IT Security Assessment · FWACAA Security Assessment RFP 6 II. Proposal Evaluation Process A....

IT Security Assessment

R E Q U E S T F O R P R O P O S A L

For the Fort Wayne-Allen County Airport Authority October 7, 2019

FWACAA Security Assessment RFP 2

Table of Contents

I. INTRODUCTION AND BACKGROUND ......................................................................3

A. General Information ..........................................................................................3

B. Scope of Work ..................................................................................................4

C. RFP Schedule ....................................................................................................4

II. Proposal Evaluation Process ...................................................................................6

A. Proposal Format ................................................................................................6

III. Project Deliverables...........................................................................................8

A. DETAILED TECHNICAL REPORT .........................................................................8

B. EXECUTIVE SUMMARY REPORT .........................................................................8

C. ANALYSIS OF SOCIAL ENGINEERING ASSESSMENT ............................................8

D. MISCELLANEOUS DOCUMENTATION AND REPORTS ...........................................8

IV. Evaluation Process ................................................................................................9

V. Exhibit A ...............................................................................................................10

FWACAA Environment ...............................................................................................10

VI. Exhibit B ...............................................................................................................11

Pricing Proposal ........................................................................................................11

VII. Terms and Conditions .......................................................................................12

VIII. Exhibit C ...........................................................................................................13

INDIANA LEGAL EMPLOYMENT DECLARATION ...........................................................13

IX. Exhibit D ..............................................................................................................14

NON-COLLUSION AFFIDAVIT .....................................................................................14

X. Exhibit E ...............................................................................................................15

STANDARD PROFESSIONAL SERVICES AGREEMENT ...................................................15


I. INTRODUCTION AND BACKGROUND

A. General Information

The Fort Wayne-Allen County Airport Authority (FWACAA) is a municipal corporation established under

Indiana statute for the purpose of operating the airports in Allen County, Indiana. The services being

requested under the proposal will be performed at the Fort Wayne International Airport, Suite 209, Lt.

Paul Baer Terminal, Fort Wayne, IN 46809 or Smith Field Airport, 902 W. Ludwig Road, Fort Wayne, IN

46825.

FWACAA is interested in conducting a security assessment to ensure that appropriate security controls

are implemented within the networks, servers, application, and computing platforms to preserve integrity,

confidentiality, and availability of the data that FWACAA is responsible for. Pricing must remain firm for a

period of 60 days due to budgeting considerations. Some of the assessment scope of services may be

awarded in calendar year 2019 and some in calendar year 2020, and some may not be awarded at all.

This assessment is to include, but not be limited to:

• External Network Vulnerability and Penetration Testing - The ability of an attacker to penetrate

FWACAA systems and network externally, without FWACAA providing any additional

information than would be available to a bad actor.

• Internal Network Vulnerability and Penetration Testing – The ability to identify and document

anomalies within FWACAA’s network such as missing patches, configuration flaws, use of

default or weak passwords and password policies, and identifiable vulnerabilities.

• Social Engineering Testing - Phishing campaign that will span across multiple pools of users. The

campaign will begin with a baseline and ease of identification increasing in difficulty

throughout the engagement to complex identification. USB drop test throughout the FWA

Offices across multiple buildings (PSD, FBO, FWA, Maintenance)

• Internal and Web Application Assessment – Review the security level of FWACAA’s local and

cloud-based applications including the accessibility both internally and externally to test the

application security and code vulnerability. Review the FWACAA’s local servers for

vulnerabilities.

• Firewall and VLAN Testing - Gain a better understanding of potential corporate network

vulnerabilities that may be visible from the Internet and to identify VLAN segregation weak

points.

• Wireless Network Assessment and Penetration Testing – Test the vulnerabilities and segregation

between multiple wireless networks. Test the strength of the SSID, encryption and

Password to connect to the wireless networks.

FWACAA is seeking to identify and select an outside independent organization to perform some, or all of

the activities listed above. The remainder of this document provides additional information that will allow

a service provider to understand the scope of the effort and develop a proposal in the format desired by

FWACAA.

