Test canned search entity 1
Links related to "Test canned search entity 1"
DBIR Report 2023 - Small Medium Business (SMBs) Data Breaches Business
The information provided will be used in accordance with our terms set out in our . Please confirm you have read and understood this Notice. By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our . California residents can view our . Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time. Indicates a required field. The content access link will be emailed to you. You will soon receive an email with a link to confirm your access, or follow the link below. You may now close this message and continue to your article. — said no one ever (except math teachers),In certain prior reports, we have compared and contrasted small and medium businesses (SMBs) against large organizations to determine whether the attack surface differed significantly between them. Increasingly, both SMBs and large companies are using similar services and infrastructure and that means that their attack surfaces share more in common than ever before. This has led to a convergence of attack profiles regardless of the size of the organization. However, what is very different is the ability of organizations to respond to threats due to the number of resources they can deploy in the event that they are attacked. The tables on the right illustrate the fact that SMBs and large organizations have increasingly become similar to each other. This phenomenon began several years ago, and by now there is so little difference based on organizational size that we were hard-pressed to make any distinctions whatsoever. Therefore, this year we decided to look at these a bit differently by looking at the implementation of security controls for various size SMBs (smaller, midsize and larger) and how they may overlap or differ. In past reports we have discussed the research we conduct with regard to controls—in particular, the work we have done with MITRE to map VERIS to ATT&CK. This year, we would like to take this research a bit more into the real world and apply it to how you would use these mappings with the appropriate CIS Implementation Group protective controls. 699 incidents, 381 with confirmed data disclosureSystem Intrusion, Social Engineering and Basic Web Application Attacks represent 92% of breachesExternal (94%), Internal (7%), Multiple (2%), Partner (1%) (breaches)Financial (98%), Espionage (1%), Convenience (1%), Grudge (1%) (breaches)Credentials (54%), Internal (37%), Other (22%), System (11%) (breaches),. At a glance for SMB496 incidents, 227 with confirmed data disclosureSystem Intrusion, Social Engineering and Basic Web Application Attacks represent 85% of breachesExternal (89%), Internal (13%), Multiple (2%), Partner (2%) (breaches)Financial (97%), Espionage (3%), Ideology (2%), Convenience (1%), Fun (1%) (breaches)Internal (41%), Credentials (37%), Other (30%), System (22%) (breaches),. At a glance for large organizations,Let's assume you're a startup — company in its infancy. You have very, very limited resources for implementing security controls of any kind. Your IT person is also your security person is also your Jack- (or Jill-) of-all-trades who wears many hats and never sleeps. The first step is to see which controls are recommended for your level of security maturity and resources. But where to begin? We like the CIS Critical Security Controls Navigator as a good starting point. It breaks down each of the CIS Controls into small, easy-to-consume chunks and then maps them to various security standards that an organization may want to comply with as their adopted standard. You will see that they are broken into three Implementation Groups, and each one is geared to the organization's maturity level. Since we're at the beginning here, we will start with Implementation Group 1 (IG1). While these are all good controls and should be on the road map, let's take a more threat-centric approach in our scenario. You can see in Tables 3 and 4 that regardless of an organization's size, they are going to face the System Intrusion pattern most commonly. In last year's report, we mapped the Controls to the pattern and showed which were most commonly going to help you in an attack. The result in IG1 shows Controls 14 (89%), 11 (80%) and then 5 (67%). When you drill further into the Sub- Controls, more granularity should guide you in your quest for maturing your organization's security posture. Each organization will need to customize and prioritize according to its own risk profile and tolerance, but it is at least a place to begin. Once the most likely suspects are accounted for, move onto the next mostly likely attack pattern you may be facing and determine how to handle that. Using data-driven information on your most probable risk areas is a defensible strategy toward prioritizing controls with few resources. Hopefully after some progress is made, your Jack-/Jill-of-all-trades can go back to sleeping at night. Establish and maintain a security awareness program to influence behavior among the workforce to be security conscious and properly skilled to reduce cybersecurity risks to the enterprise. Establish and maintain data recovery practices sufficient to restore in-scope enterprise assets to a preincident and trusted state. Use processes and tools to create, assign, manage and revoke access credentials and privileges for user, administrator and service accounts for enterprise assets and