Acquisition type / domain

Federal construction procurement (SF 1449; FAR/HSAR clauses; SOW for B401 Tenant-6 fit-out)

Construction proposal response for B401 Tenant Buildout

Aligned

Set-aside

100% HUBZone set-aside; NAICS 236220

Mentions HUBZone limitation on subcontracting but does not explicitly affirm HUBZone status/certification

Partial (eligibility assertion not explicit in provided text)

Place of performance

MWEOC, 19844 Blue Ridge Mountain Rd, Mount Weather VA

Same address stated

Covered

Period of performance

03/06/2026–02/05/2027

Same stated

Covered

Magnitude

$5M–$10M (construction magnitude)

Not explicitly acknowledged

Neutral (not required as a submission item, but could be acknowledged)

Security level

Unclassified; controlled facility; FOUO/CUI and limited PII for access

Unclassified; acknowledges CUI/FOUO/limited PII; includes incident timelines

Covered

Provide active/current Virginia DPOR contractor license dated within 3 business days of submission

M.1 Screening Factor #1; L.12(a); H.10(d)

States license held/maintained; states PDF copy dated within 3 business days is provided

Covered (asserted)

Risk: if attachment missing/incorrect date/class, proposal may be non-responsive

Submit required bid bond (if required)

L.12(a) requires license and required bid bond

Mentions performance & payment bonds post-award; does not mention bid bond submission

Gap

Risk: non-responsive if bid bond is required by solicitation package (not shown in excerpt where bid bond clause is specified)

HUBZone eligibility (offers solicited only from HUBZone)

SF 1449 & I.6 52.219-3

Mentions HUBZone limitation on subcontracting; does not explicitly state firm is HUBZone small business or provide proof

Partial

Risk: eligibility/representation ambiguity could raise evaluator questions; potential rejection if not HUBZone

One volume, three parts (Part I Screening, Part II Technical, Part III Price)

L.11(a)

Proposal is structured into Part I/II/III and includes past performance and additional certifications

Covered

Ensure delivered as one volume if required (text suggests one volume; also says parts separate—clarify packaging in transmittal)

Unclassified only

L.11(a)

Explicitly states unclassified in multiple places

Covered

Page limit 70 pages; 11-point font; 1-inch margins

L.11(a)

States prepared in accordance with page limit/formatting requirements

Partially Covered

No objective evidence of page count/font/margins in text-only extract

Price proposal must include: CLIN prices (OF 336), signed Davis-Bacon compliance certification, CSI MasterFormat breakdown, and one Excel version of pricing

L.11(d)(1)

States OF 336 attached; signed Davis-Bacon statement included; CSI MasterFormat breakdown included; Excel included

Covered (asserted)

Risk if attachments missing or Excel not included/incorrect

Submit bid/proposal via email in Adobe PDF to CO email address; include Excel CSI breakdown; no hard copies

L.12(f)

Mentions invoicing email address (FEMA-AR@…); does not explicitly restate proposal submission email/delivery controls

Gap

Missing explicit compliance statement: submission email (Matthew.raible@fema.dhs.gov), PDF-only, no hard copy, no .zip/.exe

PDF file size limit ≤ 25MB; no .zip/.exe

L.12(g)

Not addressed

Gap

Risk: rejection/late submission due to email rejection or noncompliant attachments

Acknowledge amendments

L.12(e)

States will acknowledge all amendments as required

Covered (commitment)

Add explicit list of amendments acknowledged in transmittal

Representations & certifications signed by authorized rep

L.12(c) / K.1 / 52.204-8

States SAM reps current; will provide any required signed reps/certs

Partially Covered

No explicit confirmation that signed completed Section K reps/certs are included in package

Offer acceptance period not less than 60 days

L.10

Not addressed

Gap

Risk: proposal may be deemed nonconforming if SF1449 block not completed accordingly

Access forms due date Jan 14, 2026; password-protect; include solicitation # and project title; send password separately

SF 1449 important dates; L.5(d) and cover instructions

States will submit access forms by Government due date with password protection and separate password transmittal; proper naming

Covered (commitment)

Good alignment; ensure actual operational procedure and point of contact email matches solicitation

Pre-proposal site visit attendance expectations

L.5

Not stated whether attended/plans to attend

Gap (informational)

Not always mandatory, but solicitation strongly urges attendance; if attendance required by amendment, risk

Demonstrate thorough understanding of work; include technical approach

M.1 Factor 1

Detailed understanding of 7,000 SF Level 2 fit-out, MEP/low voltage/fire systems, coordination, complementary specs