To be considered, an original, two (2) copies, and one electronic copy of a proposal must be received at

the offices of the Fort Wayne-Allen County Airport Authority, 3801 W. Ferguson Road, Suite 209, Fort

Wayne, IN 46809. The electronic version of all proposals shall be submitted in the appropriate Microsoft

Office format or PDF format.

FWACAA reserves the right to accept or reject any or all proposals, to waive any formalities, and to

accept the proposal that is determined to be the most advantageous to the Authority.

Any questions concerning technical specifications or Statement of Work (SOW) requirements must be

emailed to:

Bobby Panaretos

IT Manager

[email protected]

mailto:[email protected]


Sealed proposals are due by 4:00 PM on November 15th, 2019. Any proposal received at the designated

location after the required time and date specified for receipt shall be considered late and non-

responsive. Any late proposals will not be evaluated for award. Proposals should be clearly marked as

“FWACAA Security Assessment RFP” and should be addressed to:

Fort Wayne-Allen County Airport Authority

3801 W Ferguson Rd., Suite 209

Fort Wayne, IN 46809

B. Scope of Work

• External Network Vulnerability Assessment and Penetration Testing

o External Port Scanning

o External Vulnerability scanning with and without Administrative Access

o Vendor will work with FWACAA to identify externally facing applications that require to be

analyzed

o FWACAA will provide the range of all external IP Addresses to perform the assessment

o Vendor will provide comprehensive vulnerability and security reports of all externally

facing devices

• Internal Network Vulnerability Assessment and Penetration Testing

o Vendor will scan internal network for vulnerabilities

o Internal Port Scan and vulnerability testing

o Vendor identify exploitable weaknesses within the network and provide a Network and

Security assessment report

• Internal and Web Application Penetration Testing

o Vendor will provide a comprehensive rest and review of our external web applications

o Vendor will test security of FWACAAs internal/local servers for vulnerabilities

• Wireless Network Assessment and Penetration Testing

o Vendor will scan and test any vulnerabilities within our multiple wireless networks

o Vendor will test segregation between the wireless networks

• Firewall and Router Configuration Reviews

o Vendor will test Firewall for port and other vulnerabilities

o Vendor will test segregation vulnerabilities on all VLANs

• Social Engineering Assessments

o Vendor will perform Phishing Email tests for all employees. FWACAA will work with

vendor on an email template.

o Vendor will perform USB Drop Tests throughout the multiple areas within the Fort Wayne

Airport offices (FBO, Maintenance, and PSD Buildings)

• Documentation

o All Documentation (listed below in the Deliverables section) produced by the assessment,

including vulnerability findings, recommendations, and all other detail associated with

ensuring FWACAA’s network was fully assessed as detailed in the Scope of Work.

C. RFP Schedule

Event Date

1. RFP Release 10/8/2019

2. Questions from Vendors 10/25/2019

3. Responses to Vendors 11/1/2019

5. Proposal Due Date 11/15/2019

7. Contract Award 12/2/2019

*These dates are estimated and are subject to change



II. Proposal Evaluation Process

A. Proposal Format

Award of the contract resulting from this RFP will be based upon the most responsive Vendor whose offer

will be the most advantageous to FWACAA in terms of cost, functionality, and other factors as specified

elsewhere in this RFP.

FWACAA reserves the right to:

• Award only portions of the RFP as opposed to the entire Scope of Work.

• Reject any or all offers and discontinue this RFP process without obligation or liability to any

potential Vendor

• Accept other than the lowest priced offer

• Award a contract on the basis of initial offers received, without discussions or requests for best

and final offers

In order to address the needs of this procurement, FWACAA encourages Vendors to work cooperatively in

presenting integrated solutions. Vendor team arrangements may be desirable to enable the companies

involved to complement each other's unique capabilities, while offering the best combination of

performance, cost, and delivery for the Security Assessment being provided under this RFP. FWACAA will

recognize the integrity and validity of Vendor team arrangements provided that:

• The arrangements are identified and relationships are fully disclosed, and

• A prime Vendor is designated that will be fully responsible for all contract performance.

