview of the exam with strategies to successfully approach this exam, a printable Quick Reference Card and First

Aid Kit, and a 1‐hour simulated exam. The ITIL® v3 best practice is composed of five core disciplines: Service Strategy, Service Design, Service Transition, Service Operations, and Continual Service Improvement. These disciplines represent a Service Lifecycle framework that enhances alignment with the business while demonstrating business value, improving ROI, and enabling IT to solve specific operational needs.

ITILv3® Foundation Premium Course - Classroom - ITL 9321CL

This exciting and dynamic 3-day course introduces learners to the lifecycle of managing IT services to deliver to business expectations. As well as an engaging, case study based approach to learning the core disciplines of the ITIL® best practice, this course also positions the student to successfully complete the associated exam, required for entry into the future ITIL® v3 intermediate level training courses. The premium version of this course includes supplemental training material.


P a g e | 30



The ITIL® v3 best practice is composed of five core disciplines: Service Strategy, Service Design, Service Transition, Service Operations, and Continual Service Improvement. These disciplines represent a service life cycle framework that further enhances alignment to the business while demonstrating business value, ROI and enabling IT to solve specific operational needs.

ITILv3® Foundation Premium e-Learning Course - ITL9321E

The ITIL® v3 Foundation Premium e-Learning course offers scenario‐based training with

real‐life connects. Learners will attend a Virtual Training Conference at the majestic Royal Chao Phraya Hotel in Bangkok. In this virtual atmosphere, the learners will attend conference sessions hosted by two ITIL® experts who will explain the foundations of ITIL® v3. As part of the learner’s stay at the hotel, they will have the opportunity to assist the hotel management team with different projects and scenarios that will test their new ITIL® knowledge. This course has been created while keeping in mind the requirements of today’s learners - those

looking for a fun and engaging learning environment that offers hands‐on experience. The scenarios are geared to provide both theoretical and practical knowledge, facilitating an effective method for reinforcement and self-assessment. This self-paced course introduces the learners to the Lifecycle of managing IT Services to deliver to business expectations. It offers concrete foundation knowledge of the core disciplines of ITIL® v3. This premium course comes with exclusive features, such as the scenario-based training approach, a Quick Reference Card, and a First Aid Kit. The ITIL® v3 best practice is composed of five core disciplines: Service Strategy, Service Design, Service Transition, Service Operations, and Continual Service Improvement. These disciplines represent a Service Lifecycle framework that enhances alignment with the business while demonstrating business value, improving ROI, and enabling IT to solve specific operational needs.

ITIL® v3 Foundation with Apollo 13 Business Simulation Course - Classroom - ITL9324CL

Fifty-five hours and fifty-five minutes into the mission. Imagine you are on board Apollo 13 when one of your crewmembers reports hearing a loud ‘bang’. Your spacecraft is slowly dying. You have a serious problem, unless you and the ground support staff start working as a team to solve this problem. But remember, time is running out, fast! Welcome to the ‘Apollo 13 – an ITSM Case Experience™’ simulation game. In this 4-day unique course, you will learn the basics of ITIL® along with the exciting experience of a business simulation game, based on the actual Apollo 13 mission. The ITIL® v3 Foundation Certification course introduces concepts of ITSM based on the industry standard ITIL® and describes how this can be applied within an IT organization. This course prepares students to take the ITIL® v3 Foundation examination and helps students recognize the success factors in applying ITIL® best practices.


P a g e | 31



ITIL® v3 Planning, Protection and Optimization (PPO) Capability Track - ITL9331CL

This 5-day course immerses learners in the practical aspects of the ITIL® v3 Service Lifecycle and processes associated with the Planning Protection and Optimization of services and service delivery. The main focus of this course is on the operational-level process activities and supporting methods and approaches to executing these processes in a practical, hands-on learning environment. This training is intended to enable the holders of the certificate to apply the practices throughout the Service Management Lifecycle. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam.

ITIL® v3 Planning, Protection, & Optimization (PPO) Capability Track – Blended Classroom -

ITL9331-B - ITL9331-VC-B

This 2.5 day classroom course + 10 hours self-paced e-Learning ITIL® Intermediate course immerses learners in the practical aspects of the ITIL® v3 Service Lifecycle and processes associated with the Planning, Protection, and Optimization of services and service delivery. The main focus of this course is on operational-level process activities and supporting methods and approaches to execute these processes in a practical, hands-on learning environment. This course uses an optimal mix of learning methods to provide learners with the most effective way to build their ITIL® knowledge with respect to Planning, Protection, and Optimization and to apply this knowledge in real life. Learners complete e-Learning modules on their own time to build their knowledge and then participate in interactive classroom or virtual classroom sessions to apply this knowledge in practice.

ITIL® v3 Service Offerings and Agreements (SOA) Capability Track - ITL9332CL

This 5-day course immerses learners in the practical aspects of the ITIL® v3 Service Lifecycle and processes associated with the Service Offerings and Agreements of services and service delivery. The main focus of this course is on the operational-level process activities and supporting methods and approaches to executing these processes in a practical, hands-on learning environment. This training is intended to enable the holders of the certificate to apply the practices during the Service Management Lifecycle. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam.

ITIL® v3 Service Offerings and Agreements (SOA) Capability Track – Blended Classroom –


This 2.5 day classroom course + 10 hours self-paced e-Learning ITIL® Intermediate course immerses learners in the practical aspects of the ITIL® v3 Service Lifecycle and processes associated with the Service Offerings and Agreements of services and service delivery. The main focus of this course is on operational-level process activities and supporting methods and approaches to execute these processes in a practical, hands-on learning environment. This course uses an optimal mix of learning methods to provide learners with the most effective


P a g e | 32



way to build their ITIL® knowledge with respect to Service Offerings and Agreements and to apply this knowledge in real life. Learners can complete e-Learning modules on their own time to build their knowledge and then participate in interactive classroom or virtual classroom sessions to apply this knowledge in practice.

ITIL® v3 Operational Support and Analysis (OSA) Capability Track - ITL9333CL

This 5-day course immerses learners in the practical aspects of the ITIL® v3 Service Lifecycle and processes associated with the Operational Support and Analysis of services and service delivery. The main focus of this course is on the operational-level process activities and supporting methods and approaches to executing these processes in a practical, hands-on learning environment. This training is intended to enable the holders of the certificate to apply the practices in resolution and support of the Service Management Lifecycle. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam.

ITIL® v3 Operational Support and Analysis (OSA) Capability Track - Blended Classroom -


This 2.5 day classroom course + 10 hours self-paced e-Learning ITIL® Intermediate course immerses learners in the practical aspects of the ITIL® v3 Service Lifecycle and processes associated with the Operational Support and Analysis of services and service delivery. The main focus of this course is on the operational-level process activities and supporting methods and approaches to executing these processes in a practical, hands-on learning environment. This course uses an optimal mix of learning methods to provide learners with the most effective way to build their ITIL® knowledge with respect to Operational Support and Analysis, and to apply this knowledge in real life. Learners complete the e-Learning modules on their own time to build their knowledge and then participate in interactive classroom or virtual classroom sessions to apply this knowledge in practice.

ITIL® v3 Release, Control and Validation (RCV) Capability Track - ITL9334CL

This 5-day course immerses learners in the practical aspects of the ITIL® v3 Service Lifecycle and processes associated with the Release, Control, and Validation of services and service delivery. The main focus of this course is on the operational-level process activities and supporting methods and approaches to executing these processes in a practical, hands-on learning environment. This training is intended to enable the holders of the certificate to apply the practices during the Service Management Lifecycle. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam.

ITIL® v3 Release, Control, and Validation (RCV) Capability Track – Blended Classroom -


This 2.5 day classroom course + 10 hours self-paced e-Learning ITIL® Intermediate course immerses learners in the practical aspects of the ITIL® v3 Service Lifecycle and processes associated with the Release, Control, and Validation of services and service delivery. The main


P a g e | 33



focus of this course is on the operational-level process activities and supporting methods and approaches to executing these processes in a practical, hands-on learning environment. This course uses an optimal mix of learning methods to provide learners with the most effective way to build their ITIL® knowledge with respect to Release, Control, and Validation and to apply this knowledge in real life. Learners complete the e-Learning modules on their own time to build their knowledge and then participate in interactive classroom or virtual classroom sessions to apply this knowledge in practice.

ITIL® v3 Service Strategy (SS) Lifecycle Track - ITL9335CL

This 3-day course immerses learners in the overall concepts, processes, policies and methods associated with the Service Strategy phase of the Service Lifecycle. The course covers the management and control of the activities and techniques within the Service Strategy stage, but not the detail of each of the supporting processes. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam.

ITIL® v3 Service Strategy (SS) Lifecycle Track – Blended Classroom – ITL9335-B – ITL9335-

VC-B

This 1.5 day + 8 hours self-paced e-Learning course immerses participants in the overall concepts, processes, policies, and methods associated with the Service Strategy phase of the Service Lifecycle. The course covers the management and control of the activities and techniques within the Service Strategy stage, but not the detail of each of the supporting processes. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam. Participants benefit from an optimal mix of learning methods that provides them with the most effective way to build their ITIL® knowledge with respect to Service Strategy and learn to apply this knowledge in real life. Participants complete the e-Learning modules in their own time to build the right level of knowledge, and then participate in interactive classroom or virtual classroom sessions to apply this knowledge in practice.

ITIL® v3 Service Design (SD) Lifecycle Track - ITL9336CL

This 3-day course immerses learners in the overall concepts, processes, policies and methods associated with the Service Design phase of the Service Lifecycle. The course covers the management and control of the activities and techniques within the Service Design stage, but not the detail of each of the supporting processes. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam.

ITIL® v3 Service Design (SD) Lifecycle Track – Blended Classroom - ITL9336-B - ITL9336-VC-

B

This 1.5 day + 8 hours self-paced e-Learning course immerses participants in the overall


P a g e | 34



concepts, processes, policies, and methods associated with the Service Design phase of the Service Lifecycle. The course covers the management and control of the activities and techniques within the Service Design stage, but not the detail of each of the supporting processes. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam. Participants benefit from an optimal mix of learning methods that provides them with the most effective way to build their ITIL® knowledge with respect to Service Design and learn to apply this knowledge in real life. Participants complete the e-Learning modules in their own time to build the right level of knowledge before participating in interactive classroom or virtual classroom sessions to apply this knowledge in practice.

ITIL® v3 Service Transition (ST) Lifecycle Track - ITL9337CL

This 3-day course immerses learners in the overall concepts, processes, policies, and methods associated with the Service Transition phase of the Service Lifecycle. The course covers the management and control of the activities and techniques within the Service Transition stage, but not the detail of each of the supporting processes. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam.

ITIL® v3 Service Transition (ST) Lifecycle Track – Blended Classroom - ITL9337-B - ITL9337-

VC-B

This 1.5 day + 8 hours self-paced e-Learning course immerses participants in the overall concepts, processes, policies, and methods associated with the Service Transition phase of the Service Lifecycle. The course covers the management and control of the activities and techniques within the Service Transition stage, but not the detail of each of the supporting processes. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam. Participants benefit from an optimal mix of learning methods that provides them with the most effective way to build their ITIL® knowledge with respect to Service Transition and learn to apply this knowledge in real life. Participants complete the e-Learning modules in their own time to build the right level of knowledge before participating in interactive classroom or virtual classroom sessions where they can apply this knowledge in practice.

ITIL® v3 Service Operation (SO) Lifecycle Track - ITL9338CL

This 3-day course immerses learners in the overall concepts, processes, policies, and methods associated with the Service Operation phase of the Service Lifecycle. The course covers the management and control of the activities and techniques within the Service Operation stage, but not the detail of each of the supporting processes. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam.


P a g e | 35



ITIL® v3 Service Operation (SO) Lifecycle Track – Blended Classroom - ITL9338-B - ITL9338-

VC-B

This 1.5 day + 8 hours self-paced e-Learning course immerses participants in the overall concepts, processes, policies, and methods associated with the Service Operation phase of the Service Lifecycle. The course covers the management and control of the activities and techniques within the Service Operation stage, but not the detail of each of the supporting processes. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam. Participants benefit from an optimal mix of learning methods that provides them with the most effective way to build their ITIL® knowledge with respect to Service Operations and learn to apply this knowledge in real life. Participants complete the e-Learning modules in their own time to build the right level of knowledge before participating in interactive classroom or virtual classroom sessions where they can apply this knowledge in practice.

ITIL® v3 Continual Service Improvement (CSI) Lifecycle Track - ITL9339CL

This 3-day course immerses learners in the overall concepts, processes, policies, and methods associated with the CSI phase of the Service Lifecycle. The course covers the management and control of the activities and techniques within CSI, but not the detail of each of the supporting processes. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam.

ITIL® v3 CSI Lifecycle Track – Blended Classroom - ITL9339-B - ITL9339-VC-B

This 1.5 day + 8 hours self-paced e-Learning course immerses participants in the overall concepts, processes, policies, and methods associated with the CSI phase of the Service Lifecycle. The course covers the management and control of the activities and techniques within the CSI stage, but not the detail of each of the supporting processes. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam. Participants benefit from an optimal mix of learning methods that provides them with the most effective way to build their ITIL® knowledge with respect to CSI and learn to apply this knowledge in real life. Participants complete the e-Learning modules in their own time to build the right level of knowledge before participating in interactive classroom or virtual classroom sessions where they can apply this knowledge in practice.

ITIL® v3 Managing Across the Lifecycle Course - Classroom - ITL9340CL

The Managing Across the Lifecycle Certificate is the final module of the Service Lifecycle and/or Service Capability Intermediate courses that leads to the ITIL® Expert in IT Service Management recognition. This 5-day course immerses learners in the contents of the ITIL® v3 publications; focusing on business, management and supervisory objectives, purpose, processes, functions and activities, and on the interfaces and interactions between the processes covered in


P a g e | 36



the Service Lifecycle. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam.

ITIL® v3 Managing Across the Lifecycle Course – Blended Classroom - ITL9340-B - ITL9340-

VC-B

This 2.5 day + 10 hours self-paced e-Learning course is the final module of the Service Lifecycle and/or Service Capability Intermediate courses that leads to the ITIL® Expert in IT Service Management qualification. This blended MALC course immerses participants in the contents of the ITIL® v3 publications; focusing on business, management and supervisory objectives, purpose, processes, functions and activities, and on the interfaces and interactions between the processes covered in the Service Lifecycle. This course is designed using an engaging scenario-based approach to learning the core disciplines of the ITIL® best practice and positions the student to successfully complete the associated exam. Participants benefit from an optimal mix of learning methods that provides them with the most effective way to build their ITIL® knowledge. Participants complete the e-Learning modules in their own time to build the right level of knowledge before participating in interactive classroom or virtual classroom sessions where they can apply this knowledge in practice.

ITIL® v3 Expert Program - Capability Track - e-Learning Course - ITL9351I

This intensive, 12-day classroom course (5 days + 5 days + 2 days) + 50 hours of e-Learning is designed for practitioners who would like to fast-track their ITIL Expert Certification. This course is delivered by a certified instructor, and prepares candidates for passing all the ITIL Capability as well as the Managing Across the Lifecycle Certification exams. The program enables students to achieve a better understanding of the Service Lifecycle and the processes associated with all the Capability modules (Planning, Protection, and Optimization (PPO), Service Offerings and Agreements (SOA), Operational Support and Analysis (OSA), and Release, Control, and Validation (RCV). Candidates can take the exams for these courses at a time convenient to them, preferably between the classroom sessions. This training course is delivered through a unique blend of self-paced and instructor-supported e-Learning and high-intensity, fast-paced classroom delivery.

ITIL® v3 Expert Program - Lifecycle Track - e-Learning Course - ITL9352I

This intensive, 10-day classroom course (4 days + 4 days + 2 days) + 50 hours of self-paced e-Learning is designed for students who would like to fast-track their ITIL Expert Certification. Through a mix of self-paced study and instructor-led interactive teaching, you can leverage time to your advantage while working toward the highest level of internationally recognized certification available in the ITIL domain. Participants will learn about the principles and core concepts of the Service Lifecycle approach to IT Service Management at the management-level, according to the ITIL v3 Lifecycle


P a g e | 37



approach. This includes a focus on the management and control elements of the Service Lifecycle and the processes associated with all Lifecycle modules, including Service Strategy (SS), Service Design (SD), Service Transition (ST), Service Operation (SO), and Continual Service Improvement (CSI). The Managing Across the Lifecycle capstone course will be started on completing the five Lifecycle courses and exams.

ITIL® v3 Foundation Course (CCITL1010)

This exciting and dynamic 3‐day course introduces learners to the lifecycle of managing IT services to deliver to business expectations. As well as an engaging, case study based approach to learning the core disciplines of the ITIL best practice, this course also positions the student to successfully complete the associated exam, required for entry into the future ITIL v3 intermediate level training courses. The ITIL v3 best practice is composed of five core disciplines: Service Strategy, Service Design, Service Transition, Service Operations and Continual Service Improvement. These disciplines represent a service life cycle framework that further enhances alignment to the business while demonstrating business value, ROI and enabling IT to solve specific operational needs.