Covered

Provide proposed/draft project delivery schedule outline

M.1 Factor 1

Provides draft outline sequencing + CPM commitment within 5 days after work commences

Covered

Add high-level milestone table tied to POP (design/submittals/rough-in/finishes/commissioning/turnover)

SCIF construction/accreditation experience (as stated in evaluation text)

M.1 Factor 1 text includes 'including construction and accreditation of SCIFs'

No SCIF/accreditation narrative provided; proposal emphasizes unclassified controlled facility and Area A access

Gap / Potential Misalignment

If SCIF language is boilerplate, may be low weight; but if evaluators expect SCIF-like experience, add relevant secure-build experience and any ICD/ICS familiarity (without implying classified scope)

Coordination with others (AOR, commissioning, AV separate contractor)

Attachment A T.1.4

Explicit continuous coordination with AOR, commissioning team, AV installer

Covered

Maintenance of access/egress; keep corridors safe and clear

H.8; SOW T.1.3.3(e)

Explicit commitment to maintain safe, clear corridors/egress

Covered

Utility outage coordination request content & timing

H.5(b) requires ≥10 days written request w/ required info

Explicit ≥10 days written outage requests; disruptive work during non-work hours when required

Covered

Include enumerated outage request elements to show full compliance

Stop work/suspension for exercises; only CO issues stop work

H.17

Acknowledges periodic stop work; demobilize/remobilize readiness

Partially Covered

Add explicit acknowledgment that only CO may issue stop work order; contractor will comply and protect work

Construction plan (access/work areas/site/outages) submission before start; 3 copies for acceptance

SOW T.1.2 requires 3 copies before start

Mentions disciplined sequencing and outage coordination; does not mention submitting 3 copies of construction plan for acceptance

Gap

Performance risk: noncompliance at mobilization; evaluation risk if seen as missing SOW admin requirement

Site improvements: erosion/sediment controls; restoration of ground covers for dry cooler exterior work

SOW T.1.3.3

Mentions erosion/sediment controls, grading, restoration consistent with site improvement requirements

Covered

AutoCAD / as-built drawing formats and xref binding requirements (Format-1 and Format-2)

SOW T.1.5

Mentions as-builts generally; does not mention AutoCAD format/binding/unique identifiers

Gap

Add explicit deliverable compliance statement for CAD/REVIT output formats

Telecom cable plant + cable plant management documentation

SOW T.1.3.4(10)

Mentions telecommunications cabling and pathways; does not explicitly mention cable-plant management documentation

Partial

Add explicit commitment to provide cable plant documentation deliverable

Intercom system and wall-mounted TV/monitors (if within fit-out contract scope)

SOW T.1.3.4(8)(9)

Not addressed

Gap/Unknown

May be in drawings/specs; add statement 'provide/install all FF&E/IT/telecom/intercom/monitoring items per contract documents'

Testing, commissioning, activation

SOW T.1.3.4(15)(16)

Mentions commissioning support, functional testing, activation coordination

Covered

Maintain effective QC program; burden of proof on contractor

E.3(a)

Explicitly states fully compliant; burden on Offeror not Gov inspection

Covered

Pre-construction conference and submit QC inspector qualifications within 20 days after NTP

E.3(b)

Mentions QC manager designation; does not mention 20-day post-NTP submission of name/qualifications package

Partial

Add explicit timeline tied to NTP and content (education/licenses/job position/experience)

Establish QC system incl. inspections/tests of all items incl subcontractors

E.3(c)(1)

Commits to 3-phase + subcontractor coverage

Covered

Notify COR in writing of proposed changes to QC system; no implementation prior to COR acceptance

E.3(c)(1)

Not addressed

Gap

Add clause-level compliance statement

QC keyed to construction sequence; submittal review/certification; designate QC rep for submittals if different

E.3(c)(2)

Addresses integrated submittal management; does not designate name/role or whether different from QC manager

Partial

Add designation statement and responsibility separation if applicable

3-step inspections: preparatory/initial/follow-up; 24-hr notice prior to preparatory & initial

E.3(c)(3)

Explicitly describes all three; 24-hr notice

Covered

Daily QC reports: 2 copies; signed by QC rep; submit by COB next working day; negative reports required; include defects/corrective actions; incomplete reports not accepted

E.3(d)

Commits to daily reports including negative reports; legible signed; delivered within required timeframe; mentions checklists

Partially Covered

Does not mention 2 copies (original+duplicate) or COB next working day; add explicit submission timing and copy requirement

Government inspection does not replace contractor QC

E.3(e)

Explicitly stated

Covered

Submit written Safety Plan within 20 calendar days after contract award

H.4(a)