Vendor’s proposal in response to this RFP will be incorporated into the final agreement between FWACAA

and the selected Vendor(s). The submitted proposals are suggested to include each of the following

sections:

1. Executive Summary

This section will present a high-level synopsis of the Vendor’s responses to the RFP. The

Executive Summary should be a brief overview of the engagement and should identify the main

features and benefits of the proposed work.

2. Project Management Approach

Include the method and approach used to manage the overall project and client

correspondence.

Briefly describe how the engagement proceeds from beginning to end.

Include detailed testing procedures and technical expertise by phase. This section should include

a description of each major type of work being requested of the vendor. The proposal should

reflect each of the sections listed below:

• External Network Vulnerability Assessment and Penetration Testing

• Internal Network Vulnerability Assessment and Penetration Testing

• Internal and Web Application Penetration Testing

• Wireless Network Assessment and Penetration Testing

• Firewall and Router Configuration Reviews

• Social Engineering Assessments

3. Detailed and Itemized Pricing

Include a fee breakdown by project phase and all expenses associated with this assessment.

Reference Exhibit B for pricing structure. All prices quoted must be firm for 60 days and not

subject to increase for all assessment scopes of work that are awarded within this period.

Travel, administrative, overhead, and other related charges and expenses shall be included in the

prices set forth in the proposal.

4. References


Provide at least three (3) current corporate references with appropriate contact information that

the vendor has performed similar work for in the past three (3) years and that can attest to

vendor ability to complete work as stated.

5. Project Team Staffing

Vendor will certify that they will provide certified personnel in information security areas and form

a quality team that consists of subject matter experts in internal, external, application penetration

testing and ethical hacking. Any quality team brought forth has undergone and passed vetting

procedures and has appropriate certifications and experience in order to conduct this project and

complete it in a timely manner.

Vendor will include biographies, qualifications and relevant experience of key staff and

management personnel that will be involved with this project.

6. Company Overview

Provide the following for your company:

• Official registered name (Corporate, D.B.A., Partnership, etc.)

• Key contact name, title, address (if different from above address), direct telephone and fax

numbers.

• Person authorized to contractually bind the organization for any proposal against this RFP.

• Brief history, including year established and number of years your company has been

offering Information Security Testing.

7. Forms

Please fill out Exhibits C (E-Verify) & D (Non-Collusion Affidavit)


III. Project Deliverables

At the conclusion of the assessment, FWACAA requires written documentation of the approach, findings,

and recommendations associated with this project. A formal presentation of the findings and

recommendations to senior management may also be required. The documentation should consist of the

following:

A. DETAILED TECHNICAL REPORT

A document developed for the use of FWACAA’s technical staff which discusses: the methodology

employed, positive security aspects identified, detailed technical vulnerability findings, an

assignment of a risk rating for each vulnerability, supporting detailed exhibits for vulnerabilities

when appropriate, and detailed technical remediation steps. This report should cover all the

analyzed items for the scope of work mentioned in this RFP.

B. EXECUTIVE SUMMARY REPORT

A document developed to summarize the scope, approach, findings and recommendations, in a

manner suitable for senior management.

C. ANALYSIS OF SOCIAL ENGINEERING ASSESSMENT

A document describing each pool of users identified and tested detailing the complexity of the

Phishing campaign and USB Drop campaign. A description of the outcome of the social

engineering campaign along with a recommendation on how to proceed moving forward.

D. MISCELLANEOUS DOCUMENTATION AND REPORTS

Vendor will provide all reports generated during the assessment.


IV. Evaluation Process

The proposals will be evaluated and ranked on the basis of the written material submitted. Evaluation

criteria will be related to the following and weighted as shown:

Weight Criteria

30% The quality of the Response Requirements, the approach to the project elements

and scope of work. The quality of the Team’s project plan will figure greatly in

this evaluation.