COBIT v4.1 Foundation Course (CCGOV1210)

This is a 3-day, interactive, classroom-based learning experience. Participants learn about the need for an IT control framework and how COBIT addresses this need by providing a globally accepted IT governance and control framework. This course explains the elements and supporting materials of the COBIT framework using a logical and example-driven approach for everyone interested in obtaining Foundation-level knowledge of COBIT.

Cloud Computing Foundation Course (CCCC1010)

This is a 2-day, interactive, classroom-based learning experience. The course provides a balanced curriculum and addresses the business and technical perspectives of cloud computing. It will also explain how to adopt, operate, and govern the cloud. The course enables participants to successfully complete the associated Cloud Computing Foundation exam. In addition, the course complements the Virtualization Foundation course, which they can do either before or after they’ve taken the Cloud Computing Foundation course.

Virtualization Foundation Course (CCVC1010)

This is a 2-day, interactive, classroom-based learning experience. The course provides a balanced curriculum and addresses the business perspective, the technical organization, and operating and governing virtualization. The course enables participants to successfully complete the associated Foundation exam. In addition, this course complements the Cloud Computing Foundation course. The participants can do the Cloud Computing Foundation course either before or after they’ve taken the Virtualization Foundation course.


P a g e | 38



Projects IN Controlled Environments (PRINCE2) Foundation Course (CCP21010)

This course provides common processes, management products, roles, and language for use throughout an organization’s projects. PRINCE2 is the most successful Project Management method in the world – it has become the de-facto standard in both the private and public sectors. This course is aimed at people who work, or would like to work, on projects on a daily basis. This course is designed to provide you with that information and working-level understanding of structured Project Management, as presented in PRINCE2. At the end of this course, you will be able to use this knowledge to manage a project and pass the APMG PRINCE2 Foundation examination.

TIPA® Assessor for ITIL® (PIE1310)

This 3-day course equips the participant with the ability to perform a process-assessment based on the TIPA® methodology for ITIL®, under the leadership of a TIPA® Lead Assessor. The course enables participants to make use of the tools provided in the TIPA® toolbox, prepares participants for conducting interviews, assess and rate process or processes, and determine the current ITSM process maturity, write the assessment report, and provide recommendations for process optimization. During this course, participants will be optimally prepared to take and pass the TIPA® Assessor for ITIL® Certification Exam and become a Certified TIPA® Assessor for ITIL®.

ISO/IEC20000 Practitioner Course (CCISO1010)

This interactive workshop, leading to the ISO/IEC 20000 Practitioners examination, is designed to provide a basic level of knowledge in the ISO/IEC 20000 IT Service Management standard and its application. It is aimed at practicing IT practitioners who wish to assist organizations to prepare for certification under the itSMF's ISO/IEC 20000 certification scheme. The course covers the interpretation and application of the ISO/IEC 20000 standard and enables practitioners to develop the Service Management capability of an organization and assess its readiness for certification within the ISO/IEC 20000 certification scheme. Internal auditors involved in preparing an organization for ISO/IEC 20000 certification might find this course more appropriate than the Auditor course. An exam will be conducted at the end of the training.

ISO/IEC27001 Lead Implementer (CCISO1020)

This 5-day intensive course enables the participants to develop the expertise to support an organization in implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2005. Participants will also master the best practices for


P a g e | 39



implementing information security controls from the eleven areas of ISO/IEC 27002:2005. This training is consistent with the good practices of project management established by the Project Management Institute (PMI) and ISO 10006:2003 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO/IEC 27003:2009 (Guidelines for the Implementation of an ISMS), ISO/IEC 27004:2009 (Measurement of Information Security) and ISO/IEC 27005:2008 (Risk Management in Information Security).

ITIL® v3 Intermediate Course - Lifecycle Track (SS, SD, ST, SO, CSI) Blended Classroom

(CCLC1010)

This course is comprised of 5 courses: Service Strategy (SS), Service Delivery (SD), Service Transition (ST), Service Operations (SO), and Continual Service Improvement (CSI). Each blended course is offered at specified dates in a virtual setting. Related course materials are included with each course.

ITIL® v3 Intermediate Course - Capability Track (RCV, SOA, PPO, OSA, and/or MALC)

(CCCAP1010)

This course is comprised of 5 courses: Release, Control, and Validation (RCV), Service Offerings and Agreements (SOA), Planning, Protecting, and Optimizing (PPO), Operational Support and Analysis (OSA), and/or Managing Across the Life Cycle (MALC). Each blended course is offered at specified dates in a virtual setting. Related course materials are included with each course.

ITIL® v3 Expert Program - Capability Track (CCEP1010)

This program enables you to achieve a better understanding of the Service Lifecycle and the processes associated with all the Capability modules. This includes a focus on a series of clustered process activities, their execution and use throughout the following specific phases of the ITIL Service Lifecycle: The Capability Track is for those who are involved in executing and improving existing ITIL processes in an organization. (i.e. Process Manager, Operational staff, Process Consultant, IT Practitioner) Courses: • Release, Control, and Validation (RCV) • Operation Support and Analysis (OSA) • Service Offerings and Agreements (SOA) • Planning, Protection, and Optimization (PPO) • Managing Across the Lifecycle (MALC)


P a g e | 40



ITIL® v3 Expert Program - Lifecycle Track (CCEP1011)

In this program, you will learn about the principles and core concepts of the Service Lifecycle approach to IT Service Management. This includes a focus on the management and control elements of the Service Lifecycle and the following processes associated with all Lifecycle modules: The Lifecycle Track is for those who provide guidance towards the implementation of ITSM in an organization, i.e. IT Manager, Process Owner, ITSM Implementer, ITIL Consultants). Courses include: Service Strategy (SS), Service Design (SD), Service Transition (ST), Service Operation (SO), Continual Service Improvement (CSI), and Managing Across the Lifecycle (MALC).

3.3.2 Virtualization and Cloud Computing (VCC) Training Courses

Virtualization and Cloud Computing Awareness e-Learning Course – VC1110E

The Virtualization and Cloud Computing Awareness course provides a 4-hour, interactive, online learning experience. This self-paced e-Learning course is ideal for those who require a basic understanding of the virtualization and cloud computing concepts in a time-efficient manner. The course has been designed for learners who need this basic awareness as a general interest, as part of a larger program initiative, as opposed to the full certification Virtualization and Cloud Computing Foundation courses.

Virtualization Foundation Course - Classroom – VCC1210CL

The Virtualization Foundation course is a 2-day, interactive, classroom-based learning experience. The course provides a balanced curriculum and addresses the business perspective, the technical organization, and operating and governing virtualization. It will also explain how to adopt, operate, and govern the cloud. The course enables participants to successfully complete the associated Foundation exam. In addition, the course complements the Cloud Computing Foundation course. The participants can do the Cloud Computing Foundation course either before or after they’ve taken the Virtualization Foundation course.

Virtualization Foundation e-Learning Course – VCC1210E

The Virtualization Foundation course is a 10-hour, interactive, online learning experience. The course provides a balanced curriculum and addresses the business and technical perspectives of virtualization and will also explain how to adopt, operate, and govern the cloud. The course enables participants to successfully complete the associated Virtualization Foundation exam. In addition, the course complements the Cloud Computing Foundation course. The participants can take the Cloud Computing Foundation course either before or after they’ve taken the Virtualization Foundation course.

Cloud Computing Foundation Course – Classroom – VCC1220CL

The Cloud Computing Foundation course is a 2-day, interactive, classroom-based learning experience. The course provides a balanced curriculum and addresses the business and technical perspectives of cloud computing. It will also explain how to adopt, operate, and govern the


P a g e | 41



cloud. The course enables participants to successfully complete the associated Cloud Computing Foundation exam. In addition, the course complements the Virtualization Foundation course, which they can do either before or after they’ve taken the Cloud Computing Foundation course.

Cloud Computing Foundation e-Learning Course – VCC1220E

The Cloud Computing Foundation course is a 10-hour, interactive, online learning experience. The course provides a balanced curriculum and addresses the business and technical perspectives of cloud computing. It will also explain how to adopt, operate, and govern the cloud. The course enables participants to successfully complete the associated Cloud Computing Foundation exam. In addition, the course complements the Virtualization Foundation course, which they can do either before or after they’ve taken the Cloud Computing Foundation course.

3.3.3 COBIT Training Courses

COBIT v4.1 Foundation Course – Classroom - GOV1210CL

The COBIT Foundation course is a 3-day, interactive, classroom-based learning experience. Participants learn about the need for an IT control framework and how COBIT addresses this need by providing a globally accepted IT governance and control framework. This course explains the elements and supporting materials of the COBIT framework using a logical and example-driven approach for everyone interested in obtaining Foundation-level knowledge of COBIT.

COBIT v4.1 Foundation e-Learning Course – GOV1210E

The COBIT Foundation course is an 8-hour, self-paced, interactive training course. The COBIT Foundation course helps IT, audit, risk, and compliance professionals master COBIT at a foundation level. Participants learn about the need for an IT control framework and how COBIT addresses this need by providing a globally accepted IT governance and control framework. The course explains the COBIT Framework using practical examples and a case study driven approach. It also addresses all other components of the COBIT toolkit, such as the Assurance Guide, Management Guidelines, and Control Objectives. In effect, the course helps professionals understand how to use COBIT in a logical and understandable manner and validates this knowledge through assessments and quizzes. The course material is supported by practical exercises built around a virtual company. Candidates learn the true meaning of COBIT by practicing the use of COBIT in a scenario-based approach. In addition, the course includes an exam preparation module that prepares participants for taking the ISACA COBIT Foundation exam.

COBIT Implementation Methodology Course – Classroom - GOV1410CL

This 3-day course immerses participants in all aspects of managing an IT governance implementation and improvement program. The course covers the creation of an implementation roadmap and the change management activities and techniques that are necessary to improve IT governance. The course is designed using an engaging, scenario-based approach and includes interactive learning activities to teach a method to follow for ensuring successful outcomes. In addition, the participants benefit from the practical experience and knowledge provided in the


P a g e | 42



course.


P a g e | 43



3.3.4 ISO/IEC 20000 Training Courses

Requirements for ISO/IEC 20000 Certification Course - Classroom - ISO1020CL

The Requirements for and Achieving ISO/IEC 20000 Certification course provides a comprehensive overview of Part 1 of the ISO/IEC 20000 standard and highlights the relevance of Service Quality Management for IT service-providing organizations and departments. The course is designed for professionals who require an overview of the standard and understand the scope and relevance of Service Quality Management. The course uses a case study to explain the principles of ISO/IEC 20000 in a simulated environment. This helps participants understand and relate to ISO/IEC 20000 in a real-world organization. The course is designed for awareness campaigns and provides an appropriate overview of the standard and the need for a Service Quality Management framework in a short period.

Achieving ISO/IEC 20000 Certification Course – Classroom - ISO1021CL

The Achieving ISO/IEC20000 certification course is an intensive case study oriented 2-day workshop. The workshop is designed for those involved in the ISO/IEC 20000 implementation process, and for those who would like to have a better understanding of what the implementation encompasses. Practical examples and real-life case studies are used to guide you through the implementation route and prepare for the audit. This workshop is designed to explore the benefits of achieving ISO/IEC 20000 certification, how to plan for ISO/IEC 20000 certification, and helps in defining pointers for making the business case for internal approval. The workshop examines approaches to implementation and potential issues that need to be managed to achieve ISO/IEC 20000. This course does not lead to the ISO/IEC 20000 consultants or auditors certification.

Requirements for and Achieving ISO/IEC 20000 Course - Classroom - ISO1022CL

This 3-day course incorporates both the one day Requirements for ISO/IEC2000 and the 2-day Achieving ISO/IEC20000 certification course to provide an understanding of the first worldwide standard specifically aimed at IT Service Management. It proposes a process approach to IT Service Management within an overall Plan-Do-Check-Act (PDCA) cycle. This approach enables IT organizations to establish IT Service Management processes to deliver managed services in a systematic and controlled manner and to enhance the quality of IT services to customers. ISO/IEC 20000 is aligned with and complementary to the process approach defined in ITIL® from the Office of Government Commerce (OGC). The Requirements course combined with the Achieving course works in perfect tandem for organizations looking to achieve ISO/IEC20000 organizational certification. The Requirements course provides an overview and the Achieving course details the implementation path. Practical examples and real-life case studies are used to provide guidance through the implementation route and to prepare the organizations for audits.


P a g e | 44



ISO/IEC 20000 for Auditors Course - Classroom - ISO1023CL

The ISO/IEC 20000 Auditors course is a 2-day classroom training relevant for professionals who play a role in auditing the ISO/IEC 20000 standard. This course is designed for professionals and certified auditors who would like to learn how to perform auditing activities as either internal or external auditors based on the ISO/IEC 20000 standard. At the end of the 2-day classroom training, the APMG certification exam, which is a multiple-choice exam, can be conducted. This training does not cover audit techniques or the issues involved in preparing an organization for an audit. The certificate is awarded to candidates passing the relevant examination, which can only be taken as part of an accredited training course. The course covers the interpretation and application of the ISO/IEC 20000 standard. The exam consists of a 25-question, multiple-choice test, which is paper based. To pass, candidates must answer 18 or more questions correctly.

ISO/IEC 20000 for Practitioners Course – Classroom - ISO1024CL

This interactive 3-day workshop, leading to the ISO/IEC 20000 Practitioners examination, is designed to provide a basic level of knowledge in the ISO/IEC 20000 IT Service Management standard and its application. It is aimed at helping IT practitioners who wish to assist organizations to prepare for certification under the APMG ISO/IEC20000 certification scheme. The course covers the interpretation and application of the ISO/IEC 20000 standard and enables practitioners to develop the Service Management capability of an organization and assess its readiness for certification within the ISO/IEC 20000 certification scheme. Internal auditors involved in preparing an organization for ISO/IEC20000 certification might find this course more appropriate than the Auditor course. An exam will be conducted at the end of the training.

3.3.5 ISO/IEC 27001 Training Courses

ISO/IEC 27001 Lead Auditors Course – Classroom - SEC1310CL

This 5-day intensive course enables participants to develop the expertise needed to audit an ISMS and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participants will acquire the skills and knowledge needed to proficiently plan and perform audits compliant with the certification process of the ISO/IEC 27001:2005 standard. Based on practical exercises, the participants will develop the abilities (mastering audit techniques) and skills (managing audit teams and audit programs, communicating with customers, conflict resolution, etc.) necessary to the efficient conducting of an audit.

ISO/IEC 27001 Lead Implementer Course – Classroom - SEC1320CL

This 5-day intensive course enables the participants to develop the expertise to support an organization in implementing and managing an ISMS as specified in ISO/IEC 27001:2005.


P a g e | 45



Participants will also master the best practices for implementing information security controls from the 11 areas of ISO/IEC 27002:2005. This training is consistent with the good practices of project management established by the Project Management Institute (PMI) and ISO 10006:2003 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO/IEC 27003:2009 (Guidelines for the Implementation of ISMS), ISO/IEC 27004:2009 (Measurement of Information Security), and ISO/IEC 27005:2008 (Risk Management in Information Security).

3.3.6 PRINCE2 Training Courses

PRINCE2 Foundation Course – Classroom - PPM1210CL

The Projects IN Controlled Environments (PRINCE2) 3-day Foundation course provides common processes, management products, roles, and language for use throughout an organization’s projects. PRINCE2 is the most successful Project Management method in the world - it has become the de-facto standard in both the private and public sectors. This course is aimed at people who work, or would like to work, on projects on a daily basis. This course is designed to provide you with the information and working-level understanding of structured Project Management, as presented in PRINCE2. At the end of this course, you will be able to use this knowledge to manage a project and pass the APMG PRINCE2 Foundation examination.

PRINCE2 Practitioners Course – Classroom - PPM1310CL

This 2-day course is aimed at people who work, or would like to work, on projects on a daily basis. It provides practical knowledge on how to manage projects using the PRINCE2 method. Successful candidates will gain certification at the Practitioner level. PRINCE2 provides common processes, management products, roles, and language for use throughout an organization’s projects. PRINCE2 is the most successful Project Management method in the world - it has become the de-facto standard in both the private and public sectors.

PRINCE2 Foundation + Practitioner Course - Classroom - PPM1920CL

This 5-day course covers both the PRINCE2 Foundation and PRINCE2 Practitioner course to provide a common understanding of the processes, management products, roles, and language for use throughout an organization’s projects. PRINCE2 is the most successful Project Management method in the world - it has become the de-facto standard in both the private and public sectors. This course is aimed at people who work, or would like to work, on projects on a daily basis. This course is designed to provide you with the information and working-level understanding of structured Project Management while providing the practical knowledge on how to manage projects using the PRINCE2 methodology. At the end of these courses, you will be able to use this knowledge to manage a project and pass both the APMG PRINCE2 Foundation and


P a g e | 46



Practitioner examination.

