SAM #N6660426Q0261

Sole Source Hydro Dynamic Test Fixture Testing for NUWC Newport

The Naval Undersea Warfare Center Division, Newport (NUWCDIVNPT), under the Department of the Navy (NAVSEA), is seeking specialized testing services: - Sole source procurement to Arrowhead Products Corp. (CAGE Code: 70628) - Requirement: Hydro Dynamic Test Fixture (HDTF) Testing for 11 units - Testing must be performed using Arrowhead's unique, certified test fixture at their facility - No other test fixture can meet the program's certified requirements - Includes data deliverables per the Contract Data Requirements List (CDRLs) - Access to technical documents requires: - Valid Joint Certification Program (JCP) certification - Current NIST SP 800-171 DoD Assessment and CMMC Level 2 (self) posted in SPRS - Submission of CMMC UID - Period of performance extends through contract award to June 2027 - Place of performance and contracting office: NUWC DIV NEWPORT, Newport, RI - Notable requirements: Export-controlled documents, strict cybersecurity compliance (NIST SP 800-171, CMMC Level 2)

Description

PLEASE READ THIS ENTIRE NOTICE CAREFULLY AS IT CONSTITUTES THE ONLY NOTICE THAT WILL BE ISSUED.

This is a combined synopsis and solicitation for commercial items prepared in accordance with the format in FAR Subpart 12.6-Streamlined Procedures for Evaluation and Solicitation for Commercial Items, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotations are being requested and a written solicitation will not be issued.

The Naval Undersea Warfare Center Division, Newport (NUWCDIVNPT) intends to award a purchase order on a sole source basis to Arrowhead Products Corp. CAGE Code: 70628. The Government requires use of the Hydro Dynamic Test Fixture (HDTF) located at Arrowhead Products facilities. No other test fixture can replicate the exact conditions and provide the certified results required for the program. Moving the fixture or manufacturing a new one would introduce unacceptable costs and schedule delays and is not in the Government’s best interest at this time.

This solicitation is not a request for competitive quotes. However, all quotes received by the closing date will be considered by the Government for future requirements. A determination not to compete this proposed requirement based on responses to this solicitation is solely within the discretion of the Government. Quotes received will normally be considered solely for the purposes of determining whether to conduct a competitive procurement in the future.

Request for Quote (RFQ) Number is N66604-26-Q-0261. This requirement is being solicited on a Sole Source basis. The North American Industry Classification System (NAICS) Code for this acquisition is 541330; the Small Business Size Standard is $25.5 million.

The Naval Undersea Warfare Center Division, Newport (NUWCDIVNPT) intends to award a Firm Fixed Price purchase order for the following items:

CLIN 0001: HDTF Testing for 11 units in accordance with the attached Statement of Work, Government Drawing Package, and Specification documents. CLIN 0002: Data deliverables in accordance with Exhibit A Contract Data Requirements List (Not Separately Priced).

The quote submission shall include a breakdown of the following price elements, at a minimum:

Direct labor Direct Material Other Direct Costs Indirect costs (OH, Fringe, G&A, material handling, etc) Profit Objective quality evidence including quotes, payroll journals, audits of indirect rates, basis of material lists, etc. to support the reasonability of the proposed price elements

This requirement contains drawings that are designated Distribution D and export controlled. To access the Government documents, the Offeror must possess a valid Joint Certification Program (JCP) certification. In order to obtain access to the drawings, a valid DD 2345 form must be provided to the Request for Quote Point of Contact and the requests for the drawings shall come from the JCP Custodian; drawings will not be provided to other points of contact.

In accordance with DFARS supplement rule 2019-D041 (Assessing Contractor Implementation of Cybersecurity Requirements), only offerors with a summary level score of a National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 DoD Assessment, of not more than three (3) years old from the date of this combined synopsis and solicitation, posted in the Supplier Performance Risk System (SPRS) will be eligible to receive a copy of the drawings. Additionally, Cybersecurity Maturity Model Certification (CMMC) Level 2 (self) is applicable to this purchase. Only offerors with a CMMC Level 2 (self) assessment or higher posted in SPRS will be eligible to receive a copy of the drawings. Offerors must provide the Solicitation POC with their associated CMMC UID in order to receive the associated documents.

The anticipated Period of Performance is from Contract award to 30 June 2027.