25% The Vendor’s references and past performance in delivering such services

25% Pricing

20% The overall expertise and experience of the Team assembled to accomplish this

project. The description of key staff assigned to this project will figure greatly in

this evaluation

After the initial evaluation, a short list of firms may be developed and a request made for these firms to

give presentations/demonstrations either via the web or in person. If presentations are requested, they

will be evaluated as part of the award determination.

As part of the presentations, clarifications may be permitted prior to award to assure a full understanding

of the proposal and for the purpose of obtaining the best and final offers.

In conducting discussions with short listed firms, there shall be no disclosure of any information derived

from the other firms submitting proposals.

FWACAA may, at their discretion and without explanation to the prospective Vendors, at any time choose

to discontinue this RFP without obligation to such prospective Vendors. FWACAA may choose to only

award portions of the Scope of Work.


V. Exhibit A

FWACAA Environment

The following information should be used to determine the scope of this project and provide pricing for

this engagement:

External Network Vulnerability Assessment

• Number of IP addresses in target space: 3

• Number of Site to Site VPNs: 2

Internal Network Vulnerability Assessment

• Number of servers in target space: 10

• Number of network devices in target space: 26

• Number of workstations in target space: 65

• Number of VLANs: 5 to 10

Server Configuration Reviews

• Number and type (operating system and function) of servers to be reviewed:

10 Servers – Windows Server 2008, R2 and Windows Server 2012

Firewall Reviews

• Number of type of firewalls to be reviewed: 2

• Number of rules in each firewall rule set: Unknown

Web Application Assessment

• Name and description of each application to be assessed:

O365,

SharePoint Online

Exchange Online

Work Order - Software

ADP Payroll Processing/ Kronos


VI. Exhibit B

Pricing Proposal

Please attach a detailed itemized pricing structure along with the template below.

• External Network Vulnerability Assessment and Penetration Testing $___________

• Internal Network Vulnerability Assessment and Penetration Testing $___________

• Internal and Web Application Penetration Testing $___________

• Wireless Network Assessment and Penetration Testing $___________

• Firewall and Router Configuration Reviews $___________

• Social Engineering Assessments $___________

• Additional Costs Total $___________

• TOTAL COST OF SECURITY ASSESSMENT PROJECT $____________

Firm: _________________________________________________________________

Name: _____________________ Title: ________________________________

Signature: _____________________ Date: ________________________________

Describe any additional costs and information here:


VII. Terms and Conditions

Exhibit E contains a sample contract document to be executed with the successful

offeror upon award of the contract. Federal and/or state law requires many of the

clauses contained in the agreement. The awarded firm may request additional contract

clauses to be incorporated into the contract. If, however, these clauses become a

barrier to contract execution and rapid implementation of the project, the Authority may

proceed to the next highest ranked offeror for contract consideration. The insurance

requirements, as listed, are mandatory.

In compliance with the State of Indiana public record laws, all proposals will be

available for public inspection after award. Trade secrets and proprietary information

submitted by a contractor in connection with the procurement shall not be subject to

public disclosure provided the offeror invokes the protection of this section upon

submission of the proposal. The specific area or scope of data and materials to be

protected must be identified and the reasons for their protections stated. An all-

inclusive statement that the entire proposal is proprietary is unacceptable. A statement

that costs are to be protected is unacceptable and may result in rejection of your

proposal.


VIII. Exhibit C

INDIANA LEGAL EMPLOYMENT DECLARATION

The State of Indiana has enacted a law (I.C. 22-5-1.7) requiring the Fort Wayne-Allen County Airport Authority to require the following before renewing or entering into contracts for services:

This Declaration serves as notice that all Contractors performing services must, as a term of their contract:

1. Enroll in and verify the work eligibility status of newly hired employees of the contractor through the E-Verify programs (but is not required to do this if the E-Verify program no longer exists);

and

2. Verify, by signature below, that the Contractor does not knowingly employ unauthorized aliens.

By signing below, this affidavit becomes a part of and is incorporated into any contract for

services that your firm currently has with the Fort Wayne-Allen County Airport Authority. I, __________________________, a duly authorized agent of ____________________(name of Company), declare under penalties of perjury that __________________________(name of Company) does not employ unauthorized aliens to the best of its knowledge and belief.