3.3.7 TIPA® Assessor for ITIL® Training Courses - PIE1310

TIPA® Assessor for ITIL® Course – Classroom – PIE1310CL

This 3-day course equips the participant with the ability to perform a process-assessment based on the TIPA® methodology for ITIL®, under the leadership of a TIPA® Lead Assessor. The course enables participants to make use of the tools provided in the TIPA® toolbox, prepares participants for conducting interviews, assess and rate process or processes, and determine the current ITSM process maturity, write the assessment report, and provide recommendations for process optimization. During this course, participants will be optimally prepared to take and pass the TIPA® Assessor for ITIL® Certification Exam and become a Certified TIPA® Assessor for ITIL®.


P a g e | 47



3.4 SIN 132-51 - IT Professional Services Labor Category Descriptions

3.4.1 Labor Category: Program Manager

Minimum/General Experience:

At least ten (10) years of experience in program or project management. At least six (6) years of experience in supervision or oversight of IT related programs or projects. The Program Manager is the contractor's manager for the contract, and serves as the single point of contact for the Contractor with the State regarding the contract. Performs the overall management for contract support operations. Organizes, directs, and coordinates the planning and production of all contract activities, projects and support activities, including those of subcontractors. Oversees the development of or develops work breakdown structures, charts, tables, graphs, major milestone calendars and diagrams to assist in analyzing problems and making recommendations. Demonstrates excellent written and verbal communications skills. Establishes and alters corporate management structure to direct effective and efficient contract support activities. Must be capable of negotiating and making binding decisions for the Contractor. Bachelors degree from an accredited college or university in Engineering, Computer Science, Information Systems, Business, or other related discipline. A Master’s degree and/or PMP certification is preferred.

3.4.2 Labor Category: Project Manager


8 years of experience in planning and directing a technical project (or a group of related tasks) and assisting the program manager in working with the government Contracting Officer, the COTR, government management personnel, and client agency representatives. Plans and directs a technical project (or a group of related tasks) and assists the program manager in working with the government Contracting Officer, the COTR, government management personnel, and client agency representatives. Under the guidance of the Program Manager, ensures the technical solutions and schedules are implemented in a timely manner. Bachelor’s degree (or equivalent experience and training).

3.4.3 Labor Category: Principal Network Engineer


10 years of experience in planning, designing, evaluating, configuring, and supporting operating systems, network components and protocol suites.

Functional Responsibility

Plans, designs, evaluate, and select operating systems and protocol suites. Configures communication media with concentrators, bridges, and other devices. Resolves inter-operability problems to obtain optimum operations across all platforms, including email, file transfers, multimedia, teleconferencing, etc. Configures systems to user environments. Supports the acquisition of hardware and software. May also function as task/team leader.

Minimum Education:


P a g e | 48



Bachelor’s degree in Computer Science or equivalent. A Master's degree is desirable. Up to 3 years of experience can be substituted if the candidate has a Master’s degree or industry-recognized professional certification in the field of networking.

3.4.4 Labor Category: Senior Network Engineer


8 years of experience in planning, designing, evaluating, configuring, and supporting operating systems, network components and protocol suites. Plans, designs, evaluates, and selects operating systems and protocol suites. Configures communication media with concentrators, bridges, and other devices. Resolves inter-operability problems to obtain optimum operations across all platforms, including email, file transfers, multimedia, teleconferencing, etc. Configures systems to user environments. Supports the acquisition of hardware and software. May also function as task/team leader. Bachelor’s degree (or equivalent experience and training).

3.4.5 Labor Category: Network Engineer


5 years of experience in planning, designing, evaluating, configuring, and supporting operating systems, network components and protocol suites. Plans, designs, evaluates, and selects operating systems and protocol suites. Configures communication media with concentrators, bridges, and other devices. Resolves inter-operability problems to obtain optimum operations across all platforms, including email, file transfers, multimedia, teleconferencing, etc. Configures systems to user environments. Supports the acquisition of hardware and software. May also function as task/team leader. Bachelor’s degree (or equivalent experience and training).

3.4.6 Labor Category: Junior Network Engineer


2 years of experience in planning, designing, evaluating, configuring, and supporting operating systems, network components, and protocol suites. Plans, designs, evaluates, and selects operating systems and protocol suites. Configures communication media with concentrators, bridges, and other devices. Resolves inter-operability problems to obtain optimum operations across all platforms, including email, file transfers, multimedia, teleconferencing, etc. Configures systems to user environments. Supports the acquisition of hardware and software. Bachelor’s degree (or equivalent experience and training).

3.4.7 Labor Category: Entry-Level Network Engineer


Has the knowledge base to work in the field of planning, designing, evaluating, configuring, and supporting operating systems, network components, and protocol suites. Plans, designs, evaluates, and selects operating systems and protocol suites. Configures communication media with concentrators, bridges, and other devices. Resolves inter-operability problems to obtain optimum operations across all platforms, including email, file transfers, multimedia, teleconferencing, etc. Configures systems to user environments. Supports the acquisition of hardware and software. Bachelor’s degree (or equivalent experience and training).


P a g e | 49



3.4.8 Labor Category: Principal System Administrator


10 years of experience in administrating Unix, Windows NT, Windows 2000, or open systems-compliant systems.

Functional Responsibility:

Supervises and manages the daily activities of configuration and operation of business systems which may be mainframe, mini, or client/server based. Plans and monitors the optimizing of system operation and resource utilization, and performs systems capacity analysis and planning. Plans and monitors assistance to users in accessing and using business systems.

Minimum Education:

Bachelor’s degree in Computer Science or equivalent. A Master's degree is desirable. Up to 3 years of experience can be substituted if the candidate has Master’s degree or industry recognized professional certification in the field of system administration.

3.4.9 Labor Category: Senior System Administrator




Supervises and manages the daily activities of configuration and operation of business systems which may be mainframe, mini, or client/server based. Plans and monitors the optimizing of system operation and resource utilization, and performs systems capacity analysis and planning. Plans and monitors assistance to users in accessing and using business systems.

Minimum Education:

Bachelor’s degree (or equivalent experience and training).

3.4.10 Labor Category: System Administrator




Performs the daily activities of configuration and operation of business systems which may be mainframe, mini, or client/server based. Plans and monitors the optimizing of system operation and resource utilization, and performs systems capacity analysis and planning. Plans and monitors assistance to users in accessing and using business systems.

Minimum Education:



P a g e | 50



3.4.11 Labor Category: Junior System Administrator




Assists with the daily activities of configuration and operation of business systems which may be mainframe, mini, or client/server based. Plans and monitors the optimizing of system operation and resource utilization, and performs systems capacity analysis and planning. Plans and monitors assistance to users in accessing and using business systems.

Minimum Education:


3.4.12 Labor Category: Entry-Level System Administrator


Has knowledge base to work in the field of administrating Unix, Windows NT, Windows 2000, or open systems-compliant systems.


Assists with the daily activities of configuration and operation of business systems which may be mainframe, mini, or client/server based. Plans and monitors the optimizing of system operation and resource utilization, and performs systems capacity analysis and planning. Plans and monitors assistance to users in accessing and using business systems.

Minimum Education:


3.4.13 Labor Category: Principal Programmer


10 years of experience in the field of software development.


Analyzes systems specifications and designs, develops, modifies, and installs highly complex and customized software. Conducts detailed analyses of defined system specifications, and prepares a wide variety of computer programs, associated documentation, block diagrams, and logic flow charts. Enhances software to reduce operating time or improve efficiency. May also function as task/team leader.

Minimum Education:

Bachelor’s degree in Computer Science or equivalent. A Master's degree is desirable. Up to 3 years of experience can be substituted if the candidate has Master’s degree or industry recognized professional certification in the field of programming.


P a g e | 51



3.4.14 Labor Category: Senior Programmer




Analyzes systems specifications and designs, develops, modifies, and installs highly complex and customized software. Conducts detailed analyses of defined system specifications, and prepares a wide variety of computer programs, associated documentation, block diagrams, and logic flow charts. Enhances software to reduce operating time or improve efficiency. May also function as the task/team leader.

Minimum Education:


3.4.15 Labor Category: Programmer




Analyzes systems specifications and designs, develops, modifies, and installs moderately complex software. Conducts detailed analyses of defined system specifications, and prepares a wide variety of computer programs, associated documentation, block diagrams, and logic flow charts. Enhances software to reduce operating time or improve efficiency. May also function as task/team leader.

Minimum Education:


3.4.16 Labor Category: Junior Programmer




Analyzes systems specifications and designs, develops, modifies, and installs software. Conducts analyses of defined system specifications, and prepares a wide variety of computer programs, associated documentation, block diagrams, and logic flow charts. Enhances software to reduce operating time or improve efficiency.

Minimum Education:


3.4.17 Labor Category: Entry-Level Programmer


Has the knowledge base to work in the field of software development.


P a g e | 52




Analyzes systems specifications and designs, develops, modifies, and installs software. Conducts analyses of defined system specifications, and prepares a wide variety of computer programs, associated documentation, block diagrams, and logic flow charts. Enhances software to reduce operating time or improve efficiency.

Minimum Education:


3.4.18 Labor Category: Principal Computer Maintenance Technician (Principal PC Technician)


10 years of experience in PC hardware and desktop software and anti-virus support service activities.


Installs, maintains, modifies, and repairs computer hardware and systems to ensure minimum downtime and maximum system availability. Performs preventative maintenance and diagnostic tests of equipment and systems. Replaces defective components as required. Installs and modifies systems and peripherals. Compiles reports and conducts periodic inventory of supplies, tools, and spare parts.

Minimum Education:

Associate's degree in any field. A Bachelor's degree is desirable. Up to 3 years of experience can be substituted if the candidate has a Bachelor’s degree or industry-recognized professional certification in the field of computer or network repair.

3.4.19 Labor Category: Senior Computer Maintenance Technician (Senior PC Technician)


3 years of experience in PC hardware and software support service activities.


Installs, maintains, modifies, and repairs computer hardware and systems to ensure minimum downtime and maximum system availability. Performs preventative maintenance and diagnostic tests of equipment and systems. Replaces defective components as required. Installs and modifies systems and peripherals. Compiles reports and conducts periodic inventory of supplies, tools, and spare parts.

Minimum Education:

Associate’s degree (or equivalent experience and training) and 3 years of related experience.


P a g e | 53



3.4.20 Labor Category: Computer Maintenance Technician (PC Technician)


Has the knowledge of PC hardware and software support services activities.


Installs, maintains, modifies, and repairs computer hardware and systems to ensure minimum downtime and maximum system availability. Performs preventative maintenance and diagnostic tests of equipment and systems. Replaces defective components as required. Assists in the installation and modification of systems and peripherals. Compiles reports and conducts periodic inventory of supplies, tools, and spare parts.

Minimum Education:

Associate’s degree (or equivalent experience and training).

3.4.21 Labor Category: Principal System Architect


At least 10 years experience planning, designing, building, and implementing IT systems. At least 5 years of the required 10 years of experience must be in the direct supervision and management of major projects that involve providing professional support services and/or the integration, implementation, and transition of large complex system and subsystem architectures. Must have led or been chief architect in major IT implementation efforts. Must demonstrate a broad understanding of client IT environmental issues and solutions and be a recognized expert within the IT industry. Must demonstrate advanced abilities to team and mentor and possess demonstrated excellence in written and verbal communication skills.


Provides expertise in the most current principles and practices of architecture data management systems and experience in large system designs, and with data modeling in the information management arena. Provides expertise in modeling and organizing information to facilitate support of projects or information architectures. Provides guidance on how and what to data and process model. Primarily deals with transition planning from legacy to modern systems by concentrating on information flows, data exchange, and data translation standardization services.

Minimum Education:

Bachelor’s degree from an accredited college or university with a major in Engineering, Computer Science, Mathematics, or a related field. A Master’s degree is preferred. Up to 3 years of experience can be substituted if the candidate has a Master’s degree or industry-recognized professional certification in the field of programming.

3.4.22 Labor Category: Senior System Architect


At least 8 years experience planning, designing, building, and implementing IT systems. At least 3 years of the required 8 years of experience must be in the direct supervision and management of major projects that involve providing professional support services and/or the integration,


P a g e | 54



implementation and transition of large complex system and subsystem architectures. Must have led or been chief architect in major IT implementation efforts. Must demonstrate a broad understanding of client IT environmental issues and solutions and be a recognized expert within the IT industry. Must demonstrate advanced abilities to team and mentor and possess demonstrated excellence in written and verbal communication skills.



Minimum Education:

Bachelor’s degree from an accredited college or university with a major in Engineering, Computer Science, Mathematics, or a related field. A Master’s degree is preferred. Up to 3 years of experience can be substituted if the candidate has a Master’s degree or industry-recognized professional certification in the field of programming.

3.4.23 Labor Category: System Architect


At least 5 years experience planning, designing, building, and implementing IT systems. At least 2 years of the required 5 years of experience must be in the direct supervision and management of major projects that involve providing professional support services and/or the integration, implementation and transition of large complex system and subsystem architectures. Must have led or been chief architect in major IT implementation efforts. Must demonstrate a broad understanding of client IT environmental issues and solutions and be a recognized expert within the IT industry. Must demonstrate advanced abilities to team and mentor and possess demonstrated excellence in written and verbal communication skills.



Minimum Education:

Bachelor’s degree from an accredited college or university with a major in Engineering, Computer Science, Mathematics, or a related field. A Master’s degree is preferred. Up to 3years of experience can be substituted if the candidate has a Master’s degree or industry-recognized professional certification in the field of programming.


P a g e | 55



3.4.24 Labor Category: Senior Technical Writer


A minimum of 8 years of experience as a senior technical writer. At least 3 years of experience in preparing and editing documents, including technical documents. Also includes researching for applicable standards.

Functional Responsibilities:

Assists in collecting and organizing information for the preparation of user manuals, training materials, installation guides, proposals, and reports. Edits functional descriptions, system specifications, user manuals, special reports, or any other customer deliverables and documents. Conducts research and ensures the use of proper technical terminology. Translates technical information into clear, readable documents to be used by technical and non-technical personnel. For applications built to run in a Windows environment, uses the standard help compiler to prepare all on-line documentation. Assists in performing financial and administrative functions. Must demonstrate the ability to work independently or under general direction.

Minimum Education:

A Bachelor’s degree in the related field. Up to 3 years of experience can be substituted if the candidate has a Master’s degree or industry-recognized professional certification in the field of technical writing.

3.4.25 Labor Category: Technical Writer


A minimum of 5 years of experience as a technical writer. At least 2 years of experience in preparing and editing documents, including technical documents. Also includes researching for applicable standards.


Assists in collecting and organizing information for the preparation of user manuals, training materials, installation guides, proposals, and reports. Edits functional descriptions, system specifications, user manuals, special reports, or any other customer deliverables and documents. Conducts research and ensures the use of proper technical terminology. Translates technical information into clear, readable documents to be used by technical and non-technical personnel. For applications built to run in a Windows environment, uses the standard help compiler to prepare all on-line documentation. Assists in performing financial and administrative functions. Must demonstrate the ability to work independently or under general direction. Minimum Education: Associate’s degree in the related field. Up to 3 years of experience can be substituted if the candidate has a Bachelor’s degree or industry-recognized professional certification in the field of technical writing.

3.4.26 Labor Category: Junior Technical Writer



P a g e | 56



A minimum of 3 years of experience as a junior technical writer. At least 3 years of experience in preparing and editing documents, including technical documents. Also includes researching for applicable standards.


Assists in collecting and organizing information for the preparation of user manuals, training materials, installation guides, proposals, and reports. Edits functional descriptions, system specifications, user manuals, special reports, or any other customer deliverables and documents. Conducts research and ensures the use of proper technical terminology. Translates technical information into clear, readable documents to be used by technical and non-technical personnel. For applications built to run in a Windows environment, uses the standard help compiler to prepare all on-line documentation. Assists in performing financial and administrative functions. Must demonstrate the ability to work independently or under general direction.

Minimum Education:

Associate's degree in the related field.

3.4.27 Labor Category: Principal Consultant


20 or more years of functional industry experience is required.


Oversees the negotiation of delivery/task orders and design phases of project tasks. Plans, organizes staffs, directs, and manages performance of work associated with one or more task orders within the relevant subject matter domain of the project and the Principal Consultant's practice area. Fully responsible for providing technical guidance and expertise to project staff and ensuring that the methods, tools, and techniques applied in performance of the work represent the state of the art. Responsible for monitoring the technical quality of work products and ensuring that products meet quality standards. Substantially contributes to product content. In coordination with contract and task order management, plans work efforts, ensuring that schedules and budgets are appropriate for the accomplishment of project objectives, and directs the work efforts of the project staff. Works with customers to provide consultative advice in the areas of expertise.

Minimum Education:

Bachelor's degree in the related field. An advanced degree is preferred and the candidate with such a degree can substitute 5 years of experience.

3.4.28 Labor Category: Senior Consultant




Oversees the negotiation of delivery/task orders and design phases of project tasks. Plans,


P a g e | 57



organizes, staffs, directs, and manages performance of work associated with one or more task orders within the relevant subject matter domain of the project and the Principal Consultant's practice area. Responsible for providing technical guidance and expertise to project staff and ensuring that the methods, tools, and techniques applied in performance of the work represent the state of the art. Responsible for monitoring the technical quality of work products and ensuring that products meet quality standards. Substantially contributes to product content. In coordination with contract and task order management, plans work efforts, ensuring that schedules and budgets are appropriate for the accomplishment of project objectives, and directs the work efforts of the project staff. Works with customers to provide consultative advice in the areas of expertise.

