19SG2026Q0009_ U.S. Embassy Senegal _ Solicitation for cellphone services

The U.S. Embassy in Senegal issued a pre-solicitation (19SG2026Q0009) for mobile phone services and data solutions. This includes voice, data, and roaming services for Senegal and worldwide. The contract is anticipated to be a firm fixed-price type with a base year and two one-year option periods. All contractors must be registered in the SAM.gov database. Electronic responses are accepted and should be sent to DakarSolicitation@state.gov. The contract performance will be at the U.S. Embassy Dakar. Seth R. Rogers is the primary point of contact.

The document outlines a Cybersecurity Supply Chain Risk Management (C-SCRM) Questionnaire, which is a sensitive but unclassified form for vendors submitting offers to the government. This questionnaire is divided into three sections: Contact Information, Vendor Risk Management Plan, and Physical and Personnel Security. Vendors must provide their company's name, primary Point-Of-Contact (POC) details including name, job title, phone number, and email. The questionnaire also requires information on the organization's ability to identify and map supply chain threats, their written SCRM requirements with key suppliers, and their verification processes to ensure suppliers meet these requirements. Additionally, it asks about policies for conducting employee background checks, procedures to prevent tampering of Information and Communications Technology (ICT) equipment, and literacy training for recognizing insider threats. Instructions emphasize that the offering entity, or its managing partner in the case of a joint venture, must complete the worksheet, and responses may be subject to validation by the government.

The Secure Software Development Attestation Form provides assurance to the U.S. Federal Government that software used by agencies is developed securely. Mandated by OMB Memoranda M-22-18 and M-23-16, and rooted in Executive Order 14028, this form requires software producers to attest to compliance with secure software development practices derived from the NIST Secure Software Development Framework (SSDF). Attestation is necessary for software developed or significantly modified after September 14, 2022, or continuously delivered software. Exceptions include federal agency-developed, freely obtained open-source, third-party components, and publicly available free software. Producers must detail their adherence to practices for secure development environments, trusted source code supply chains, provenance, and vulnerability management. The form requires signature from the CEO or an authorized designee, or submission of a third-party assessment. Failure to attest can lead to an agency no longer utilizing the software, with provisions for extensions or waivers under specific circumstances.

The U.S. Embassy in Dakar, Senegal, has issued Request for Quotations (RFQ) number 19SG2026Q0009 for mobile phone and data services. The contract is for a one-year base period with two one-year options to renew. The Embassy requires comprehensive mobile services for an estimated 500 users, including smartphone plans, data-only plans, pre-paid and post-paid SIM cards, regional and international roaming, 24/7 customer service in English and French, and detailed monthly billing. Offerors must provide proof of SAM registration and complete a Cybersecurity Supply Chain Risk Management questionnaire. Quotations are due by July 16, 2026, at 12:00 noon local time and can be submitted via sealed envelope or electronically. The U.S. Government intends to award a contract based on comparative evaluation, prioritizing best value over lowest price.