__________________________ (Name of Company)

By:________________________ (Authorized Representative of Company) Subscribed and sworn to before me on this ___________day of ______________, 20___. My Commission Expires: _________________ County of Residence: ___________________ _____________________________________ Notary Public – Signature _____________________________________ Notary Public – Printed Name

PLEASE SEE http://www.uscis.gov/e-verify INSTRUCTIONS AND ELECTRONIC REGISTRATION FOR E-VERIFY. IC 5-16-13 also requires that any contractor (including subcontractors) submit, before work begins on a project, the E-verify case verification number for each individual who is required to be verified under IC 22-5-1.7.

http://www.uscis.gov/e-verify


IX. Exhibit D

NON-COLLUSION AFFIDAVIT

State of )

SS:

County of )

The undersigned Proposer or Agent, being duly sworn, on oath says that he/she has not,

nor has any other member, representative, or agent of the firm, company, corporation or

partnership represented by him/her, entered into any combination, collusion or agreement with

any person relative to the price to be offered by anyone, nor to prevent any person from

submitting a offer, and that this offer is made without reference to any other offer and without

any agreement, understanding, or combination with any other person in reference to such offers

in any way or manner whatever.

FIRM OR CORPORATION NAME: ____________________________

SIGNATURE: _____________________________

NAME: _____________________________

ITS: _____________________________

Subscribed and sworn to before me this day of , 2019.

______________________________

Notary Public

Printed or Typed Name: ___________________

My Commission Expires: ___________________


X. Exhibit E

STANDARD PROFESSIONAL SERVICES AGREEMENT

IT Security Assessment

THIS AGREEMENT made by and between the FORT WAYNE-ALLEN COUNTY

AIRPORT AUTHORITY (the "Owner") and _______________ (the

"Consultant");

WHEREAS, the Owner desires to IT security assessment as described in the

Request for Proposals dated ****** which is incorporated by reference and shall be

considered, attached hereto and made a part hereof; and,

WHEREAS, the Owner, based on a review of proposals submitted by

interested firms, has selected the Consultant to perform these services; and,

WHEREAS, the Consultant desires to perform all the necessary services in

connection with this contract,

NOW, THEREFORE, in consideration of the mutual covenants and agreements

contained herein, the Owner and Consultant agree as follows:

ARTICLE I. PROJECT.

(a) The Owner agrees to employ, and does hereby employ and engage the

Consultant, pursuant to the terms and conditions in this Agreement, to perform for the

Owner all necessary professional services incident to the Contract.

ARTICLE II. OWNER'S RESPONSIBILITIES. The Owner further agrees

as follows:

(a) To give the Consultant such information as is pertinent to the

Project(s);

(b) To provide access to the facilities of the Owner as required by the

Consultant, subject to reasonable notice and airport rules and regulations;

(c) To provide software, hardware, any equipment or supplies needed by

the Consultant to complete a given project;

(d) To review all studies, reports, sketches, estimates, drawings,

specifications, proposals, and other documents presented by the Consultant to the Owner,

and to timely respond, in writing, to the documentation submitted for review so as not to

delay the work of the Consultant;

(e) Designate, in writing, that person who will act as Owner's

representative with respect to the work to be performed by the Consultant pursuant to this

Agreement;


(f) To give prompt, written notice to the Consultant whenever the Owner

observes or otherwise becomes aware of any deviations from the scope of the Project;

(g) To obtain any necessary approvals or consents from those individuals,

entities, authorities, or agencies having jurisdiction over or being necessary for completion

of the Project; PROVIDED, HOWEVER, that the Consultant shall identify and advise the

Owner, in writing, as to those individuals, entities, authorities, and agencies whose approval

or consent may be required in order to complete the Project.