Minimum Education:


3.4.29 Labor Category: Consultant




Oversees the negotiation of delivery/task orders and design phases of project tasks. Plans and organizes resources to accomplish analytical tasks. Provides senior level management with the coordination of analytical efforts for all federal agency executives and senior level managers. Plans, organizes, and oversees work efforts; assigns and manages resources; supervises personnel; ensures quality management; and monitors overall project and contract performance.

Minimum Education:


3.4.30 Labor Category: Junior Consultant




Oversees the negotiation of delivery/task orders and design phases of project tasks. Plans and organizes resources to accomplish analytical tasks. Provides senior level management in the coordination of analytical efforts with all federal agency executives and senior level managers. Plans, organizes, and oversees work efforts; assigns and manages resources; supervises personnel; ensures quality management; and monitors overall project and contract performance.

Minimum Education:



P a g e | 58



3.4.31 Labor Category: Senior Subject Matter Expert

Minimum/General Experience: 12 or more years of functional industry experience is required. Pre-eminent industry professional with superior acumen in the planning and directing of all aspects of organizational programs. Provides analysis, evaluation, and recommendations for improvements, optimization, development, and/or maintenance efforts for client-specific or mission-critical proficiencies. Serves as the go-to person for the subject matter in question. Writes white papers for the subject matter in question. Assumes a leadership position on projects. Ph.D. or equivalent advanced degree. A Master's degree with 3 additional years of experience can be considered for this position.

3.4.32 Labor Category: Subject Matter Expert


8 or more years of functional industry experience is required. Top-level professional with expert, senior, executive-level management and leadership skills. Outstanding capabilities in planning and directing all aspects of organizational programs, and programs in excess of one million dollars. Articulates client issues and requirements to the technical team. Serves as the go-to person for the subject matter in question. Writes white papers for the subject matter in question. Master's degree or equivalent advanced degree. A Bachelor's degree with 3 additional years of experience can be considered for this position.

3.4.33 Labor Category: Junior Subject Matter Expert


1 or more years of functional industry experience is required. Develops requirements for a project's inception to conclusion in a subject matter area for simple to moderately complex programs. Applies specialized knowledge to a particular task. Designs major projects and provides program management oversight for large, detailed projects or has specific knowledge in a highly specialized area. Must be able to communicate expert information to a variety of audiences orally and in writing. Master's degree or equivalent advanced degree. A Bachelor's degree with 3 additional years of experience can be considered for this position.

3.4.34 Labor Category: Senior Analyst


8 or more years of functional industry experience is required. This individual must have specialized experience in facilitation, training, methodology development and evaluation, process re-engineering across all phases, identifying best practices, change management, business management techniques, organizational development, activity and data modeling, and information system development methods and practices. Applies process improvement and re-engineering methodologies and principles to conduct process modernization projects. Duties include activity and work flow, developing modern business methods, identifying best practices, and creating and assessing performance measurements. Provides group facilitation, interviewing, and training, and provides additional forms of knowledge transfer. Bachelor's degree or equivalent degree. Persons without such a degree can be considered with an additional 2 years of experience.


P a g e | 59



3.4.35 Labor Category: Mid-Level Analyst


5 or more years of functional industry experience is required. Applies knowledge of business methods and computerized systems in working with customers to analyze and improve specific business problems or performance areas. Acts as an internal consultant to provide analysis of current or proposed business systems. Conducts and delivers studies or cost benefit analyses for new projects or changes to existing systems. Consults on risk management and cost control procedures. Bachelor's degree or equivalent degree. Persons without such a degree can be considered with an additional 2 years of experience.

3.4.36 Labor Category: Junior Analyst

Minimum/General Experience: 2 or more years of functional industry experience is required. Helps to clearly define government financial and business practices for integration into the government business system. Identifies potential problems and solutions through analysis and recommend solutions. Must be able to work with functional specialists, automation specialists, contractors, vendors, and customers to effectively adhere to customer requirements. Acts as a focal point to coordinate all disciplines in the recommended solution. Bachelor's degree or equivalent degree. Persons without such a degree can be considered with an additional 2 years of experience.

3.4.37 Labor Category: Project Coordinator


5 years of experience in planning and directing a technical project (or a group of related tasks) and assisting the program manager in working with the government Contracting Officer, the COTR, government management personnel, and client agency representatives.


Under the supervision of the project manager, plans and directs a technical project (or a group of related tasks). Prepares status reports. Updates project schedules and project plans. Tracks change requests, issues, bugs, etc. Has excellent documentation skills. Under the guidance of the Project Manager, ensures the technical solutions and schedules are implemented in a timely manner.

Minimum Education:

Bachelor’s degree (or equivalent experience and training). Persons without a degree should have an additional 2 years of work experience to be considered for this position.

3.4.38 Labor Category: Business Writer


3 years of experience in writing technical documents, marketing documents, reports, etc.


Responsible for producing written deliverables, articles, reports, and correspondence. Knowledge and skills in Microsoft Office and document development. Coordinates with the


P a g e | 60



customer for the format of written work products. Designs logical and physical document layouts, and coordinates with graphic artists and editors as required. Follows established formats, processes, guidelines, and deadlines.

Minimum Education:


3.4.39 Labor Category: Technical Editor




Prepares and edits documentation incorporating information provided by management, specialists, analysts, writers, and consultant personnel. Has substantial knowledge of the capabilities of desktop publishing and computer systems. Duties include the editing, and/or graphic presentation of written materials for both novice and informed audiences. Helps writers organize and polish their material. Edits for readability and clarity. Interprets documentation standards and prepares documentation according to the standards. Responsible for finished documents, spelling, punctuation, and grammar.

Minimum Education:


3.4.40 Labor Category: Executive Assistant


5 years of experience in the related field.

Functional Responsibility: Provides administrative support to Senior Management and associated managerial and professional staff. Duties may involve planning, organizing, directing, and reviewing the work of administrative support staff; training administrative staff in work procedures; and providing input in selection, evaluation, and disciplinary matters. Requires the frequent use of tact, discretion, initiative, and independent judgment. May receive and screen visitors and telephone calls, provide information, and resolve complaints. May research, compile, and summarize a variety of informational materials; organize, maintain and purge various administrative, reference, and follow-up files; compile and review budget figures; type budget worksheets and drafts of a wide variety of finished documents from stenographic notes, brief instructions, or printed materials; uses word processing equipment, and may input or retrieve data and prepare reports from an on-line or personal computer system. May compile and process confidential materials. Makes appointments and maintains the Manager's calendar and schedules; arranges for meetings and makes travel arrangements. Organizes own work, sets priorities, and meets critical deadlines.


P a g e | 61



Minimum Education:


3.4.41 Labor Category: Administrative Support


5 years of experience in the related field.

Functional Responsibility: Performs routine office support activities in a structured work environment. Applies knowledge of basic office practices, procedures and equipment (i.e. telephones, postage meters, computers, fax machines, copiers, etc.). May handle information requests and perform clerical functions such as preparing correspondence, receiving visitors, arranging conference calls, and scheduling meetings. Supports a variety of duties within the office, including processing paperwork, filing, copying, and mailings. Requires a working knowledge of the Internet, proficiency in PC usage for email, scheduling, Microsoft Word, and Excel. Must have strong communication and interpersonal skills. May also train and supervise lower-level clerical staff.

Minimum Education:

High School diploma or GED equivalent.

3.4.42 Labor Category: Junior Administrative Support



Functional Responsibility: Performs routine office support activities in a structured work environment. Applies knowledge of basic office practices, procedures and equipment (i.e. telephones, postage meters, computers, fax machines, copiers, etc.). May handle information requests and perform clerical functions such as preparing correspondence, receiving visitors, arranging conference calls, and scheduling meetings. Supports a variety of duties within the office, including processing paperwork, filing, copying, and mailings. Requires a working knowledge of the Internet, proficiency in PC usage for email, scheduling, Microsoft Word, and Excel. Must have strong communication and interpersonal skills.

Minimum Education:

High School diploma or GED equivalent.


P a g e | 62



4 PRICE LIST FOR ALL SINS

4.1 SIN #132-8 - Purchase of Equipment

Description Manufacturer Part # List Price $ GSA Price $

SIEM Storm

SIEM Storm 402 (2 CPU Oracle Enterprise DB) BLKS-40-SIEM-402 $130,000.00 $105,434.88






SIEM Storm Options

5 SIM Desktop Console User Pack BLKS-40-USR-01 $4,000.00 $3,244.15

Distributed Enterprise Engine BLKS-40-DEE-02 $35,000.00 $28,386.31

Distributed Enterprise Engine Pack - 20 Maximum

BLKS-40-DEE-20 $350,000.00 $283,863.13

Rules Based Correlation Engine BLKS-40-ERB-01 $30,000.00 $24,331.13

Incident Resolution Manager BLKS-40-IRM-01 $30,000.00 $24,331.13

Vulnerability Correlation Engine BLKS-40-EVC-01 $30,000.00 $24,331.13

BlackStratus Enterprise Starter Upgrade Bundle {d}

BLKS-40-BUN-01 $60,000.00 $48,662.25

Note {d}:Includes one license each of BLKS-40-ERB-01, BLKS-40-IRM-01, BLKS-40-EVC-01

SIEM Storm Database Options

Upgrade from SIEM Storm 204 to SIEM Storm 402

BLKS-40-UPD-05 $46,800.00 $37,956.56


BLKS-40-UPD-06 $63,000.00 $51,095.36


BLKS-40-UPD-07 $220,000.00 $178,428.25


BLKS-40-UPD-08 $55,000.00 $44,607.06


BLKS-40-UPD-09 $165,000.00 $133,821.19


BLKS-40-UPD-10 $110,000.00 $89,214.13


BLKS-40-UPD-11 $110,000.00 $89,214.13


BLKS-40-UPD-12 $110,000.00 $89,214.13

BlackStratus Enterprise Network: Category 1 - Network Devices (Network Security Devices such as Firewalls, Network IDS, VPN, etc)

License for Network Security Devices (1-50) BLKS-SP-40-END-01 $1,400.00 $1,135.45


P a g e | 63




License for Network Security Devices (51-100) BLKS-SP-40-END-02 $1,200.00 $973.25

License for Network Security Devices (101-250) BLKS-SP-40-END-03 $1,000.00 $811.04

License for Network Security Devices (251-500) BLKS-SP-40-END-04 $900.00 $729.93

License for Network Security Devices (501-1000) BLKS-SP-40-END-05 $750.00 $608.28

License for Network Security Devices (1001+) BLKS-SP-40-END-06 $600.00 $486.62

BlackSratus Enterprise Infrastructure: Category 2 Infrastructure Devices (Applications on Server Devices - FW, Servers, Routers, Switches, AV, HIDS, HIPS, Database, Web Server, & Database Feed)

License for Application on Server Devices (1-25) BLKS-SP-40-ESD-01 $520.00 $421.74

License for Application on Server Devices (26-50)

BLKS-SP-40-ESD-02 $360.00 $291.97


BLKS-SP-40-ESD-03 $320.00 $259.32


BLKS-SP-40-ESD-04 $240.00 $194.65


BLKS-SP-40-ESD-05 $215.00 $174.37


BLKS-SP-40-ESD-06 $184.00 $149.23


BLKS-SP-40-ESD-07 $165.00 $133.82

License for Application on Server Devices (5001+)

BLKS-SP-40-ESD-08 $150.00 $121.66

BlackStratus Enterprise Network: Category 3: Desktop Class Devices (Desktop Applications - AV, HIDS/HIPS, Personal FW, etc.)

License for Desktop Devices (1-100) BLKS-SP-40-EDD-01 $8.00 $6.49








License for Desktop Devices (50001-100000) BLKS -SP-40-EDD-09 $2.00 $1.62


P a g e | 64




License for Desktop Devices (100001+) BLKS -SP-40-EDD-10 $1.80 $1.46

BlackStratus SIEM Storm Failover Options

SIEM Storm 402 SIEM Storm Stand-By / Back-Up Server License Options

BLKS-40-HA-SIEM-402 $65,000.00 $52,717.44


BLKS-40-HA-SIEM-404 $87,500.00 $70,965.78


BLKS-40-HA-SIEM-408 $132,500.00 $107,462.47

Distributed Enterprise Engine SIEM Storm Stand-By / Back-Up Server License Options

BLKS-40-HA-DEE-02 $17,500.00 $14,193.16

Rules Based Correlation Engine SIEM Storm Stand-By / Back-Up Server License Options

BLKS-40-HA-ERB-01 $15,000.00 $12,165.56

Incident Resolution Manager SIEM Storm Stand-By / Back-Up Server License Options

BLKS-40-HA-IRM-01 $15,000.00 $12,165.56

Vulnerability Correlation Engine SIEM Storm Stand-By / Back-Up Server License Options

BLKS-40-HA-EVC-01 $15,000.00 $12,165.56

LogStorm Appliances

LogStorm Enterprise Appliance BLKS-40-LS-EN $105,995.00 $85,965.92

LogStorm Midway Appliance BLKS-40-LS-MI $75,995.00 $61,634.79

LogStorm Ranger Appliance BLKS-40-LS-RX $45,995.00 $37,303.67

LogStorm Express Appliance BLKS-40-LS-EX $15,000.00 $12,165.56

BlackStratus SIEM Storm (for Lab and/or Test environments, not for production use)

SIEM Storm 402 LAB {ac} BLKS-40-SIEM-402-LAB $52,000.00 $42,173.95

SIEM Storm 404 LAB {ad} BLKS-40-SIEM-404-LAB $70,000.00 $56,772.63

SIEM Storm 406 LAB {ad} BLKS-40-SIEM-406-LAB $88,000.00 $71,371.30

SIEM Storm 408 LAB {ae} BLKS-40-SIEM-408-LAB $106,000.00 $85,969.98

SIEM Storm 412 LAB {ae} BLKS-40-SIEM-412-LAB $142,000.00 $115,167.33


P a g e | 65



4.2 SIN #132-32 - Term Software Licenses


LogStorm Term Software Licenses

LogStorm Subscription Pricing - Minimum 1 Year Term

LogStorm Enterprise Appliance License BLKS-40-LS-ENY-MSP $52,156.99 $42,301.27

LogStorm Midway Appliance License BLKS-40-LS-MIY-MSP $37,394.88 $30,328.65

LogStorm Ranger Appliance License BLKS-40-LS-RXY-MSP $22,632.77 $18,356.03

LogStorm Express Appliance License BLKS-40-LS-EXY-MSP $8,854.81 $7,181.58


P a g e | 66



4.3 SIN #132-33 - Perpetual Software Licenses

Product Description Manufacturer Part # List Price $ GSA Price $

EventTracker - Small Business Edition ET-SBE-10 $5,494.50 $4,708.12

EventTracker - Small Business Edition Add'l Servers ET-SBE-SER $440.00 $377.03

EventTracker - Small Business Edition Add'l Workstations

ET-SBE-WS $66.00 $56.55

EventTracker - Small Business Edition SNMP Devices

ET-SBE-SNMP $27.50 $23.56

EventTracker - Medium Enterprise – 50 ET-MBE-50 $21,994.50 $18,846.62 EventTracker - Medium Enterprise - 50 Add'l Servers

ET-MBE-50-SER $352.00 $301.62

EventTracker - Medium Enterprise - 50 Add'l Workstations

ET-MBE-50-WS $55.00 $47.13

EventTracker - Medium Enterprise - 50 SNMP Devices

ET-MBE-50-SNMP $27.50 $23.56

EventTracker - Medium Enterprise – 100 ET-MBE-100 $38,494.50 $32,985.12 EventTracker - Medium Enterprise - 100 Add'l Servers