Explicitly commits within 20 days

Covered

Designate employee responsible for accident prevention; inspect work to ensure measures applied

H.4(b)

Designates dedicated safety supervisor; field verification

Covered

Scheduled safety meetings

H.4(c)

Commits to regular safety meetings

Covered

Accident investigation (Gov + Contractor)

H.4(d)

States support Gov participation in accident investigations

Covered

Accident reporting: injuries requiring doctor & property damage > $300; verbal notice within 48 hours

H.4(e)

Explicitly commits to 48-hour verbal notice; >$300 property damage

Covered

OSHA log forwarded monthly to COR

H.4(f)

Explicitly commits monthly submission

Covered

Notify COR immediately upon OSHA inspection & exit interview

H.4(g)

Explicitly commits

Covered

Attire restrictions (no shorts; minimum clothing)

H.15

Explicitly commits and restates no shorts; PPE per JHA

Covered

Commence work within 7 days after NTP; complete within specified duration

F.2 52.211-10 (730 days after NTP)

Proposal states POP 03/06/2026–02/05/2027; does not explicitly acknowledge 7-day commencement or 730-day clause text

Partial

Add explicit commitment to F.2 commencement and completion requirement (even if POP differs, align to contract clause)

Progress schedule: CPM; submit within 5 days after work commences; milestones; updates for changes

F.4

Explicit CPM within 5 days; updates for changes

Covered

Notice of Delay: written notice prompt and not less than 45 days before completion date unless directed otherwise

F.5

Mentions timely written notice; does not mention 45-day minimum requirement

Partial

Add explicit 45-day minimum notice requirement compliance

Liquidated damages $1,916.60/day

F.9

Explicitly acknowledged

Covered

Area A access requirements: badge system, ID verification, citizenship, favorable police records check; forms typed/witnessed; submit at least 48 hours prior to need to enter

H.9

Commits to access forms submission; US citizenship for Area A; suitability/police checks; training

Partial

Does not explicitly restate: 48-hour prior-to-entry requirement; forms typed/witnessed by prime approving official; daily badge return process

Access forms due Jan 14, 2026 and submission email/password rules

SF1449 Important Dates

Commits to due date and password-protected submission; separate password email; naming convention

Covered (commitment)

Training: Unauthorized Disclosure, OPSEC, Insider Threat; certificates due within 30 calendar days; new employees within 10 business days; Insider Threat annual recert for cleared personnel

H.18 / Attachment A T.2.1–T.2.3

Commits to all trainings and onboarding within 10 business days; certificate submission within required timeframes

Partially Covered

Does not explicitly mention 30-calendar-day certificate deadline nor annual Insider Threat recertification requirement

CUI safeguarding HSAR 3052.204-72: adequate security; no SPII in invoicing/admin; encryption for CUI email; incident reporting 1 hr PII/SPII and 8 hrs other; flowdown to subs; preserve images/logs; retain packet capture 180 days; certificate of sanitization per NIST 800-88 App G

H.19

Commits to safeguard CUI; encrypt CUI email; incident timelines 1 hr/8 hrs; no SPII in invoicing; CUI return/sanitization certification per NIST 800-88

Partially Covered

Does not mention: flowdown to subs explicitly for 3052.204-72; preserve images/logs; 180-day packet capture retention; detailed incident data elements within 24 hours

Contractor Employee Access HSAR 3052.204-71: background investigations; citizenship/LPR (Alternate II if applicable); CUI training within 60 days and refresher every 2 years; flowdown

H.22 / Attachment A T.2.6–T.2.12

Acknowledges background/suitability; training within 10 days for new employees; does not mention 60-day CUI training window or 2-year refresher cycle

Partial

Add explicit compliance to initial CUI protection training within 60 days and biennial refresher; clarify citizenship reporting for non-US persons if any (proposal says US citizenship required)

PIV / identity verification FAR 52.204-9: account for Gov IDs; return IDs; final payment may be delayed

H.23

Mentions badge issuance/return and notification upon employee release; does not cite final payment delay risk

Partial

Add explicit FAR 52.204-9 compliance statement incl. potential final payment delay

IT Security Plan (HSAR 3052.204-70) if contractor connects to DHS network / accesses DHS systems; submit plan within days after award; accreditation within 6 months

I.18

Proposal discusses CUI email encryption and info protection; does not address whether any DHS network connection occurs or an IT Security Plan/accreditation deliverable

Gap/Conditional

Clarify: “No DHS network connection anticipated” or provide commitment to submit IT Security Plan and pursue accreditation if applicable

