Language Services Unit (LSU) Modernization

Form / Attachment / Pricing Sheet

This document, "DOJ-05 Security of Department Information and Systems (OCT 2023)", outlines the security requirements applicable to contractors and subcontractors working with the Department of Justice (DOJ) concerning information systems and data. It serves as a critical attachment to a contract, detailing the security obligations that must be met.

• Applicability: Extends to all contractors, subcontractors, and cloud service providers (CSPs) that access, collect, store, process, maintain, use, share, retrieve, disseminate, transmit, or dispose of DOJ Information.
• Definitions: Provides definitions for key terms such as Authorization to Operate (ATO), Cloud Computing, Covered Contract, Covered Information System, DOJ Information, Personally Identifiable Information (PII), Security Breach, and Security Incident.
• Confidentiality and Non-Disclosure: Stipulates that all contract deliverables and associated working papers are U.S. Government property with unlimited data rights. Contractors are responsible for protecting DOJ Information and must report on the type, amount, and sensitivity of DOJ Information processed.
• Information Technology Security Compliance: Mandates compliance with various federal laws, regulations, and standards including FISMA, Privacy Act of 1974, NIST SP 800-37, 800-53, 800-60, FIPS, FedRAMP, and DOJ IT Security Standards.
• Specific Requirements: Details numerous security requirements for Covered Information Systems, including access control, security awareness training, audit record retention, continuous monitoring, configuration management, incident handling, media protection, and screening of personnel.
• Cloud Computing: Outlines specific requirements for utilizing Cloud Service Providers (CSPs), including FedRAMP authorization, obtaining an ATO, ensuring DOJ access to data, and security posture management.
• Supply Chain Risk Management (SCRM): Requires SCRM reviews for specified acquisitions and the development and implementation of a SCRM Plan.
• Security Incident Reporting: Establishes procedures for reporting Confirmed and Potential Security Incidents, including immediate notification requirements and cooperation with DOJ investigations.

This document is crucial for any bidder seeking to understand the stringent security protocols and compliance obligations required when handling Department of Justice information and systems. It directly impacts the technical and operational requirements of a contract, influencing proposal development, resource allocation, and overall contract performance. Bidders must carefully review these requirements to ensure they can meet the DOJ's security standards.

Questions & Answers / Clarifications

This document contains questions posed by potential vendors regarding an unspecified LSU requirement, likely a Request for Information (RFI) or solicitation.

• Solution Availability: Inquires about existing out-of-the-box solutions versus custom development.
• Solution Scope: Seeks an estimated percentage of solution provision and capacity (supplies/services).
• Software & Modifications: Asks if the solution is readily available software and the extent of modifications needed.
• Contract Type Recommendation: Requests vendor recommendations for contract types (e.g., Firm Fixed Price, T&M) and rationale.
• Pricing Model: Asks for a description of the vendor's pricing model without a formal quote.
• NAICS Code/SIN: Seeks recommended NAICS codes and SINs for the project.
• Contract Vehicles: Inquires about the vendor's use of Governmentwide Acquisition Contracts (GWACs) and specific contract numbers.
• SAM Registration: Asks for confirmation of SAM registration and the unique ID.
• Socioeconomic Category & Business Size: Seeks information on socioeconomic status, business size, and subcontracting/teaming plans.
• DOJ Clause Compliance: Asks about potential difficulties complying with specific DOJ clauses (DOJ-02, DOJ-05) referenced in attachments.
• FedRamp Compliance: Inquires about the vendor's FedRamp compliance level for their firm or proposed activities.
• Location: Asks if the vendor is local to the Washington DC area.

This document is a set of questions seeking clarification and information from potential bidders. The responses to these questions, if provided by the government, would likely impact the final solicitation by clarifying requirements, influencing contract type, and potentially affecting submission details.

Form / Attachment / Pricing Sheet

This document outlines the "DOJ-02 Contractor Privacy Requirements (JAN 2022)" which details the Department of Justice's expectations and mandates for contractors regarding privacy, safeguarding of information, and compliance with relevant laws and regulations.

• Limiting Access to Privacy Act and Other Sensitive Information: Covers requirements for handling Privacy Act information, restrictions on performing work outside government facilities, prior approval for subcontractors, and a separation checklist for contractor employees.
• Privacy Training, Safeguarding, and Remediation: Mandates privacy training for all employees, safeguarding of Personally Identifiable Information (PII), non-disclosure agreements, and prohibitions on using PII in billing records.
• Reporting Actual or Suspected Data Breach: Outlines the strict reporting requirements for data breaches, including immediate notification and detailed written reports.
• Government Records Training, Ownership, and Management: Addresses requirements for records management training, compliance with federal and agency policies, and rules regarding the creation, ownership, and disposition of government records.
• Data Privacy and Oversight: Details restrictions on using real data for testing or training, requirements for IT systems hosting government data, and the contractor's role in supporting privacy compliance through assessments like the Initial Privacy Assessment (IPA) and Privacy Impact Assessment (PIA).

This document is critical for any bidder whose contract may involve access to, creation, use, or storage of Personally Identifiable Information (PII) or other sensitive government information. It highlights significant compliance obligations, training requirements, reporting procedures, and potential consequences for non-compliance, directly impacting proposal preparation, contract execution, and overall risk management.

Other / Unclassified

This document is the "Functional Requirements Document" for the Language Services Unit (LSU) Interpreter Services Modernization project. It details the functional and operational requirements for a new system intended to streamline the Executive Office for Immigration Review's (EOIR) interpreter request, assignment, and billing processes. The project aims to replace the existing Electronic Contract Interpreter Ordering System (ECIOS) with a new capability that will improve efficiency, accuracy, and cost-effectiveness of interpretation services.

This document outlines the specific functional requirements for a system that will manage interpreter services. Bidders interested in providing solutions for this modernization effort should review these requirements to understand the scope of work, including:

• Scheduling and Assignment: Detailed requirements for scheduling initial master hearings, reset & merit hearings, identifying interpretation needs, scheduling staff and contract interpreters, and managing interpreter check-in/check-out.
• Interpreter Management: Processes for ordering contract interpreters, handling unscheduled telephonic interpreters, re-routing assignments, and managing interpreter no-shows and delays.
• Vendor and Invoice Management: Procedures for vendor invoice processing, including order creation, cancellations, damages, and invoice submission and acceptance.
• Operational Requirements: Specifications related to security, audit trails, data currency, reliability, recoverability, system availability, fault tolerance, performance, capacity, and data retention.
• Compliance: Requirements for Section 508 compliance.

Understanding these functional requirements is crucial for potential vendors to assess their ability to meet the government's needs for this interpreter services modernization project.