The USAID and CDC Internet Services Solicitation (RFQ # 19Z11525Q0006) seeks quotations for internet services at the U.S. Embassy in Harare, Zimbabwe. The procurement aims to provide dedicated internet circuits for USAID and CDC, ensuring high performance, reliability, and compliance with cybersecurity regulations. Companies interested in bidding must attend a pre-quotation conference scheduled for March 27, 2025, with proposals due by April 4, 2025. Service requirements include a minimum channel capacity of 40 Mbps, with specifications for installation, service quality, and maintenance. The contract spans one year with an option for an additional year. A comprehensive evaluation process will determine the award based on submitted quotations unless further discussions are warranted. Offerors must be registered with the System for Award Management (SAM) and fulfill specific documentation requirements related to pricing, representations, and cybersecurity attestations. The Solicitation underscores the U.S. government's commitment to secure and efficient internet services crucial for operational success in diplomatic missions.

The document outlines the completion instructions for the Cybersecurity Supply Chain Risk Management (C-SCRM) Questionnaire and the Software Producer Attestation Form, both required for entities submitting offers in response to federal government RFPs. It demands detailed responses regarding a vendor's risk management strategies, including identification of supply chain threats, supplier verification processes, and security protocols. The questionnaire is divided into sections, addressing contact information, vendor risk management plans, and physical and personnel security measures. Vendors must also attest to their compliance with secure development practices as specified in NIST guidelines. If compliance cannot be fully met, vendors are required to outline their mitigative practices and provide a Plan of Action & Milestones. This rigorous documentation process ensures that suppliers deliver secure and compliant software products, reflecting the government's emphasis on managing cybersecurity risks within the supply chain. The structured nature of these forms underscores the importance of accountability in the procurement process for federal and state/local agencies.

This document is an amendment to a solicitation and concerns a contract issued by the Embassy of the United States of America in Harare, Zimbabwe. The primary purpose of the amendment is to extend the bid due date from the original date to 17 April 2025 at 1700 Harare time. The amendment underscores the necessity for bidders to acknowledge receipt of this modification to avoid rejection of their offers. Additionally, it indicates that all other terms and conditions of the original solicitation remain unchanged except as specified in this document. Contractors are required to sign and return copies of this amendment to confirm their acknowledgment. Overall, this document serves as an essential administrative update regarding the submission timeline for proposals related to the solicitation numbered 19Z11525Q0006.

The Secure Software Development Attestation Form aims to ensure that software used by federal agencies is developed following secure practices, as mandated by Executive Order 14028 and relevant federal regulations. This form reflects compliance with the Federal Information Security Modernization Act (FISMA), ensuring that security protocols for software are strictly adhered to. Software producers must attest to the use of best practices derived from the NIST Secure Software Development Framework (SSDF), particularly for those products developed or significantly modified after September 14, 2022. Producers not only complete the form but may also provide third-party assessments to validate their compliance. The attestation process includes specific security practices such as environment security, logging and monitoring, and vulnerability management. Certain software categories, like open-source or federal-developed software, are exempt from this requirement. The form must be signed by the CEO or their designee to validate the claims made about software security practices. Failure to provide accurate information could lead to disqualification of the software for use by federal agencies. This document is part of broader federal initiatives aimed at enhancing cybersecurity within government operations.