ARTICLE III. CONSULTANT'S RESPONSIBILITIES. Pursuant to the scope of

work identified by Purchase Order, the Consultant shall:

(a) Prepare such documentation to include schedules, equipment needs,

and other pertinent information as is necessary to satisfactorily complete the services and

any Projects;

(b) Consultant shall provide reports for the Owner’s representative(s) and

inform the Owner of their progress on the work on any projects. Information necessary for

Authority personnel to maintain the system on a day-to-day basis upon completion of the

project will be provided by the Consultant.

(c) Comply with all known laws, orders, and regulations of any

governmental authority relating to its work on the Project for the Owner, including, but not

limited to, all rules and regulations adopted by the Owner and all rules and regulations of

the Federal Aviation Administration (and specifically, without limitation, Federal Aviation

Regulations Part 139 and Transportation Security Regulation Part 1542. Any violation by

the Consultant, its employees, suppliers, guests, business invitees, or agents of any rule or

regulation which results in the assessment of a fine against the Owner by any authority or

agency shall be paid by the Consultant to the Owner in an amount equal to the penalty

assessed;

(d) Consultant will respond to service and/or emergency needs within the

response times as identified in the Request for Proposals.

(e) The Owner makes no assurances regarding the number of projects to

be undertaken throughout the duration of this contract. This contract does not grant

Consultant the exclusive right to perform information technology services for the Owner.

(f) Each area of testing has a fee proposal provided by the Consultant and

is contained in Exhibit. Any changes to the original scope of the project will be approved in

writing by an approved change order by the Owner and the Consultant.

(g) The Consultant will treat any information that may be sensitive, for

security reasons or otherwise, in a confidential manner.


(h) The Consultant may not subcontract any portion of this work without

the prior written consent of the Owner.

ARTICLE IV. ABANDONMENT & TERMINATION.

(a) If the Owner shall abandon the services herein mentioned, the Owner

shall pay to the Consultant the earned value of the work performed to the date of

abandonment. The earned value of the work performed shall be based upon an estimate of

the portions of the total services that have been rendered by the Consultant to the date of

abandonment and which estimate may be mutually agreed upon by the Owner and the

Consultant.

(b) This Agreement may be terminated by either party upon ten (10) days'

written notice should the other party fail substantially to perform in accordance with its

terms through no fault of the other. In the event of termination, due to the fault of others

excluding the Consultant, the Consultant shall be paid for services performed to termination

date, including reimbursements then due, plus expenses incurred by the Consultant, and

limited to salary, wages, reproduction costs, completion of any reports or studies, and other

previously defined reimbursable expenses that the Owner required and requested beyond

the work accomplished at the time of termination notice.

(c) This Agreement may be terminated for convenience by either party upon

thirty (30) days’ notice. In the event of such termination, the Consultant shall paid for

services performed to termination date in accordance with (b) above.

ARTICLE V. CONSULTANT'S COMPENSATION.


(a) The Owner, for and in consideration of the rendering of

Consultant's services on the Project agrees to compensate the Consultant, in

accordance with the fees contained in Exhibit A. Payment terms shall be Net 30.

ARTICLE VI. INSURANCE. Consultant agrees to procure and

maintain, at its expense, workmen's compensation insurance and bodily injury

liability insurance policies, with minimum limits of liability of not less than One Million

Dollars ($1,000,000) for each claim arising out of bodily injury and not less than One

Million Dollars ($1,000,000) for all damages arising out of bodily injury including

death, arising out of the same occurrence. Consultant shall also secure and maintain

property damage liability insurance policies with minimum limits of not less than One

Million Dollars ($1,000,000) for all damages arising out of injury to or destruction of

property during the policy period. Consultant shall also procure and maintain, at its

expense, Consultant's errors and omissions insurance coverage with a minimum

coverage of One Hundred Thousand Dollars ($100,000). Prior to the commencement

of work on this Project, Consultant shall furnish to the Owner a Certificate of

Insurance, evidencing the requisite coverage specified herein.