ET-MBE-100-SER $308.00 $263.92

EventTracker - Medium Enterprise - 100 Add'l Workstations

ET-MBE-100-WS $44.00 $37.70

EventTracker - Medium Enterprise - 100 SNMP Devices

ET-MBE-100-SNMP $27.50 $23.56

EventTracker Agent - Solaris BSM ET-BSM-AGN $768.50 $658.51

EventTracker Agent – Checkpoint ET-CP-AGN $548.90 $470.34

What Changed for Windows Server Monitor WC-001-SER $218.90 $187.57

What Changed for Windows Workstation Monitor WC-001-WS $82.50 $70.69


P a g e | 67



4.4 SIN #132-34 - Maintenance of Software


SIEM Storm

BLKS-40-SIEM-402 Premium Support Maintenance - 24x7x365 days/year

BLKS-PS-SIEM-402 $39,000.00 $37,131.41

BLKS-40-SIEM-402 Premium Remote Support Maintenance

BLKS-RS-SIEM-402 $32,500.00 $30,942.84

BLKS-40-SIEM-402 Standard Support Maintenance

BLKS-SS-SIEM-402 $26,000.00 $24,754.28


BLKS-PS-SIEM-404 $52,500.00 $49,984.59


BLKS-RS-SIEM-404 $43,750.00 $41,653.83


BLKS-SS-SIEM-404 $35,000.00 $33,323.06

BLKS-40-SIEM-404 Premium Support Maintenance, 24x7x365 days/year

BLKS-PS-SIEM-406 $66,000.00 $62,837.78


BLKS-RS-SIEM-406 $55,000.00 $52,364.81


BLKS-SS-SIEM-406 $44,000.00 $41,891.85


BLKS-PS-SIEM-408 $79,500.00 $75,690.96


BLKS-RS-SIEM-408 $66,250.00 $63,075.80


BLKS-SS-SIEM-408 $53,000.00 $50,460.64

BLKS-40-SIEM-412 Premium Support Maintenance, 24x7x365 days/year

BLKS-PS-SIEM-412 $106,500.00 $101,397.32


BLKS-RS-SIEM-412 $88,750.00 $84,497.77


BLKS-SS-SIEM-412 $71,000.00 $67,598.21


BLKS-PS-SIEM-416 $133,500.00 $127,103.68


BLKS-RS-SIEM-416 $111,250.00 $105,919.73


BLKS-SS-SIEM-416 $89,000.00 $84,735.79

SIEM Storm Options

5 SIM Desktop Console User Pack - Premium Support Maintenance - 365 days

BLKS-PS-USR-01 $1,200.00 $1,142.51

5 SIM Desktop Console User Pack - Premium Remote Support Maintenance

BLKS-RS-USR-01 $1,000.00 $952.09

5 SIM Desktop Console User Pack - Standard Support Maintenance

BLKS-SS-USR-01 $800.00 $761.67

Distributed Enterprise Engine - Premium Support Maintenance - 365 days

BLKS-PS-DEE-02 $10,500.00 $9,996.92


P a g e | 68




Distributed Enterprise Engine - Premium Remote Support Maintenance

BLKS-RS-DEE-02 $8,750.00 $8,330.77

Distributed Enterprise Engine - Standard Support Maintenance

BLKS-SS-DEE-02 $7,000.00 $6,664.61

Up to 20 Enterprise Engines - Premium Support Maintenance - 365 days

BLKS-PS-DEE-20 $105,000.00 $99,969.19

Up to 20 Enterprise Engines - Premium Remote Support Maintenance

BLKS-RS-DEE-20 $87,500.00 $83,307.66

Up to 20 Enterprise Engines - Standard Support Maintenance

BLKS-SS-DEE-20 $70,000.00 $66,646.13

Rules Based Correlation Engine - Premium Support Maintenance - 365 days

BLKS-PS-ERB-01 $9,000.00 $8,568.79

Rules Based Correlation Engine - Premium Remote Support Maintenance

BLKS-RS-ERB-01 $7,500.00 $7,140.66

Rules Based Correlation Engine - Standard Support Maintenance

BLKS-SS-ERB-01 $6,000.00 $5,712.53

Incident Resolution Manager - Premium Support Maintenance - 365 days

BLKS-PS-IRM-01 $9,000.00 $8,568.79

Incident Resolution Manager - Premium Remote Support Maintenance

BLKS-RS-IRM-01 $7,500.00 $7,140.66

Incident Resolution Manager - Standard Support Maintenance

BLKS-SS-IRM-01 $6,000.00 $5,712.53

Vulnerability Correlation Engine - Premium Support Maintenance - 365 days

BLKS-PS-EVC-01 $9,000.00 $8,568.79

Vulnerability Correlation Engine - Premium Remote Support Maintenance

BLKS-RS-EVC-01 $7,500.00 $7,140.66

Vulnerability Correlation Engine - Standard Support Maintenance

BLKS-SS-EVC-01 $6,000.00 $5,712.53

LogStorm Enterprise Starter Upgrade Bundle {d} - Premium Support Maintenance - 365 days

BLKS-PS-BUN-01 $18,000.00 $17,137.58

LogStorm Enterprise Starter Upgrade Bundle {d} - Premium Remote Support Maintenance

BLKS-RS-BUN-01 $15,000.00 $14,281.31

LogStorm Enterprise Starter Upgrade Bundle {d} - Standard Support Maintenance

BLKS-SS-BUN-01 $12,000.00 $11,425.05

SIEM Storm Database Options

Upgrade from SIEM Storm 204 to SIEM Storm 402 - Premium Support Maintenance - 365 days

BLKS-PS-UPD-05 $14,040.00 $13,367.31

Upgrade from SIEM Storm 204 to SIEM Storm 402 - Premium Remote Support Maintenance

BLKS-RS-UPD-05 $11,700.00 $11,139.42

Upgrade from SIEM Storm 204 to SIEM Storm 402 - Standard Support Maintenance

BLKS-SS-UPD-05 $9,360.00 $8,911.54


BLKS-PS-UPD-06 $18,900.00 $17,994.45


BLKS-RS-UPD-06 $15,750.00 $14,995.38


P a g e | 69





BLKS-SS-UPD-06 $12,600.00 $11,996.30


BLKS-PS-UPD-07 $66,000.00 $62,837.78


BLKS-RS-UPD-07 $55,000.00 $52,364.81


BLKS-SS-UPD-07 $44,000.00 $41,891.85


BLKS-PS-UPD-08 $16,500.00 $15,709.44


BLKS-RS-UPD-08 $13,750.00 $13,091.20


BLKS-SS-UPD-08 $11,000.00 $10,472.96


BLKS-PS-UPD-09 $49,500.00 $47,128.33


BLKS-RS-UPD-09 $41,250.00 $39,273.61


BLKS-SS-UPD-09 $33,000.00 $31,418.89


BLKS-PS-UPD-10 $33,000.00 $31,418.89


BLKS-RS-UPD-10 $27,500.00 $26,182.41


BLKS-SS-UPD-10 $22,000.00 $20,945.93


BLKS-PS-UPD-11 $33,000.00 $31,418.89


BLKS-RS-UPD-11 $27,500.00 $26,182.41


BLKS-SS-UPD-11 $22,000.00 $20,945.93


BLKS-PS-UPD-12 $33,000.00 $31,418.89


BLKS-RS-UPD-12 $27,500.00 $26,182.41


BLKS-SS-UPD-12 $22,000.00 $20,945.93

BlackStratus Enterprise Network: Category 1 - Network Devices (Network Security Devices such as Firewalls, Network IDS, VPN, etc.)

BLKS-SP-40-END Premium Support Maintenance - 24x7x365 days (1-50 devices)

BLKS-PS-40-END-01 $420.00 $399.88

BLKS-SP-40-END Premium Remote Support Maintenance (1-50 devices)

BLKS-RS-40-END-01 $350.00 $333.23


P a g e | 70




BLKS-SP-40-END Standard Support Maintenance (1-50 devices)

BLKS-SS-40-END-01 $280.00 $266.58


BLKS-PS-40-END-02 $360.00 $342.75


BLKS-RS-40-END-02 $300.00 $285.63


BLKS-SS-40-END-02 $240.00 $228.50


BLKS-PS-40-END-03 $300.00 $285.63


BLKS-RS-40-END-03 $250.00 $238.02


BLKS-SS-40-END-03 $200.00 $190.42


BLKS-PS-40-END-04 $270.00 $257.06


BLKS-RS-40-END-04 $225.00 $214.22


BLKS-SS-40-END-04 $180.00 $171.38


BLKS-PS-40-END-05 $225.00 $214.22


BLKS-RS-40-END-05 $187.50 $178.52


BLKS-SS-40-END-05 $150.00 $142.81

BLKS-SP-40-END Premium Support Maintenance - 24x7x365 days (1001+ devices)

BLKS-PS-40-END-06 $180.00 $171.38

BLKS-SP-40-END Premium Remote Support Maintenance (1001+ devices)

BLKS-RS-40-END-06 $150.00 $142.81

BLKS-SP-40-END Standard Support Maintenance (1001+ devices)

BLKS-SS-40-END-06 $120.00 $114.25

BlackStratus Enterprise Infrastructure: Category 2 Infrastructure Devices (Applications on Server Devices - FW, Servers, Routers, Switches, AV, HIDS, HIPS, Database, Web Server, Database Feed)

BLKS-SP-40-ESD Premium Support Maintenance - 24x7x365 days (1-25 devices)

BLKS-PS-40-ESD-01 $156.00 $148.52

BLKS-SP-40-ESD Premium Remote Support Maintenance (1-25 devices)

BLKS-RS-40-ESD-01 $130.00 $123.77

BLKS-SP-40-ESD Standard Support Maintenance (1-25 devices)

BLKS-SS-40-ESD-01 $104.00 $99.02


BLKS-PS-40-ESD-02 $108.00 $102.82


BLKS-RS-40-ESD-02 $90.00 $85.69


P a g e | 71





BLKS-SS-40-ESD-02 $72.00 $68.55


BLKS-PS-40-ESD-03 $96.00 $91.40


BLKS-RS-40-ESD-03 $80.00 $76.17


BLKS-SS-40-ESD-03 $64.00 $60.93


BLKS-PS-40-ESD-04 $72.00 $68.55


BLKS-RS-40-ESD-04 $60.00 $57.12


BLKS-SS-40-ESD-04 $48.00 $45.70


BLKS-PS-40-ESD-05 $64.50 $61.41


BLKS-RS-40-ESD-05 $53.75 $51.17


BLKS-SS-40-ESD-05 $43.00 $40.94


BLKS-PS-40-ESD-06 $55.00 $52.36


BLKS-RS-40-ESD-06 $46.00 $43.80


BLKS-SS-40-ESD-06 $37.00 $35.23


BLKS-PS-40-ESD-07 $50.00 $47.60


BLKS-RS-40-ESD-07 $41.00 $39.03


BLKS-SS-40-ESD-07 $33.00 $31.42

BLKS-SP-40-ESD Premium Support Maintenance - 24x7x365 days (5001+ devices)

BLKS-PS-40-ESD-08 $45.00 $42.84

BLKS-SP-40-ESD Premium Remote Support Maintenance (5001+ devices)

BLKS-RS-40-ESD-08 $38.00 $36.18

BLKS-SP-40-ESD Standard Support Maintenance (5001+ devices)

BLKS-SS-40-ESD-08 $30.00 $28.56

BlackStratus Enterprise Network: Category 3: Desktop Class Devices (Desktop Applications - AV, HIDS/HIPS, Personal FW, etc.)

BLKS-SP-40-EDD Premium Support Maintenance - 24x7x365 days (1-100 devices)

BLKS-PS-40-EDD-01 $2.40 $2.29


P a g e | 72




BLKS-SP-40-EDD Premium Remote Support Maintenance (1-100 devices)

BLKS-RS-40-EDD-01 $2.00 $1.90

BLKS-SP-40-EDD Standard Support Maintenance (1-100 devices)

BLKS-SS-40-EDD-01 $1.60 $1.52


BLKS-PS-40-EDD-02 $1.80 $1.71


BLKS-RS-40-EDD-02 $1.50 $1.43


BLKS-SS-40-EDD-02 $1.20 $1.14


BLKS-PS-40-EDD-03 $1.62 $1.54


BLKS-RS-40-EDD-03 $1.35 $1.29


BLKS-SS-40-EDD-03 $1.08 $1.03


BLKS-PS-40-EDD-04 $1.38 $1.31


BLKS-RS-40-EDD-04 $1.15 $1.09


BLKS-SS-40-EDD-04 $0.92 $0.88


BLKS-PS-40-EDD-05 $1.23 $1.17


BLKS-RS-40-EDD-05 $1.03 $0.98


BLKS-SS-40-EDD-05 $0.82 $0.78


BLKS-PS-40-EDD-06 $1.10 $1.05


BLKS-RS-40-EDD-06 $0.91 $0.87


BLKS-SS-40-EDD-06 $0.73 $0.70


BLKS-PS-40-EDD-07 $0.74 $0.70


P a g e | 73





BLKS-RS-40-EDD-07 $0.62 $0.59


BLKS-SS-40-EDD-07 $0.50 $0.48


BLKS-PS-40-EDD-08 $0.67 $0.64


BLKS-RS-40-EDD-08 $0.56 $0.53


BLKS-SS-40-EDD-08 $0.45 $0.43


BLKS-PS-40-EDD-09 $0.60 $0.57


BLKS-RS-40-EDD-09 $0.50 $0.48


BLKS-SS-40-EDD-09 $0.40 $0.38

BLKS-SP-40-EDD Premium Support Maintenance - 24x7x365 days (100001+ devices)

BLKS-PS-40-EDD-10 $0.54 $0.51

BLKS-SP-40-EDD Premium Remote Support Maintenance (100001+ devices)

BLKS-RS-40-EDD-10 $0.45 $0.43

BLKS-SP-40-EDD Standard Support Maintenance (100001+ devices)