Incorporated provisions and clauses are those in effect through the latest Federal Acquisition Circular. The following FAR clauses and provisions apply to this solicitation:

52.203-19, Prohibition on Requiring Certain Internal Confidentiality Agreements or Statements. 52.204-13 System for Award Management Maintenance. 52.204-19 Incorporation by Reference of Representations and Certifications. 52.209-10, Prohibition on Contracting With Inverted Domestic Corporations. 52.209-11, Representation by corporations Regarding Delinquent Tax 52.212-1, Instructions to Offerors Commercial Items. 52.212-4, Contract Terms and Conditions Commercial Items. 52.222-3, Convict Labor. 52.222-19, Child Labor-Cooperation with Authorities and Remedies. 52.222-35, Equal Opportunity for Veterans. 52.222-36, Equal Opportunity for Workers with Disabilities. 52.222-50, Combating Trafficking in Persons. 52.223-23, Sustainable Products. 52.226-8, Encouraging Contractor Policies to Ban Text Messaging While Driving. 52.232-8, Discounts for Prompt Payment. 52.232-11, Extras. 52.232-33, Payment by Electronic Funds Transfer-System for Award Management. 52.232-39, Unenforceability of Unauthorized Obligations. 52.232-40, Providing Accelerated Payments to Small Business Subcontractors. 52.233-1, Disputes. 52.233-3, Protest after Award. 52.233-4, Applicable Law for Breach of Contract Claim. 52.240-90 Security Prohibitions and Exclusions Representations and Certifications. 52.240-91, Security Prohibitions and Exclusions. 52.243-1, Changes-Fixed Price. 52.244-6, Subcontracts for Commercial Products and Commercial Services. 52.245-1 Government Property. 52.245-9 Use and Charges. 52.249-1, Termination for Convenience of the Government (Fixed-Price) (Short Form).

The following DFARS clauses apply to this solicitation:

252.203-7000 Requirements Relating to Compensation of Former DoD Officials. 252.203-7002 Requirement to Inform Employees of Whistleblower Rights 252.204-7003 Control of Government Personnel Work Product. 252.204-7008, Compliance with Safeguarding Covered Defense Information Controls 252.204-7009, Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information, 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DEVIATION 2024-O0013, Revision 1) 252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements, 252.204-7018, Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services 252.204-7020 NIST SP 800-171 DoD Assessment Requirements, 252.204-7024 Notice on the Use of the Supplier Performance Risk System 252.211-7003 Item Identification and Valuation 252.215-7013 Supplies and Services Provided by Nontraditional Defense Contractors 252.225-7000 Buy American—Balance of Payments Program Certificate. 252.225-7001 Buy American and Balance of Payments Program. 252.225-7002 Qualifying Country Sources as Subcontractors. 252.225-7013, Duty-Free Entry. 252.225-7048, Export-Controlled Items. 252.232-7010 Levies on Contract Payments. 252.243-7001, Pricing of Contract Modifications. 252.245-7003 Contractor Property Management System Administration. 252.245-7005 Management and Reporting of Government Property. 252.247-7023 Transportation of Supplies by Sea.

Full text of incorporated FAR/DFARS clauses and provisions are available at www.acquisition.gov/far

The following DFARS Clause by full text apply to this solicitation:

252.204-7021 Contractor Compliance With the Cybersecurity Maturity Model Certification Level Requirements.

CONTRACTOR COMPLIANCE WITH THE CYBERSECURITY Maturity MODEL CERTIFICATION LEVEL REQUIREMENTS (NOV 2025)

(a) Definitions. As used in this clause—

“Controlled unclassified information” means information the Government creates or possesses, or information an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Governmentwide policy requires or permits an agency to handle using safeguarding or dissemination controls (32 CFR 2002.4(h)).

“Current” means—

(1) With regard to Conditional Cybersecurity Maturity Model Certification (CMMC) Status—

(i) Not older than 180 days for Conditional Level 2 (Self) assessments and Conditional Level 2 (certified third-party assessment organization (C3PAO)) assessments, with—

(A) No changes in compliance with the requirements at 32 CFR part 170 since the Conditional CMMC Status date (see 32 CFR 170.16 and 170.17); and

(B) A corresponding affirmation of continuous compliance by an affirming official (see 32 CFR 170.4); and

(ii) Not older than 180 days for Conditional Level 3 (Defense Industrial Base Cybersecurity Assessment Center (DIBCAC)) assessments, with—

(A) No changes in compliance with the requirements at 32 CFR part 170 since the Conditional CMMC Status date (see 32 CFR 170.18); and

(B) A corresponding affirmation of continuous compliance by an affirming official;

(2) With regard to Final CMMC Status—

(i) Not older than 1 year for Final Level 1 (Self), with—

(A) No changes in compliance with the requirements at 32 CFR part 170 since the Final CMMC Status date (see 32 CFR 170.15); and

(B) A corresponding affirmation of continuous compliance, not older than 1 year, by an affirming official;

(ii) Not older than 3 years for Final Level 2 (Self) assessments and Final Level 2 (C3PAO) assessments, with—

(A) No changes in compliance with the requirements at 32 CFR part 170 since the Final CMMC Status date (see 32 CFR 170.16 and 170.17); and

(B) A corresponding affirmation of continuous compliance, not older than 1 year, by an affirming official; and

(iii) Not older than 3 years for Final Level 3 (DIBCAC) assessments, with—

(A) No changes in compliance with the requirements at 32 CFR part 170 since the Final CMMC Status date (see 32 CFR 170.18); and

(B) A corresponding affirmation of continuous compliance, not older than 1 year, by an affirming official; and

(3) With regard to affirmation of continuous compliance (32 CFR 170.22), not older than 1 year with no changes in compliance with the requirements at 32 CFR part 170.

