The U.S. Embassy in Harare, Zimbabwe, is soliciting proposals for Primary Openet Internet Services under RFQ # 19Z11525Q0004. The Embassy requires a dedicated Internet circuit with a minimum bandwidth of 60 Mbps for operational needs, ensuring high-quality direct access to the public internet without filters. Vendors must provide a firm fixed price for the services, which include installation and ongoing support over an initial one-year term with a potential option year. A pre-quotation conference is scheduled for March 27, 2025, with proposals due by April 4, 2025, at 5 PM Harare time. To qualify, offerors must submit several documents, including proof of registration in the System for Award Management (SAM), pricing details, and cybersecurity compliance certifications. The request emphasizes the necessity for latencies not exceeding specified limits and addresses regulatory compliance with the National Defense Authorization Act. Detailed service level agreements (SLAs) and performance expectations are outlined, requiring 24/7 support, rigorous monitoring, and timely fault resolution to maintain an SLA of 99.6%. This procurement reflects the need for reliable internet services crucial for the operational functionality of the U.S. Embassy.

The document provides completion instructions for two key worksheets related to Cybersecurity Supply Chain Risk Management (C-SCRM) for federal RFP submissions: the C-SCRM Questionnaire and the Software Producer Attestation Form. Vendors must fill in specified data concerning their organization's supply chain threat identification, supplier mapping, risk management policies, and employee background checks. The questionnaire emphasizes the importance of confirming whether suppliers meet established standards and managing insider threats. Furthermore, the Software Producer Attestation Form requires software producers to affirm compliance with secure development practices outlined in NIST SP 800-218, including a statement on the security measures for their products. If full compliance cannot be guaranteed, a plan detailing risk mitigation strategies must be provided. Overall, the document delineates the cybersecurity accountability requirements for vendors involved with supplying software to federal agencies, highlighting the critical nature of risk management in federal procurement processes.

The document is an amendment to a solicitation related to a contract issued by the U.S. Embassy in Harare, Zimbabwe. It extends the due date for bid submissions to April 17, 2025, at 1700 Harare time. This amendment, identified as A00001, is part of the procurement process covered under requisition number 19Z11525Q0004, which was initially dated March 20, 2025. The amendment notifies that all previously established terms and conditions remain unchanged except for the updated bid submission deadline. Contractors are required to acknowledge receipt of this amendment to avoid rejection of their offers. The purpose of this change is to facilitate a better response from potential bidders by providing additional time for proposal preparation. The typical procedural elements, including the need for digital signatures and contract administration, are also outlined in the document.

The Department of State has released the Secure Software Development Attestation Form, designed to ensure that software used by federal agencies is developed securely. This requirement stems from the Federal Information Security Modernization Act of 2014 and Executive Order 14028, which mandates compliance with National Institute of Standards and Technology (NIST) guidelines to strengthen the cybersecurity of software supply chains. Software producers must attest that their products meet specific secure development practices, particularly if the software was developed or modified after September 14, 2022. Certain categories, such as federal agency-developed software and publicly available open-source software, are exempt from this requirement. The self-attestation form requires detailed information about the producer, the software, and specified security practices, affirming adherence to established secure development frameworks. Completed forms must be signed by the CEO or authorized designee. If producers cannot provide a completed attestation, they may still submit software if they provide evidence of their security practices and a plan to address any non-compliance. Overall, the initiative emphasizes the administration's commitment to enhancing the security of software used in fulfilling federal functions, aligning with broader cybersecurity goals.