This government questionnaire, part of federal RFPs and grants, focuses on Cybersecurity Supply Chain Risk Management (C-SCRM) and vendor contact information. It requires vendors to provide company and primary point-of-contact details, including name, title, phone, and email. The document then delves into C-SCRM, asking if organizations identify and map key supply chain threats, have written SCRM requirements in contracts, and verify supplier compliance. It also addresses physical and personnel security, inquiring about background check policies, procedures to prevent tampering of ICT equipment, and insider threat literacy training. The questionnaire emphasizes the need for accurate vendor responses, noting that documentation may be requested for validation.

The U.S. Embassy in Harare, Zimbabwe, issued Solicitation #19Z11526Q0007 for mobile telephone and data services. This Request for Quotation (RFQ) seeks a contractor to provide services for approximately 600 cellular and data lines over a one-year base period with four-year options for renewal. The scope includes activation fees, monthly SIM card rentals, various cellular call types (on-net, local, international), SMS messaging, and mobile data bundles (1.2GB, 2.5GB, 5GB, 10GB). Key requirements cover 90% local network coverage, 24-hour international connectivity, international roaming with specific country coverage, 4G/3G internet access with data capping/throttling, SMS messaging, voicemail, and customer service. The contractor must provide up to 600 pre-approved SIM cards, offer eSIM capability, and submit detailed monthly invoices. The solicitation outlines invoicing procedures, key personnel requirements, necessary permits, government-furnished property, provisions for adding new lines, technological refreshment options, special short-term promotions, delivery orders, training, equipment return/defective policy, customer service centers, and network survivability/recovery plans. The Quality Assurance and Surveillance Plan (QASP) sets a performance threshold of no more than one complaint per month. Various FAR and DOSAR clauses are incorporated, addressing areas like subcontractor sales, executive compensation, ByteDance covered applications, child labor, combating trafficking in persons, foreign purchases, text messaging while driving, foreign procurement tax, electronic funds transfer, privacy safeguards, and unmanned aircraft systems from covered foreign entities.

The U.S. Embassy in Harare, Zimbabwe, issued Request for Quotations (RFQ) number 19Z11526Q0007 for Cellphone Services, due by February 2, 2026, at 1700hrs Harare Time. The U.S. Government intends to award a contract to the responsible offeror providing the best value, utilizing a comparative evaluation process. This is not a low price technically acceptable (LPTA) or trade-off process. Interested quoters must submit proposals electronically to HarareGSOProcurement@state.gov in MS-Word, MS-Excel, or Adobe Acrobat (pdf) format, with file sizes not exceeding 30MB per email. Required submissions include SF-1449, Section I Pricing, Section 5 Representations and Certifications, additional information from Section 3, proof of SAM Registration, and a Cybersecurity Supply Chain Risk Management Questionnaire or State Department Secure Software Development Attestation Form. Offerors must be registered in the System for Award Management (SAM) database at sam.gov prior to submission, as failure to do so may result in disqualification.

The US Mission Harare in Zimbabwe issued a pre-solicitation notice (19Z11526Q0007) for cellphone and data services. Dated December 18, 2025, with a response date of January 2, 2026, the solicitation is for a base year with four one-year option periods. The contract will be a firm fixed-price type, and vendors must be registered in SAM.gov. Electronic submissions are allowed, with offers not exceeding 30MB per email. The primary contact is Damian Richard, a Contracting Officer. This pre-solicitation emphasizes the need for registered contractors and adherence to submission guidelines for the upcoming tender.

The Secure Software Development Attestation Form, authorized by various federal mandates including E.O. 14028 and OMB Memoranda M-22-18 and M-23-16, serves to assure the Federal Government that software used by its agencies is developed securely. This form is mandatory for software developed or significantly modified after September 14, 2022, or software with continuous changes. It does not apply to agency-developed, freely obtained open-source, or publicly available software. Software producers must attest to employing secure development practices derived from the NIST SSDF, covering secure environments, trusted supply chains, vulnerability checks, and disclosure programs. The attestation must be signed by the CEO or an authorized designee, or producers may submit a third-party assessment from a FedRAMP-certified or agency-approved 3PAO. Failure to attest may result in agencies discontinuing software use or requiring an extension/waiver from OMB. This form ensures compliance with federal cybersecurity standards for software utilized by government agencies.