BLKS-SS-40-EDD-10 $0.36 $0.34

BlackStratus SIEM Storm Failover Options

BLKS-40-HA-SIEM-402 - Premium Support Maintenance - 24x7x365 days

BLKS-PS-HA-SIEM-402 $19,500.00 $18,565.71

BLKS-40-HA-SIEM-402 - Premium Remote Support Maintenance

BLKS-RS-HA-SIEM-402 $16,250.00 $15,471.42

BLKS-40-HA-SIEM-402 - Standard Support Maintenance

BLKS-SS-HA-SIEM-402 $13,000.00 $12,377.14


BLKS-PS-HA-SIEM-404 $26,250.00 $24,992.30


BLKS-RS-HA-SIEM-404 $21,875.00 $20,826.91


BLKS-SS-HA-SIEM-404 $17,500.00 $16,661.53


BLKS-PS-HA-SIEM-408 $39,750.00 $37,845.48


BLKS-RS-HA-SIEM-408 $33,125.00 $31,537.90


BLKS-SS-HA-SIEM-408 $26,500.00 $25,230.32


P a g e | 74




BLKS-40-HA-DEE-02 - Premium Support Maintenance - 24x7x365 days

BLKS-PS-HA-DEE-02 $5,250.00 $4,998.46

BLKS-40-HA-DEE-02 - Premium Remote Support Maintenance

BLKS-RS-HA-DEE-02 $4,375.00 $4,165.38

BLKS-40-HA-DEE-02 - Standard Support Maintenance

BLKS-SS-HA-DEE-02 $3,500.00 $3,332.31

BLKS-40-HA-ERB-01 - Premium Support Maintenance - 24x7x365 days

BLKS-PS-HA-ERB-01 $4,500.00 $4,284.39

BLKS-40-HA-ERB-01 - Premium Remote Support Maintenance

BLKS-RS-HA-ERB-01 $3,750.00 $3,570.33

BLKS-40-HA-ERB-01 - Standard Support Maintenance

BLKS-SS-HA-ERB-01 $3,000.00 $2,856.26

BLKS-40-HA-IRM-01 - Premium Support Maintenance - 24x7x365 days

BLKS-PS-HA-IRM-01 $4,500.00 $4,284.39

BLKS-40-HA-IRM-01 - Premium Remote Support Maintenance

BLKS-RS-HA-IRM-01 $3,750.00 $3,570.33

BLKS-40-HA-IRM-01 - Premium Support Maintenance

BLKS-SS-HA-IRM-01 $3,000.00 $2,856.26

BLKS-40-HA-EVC-01 - Premium Support Maintenance - 24x7x365 days

BLKS-PS-HA-EVC-01 $4,500.00 $4,284.39

BLKS-40-HA-EVC-01 - Premium Remote Support Maintenance

BLKS-RS-HA-EVC-01 $3,750.00 $3,570.33

BLKS-40-HA-EVC-01 - Standard Support Maintenance

BLKS-SS-HA-EVC-01 $3,000.00 $2,856.26

LogStorm Appliances

LogStorm Enterprise Appliance - Premium Support Maintenance - 24x7x365 days

BLKS-PS-LS-EN $31,799.00 $30,275.43

LogStorm Enterprise Appliance - Premium Remote Support Maintenance

BLKS-RS-LS-EN $26,499.00 $25,229.37

LogStorm Enterprise Appliance - Standard Support Maintenance

BLKS-SS-LS-EN $21,199.00 $20,183.30

LogStorm Midway Appliance - Premium Support Maintenance - 24x7x365 days

BLKS-PS-LS-MI $22,799.00 $21,706.64

LogStorm Midway Appliance - Premium Remote Support Maintenance

BLKS-RS-LS-MI $18,999.00 $18,088.71

LogStorm Midway Appliance - Standard Support Maintenance

BLKS-SS-LS-MI $15,199.00 $14,470.78

LogStorm Ranger Appliance - Premium Support Maintenance - 24x7x365 days

BLKS-PS-LS-RX $13,799.00 $13,137.86

LogStorm Ranger Appliance - Premium Remote Support Maintenance

BLKS-RS-LS-RX $11,499.00 $10,948.05

LogStorm Ranger Appliance - Standard Support Maintenance

BLKS-SS-LS-RX $9,199.00 $8,758.25

LogStorm Express Appliance - Premium Support Maintenance - 24x7x365 days

BLKS-PS-LS-EX $4,500.00 $4,284.39

LogStorm Express Appliance - Premium Remote Support Maintenance

BLKS-RS-LS-EX $3,750.00 $3,570.33

LogStorm Express Appliance - Standard Support Maintenance

BLKS-SS-LS-EX $3,000.00 $2,856.26


P a g e | 75




SIEM Storm 402 LAB {ac} - Premium Support Maintenance - 24x7x365 days

BLKS-PS-SIEM-402-LAB $15,600.00 $14,852.57

SIEM Storm 402 LAB {ac} - Premium Remote Support Maintenance

BLKS-RS-SIEM-402-LAB $13,000.00 $12,377.14

SIEM Storm 402 LAB {ac} - Standard Support Maintenance

BLKS-SS-SIEM-402-LAB $10,400.00 $9,901.71

SIEM Storm 404 LAB {ad} - Premium Support Maintenance - 24x7x365 days

BLKS-PS-SIEM-404-LAB $21,000.00 $19,993.84

SIEM Storm 404 LAB {ad} - Premium Remote Support Maintenance

BLKS-RS-SIEM-404-LAB $17,500.00 $16,661.53

SIEM Storm 404 LAB {ad} - Standard Support Maintenance

BLKS-SS-SIEM-404-LAB $14,000.00 $13,329.23

SIEM Storm 406 LAB {ad} - Premium Support Maintenance - 24x7x365 days

BLKS-PS-SIEM-406-LAB $26,400.00 $25,135.11

SIEM Storm 406 LAB {ad} - Premium Remote Support Maintenance

BLKS-RS-SIEM-406-LAB $22,000.00 $20,945.93

SIEM Storm 406 LAB {ad} - Standard Support Maintenance

BLKS-SS-SIEM-406-LAB $17,600.00 $16,756.74

SIEM Storm 408 LAB {ae} - Premium Support Maintenance - 24x7x365 days

BLKS-PS-SIEM-408-LAB $31,800.00 $30,276.38

SIEM Storm 408 LAB {ae} - Premium Remote Support Maintenance

BLKS-RS-SIEM-408-LAB $26,500.00 $25,230.32

SIEM Storm 408 LAB {ae} - Standard Support Maintenance

BLKS-SS-SIEM-408-LAB $21,200.00 $20,184.26

SIEM Storm 412 LAB {ae} - Premium Support Maintenance - 24x7x365 days

BLKS-PS-SIEM-412-LAB $42,600.00 $40,558.93

SIEM Storm 412 LAB {ae} - Premium Remote Support Maintenance

BLKS-RS-SIEM-412-LAB $35,500.00 $33,799.11

SIEM Storm 412 LAB {ae} - Standard Support Maintenance

BLKS-SS-SIEM-412-LAB $28,400.00 $27,039.29


P a g e | 76



4.5 SIN #132-50 - BlackStratus Price List


BlackStratus Advanced Customization – Training

SIEM Storm Certified SOC Expert (Enterprise/MSSP) Onsite (6 attendees max)

BLKS—CSE $10,000.00 $9,520.88

BlackStratus Migration/Upgrade – Training

Boot-camp Training - BlackStratus Offices, Edison, NJ, 4 days

BS-TR-05 $3,500.00 $3,332.31

BlackStratus Pre-Production License – Training

LogStorm Deployment - includes LogStorm installation and configuration

BLKS-LS-PS $6,000.00 $5,712.53

Customer Site Training - LogStorm user/admin training, 2 days (5 students max)

BLKS-LS-TR1 $4,000.00 $3,808.35

LogStorm User & Admin Training - 2 days at BlackStratus HQ training facilities

BLKS-LS-TR2 $1,500.00 $1,428.13


P a g e | 77



4.6 SIN 132-50 - Training Courses Price List

Description Course # List Price $ GSA Price $

ITIL® Courses

ITIL® Awareness Course (1 Day) - ITL9310CL

Course Instructor Fees (1 day) (does not include travel and expenses)

ITL9310I $1,600.00 $1,450.80

Course Materials - per learner - Physical Classroom ITL9310MPI $100.00 $90.68

ITIL® Awareness Course - e-Learning (1 Day) - ITL9310E

ITIL® Awareness Training Course - e-Learning Mode ITL9310E $75.00 $68.01

Course Materials - per learner ITL9310MPI $100.00 $90.68

ITIL® v3 Extended Awareness Course - e-Learning (6 hours) - ITL9312E

ITIL® v3 Extended Awareness Course - e-Learning Mode (6 hours)

ITL9312E $125.00 $113.34

ITIL® v3 Foundation Course - Classroom (3 days) - ITL9320CL

Course Instructor Fees (3 days) (does not include travel and expenses)

ITL9320I $4,800.00 $4,352.40

Course Materials - per learner - Virtual or Physical Classroom

ITL9320MPI $250.00 $226.69

ITIL® v3 Foundation Course - e-Learning - ITL9320E

ITIL® v3 Foundation e-Learning Course ITL9320E $499.00 $452.47


ITL9320MPI $415.00 $376.30

ITIL® v3 Foundation Exam Preparation Guide - ITL9320EP

ITIL® v3 Foundation Exam Preparation Guide ITL9320EP $50.00 $45.34

ITIL® v3 Foundation Premium Course - Classroom - ITL9321CL


ITL9321I $4,800.00 $4,352.40


ITL9321MPI $415.00 $376.30

ITIL® v3 Foundation Premium Course - e-Learning - ITL9321E

ITILv3 Foundation Premium e-Learning Course ITL9321E $499.00 $452.47


ITL9321MPI $415.00 $376.30


P a g e | 78




ITIL® v3 Foundation Course with Apollo 13 Business Simulation - Classroom (4 days) - ITL9324CL


ITL9324I $6,400.00 $5,803.20


ITL9324MPI $545.00 $494.18

ITIL® v3 Planning, Protection and Optimization (PPO) Capability Track - Classroom - ITL9331CL


ITL9331I $9,000.00 $8,160.75

Course Materials - per learner - Virtual, Blended, or Physical Classroom

ITL9331MPI $750.00 $680.06

ITIL® v3 Planning, Protection and Optimization (PPO) Capability Track - Blended Classroom - ITL9331B and ITL 9331VC-B


ITL9331BI $5,400.00 $4,896.45


ITL9331MPI $750.00 $680.06

ITIL® v3 Service Offerings and Agreements (SOA) Capability Track - ITL9332CL


ITL9332I $9,000.00 $8,160.75


ITL9332MPI $750.00 $680.06

ITIL® v3 Service Offerings and Agreements (SOA) Capability Track - Blended Classroom - ITL9332B and ITL9332VC-B


ITL9332BI $5,400.00 $4,896.45


ITL9332MPI $750.00 $680.06

ITIL® v3 Operational Support and Analysis (OSA) Capability Track - ITL9333CL


ITL9333I $9,000.00 $8,160.75


ITL9333MPI $750.00 $680.06

ITIL® v3 Operational Support and Analysis (OSA) Capability Track - Blended Classroom - ITL9333B and ITL9333VC-B


ITL9333BI $5,400.00 $4,896.45


ITL9333MPI $750.00 $680.06


P a g e | 79




ITIL® v3 Release, Control, and Validation (RCV) Capability Track - ITL9334CL


ITL9334I $9,000.00 $8,160.75


ITL9334MPI $750.00 $680.06

ITIL® v3 Release, Control, and Validation (RCV) Capability Track - Blended Classroom - ITL9334B and ITL9334VC-B


ITL9334BI $5,400.00 $4,896.45


ITL9334MPI $750.00 $680.06

ITIL® v3 Service Strategy (SS) Lifecycle Track - ITL9335CL

Course Instructor (3 days) (does not include travel and expenses)

ITL9335I $5,400.00 $4,896.45

Course Materials - per learner Virtual, Blended, or Physical Classroom

ITL9335MPI $530.00 $480.58

ITIL® v3 Service Strategy (SS) Lifecycle Track - Blended Classroom - ITL9335B and ITL9335VC-B


ITL9335BI $3,600.00 $3,264.30


ITL9335MPI $530.00 $480.58

ITIL® v3 Service Design (SD) Lifecycle Track - Classroom - ITL9336CL


ITL9336I $5,400.00 $4,896.45


ITL9336MPI $530.00 $480.58

ITIL® v3 Service Design (SD) Lifecycle Track - Blended Classroom - ITL9336BI and ITL9336VC-B


ITL9336BI $3,600.00 $3,264.30


ITL9336MPI $530.00 $480.58

ITIL® v3 Service Transition (ST) Lifecycle Track - ITL9337CL


ITL9337I $5,400.00 $4,896.45


ITL9337MPI $530.00 $480.58


P a g e | 80




ITIL® v3 Service Transition (ST) Lifecycle Track - Blended Classroom - ITL9337B and ITL9337VC-B Course Instructor (2 days) (does not include travel and expenses)

ITL9337BI $3,600.00 $3,264.30


ITL9337MPI $530.00 $480.58

ITIL® v3 Service Operation (SO) Lifecycle Track - ITL9338CL Course Instructor (3 days) (does not include travel and expenses)

ITL9338I $5,400.00 $4,896.45


ITL9338MPI $530.00 $480.58

ITIL® v3 Service Operation (SO) Lifecycle Track - Blended Classroom - ITL9338B and ITL9338VC-B


ITL9338BI $3,600.00 $3,264.30


ITL9338MPI $530.00 $480.58

ITIL® v3 Continual Service Improvement (CSI) Lifecycle Track - ITL9339CL Course Instructor Fee (3 days) (does not include travel and expenses)

ITL9339I $5,400.00 $4,896.45


ITL9339MPI $530.00 $480.58

ITIL® v3 Continual Service Improvement (CSI) Lifecycle Track - Blended Classroom - ITL9339B and ITL9339VC-B

Course Instructor Fee (2 days) (does not include travel and expenses)

ITL9339BI $3,600.00 $3,264.30


ITL9339MPI $530.00 $480.58

ITIL® v3 Managing Across the Lifecycle Course- Classroom - ITL9340CL Course Instructor Fees (5 days) (does not include travel and expenses)

ITL9340I $9,000.00 $8,160.75


ITIL® v3 Managing Across the Lifecycle Course - Blended Classroom - ITL9340B and ITL9340VC-B Course Instructor Fees (3 days) (does not include travel and expenses)

ITL9340BI $5,400.00 $4,896.45



P a g e | 81




ITIL® Expert Program - Capability Track - e-Learning - ITL9351 Course Instructor Fees (12 days) (does not include travel and expenses)

ITL9351I $21,600.00 $19,585.80

Student Material (printed student workbooks, e-Learning, iPad with reference material)

ITL9351MPI-1 $3,079.00 $2,791.88

Student Material (printed student workbooks, e-Learning, e-Reader with reference material)

ITL9351MPI-2 $2,805.00 $2,543.43

Student Material (Printed student workbooks, e-Learning, digital reference material)

ITL9351MPI-3 $2,280.00 $2,067.39

ITIL® Expert Program - Lifecycle Track - e-Learning - ITL9352


ITL9352I $18,000.00 $16,321.50

Student Material (printed student workbooks, e-Learning, iPad with reference material)

ITL9352MPI-1 $2,699.00 $2,447.32

Student Material (printed student workbooks, e-Learning, e-Reader with reference material)

ITL9352MPI-2 $2,425.00 $2,198.87

Student Material (Printed student workbooks, e-Learning, digital reference material)

ITL9352MPI-3 $1,900.00 $1,722.83

Virtualization and Cloud Computing (VCC)

Virtualization and Cloud Computing Awareness Course - e-Learning - VCC1110E

VCC Course - e-Learning Mode (4 hours) VCC1110E $100.00 $90.68

Simulation - per learner VCC1110S $150.00 $136.01

Virtualization Foundation Course - Classroom - VCC1210CL

Instructor (2 days) VCC1210I $5,500.00 $4,987.13


VCC1210MPI $335.00 $303.76

Virtualization Foundation Course - e-Learning (12 hours) - VCC1210E Virtualization Foundation Course - e-Learning Mode (12 hours)

VCC1210E $349.00 $316.46

Virtualization Simulation - per learner VCC1210MPI $150.00 $136.01


P a g e | 82




Cloud Computing Foundation Course - Classroom - VCC1220CL

Instructor (2 days) VCC1220I $5,500.00 $4,987.13


VCC1220MPI $335.00 $303.76

Cloud Computing Foundation Course - e-Learning (10 hours) - VCC1220E

Cloud Computing Foundation Course - e-Learning Mode (10 hours)

VCC1220E $399.00 $361.79

Cloud Computing Simulation - per learner VCC1220MPI $150.00 $136.01

COBIT

COBITv4.1 Foundation Course - e-Learning (3 days) - GOV1210


GOV1210I $5,400.00 $4,896.45

Course Materials - per learner - Virtual or Physical Classroom (2-3 day course)

GOV1210MPI $480.00 $435.24

COBIT Implementation Methodology Course - Classroom - GOV1410


GOV1410I $7,500.00 $6,800.63


GOV1410MPI $650.00 $589.39


P a g e | 83




ISO/IEC20000

Requirements for ISO/IEC 20000 Certification Course - Classroom - ISO1020CL

Course Instructor Fees (1 day) (does not include travel and expenses)

ISO1020I $1,800.00 $1,632.15


ISO1020MPI $210.00 $190.42

Achieving ISO/IEC 20000 Certification Course - Classroom - ISO1021CL


ISO1021I $3,600.00 $3,264.30


ISO1021MPI $345.00 $312.83

Requirements for and Achieving ISO/IEC 20000 Course - Classroom (3 Days) - ISO1022CL


ISO1022I $5,400.00 $4,896.45


ISO1022MPI $505.00 $457.91

ISO/IEC 20000 Course - e-Learning Mode ISO 1022E $299.00 $286.18

ISO/IEC 20000 for Auditors Course - Classroom - ISO1023CL


ISO1023I $3,600.00 $3,264.30


ISO1023MPI $345.00 $312.83

ISO/IEC 20000 for Practitioners Course - Classroom - ISO1024CL


ISO1024I $5,400.00 $4,896.45


ISO1024MPI $505.00 $457.91

ISO/IEC27001

ISO/IEC 27001 Lead Auditors Course-Classroom (5 days) - SEC1310CL

Instructor Fee (5 days) (does not include travel and expenses)

SEC1310I $9,000.00 $8,160.75


SEC1310MPI $825.00 $748.07

ISO/IEC 27001 Lead Implementer Course - Classroom (5 days) - SEC1320CL


SEC1320I $9,000.00 $8,160.75


SEC1320MPI $825.00 $748.07


P a g e | 84




PRINCE2

PRINCE2 Foundation Course - Classroom (3 days) - PPM1210CL


PPM1210I $5,400.00 $4,896.45


PPM1210MPI $350.00 $317.36

PRINCE2 Practitioners Course - Classroom (2 days) - PPM1310CL


PPM1310I $3,600.00 $3,264.30


PPM1310MPI $375.00 $340.03

PRINCE2 Foundation + Practitioner - Classroom (5 days) - PPM1920


PPM1920 $9,000.00 $8,160.75

Course Materials - per learner - Virtual or Physical Classroom)

PPM1920MPI $585.00 $530.45

TIPA® Assessor for ITIL® - (3 days) - PIE1310


PIE1310CL $8,250.00 $7,480.69

Course Materials – per learner – Virtual or Physical Classroom

PIE1310MPI $430.00 $389.90

Partner Calendar Program

ITIL® v3 Foundation Course CCITL1010 $1,250.00 $1,133.44

COBIT v4.1 Foundation Course CCGOV1210 $1,450.00 $1,314.79

Cloud Computing Foundation Course CCCC1010 $1,600.00 $1,450.80

Virtualization Foundation Course CCVC1010 $1,600.00 $1,450.80

PRINCE2 Foundation Course CCP21010 $1,900.00 $1,722.83

TIPA® Assessor for ITIL® Course PIE1310 $8,250.00 $7,480.69

ISO/IEC20000 Practitioner Course CCISO1010 $1,900.00 $1,722.83

ISO/IEC27001 Lead Implementer CCISO1020 $2,900.00 $2,629.58

ITIL® v3 Intermediate Course - Lifecycle Track (SS, SD, ST, SO, CSI) - Blended Classroom (Each)

CCLC1010 $2,100.00 $1,904.18

ITIL® v3 Intermediate Course - Capability Track (RCV, SOA, PPO, OSA) and/or MALC - Blended Classroom

CCCAP1010 $2,900.00 $2,629.58

ITIL® v3 Expert Program - Capability Track (RCV, SOA, PPO, OSA) + MALC

CCEP1010 $9,800.00 $8,886.15

ITIL® v3 Expert Program - Lifecycle Track (SS, SD, ST, SO, CSI) + MALC

CCEP1011 $9,800.00 $8,886.15


P a g e | 85




Examination Fees

ITIL® and COBIT Foundation Course Examination Fee See Course # $150.00 $151.13 ITIL® v3 Intermediate Course - Capability Track (RCV, SOA, PPO, OSA) and Lifecycle Track (SS,SD,ST,SO, CSI and MALC) Examination Fees per Track

See Course # $225.00 $226.69

ITIL® v3 Expert Program - Lifecycle Track (SS, SD, ST, SO, CSI) + MALC and Capability Track ( RCV, SOA, PPO, OSA and MALC) Examination Fees per Track