ARTICLE VI. GENERAL CIVIL RIGHTS PROVISIONS

The contractor agrees to comply with pertinent statutes, Executive

Orders and such rules as are promulgated to ensure that no person

shall, on the grounds of race, creed, color, national origin, sex, age,

or disability be excluded from participating in any activity conducted

with or benefiting from Federal assistance.

This provision binds the contractor and subtier contractors from the

bid solicitation period through the completion of the contract. This

provision is in addition to that required of Title VI of the Civil Rights

Act of 1964.


ARTICLE VII. COMPLIANCE WITH NONDISCRIMINATION

REQUIREMENTS

During the performance of this contract, the contractor, for itself, its

assignees, and successors in interest (hereinafter referred to as the

“contractor”) agrees as follows:

1. Compliance with Regulations: The contractor (hereinafter

includes consultants) will comply with the Title VI List of

Pertinent Nondiscrimination Acts And Authorities, as they may be

amended from time to time, which are herein incorporated by

reference and made a part of this contract.

2. Non-discrimination: The contractor, with regard to the work

performed by it during the contract, will not discriminate on the

grounds of race, color, or national origin in the selection and

retention of subcontractors, including procurements of materials

and leases of equipment. The contractor will not participate

directly or indirectly in the discrimination prohibited by the

Nondiscrimination Acts and Authorities, including employment

practices when the contract covers any activity, project, or

program set forth in Appendix B of 49 CFR part 21.

3. Solicitations for Subcontracts, Including Procurements of

Materials and Equipment: In all solicitations, either by

competitive bidding, or negotiation made by the contractor for

work to be performed under a subcontract, including

procurements of materials, or leases of equipment, each


potential subcontractor or supplier will be notified by the

contractor of the contractor’s obligations under this contract and

the Nondiscrimination Acts And Authorities on the grounds of

race, color, or national origin.

4. Information and Reports: The contractor will provide all

information and reports required by the Acts, the Regulations,

and directives issued pursuant thereto and will permit access to

its books, records, accounts, other sources of information, and

its facilities as may be determined by the sponsor or the Federal

Aviation Administration to be pertinent to ascertain compliance

with such Nondiscrimination Acts And Authorities and

instructions. Where any information required of a contractor is

in the exclusive possession of another who fails or refuses to

furnish the information, the contractor will so certify to the

sponsor or the Federal Aviation Administration, as appropriate,

and will set forth what efforts it has made to obtain the

information.

5. Sanctions for Noncompliance: In the event of a contractor’s

noncompliance with the Non-discrimination provisions of this

contract, the sponsor will impose such contract sanctions as it or

the Federal Aviation Administration may determine to be

appropriate, including, but not limited to:

a. Withholding payments to the contractor under the contract

until the contractor complies; and/or


b. Cancelling, terminating, or suspending a contract, in whole

or in part.

6. Incorporation of Provisions: The contractor will include the

provisions of paragraphs one through six in every subcontract,

including procurements of materials and leases of equipment,

unless exempt by the Acts, the Regulations and directives issued

pursuant thereto. The contractor will take action with respect to

any subcontract or procurement as the sponsor or the Federal

Aviation Administration may direct as a means of enforcing such

provisions including sanctions for noncompliance. Provided, that

if the contractor becomes involved in, or is threatened with

litigation by a subcontractor, or supplier because of such

direction, the contractor may request the sponsor to enter into

any litigation to protect the interests of the sponsor. In addition,

the contractor may request the United States to enter into the

litigation to protect the interests of the United States.