Privacy training (FAR 52.224-3 / Attachment A privacy training requirements)

Section I lists 52.224-3; Attachment A requires Privacy at DHS training within 30 days and annually by Oct 31 for those accessing PII/SPII

Proposal discusses PII minimization and incident reporting but does not mention required Privacy training course/certificates

Gap

High compliance risk if personnel handle PII for access forms

FOUO/SBU NDA (DHS Form 11000-6)

Attachment A T.2.4 and Attachment B includes NDA

Proposal generally acknowledges nondisclosure requirements; does not explicitly commit to executing DHS Form 11000-6 as condition of access

Partial

Add explicit NDA execution and tracking/flowdown

Foreign travel restriction for Gov-issued equipment

Attachment A T.2.5

Not addressed

Gap

Add policy acknowledgment if contractor receives/uses Gov-furnished devices

Firm Fixed Price; include all requirements; FOB Destination

I.1; F.O.B. Destination clauses

Explicit FFP; FOB destination; price completeness; OF 336 and CSI breakdown

Covered

Invoices: proper invoice elements; email PDF to FEMA-AR@fema.dhs.gov with COR/CO/CS copied

G.3

Explicitly states invoice submission method per G.3

Covered

Packaging/marking: include contract number on submissions and shipping containers

D.2

Mentions labeling submissions with contract number; marking shipped materials packaging per D.2

Covered

Prompt payment flowdown to subcontractors (52.232-27)

I.11(c) requires pay subs within 7 days; interest; flowdown

Not addressed

Gap

Add subcontract payment policy/flowdown commitment

Insurance coverage amounts and 5-day certification after award

H.6

Commits to maintain insurance and provide certificate within 5 days after award

Covered

Performance & payment bonds within 10 days after bonds presented; 100% penal sum; before starting work

F.8 / I.10

Commits to furnish performance/payment bonds prior to commencement; does not mention 10-day execution requirement

Partial

Add explicit 10-calendar-day execution upon presentation

Buy American Act—Construction materials (52.225-9 / L.1 notice)

I.8 / L.1

Not addressed

Gap

Add explicit commitment to use domestic construction material unless exception approved; include compliance process

Covered telecom (52.204-25) reporting/flowdown

I.3 and L.1 provisions 52.204-24/-26

Not addressed in proposal narrative

Gap

Add representation/assurance that no covered telecom/video surveillance equipment/services will be provided/used and flowdown to subs/suppliers

AI restriction (I.22)

I.22

Explicitly acknowledged; will not use AI unless authorized by CO

Covered

Provide 1–5 references, last 10 years, relevant size/scope/complexity; include required data elements a–h

M.1 Past Performance

States will provide 1–5 references and enumerates all required fields

Covered (commitment)

Ensure actual reference sheets included in final package; include CPARS/PPQs if available

R-01

Bid bond submission not evidenced

L.12(a)

May render proposal non-responsive if bid bond required

Medium

High

Confirm bid bond requirement; include bid bond (or statement not required with citation) in proposal package

R-02

Offer acceptance period ≥60 days not stated

L.10

Nonconforming offer risk if SF block not completed

Medium

Medium

State acceptance period (e.g., 60+ days) explicitly in cover letter/SF block

R-03

Proposal submission mechanics missing (CO email, PDF-only, 25MB limit, no zip/exe)

L.12(f)-(g)

Administrative rejection/late delivery risk

Medium

High

Add transmittal letter confirming compliance with submission email, size, file type constraints; implement internal file control checks

R-04

Privacy training requirement not addressed

52.224-3; Attachment A privacy training requirements

Compliance finding; access denial for personnel handling PII/SPII; incident exposure

Medium

High

Add privacy training plan and certification tracking; include flowdown to subs handling PII

R-05

HSAR 3052.204-70 IT Security Plan/accreditation not addressed (if applicable)

I.18

Noncompliance if any DHS system/network access occurs; could affect authorization to operate/access

Low-Med (scope dependent)

High

Clarify whether any DHS network access/IT resources are used; if yes, commit to IT Security Plan submission and accreditation artifacts

R-06

SOW requires submission of construction access/outage plan (3 copies) before start; not addressed

Attachment A T.1.2

Mobilization delay; COR rejection; performance friction

Medium

Medium

Add explicit commitment to submit construction plan (access, site use, outages) for acceptance prior to start and comply with accepted plan

R-07

AutoCAD/as-built formatting and xref binding requirements not addressed

Attachment A T.1.5

Closeout deliverable rejection; rework risk

Medium

Medium

Add CAD deliverables compliance statement and identify responsible CAD lead/QC checks