See Course # $225.00 $226.69

Exams - SS, SD, SO, ST, CSI, and MALC Tracks See Course # $225.00 $226.69

ISO/IEC20000 Certification and ISO/IEC 20000 for Auditors and for Practitioners Courses Examination Fee

See Course # $200.00 $201.50

ISO/IEC27001 Lead Auditor and Lead Implementer Courses Examination Fee

See Course # $350.00 $352.63

PRINCE2 Foundation Course Examination Fee See Course # $185.00 $186.39

PRINCE2 Practitioner Course Examination Fee See Course # $375.00 $377.81

PRINCE2 Foundation + Practitioner Examination Fee See Course # $560.00 $564.20

TIPA® Assessor for ITIL® - Online Examination Fee See Course # $225.00 $226.69

TIPA® Assessor for ITIL® - Paper Examination Fee See Course # $225.00 $226.69 Virtualization and Cloud Computing Foundation Courses Examination Fee

See Course # $235.00 $236.76


P a g e | 86



4.7 SIN #132-51 - IT Professional Services

4.7.1 BlackStratus Professional Services


BlackStratus Professional Services - LogStorm Appliances

Deployment, SMB, includes SIEM Storm product installation (1db and components), documentation, and handoff

BLKS-SSM401 $10,000.00 $9,520.88

Deployment, Enterprise, SIEM Storm includes SIEM Storm product installation (1db and components), documentation, and handoff

BLKS-SSM402 $20,000.00 $19,041.75

SIEM Storm Customers Professional Services Daily Rate

BS-PS-01 $2,000.00 $1,904.18

Advanced - Data Correlation and Alerts - SIEM Stormcorrelation customization, alerts, documentation and handoff

BLKS-SSM441 $10,000.00 $9,520.88

Advanced - Risk and Vuln Management - SIEM Storm asset, risk, vulnerability management, documentation and handoff

BLKS-SSM442 $10,000.00 $9,520.88

Advanced - Incident Management - SIEM Storm incident management process and workflow, documentation, handoff

BLKS-SSM443 $10,000.00 $9,520.88

Advanced - Database - HA (RAC) - SIEM Storm Oracle enterprise 10G RAC implementation, database performance tuning, documentation, handoff

BLKS-SSM444

$20,000.00 $19,041.75

BlackStratus Deployment Package Professional Services

Advanced - Database - Upgrade - SIEM Storm database upgrade - std to enterprise/higher version, documentation and handoff

BLKS-SSM445 $6,000.00 $5,712.53

Advanced - Database - Archiving - SIEM Storm historical database installation and configuration, documentation and handoff

BLKS-SSM446 $10,000.00 $9,520.88

Migration - SMB - OSP to SIEM Storm, includes std database upgrade from 9i to 10g, Depending on the volume of data, additional days might be required.

BLKS-SSM411

$20,000.00 $19,041.75 Migration - ENT - OSP to SIEM Storm, includes enterprise database upgrade from 9i to 10g. Depending on the volume of data, additional days might be required, includes 5 day training

BLKS-SSM412

$40,000.00 $38,083.50

BlackStratus Advanced Customization Professional Services

Health Check -SMB - SIEM Storm onsite, 4 visits/year

BLKS-SSM421 $24,000.00 $22,850.10

Health Check - ENT/MSSP - SIEM Storm onsite, 4 visits/year

BLKS-SSM422 $24,000.00 $22,850.10

TI - Reports Customization - SIEM Storm reports customization - up to 10 reports, requirement gathering, analysis, delivery and handoff

BLKS-SSM431 $10,000.00 $9,520.88


P a g e | 87




TI Devices/Application - SIEM Storm unsupported device integration, onsite or offsite engagement - 1 agents/application

BLKS-SSM432 $20,000.00 $19,041.75

TI Network Management Systems - SIEM Storm NMS integration - 1 supported NMS system - 10 days

BLKS-SSM434 $20,000.00 $19,041.75

Consulting - Security Manager/Expert - Security Manager/SME for minimum of 6 months to manage SIEM Storm

BLKS-SSM462 $135,200.00 $128,722.23

BlackStratus Migration/Upgrade Professional Services

Consulting - DBA - SIEM Storm - Oracle DBA for minimum 6 months

BLKS-SSM463 $135,200.00 $128,722.23


P a g e | 88



4.7.2 IT Professional Services - Labor Category Price List

# Labor Category GSA Hourly Rate $

Labor Cat. #

Labor Category 05/01/11 through 04/30/12

05/01/12 through 04/30/13

05/01/13 through 04/30/14

05/01/14 through 04/30/15

05/01/15 through 04/30/16

001 Program Manager $159.98 $164.78 $169.72 $174.81 $180.06

002 Project Manager $127.20 $131.02 $134.95 $138.99 $143.16

003 Principal Network Engineer $133.31 $137.31 $141.43 $145.67 $150.04

004 Senior Network Engineer $109.86 $113.16 $116.55 $120.05 $123.65

005 Network Engineer $92.51 $95.29 $98.14 $101.09 $104.12

006 Junior Network Engineer $69.38 $71.46 $73.61 $75.81 $78.09

007 Entry-Level Network Engineer $57.83 $59.56 $61.35 $63.19 $65.09

008 Principal System Administrator $133.31 $137.31 $141.43 $145.67 $150.04

009 Senior System Administrator $109.86 $113.16 $116.55 $120.05 $123.65

010 System Administrator $92.51 $95.29 $98.14 $101.09 $104.12

011 Junior System Administrator $69.38 $71.46 $73.61 $75.81 $78.09

012 Entry-Level System Administrator $57.83 $59.56 $61.35 $63.19 $65.09

013 Principal Programmer $133.31 $137.31 $141.43 $145.67 $150.04

014 Senior Programmer $109.86 $113.16 $116.55 $120.05 $123.65

015 Programmer $92.51 $95.29 $98.14 $101.09 $104.12

016 Junior Programmer $69.38 $71.46 $73.61 $75.81 $78.09

017 Entry-Level Programmer $57.83 $59.56 $61.35 $63.19 $65.09

018 Principal Computer Maintenance Technician (Principal PC Technician)

$90.65 $93.37 $96.17 $99.06 $102.03

019 Senior Computer Maintenance Technician (Senior PC Technician)

$80.96 $83.39 $85.89 $88.47 $91.12

020 Computer Maintenance Technician (PC Technician)

$52.04 $53.60 $55.21 $56.87 $58.57

021 Principal System Architect $159.98 $164.78 $169.72 $174.81 $180.06

022 Senior System Architect $133.31 $137.31 $141.43 $145.67 $150.04

023 System Architect $117.31 $120.83 $124.45 $128.19 $132.03

024 Senior Technical Writer $101.32 $104.36 $107.49 $110.72 $114.04

025 Technical Writer $79.99 $82.39 $84.86 $87.41 $90.03

026 Junior Technical Writer $67.71 $69.74 $71.83 $73.99 $76.21

027 Principal Consultant $207.55 $213.78 $220.19 $226.80 $233.60


P a g e | 89



028 Senior Consultant $184.49 $190.02 $195.73 $201.60 $207.65

029 Consultant $161.43 $166.27 $171.26 $176.40 $181.69

030 Junior Consultant $124.53 $128.27 $132.11 $136.08 $140.16

031 Senior Subject Matter Expert $276.74 $285.04 $293.59 $302.40 $311.47

032 Subject Matter Expert $230.61 $237.53 $244.65 $251.99 $259.55

033 Junior Subject Matter Expert $170.65 $175.77 $181.04 $186.47 $192.07

034 Senior Analyst $184.49 $190.02 $195.73 $201.60 $207.65

035 Mid-Level Analyst $138.37 $142.52 $146.80 $151.20 $155.74

036 Junior Analyst $110.69 $114.01 $117.43 $120.95 $124.58

037 Project Coordinator $92.25 $95.02 $97.87 $100.80 $103.83

038 Business Writer $92.25 $95.02 $97.87 $100.80 $103.83

039 Technical Editor $92.25 $95.02 $97.87 $100.80 $103.83

040 Executive Assistant $64.57 $66.51 $68.50 $70.56 $72.67

041 Administrative Support $46.12 $47.50 $48.93 $50.40 $51.91

042 Junior Administrative Support $27.67 $28.50 $29.36 $30.24 $31.14


P a g e | 90



5 USA COMMITMENT TO PROMOTE SMALL BUSINESS PARTICIPATION

PROCUREMENT PROGRAMS

PREAMBLE

Network Specialty Group, Inc. provides commercial products and services to ordering activities. We are committed to promoting the participation of small, small disadvantaged and women-owned small businesses in our contracts. We pledge to provide opportunities to the small business community through reselling opportunities, mentor-protégé programs, joint ventures, teaming arrangements, and subcontracting.

COMMITMENT

� To actively seek and partner with small businesses

� To identify, qualify, mentor, and develop small, small disadvantaged, and women-owned small businesses by purchasing from these businesses whenever practical

� To develop and promote company policy initiatives that demonstrates our support for awarding contracts and subcontracts to small business concerns

� To undertake significant efforts to determine the potential of small, small disadvantaged, and women-owned small business to supply products and services to our company

� To ensure procurement opportunities are designed to permit the maximum possible participation of small, small disadvantaged, and women-owned small businesses

� To attend business opportunity workshops, minority business enterprise seminars, trade fairs, procurement conferences, etc., to identify and increase small businesses with whom to partner

� To publicize in our marketing publications our interest in meeting small businesses that may be interested in subcontracting opportunities

We signify our commitment to work in partnership with small, small disadvantaged and women-owned small businesses to promote and increase their participation in ordering activity contracts. To accelerate potential opportunities please contact Prasen Vasavada at (301) 208-9388, via email at [email protected], or via fax at (301) 208-9077.


P a g e | 91



6 BEST VALUE BPA FEDERAL SUPPLY SCHEDULE

(Insert Customer Name) In the spirit of the Federal Acquisition Streamlining Act, (ordering activity) and Network Specialty Group, Inc. enter into a cooperative agreement to further reduce the administrative costs of acquiring commercial items from the General Services Administration (GSA) Federal Supply Schedule Contract(s) ____________________. Federal Supply Schedule contract BPAs eliminate contracting and open market costs such as search for sources, the development of technical documents, solicitations, and the evaluation of offers. Teaming arrangements are permitted with Federal Supply Schedule Contractors in accordance with FAR 9.6. This BPA will further decrease costs, reduce paperwork, and save time by eliminating the need for repetitive, individual purchases from the schedule contract. The end result is to create a purchasing mechanism for the ordering activity that works better and costs less. Signatures _________________ _________ ___________________ __________ Ordering Activity Date Network Specialty Group, Inc. Date BPA NUMBER_____________

(CUSTOMER NAME) BLANKET PURCHASE AGREEMENT

Pursuant to GSA Federal Supply Schedule Contract Number(s) ____________, BPAs, the Contractor agrees to the following terms of a BPA: EXCLUSIVELY WITH (ordering activity): (1) The following contract items can be ordered under this BPA. All orders placed against this BPA are subject to the terms and conditions of the contract, except as noted below: MODEL NUMBER/PART NUMBER *SPECIAL BPA DISCOUNT/PRICE _______________________________ _______________________________ (2) Delivery: DESTINATION DELIVERY SCHEDULES / DATES ________________ _______________________________


P a g e | 92



(3) The ordering activity estimates, but does not guarantee, that the volume of purchases through this agreement will be _________________________. (4) This BPA does not obligate any funds. (5) This BPA expires on ____________ or at the end of the contract period, whichever is earlier. (6) The following office(s) is hereby authorized to place orders under this BPA: OFFICE POINT OF CONTACT _____________ _________________________________ (7) Orders will be placed against this BPA via EDI, FAX, or paper. (8) Unless otherwise agreed to, all deliveries under this BPA must be accompanied by delivery tickets or sales slips that must contain the following information as a minimum: (a) Name of Contractor (b) Contract Number (c) BPA Number (d) Model Number or National Stock Number (NSN) (e) Purchase Order Number (f) Date of Purchase (g) Quantity, Unit Price, and Extension of Each Item (unit prices and extensions need not be shown when incompatible with the use of automated systems; provided, that the invoice is itemized to show the information) (h) Date of Shipment (9) The requirements of a proper invoice are specified in the Federal Supply Schedule contract. Invoices will be submitted to the address specified within the purchase order transmission issued against this BPA. (10) The terms and conditions included in this BPA apply to all purchases made pursuant to it. In the event of an inconsistency between the provisions of this BPA and the Contractor’s invoice, the provisions of this BPA will take precedence. ******************************************************************************

SOLUTIONS • Risk & Vulnerability Assessments • User Awareness Training • Policies & Procedures • NGFW • Data Loss Prevention • Endpoint Protection • Encryption • System Hardening •• Auditing

Cybersecurity is not just an IT challenge, but a business challenge. Modern businesses are increasingly seeking new ways to drive innovation and growth through the extension of their data and information assets outside of traditional physical boundaries - mobility, cloud computing, and integrated business systems are prime examples. However, adversaries have also recognized that these trends present an opportunity to obtain high value proprietary information for themselves with only a small expenditure of resources and risk. This is the core cybersecurity challenge facing resources and risk. This is the core cybersecurity challenge facing businesses today. Cybersecurity risk practices must strive to balance the extension of information assets to drive growth, yet maintain acceptable levels of business costs and information risk. How your organization handles and protects its most valuable information assets is key to maintaining a good business reputation, meeting privacy expectations of regulators, customers, employees, and partners, as well as enabling your business to thrive in the modern, interconnected global economy. thrive in the modern, interconnected global economy.

Security Risk Assessments are performed to allow organizations to assess and identify their current security posture from an organizational viewpoint as well as from an attacker's perspective. The NSG SRA perspective. The NSG SRA process provides a methodological approach to identify business critical assets, analyze threats, understand vulnerabilities, and establish prioritization for appropriate for appropriate countermeasures. NSG's Security Risk Assessment services:

• Programmatic and Technical Reviews• Proactive Identification of Threats, Vulnerabilities and Countermeasures• Security Gap Analysis – Policy, Processes & Infrastructure• SRA Recommendations Report

WHERE EVERYONE SEES A PROBLEM,

WE SEE A SOLUTION.

Cybersecurity Practice

Security Risk Assessment

................................................

........................................

.......................................................

................................................

...............................................

OUR CORE COMPETENCIES

• Application Development

• IT Security• IT Operations• Program Management

CERTIFICATIONSCERTIFICATIONS

• CMMI Level 2• ISO 9001:2008• ISO 20000-1:2011• ISO 27001:2005

WHY CHOOSE US

• Out-of-the Box Thinking•• Customer-Centric Approach

• Highly Skilled Resources• Application of Matured Processes

CONTRACT VEHICLES

• GSA Schedule 70 – GS-35F-0381L

• GSA STARS II – GS-06F-0712Z I & II

NAICS CODES• 541511, 541512, 541513, and 541519

DUNS NUMBER•• 869008631

For more information on

any of our products or

services please visit us on

the Web at:

www.nsgi-hq.com

Network Specialty Group, Inc.610 Professional Drive, Suite 610 Professional Drive, Suite 105, Gaithersburg, MD 20879

Security Engineering focuses on the implementation of “Security Best Practices” from organizational (policies, procedures and people) to infrastructure (computers, applications and facilities). NSG's Security Engineering services:

Continuous monitoring is the process used to detect compliance and risk issues associated with an organization's operational environment. The operational environment consists of people, processes, and systems working together to support efficient and effective operations. Through continuous monitoring of the operations and controls, any weak or poorly designed or implemented controls can be identified and corrected or replaced – thus enhancing the organization's operational risk profile. NSG's Continuous Monitoring services:Monitoring services:

NSG has built its business and reputation on establishing the correct balance of cyber security program development and implementation to meet the specific mission of each client. We practice the concept of protecting the trust relationship by not over-selling or over-implementing and continually advocating for a business model that will better protect itself, and thereby each other, within its environment.

INNOVATE > ACTIVATE > ELEVATE NSG is a leading IT consulting firm that elevates business performance NSG is a leading IT consulting firm that elevates business performance and adds value through technological innovation. We design, develop and execute effective solutions that can withstand the most demanding environments in Information Management, Information Security, Application Development, Infrastructure Operations and Program Management.

• Network and Security Operations Center (NOC/SOC)• Controls & Countermeasures• IT Security Architecture (design/implementation)• Network Security Analysis

• Network and Security Operations Center (NOC/SOC)• Active Monitoring (Threats, Vulnerabilities & Organizational)• Anomaly Handling (Potential threat)• Incident Response (Respond & Recover)

Security Engineering

Continuous Monitoring

Why NSG Cybersecurity

Sim

ple

,

stre

am

lin

ed

solu

tio

ns

to

co

mp

lex, m

ult

ifa

cete

d

ch

allen

ges.

Th

at’

s w

ha

t

NS

G d

elive

rs t

o its

clien

ts.