Title VI List of Pertinent Nondiscrimination Acts and Authorities

During the performance of this contract, the contractor, for itself, its

assignees, and successors in interest (hereinafter referred to as the

“contractor”) agrees to comply with the following non-discrimination

statutes and authorities; including but not limited to:

• Title VI of the Civil Rights Act of 1964 (42 U.S.C. § 2000d et

seq., 78 stat. 252), (prohibits discrimination on the basis of race,

color, national origin);


• 49 CFR part 21 (Non-discrimination In Federally-Assisted

Programs of The Department of Transportation—Effectuation of

Title VI of The Civil Rights Act of 1964);

• The Uniform Relocation Assistance and Real Property Acquisition

Policies Act of 1970, (42 U.S.C. § 4601), (prohibits unfair

treatment of persons displaced or whose property has been

acquired because of Federal or Federal-aid programs and

projects);

• Section 504 of the Rehabilitation Act of 1973, (29 U.S.C. § 794

et seq.), as amended, (prohibits discrimination on the basis of

disability); and 49 CFR part 27;

• The Age Discrimination Act of 1975, as amended, (42 U.S.C. §

6101 et seq.), (prohibits discrimination on the basis of age);

• Airport and Airway Improvement Act of 1982, (49 USC § 471,

Section 47123), as amended, (prohibits discrimination based on

race, creed, color, national origin, or sex);

• The Civil Rights Restoration Act of 1987, (PL 100-209),

(Broadened the scope, coverage and applicability of Title VI of

the Civil Rights Act of 1964, The Age Discrimination Act of 1975

and Section 504 of the Rehabilitation Act of 1973, by expanding

the definition of the terms “programs or activities” to include all

of the programs or activities of the Federal-aid recipients, sub-

recipients and contractors, whether such programs or activities

are Federally funded or not);


• Titles II and III of the Americans with Disabilities Act of 1990,

which prohibit discrimination on the basis of disability in the

operation of public entities, public and private transportation

systems, places of public accommodation, and certain testing

entities (42 U.S.C. §§ 12131 – 12189) as implemented by

Department of Transportation regulations at 49 CFR parts 37 and

38;

• The Federal Aviation Administration’s Non-discrimination statute

(49 U.S.C. § 47123) (prohibits discrimination on the basis of

race, color, national origin, and sex);

• Executive Order 12898, Federal Actions to Address

Environmental Justice in Minority Populations and Low-Income

Populations, which ensures non-discrimination against minority

populations by discouraging programs, policies, and activities

with disproportionately high and adverse human health or

environmental effects on minority and low-income populations;

• Executive Order 13166, Improving Access to Services for

Persons with Limited English Proficiency, and resulting agency

guidance, national origin discrimination includes discrimination

because of limited English proficiency (LEP). To ensure

compliance with Title VI, you must take reasonable steps to

ensure that LEP persons have meaningful access to your

programs (70 Fed. Reg. at 74087 to 74100);


• Title IX of the Education Amendments of 1972, as amended,

which prohibits you from discriminating because of sex in

education programs or activities (20 U.S.C. 1681 et seq).

ARTICLE VIII. SUCCESSORS AND ASSIGNS. The Owner and the

Consultant each binds him or herself, his or her partners, successors, assigns, and

legal representatives to the other party to this Agreement, and to the partners,

successors, assigns, and legal representatives of such other party in respect of all

covenants of this Agreement. Neither the Owner nor the Consultant shall assign or

transfer his interest in this Agreement without the written consent of the other;

notwithstanding the foregoing.

ARTICLE IX. This contract shall be effective upon execution and

continue through completion of the requested services

IN WITNESS WHEREOF, the parties hereto have executed this

Agreement this day of , 2019.

COMPANY FORT WAYNE-ALLEN COUNTY

AIRPORT AUTHORITY

________________________ ________________________

BY: _____________________ Robin R. Strasser, CPA Director of Finance &

Administration

Date post:	19-Jul-2020
Category:	Documents
Upload:	others
View:	4 times
Download:	1 times

IT Security Assessment · FWACAA Security Assessment RFP 6 II. Proposal Evaluation Process A....

Documents