R-08

Prompt payment flowdown to subcontractors not addressed

52.232-27

Disputes with subs; compliance risk; potential CO concerns

Medium

Medium

Add subcontract terms commitment: pay within 7 days, interest, and flowdown to lower tiers

R-09

Buy American Act—construction materials compliance not addressed

52.225-9; L.1 52.225-10

Compliance exposure; material substitution disputes

Medium

Medium

Add domestic material sourcing policy and exception request process

R-10

Covered telecommunications (52.204-25/-26/-24) compliance not addressed

I.3; L.1

Award eligibility/compliance risk; supply chain risk

Low-Med

High

Add explicit Section 889 compliance statement; supplier screening and reporting procedures; flowdown

R-11

Access process specifics missing (48-hour prior-to-entry forms, typed/witnessed, badge return)

H.9

Access denial/delays

Medium

Medium

Add access administration SOP summary aligning to H.9 requirements

R-12

CUI incident response specifics missing (180-day packet capture retention; preserve images/logs; detailed incident data elements within 24 hrs)

HSAR 3052.204-72

Incident response noncompliance exposure

Low-Med

High

Add incident response playbook commitments covering evidence preservation, retention, and required reporting elements

R-13

SCIF construction/accreditation experience not addressed though mentioned in evaluation factor text

M.1 Factor 1

Lower technical confidence rating if evaluators expect secure build experience

Medium

Medium

Add narrative of secure/controlled facility experience and any SCIF-adjacent processes (without asserting classified scope)

Add a solicitation compliance matrix (Section-by-section L/M/H/F/E mapping) with references to proposal sections/attachments

Sections L & M; H/F/E; Attachment A

Insert as first appendix; include attachment checklist (license, bid bond, OF336, Excel, reps/certs, past perf sheets)

Reduces evaluator effort; lowers risk of 'missing item' determination

Add explicit proposal submission compliance statement

L.12(f)-(g)

State CO submission email, PDF-only, ≤25MB, no .zip/.exe, no hard copies

Reduces administrative rejection risk

Explicitly state offer acceptance period (≥60 days)

L.10

Add to cover letter/SF block and narrative

Avoids nonconformance

Include explicit HUBZone eligibility affirmation and limitations on subcontracting execution approach

52.219-3; 52.219-14; 52.236-1

Add statement of HUBZone certification status and approach to self-perform ≥10% (excluding materials) with tracking method

Strengthens set-aside eligibility confidence

Address bid bond requirement directly

L.12(a)

Either include bid bond or state 'bid bond not required' with citation to solicitation section if applicable

Prevents non-responsiveness

Add Privacy at DHS training compliance plan and certificate delivery statement

52.224-3; Attachment A privacy training requirements

Identify who takes training, when (before PII access), recordkeeping, and flowdown

Closes major compliance gap for access-form PII handling

Clarify IT security applicability under HSAR 3052.204-70

I.18

State whether any DHS network/system access is required; if yes, commit to IT Security Plan submission and accreditation artifacts; if no, state 'not applicable' rationale

Prevents later compliance dispute

Add SOW-required pre-start construction access/outage plan submission commitment (3 copies)

Attachment A T.1.2

Describe plan contents and acceptance/variance control process

Improves mobilization readiness and COR acceptance

Add explicit as-built/CAD deliverable compliance statement (Format-1/Format-2, xrefs, XBIND, unique identifiers)

Attachment A T.1.5

Commit to AutoCAD/REVIT equivalent deliverables and QC checks

Reduces closeout rework risk

Add Buy American Act compliance statement and materials exception request process

52.225-9; L.1 52.225-10

Commit to domestic materials, supplier certifications, and CO exception request package if needed

Strengthens regulatory compliance posture

Add Section 889 covered telecom compliance statement and supplier screening/reporting process

52.204-25/-24/-26

Describe reasonable inquiry, prohibited equipment, and subcontract flowdowns

Reduces supply chain and award risk

Add subcontract prompt payment flowdown commitment

52.232-27

State 7-day payment rule, interest, and lower-tier flowdown in subcontract templates

Reduces disputes and aligns to FAR clause

Expand CUI incident response commitments to include evidence preservation and 180-day retention obligations

HSAR 3052.204-72(d)

Add short incident response annex covering preservation/retention and required data elements

Improves DHS incident readiness and compliance

Address evaluation SCIF/accreditation language by adding relevant secure facility renovation credentials (if any)

M.1 Factor 1

Add past project examples involving controlled access, secure comms rooms, PIV processes, etc.

Improves technical confidence rating