Wo

rkin

g o

n e

nte

rpri

se t

ec

hn

olo

gy

is a

co

mp

lica

ted

aff

air

—ye

t w

ha

t yo

u’ll

se

e o

n

the

fro

nt

en

d is

th

e s

mo

oth

, so

lid f

un

cti

on

ing

of

req

uir

ed

, co

mp

lian

t p

roc

ess

es.

Ma

ny

co

mp

an

ies

ca

n “

ge

t th

e jo

b d

on

e.”

Wit

h N

SG

, yo

u g

et

solu

tio

ns

tha

t in

teg

rate

str

ate

gic

ally

wit

h y

ou

r g

rea

ter

org

an

iza

tio

na

l mis

sio

n a

nd

co

mp

lete

ly s

up

po

rt y

ou

r

bu

sin

ess

pro

ce

ss, s

ett

ing

yo

u u

p f

or

suc

ce

ss n

ow

an

d

into

th

e f

utu

re.

Keys

to O

ur

Su

ccess

:

!M

ain

tain

str

ict

ad

he

ren

ce

to

pro

ven

p

roc

ess

es

!R

eta

in c

om

mit

ted

, hig

hly

tra

ine

d a

nd

ce

rtifi

ed

IT a

nd

bu

sin

ess

pro

fess

ion

als

!C

om

mit

me

nt

to i

nn

ova

tio

n!

Bu

ild

co

nse

nsu

s a

mo

ng

sta

ke

ho

lde

rs

INN

OV

AT

E is

th

e s

pa

rk t

ha

t

ign

ite

s w

he

n w

e c

on

ne

ct

wit

h y

ou

,

wh

en

we

pu

t o

urs

elv

es

in y

ou

r sh

oe

s

to u

nd

ers

tan

d t

he

bu

sin

ess

pro

ble

m y

ou

ne

ed

to

so

lve

. AC

TIV

AT

E is

wh

en

we

ge

t to

wo

rk c

rea

tin

g a

n e

ffic

ien

t so

luti

on

to

me

et

the

ch

alle

ng

e a

nd

th

en

imp

lem

en

t it

. ELE

VA

TE

is w

he

re

we

wa

tch

th

at

solu

tio

n li

ft u

p y

ou

r o

rga

niz

ati

on

so

th

at

you

ca

n e

xce

ed

be

yon

d y

ou

r e

xpe

cta

tio

ns!

Wh

en

yo

u

ge

t ri

gh

t d

ow

n t

o it

, it’s

ab

ou

t a

su

cc

ess

ful p

art

ne

rsh

ip.

No

t ju

st f

or

no

w, b

ut

go

ing

fo

rwa

rd in

to t

he

fu

ture

.

Ou

r c

lien

t-c

en

tric

ap

pro

ac

h w

ill h

elp

yo

u b

rea

k th

rou

gh

ba

rrie

rs t

o s

uc

ce

ss. W

e p

rac

tic

e t

he

se p

rin

cip

les:

WE

ALW

AY

S K

EE

P Y

OU

WE

LL I

NFO

RM

ED

Co

mm

un

ica

tio

n is

cri

tic

al i

n a

su

cc

ess

ful p

art

ne

rsh

ip,

an

d w

e w

ill k

ee

p y

ou

up

da

ted

an

d in

form

ed

eve

ry s

tep

of

the

wa

y. O

ur

foc

us

is o

n a

cti

vati

ng

an

d k

ee

pin

g

op

en

th

e c

ha

nn

els

of

co

mm

un

ica

tio

n. W

e w

ill d

eliv

er

co

mp

reh

en

sive

pro

gre

ss r

ep

ort

s a

nd

wo

rk a

lon

gsi

de

you

fro

m p

roje

ct

inc

ep

tio

n u

nti

l co

mp

leti

on

.

OU

R M

OT

IVA

TE

D, W

ELL

-TR

AIN

ED

WO

RK

FOR

CE

IS

ALW

AY

S ‘O

N T

HE

JO

B.’

Th

e m

ost

imp

ort

an

t a

sse

t is

its

pe

op

le. T

hro

ug

h o

ur

stri

ng

en

t h

irin

g p

olic

ies

we

’ll b

rin

g y

ou

th

e m

ost

qu

alifi

ed

, exp

eri

en

ce

d c

an

did

ate

s in

th

e fi

eld

to

da

y. A

nd

we

ta

ke g

oo

d c

are

of

ou

r ta

len

t. W

e a

re f

ully

co

mm

itte

d

to e

mp

loye

e t

rain

ing

an

d e

nc

ou

rag

e o

ur

pe

op

le t

o

pu

rsu

e a

ll a

pp

lica

ble

ce

rtifi

ca

tio

ns

an

d c

red

en

tia

ls.

We

cu

ltiv

ate

an

en

viro

nm

en

t th

at

pro

mo

tes

inn

ova

tive

thin

kin

g a

cro

ss a

ll le

vels

, an

d a

lwa

ys e

nc

ou

rag

e o

ur

pro

fess

ion

als

to

he

lp u

s fi

nd

th

e n

ext

un

iqu

e s

olu

tio

n t

o

you

r n

ee

ds.

A P

RO

CE

SS

-OR

IEN

TE

D W

OR

K P

RO

DU

CT

DE

LIV

ER

Y.

Co

oki

e-c

utt

er

solu

tio

ns

just

do

n’t

cu

t it

. To

da

y’s

IT

ch

alle

ng

es

are

un

iqu

e a

nd

co

mp

lex.

We

will

wo

rk

ha

rd t

o d

isc

ove

r th

e b

arr

iers

yo

u f

ac

e a

nd

will

cre

ate

the

so

luti

on

s th

at

sha

tte

r th

ose

ob

sta

cle

s. O

nc

e w

e

de

term

ine

a b

est

pra

cti

ce

so

luti

on

, we

uti

lize

pro

ven

me

tho

ds

to e

nsu

re t

ha

t th

e p

roc

ess

is a

cti

vate

d in

a

fla

wle

ss m

an

ne

r.

“If

you

ca

n’t

exp

lain

it

sim

ply

,

you

don

’t

un

ders

tan

d it

well e

no

ug

h.”

-Alb

ert

Ein

stein

CE

RT

IFIC

AT

ION

S A

ND

CO

NT

RA

CT

S

Here

are

so

me o

f th

e m

ajo

r co

ntr

acts

wh

ere

NS

G i

s eit

her

the p

rim

e o

r su

b-c

on

tra

cto

r:

!G

SA

8a

STA

RS

II

All

4Fu

nc

tio

na

l A

rea

s---

B

oth

Co

nst

ell

ati

on

s !G

SA

Sc

he

du

le 7

0 -

SIN

132

-8, 1

32-3

2, 1

32-

33, 1

32-3

4, 1

32-5

0, a

nd

132

-51

(Pri

me

) !D

ep

art

me

nt

of

Na

vy -

Se

aP

ort

-e (

Pri

me

) !N

ati

on

al I

nst

itu

te o

f He

alt

h (N

IH) -

BP

A (P

rim

e)

Str

ate

gic

Pa

rtn

ers

hip

s

OU

R A

PP

RO

AC

H

!N

SG

ac

cre

dit

ed

Fe

dR

AM

P 3

PA

O !N

SG

ac

cre

dit

ed

IS

O 1

7020

:201

2 C

ert

ifie

d !N

SG

no

w I

SO

/IE

C 2

7001

:201

3 C

ert

ifie

d !N

SG

ap

pra

ise

d a

t C

MM

I Le

vel

3

601

Pro

fess

ion

al D

r. S

te. 1

05

Ga

ith

ers

bu

rg, M

D 2

0879

ww

w.n

sgi-

hq

.co

m

WH

AT

WE

DO

WH

AT

WE

OFF

ER

At

Netw

ork

Sp

ecia

lty

Gro

up

we o

ffer

inn

ova

tive

solu

tion

s to

Fed

era

l a

nd

Com

merc

ial

cu

stom

er

pro

ble

ms!

At

NS

G, w

e t

hin

k d

iffe

ren

tly.

To

so

lve

to

da

y’s

tou

gh

est

IT

ch

alle

ng

es,

yo

u h

ave

to

be

will

ing

to

esc

ap

e t

he

re

alm

of

ord

ina

ry. T

ha

t’s w

ha

t w

e d

o—

an

d it

’s w

ha

t o

ur

clie

nts

like

mo

st a

bo

ut

us.

We

are

inn

ova

tors

. Eve

ry s

olu

tio

n d

eve

lop

me

nt

be

gin

s w

ith

the

qu

est

ion

‘wh

y’ a

nd

‘ho

w,’

so w

e c

an

de

velo

p a

un

iqu

e a

nd

cu

sto

miz

ed

str

ate

gy

tha

t fi

ts y

ou

r n

ee

ds.

NS

G p

rovi

de

s B

usi

ne

ss s

olu

tio

ns

to it

s c

ust

om

ers

tha

t in

no

vate

, ac

tiva

te a

nd

ele

vate

re

sult

ing

in a

fully

co

mp

lian

t IT

infr

ast

ruc

ture

.

CY

BE

R S

EC

UR

ITY

!S

ec

uri

ty R

isk

Ass

ess

me

nts

!S

ec

uri

ty E

ng

ine

eri

ng

!C

on

tin

uo

us

Mo

nit

ori

ng

!K

no

wle

dg

e T

rain

ing

PR

OG

RA

M S

UP

PO

RT

!P

rog

ram

Mg

t. O

ffic

e (

PM

O)

!B

usi

ne

ss P

roc

ess

Re

-en

gin

ee

rin

g a

nd

Im

pro

vem

en

t !In

de

pe

nd

en

t V

eri

fic

ati

on

an

d V

ali

da

tio

n (

IV&

V)

AP

PLI

CA

TIO

N D

EV

ELO

PM

EN

T

!R

eq

uir

em

en

ts A

na

lysi

s !D

eve

lop

me

nt

!In

teg

rati

on

!A

pp

lic

ati

on

s O

&M

!U

ser

Aid

an

d T

rain

ing

IT O

PE

RA

TIO

NS

!A

rch

ite

ctu

re a

nd

En

gin

ee

rin

g S

up

po

rt !S

yste

ms

Ad

min

istr

ati

ve S

up

po

rt !H

elp

De

sk S

up

po

rt !A

sse

t M

an

ag

em

en

t

Con

tact

us

at:

Ro

cc

o Y

ou

ma

ns

Bu

sin

ess

De

velo

pm

en

t M

an

ag

er

t. 3

01.2

08.9

388

Ext

. 204

f. 3

01.2

08.9

077

c. 5

40.4

24.9

416

e. r

you

ma

ns@

nsg

i-h

q.c

om

“If

th

e f

acts

don

’t "

t th

e

theory

, ch

an

ge t

he f

acts

.”

-Alb

ert

Ein

stein

601

Pro

fess

ion

al D

r. S

te. 1

05

Ga

ith

ers

bu

rg, M

D 2

0879

ww

w.n

sgi-

hq

.co

m

CHOOSING THE RIGHT 3PAO – FEDRAMP PRE-ASSESSMENT SUPPORT FedRAMP is a complex, multi-step process that is still relatively new and, as such, is still evolving. This creates several challenges for you, the Cloud Service Provider (CSP) seeking authorization. CSPs must not only assess their own preparedness for FedRAMP assessment, but they must also seek out and vet an accredited 3rd Party Assessment Organization (3PAO) to perform their assessment and go through several rounds of review and engagement with the Joint Authorization Board (JAB).

And that’s where NSG comes in. As an experienced and reputable 3PAO assessor, we can help you navigate the FedRAMP process and ensure a Provisional Authority to Operate (P-ATO) is granted in a cost-effective and timely manner. NSG has the credentials that translate to a better 3PAO assessment support for you: ISO 27001:2013 and CMMI Level 3 certification. The designation of NSG as an ISO 27001:2013 certified 3PAO Service Provider provides our customers the assurance that we truly understand and embrace information security. CMMI Level 3 certification represents that NSG, as your FedRAMP assessor, will increase the confidence your customers have in your ability to safeguard their sensitive information.

NSG will utilize our experience and expertise in NIST- based security assessments and our in-depth understanding of the FedRAMP security controls and templates to conduct security assessments for a Joint Authorization Board (JAB) P-ATO. Through our extensive experience we’ve created a refined methodology, based on the NIST Risk Management Framework (RMF) and the FedRAMP Security Assessment Framework (SAF), that ensures maximum efficiency in our activities.

Our 3PAO Assessment services fall into two (2) areas: FedRAMP Authorization Assessment and Monitoring services, and FedRAMP Pre-Assessment Support and Post-Assessment (Continuous Monitoring) services.

All of our 3PAO Pre-Assessment and Post-Assessment services are mapped to the NIST RMF and FedRAMP SAF. The FedRAMP Pre-Assessment Support services directly map to Steps 1, 2 & 3, and our Post-Assessment services map to Step 6. FedRAMP guidelines preclude the same 3PAO assessor that provides pre-assessment services from providing Assessment Services or Post-Assessment, although 3PAO assessors are authorized to perform those services.

FEDRAMP PRE-ASSESSMENT SUPPORT AND POST-ASSESSMENT (CONTINUOUS MONITORING) SERVICES:

› Pre-Assessment Support Services (Steps 1,2 & 3):

• Prepare/Review Readiness Package to FedRAMP that includes: System Security Plan (SSP), Configuration Management Plan, Contingency Plan, Incident Response Plan, and CSP’s Security Policies and Procedures as required by the SSP.

• Perform GAP Analysis of Security Controls (based on FedRAMP security baseline):

» Prepare/Review Control Implementation: There are 125 controls for a low impact level system and 325 controls for a moderate impact level system.

• Security Engineering:

» Analysis of CPS’s Cloud offerings technical safeguards (based on FedRAMP security baseline): Concept of Operations, Security Requirements & Controls, and Compliance Mapping.

» Technical security engineering support developing and/or implementing CSP’s Cloud

ABOUT NSGNSG is a leading IT consulting firm that elevates business performance and adds value to the public sector enterprise through technological innovation. We design, develop and execute effective solutions that can withstand the most demanding environments.

OUR CORE COMPETENCIES

› Application Development

› Cyber Security

› IT Operations

› Program Management

CERTIFICATIONS

› Accredited FedRAMP 3PAO

› CMMI Level 3-DEV

› ISO 9001:2008

› ISO 20000-1:2011

› ISO 27001:2013

› Accredited inspection body based on ISO 17020:2012

security systems.

• Security Operations threat analysis & testing (Self-Attestation):

» Vulnerability scanning,

» Penetration testing,

» And Security Controls evaluation.

› Post-Assessment (Continuous Monitoring) Services (Step 6):

• Review of CSP Continuous Monitoring requirements: Incident Response, Change Control

• Self-Attestation:

» Vulnerability scanning,

» Penetration testing,

» And Security Controls evaluation.

THE BENEFITS OF HAVING NSG PERFORM PRE-ASSESSMENT SUPPORT FOR YOU

NSG has a vast background in performing information security assessments using our methodology for Risk Management based on the NIST SP 800-37 Risk Management Framework. At NSG, we think differently. To solve today’s toughest IT assessment challenges, you have to be willing to escape the realm of ordinary. That’s what we do— and it’s what our clients like most about us. We are innovators. Every solution development begins with the questions ‘why’ and ‘how,’ so we can develop a unique and customized 3PAO assessment strategy that fits the needs of our customer. We provide assessment solutions to our customers that innovate, activate and elevate---resulting in a fully compliant IT Cloud environment.

› Cost Savings: NSG will help you save valuable resources by performing the myriad of pre-assessment tasks that you would otherwise be required to perform, particularly in Document preparation.

› Security Engineering Approach: NSG employs a Security Engineering approach to assessing your program, allowing you to meet security compliance challenges.

› Self-Assessments / Gap Analysis: We can assist you through the arduous process of performing self-assessments and gap analyses.

› Documentation and Identifying Necessary Controls: NSG has the skills to assist you in identifying required controls and preparing the requisite documentation.

› Continuous Monitoring: NSG specializes in developing and executing comprehensive continuous monitoring programs that ensure that deviations from compliance requirements are identified quickly.

› Specific Control Processes: NSG can recommend control process to meet the requirements of specific/unique controls.

› Security Assessment Plan (SAP) and the Security Assessment Report (SAR): NSG can prepare the SAP and SAR for submission to JAB.

› Tailored Offerings: NSG can tailor your specific offerings to FedRAMP Requirements

› Secure Data Solutions: : CSP is more than pursuing compliance; it is providing customers a truly secure data solution and meeting the responsibilities inherent in doing so.

CONTRACT VEHICLES

› GSA Schedule 70 – GS-35F-0381L

› GSA STARS II - GS-06F-0712Z Constellations I & II

› EAGLE II

› Navy SeaPort-e

NAICS CODES

› 541511, 541512, 541513, and 541519

DUNS NUMBER

› 869008631

WHY CHOOSE US

› Out-of-the Box Thinking

› Customer-Centric Approach

› Highly Skilled Resources

› Application of Matured Processes

For more information about FedRAMP and what assistance Network Specialty Group can provide, please contact:NSG Team MemberEmail: [email protected]

STRATEGIC PARTNERS

state of florida cyber assessment rfi response

Documents