“Cybersecurity Maturity Model Certification (CMMC) status” means the result of meeting or exceeding the minimum required score for the corresponding assessment. The potential statuses are as follows:

Final Level 1 (Self). Conditional Level 2 (Self). Final Level 2 (Self). Conditional Level 2 (C3PAO). Final Level 2 (C3PAO). Conditional Level 3 (DIBCAC). Final Level 3 (DIBCAC).

“Cybersecurity Maturity Model Certification unique identifier (CMMC UID)” means 10 alpha-numeric characters assigned to each CMMC assessment and reflected in the Supplier Performance Risk System (SPRS) for each contractor information system.

“Federal contract information (FCI)” means information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government. It does not include information provided by the Government to the public, such as on public websites, or simple transactional information, such as information necessary to process payments.

“Plan of action and milestones” means a document that identifies tasks to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones, as defined in National Institute of Standards and Technology Special Publication 800-115 (32 CFR 170.21).

(b) Framework. The Cybersecurity Maturity Model Certification (CMMC) is a framework for assessing a contractor’s compliance with applicable information security protections (see 32 CFR part 170).

(c) Duplication. The CMMC assessments will not duplicate efforts from any other comparable DoD assessment, except for rare circumstances when a reassessment may be necessary, for example, when there are indications of issues with cybersecurity and/or compliance with CMMC requirements.

(d) Requirements. The Contractor shall—

(i) Have and maintain for the duration of the contract a current CMMC status at the following CMMC level, or higher: CMMC Level 2 (Self) for all information systems used in performance of the contract, task order, or delivery order that process, store, or transmit FCI or CUI; and (ii) Consult 32 CFR 170.23 related to the flow down of the CMMC requirements, and flow down the correct CMMC level to subcontracts and other contractual instruments; (2) Only process, store, or transmit FCI or CUI on contractor information systems that have a CMMC status at the CMMC level required in paragraph (d)(1) of this clause, or higher; (3) Complete on an annual basis, and maintain as current, an affirmation, by the affirming official (see 32 CFR 170.4), of continuous compliance with the requirements associated with the CMMC level required in paragraph (d)(1) of this clause in the Supplier Performance Risk System (SPRS) (https://piee.eb.mil) for each CMMC UID applicable to each of the contractor information systems that process, store, or transmit FCI or CUI and that are used in performance of the contract; (4) Ensure all subcontractors and suppliers complete prior to subcontract award, and maintain on an annual basis, an affirmation, by the affirming official (see 32 CFR 170.4), of continuous compliance with the requirements associated with the CMMC level required for the subcontract or other contractual instrument for each of the subcontractor information systems that process, store, or transmit FCI or CUI and that are used in performance of the subcontract; and (5) If the Contractor has a CMMC Status of Conditional, successfully close out a valid plan of action and milestones (32 CFR 170.21) to achieve a CMMC Status of Final.

(e) Reporting. The Contractor shall—

Submit to the Contracting Officer— (i) The CMMC UID(s) issued by SPRS for contractor information systems that will process, store, or transmit FCI or CUI during performance of the contract; and (ii) Any changes in the CMMC UIDs generated in SPRS throughout the life of the contract, task order, or delivery order, if applicable; (2) Enter into SPRS the results of a current self-assessment for each CMMC UID, not covered by a C3PAO assessment or DIBCAC assessment, applicable to each of the contractor information systems that process, store, or transmit FCI or CUI and that are used in performance of the contract; and (3) Complete in SPRS on an annual basis and maintain as current an affirmation of continuous compliance by the affirming official (see 32 CFR 170.4) for each self-assessment, C3PAO assessment, or DIBCAC assessment required under the contract in SPRS.

(f) Subcontracts. The Contractor shall—

Insert the substance of this clause, including this paragraph (f) and excluding paragraph (e)(1), in subcontracts and other contractual instruments, including those for the acquisition of commercial products and commercial services, excluding commercially available off-the-shelf items, if the subcontract or other contractual instrument will contain a requirement to process, store, or transmit FCI or CUI; and Prior to awarding a subcontract or other contractual instrument, ensure that the subcontractor has a current CMMC certificate or current CMMC status at the CMMC level that is appropriate for the information that is being flowed down to the subcontractor based on the requirements at 32 CFR 170.23.

(End of clause)

The following additional terms and conditions apply:

The method of payment is via Electronic Payment through Wide Area Workflow (WAWF). This solicitation requires registration with the System for Award Management (SAM) prior to award, pursuant to applicable regulations and guidelines. Registration information can be found at www.sam.gov The quote shall include price, delivery terms, and the following additional information with submission: point of contact (including phone number and email address), contractor cage code, and contractor Unique Entity ID. The quote may be submitted via email to the email address below and must be received on or before Thursday, 04 June 2026 at 1600 eastern time. Offer received after the closing date are considered to be late and may not be considered for award. For information on this acquisition, contact Franklin Patton at franklin.k.patton2.civ@us.navy.mil.

View original listing