software. CIS Implementation Group 1 Controls for Incident Classification Patterns most commonly encountered by SMBs,You've been at this a while. You're not tiny, but you're not quite at the enterprise level just yet. You have been working diligently at maturing your processes in both IT operations and in information security. You have put in place the Controls in IG1 and are now eyeing IG2 to take your company to the next level of protection. With that in mind, let's take a look at the IG2 controls that cover the Social Engineering pattern, which is the second largest threat for SMBs. The first two controls are the same main categories as they were for System Intrusion, Control 5 (100%) and Control 14 (100%). However, the third control is different for this pattern:,An Incident Response Management plan is key to all areas of security but perhaps especially so when it comes to Social Engineering attacks for a few reasons. Many of these attacks, such as pretexting, tend to escalate quickly and can have a high impact. Perhaps just as importantly, employees need to feel secure in the knowledge that they have a place they can report these incidents to when they occur because the sooner they report them, the more quickly you can address them. Now let's pivot to look at the larger organizations in the SMB area. To clarify, we are still writing with regard to SMBs, we simply mean the larger companies that still fall into that category (<1,000 employees). When your company reaches this point, there are more resources available to throw at problems, whether in the form of more people, more technology options or just plain more cash, and bringing those resources to bear can yield substantial benefits. At this level you have already tackled IG1 and IG2 and are ready for IG3 controls. These Controls mature along with your organization. Therefore, let us examine the IG3 Controls with regard to the third most common pattern for SMB: Basic Web Application Attacks. The first, Control 17 (100%), we talked about in the section above, but Controls 16 (100%) and 18 (100%) we have not yet discussed. Control 16 is certainly timely, considering the SolarWinds case from last year's report and the Log4j impact discussed in this year's report, so we should have no problem seeing the relevance of this Control. Sub-Controls 16.2: Establish and Maintain a Process to Accept and Address Software Vulnerabilities, 16.4: Establish and Manage an Inventory of Third-Party Software Components, and 16.5: Use Up-to-Date and Trusted Third-Party Software Components would have gone a long way to defending against both of those cases. Once an entity has reached the larger end of the SMB scale, Control 18 also comes into play. Establishing penetration testing capabilities and incorporating their findings into the security processes can only improve the information security posture of a larger SMB. This is basically real-world testing of your controls to make sure they are performing how you expect them to. Like backups, only controls that have been tested and verified should be trusted. Now that you've already looked at the Controls and prioritized them, you know what you're most likely to be hit with and you're working your way through to the end—your ducks are almost all in a row. You have balanced preventive and detective capabilities and are on your way to being able to not only detect when something bad has happened but also respond quickly and appropriately. You have moved from the basics of putting your plan together to implementing a road map. A few final things to consider at this point: Are you looking at aligning with a particular compliance framework? Do you track metrics around security in your environment? Do your efforts result in ongoing improvements to your security posture, or do they just provide a point-in-time snapshot that says, "I was good at this moment, but then things changed"? There is quite a bit you can do when you use good information about what is happening in your organization to steer your security strategy. Report after report, and study after study, shows that many attacks are successful because network owners did not know their enterprise assets, the software they had running and where their critical data was. Knowing your environment is foundational to any cybersecurity program, so they encompass the first three controls of the CIS Critical Security Controls (Controls). After all, you can't protect what you don't know you have. After understanding your environment, you can prioritize where to apply and which controls to implement across your enterprise. At CIS we know that this will take time and resources, which is why we have prioritized the Controls and supporting Safeguards to help you plan your security improvement program. We do this through Implementation Groups (IGs). There are three IGs and are based on the risk profile and resources an enterprise has available to them to implement controls. Each IG builds upon the previous one. So IG2 builds upon IG1 and IG3 comprises all the Controls and Safeguards. We describe a typical IG1 enterprise as small to medium-sized with limited IT and cybersecurity expertise to dedicate toward protecting IT assets and personnel. The principal concern of this enterprise is to keep the business operational, as they have a limited tolerance for downtime. The sensitivity of the data that they are trying to protect is low and principally surrounds employee and financial information. Safeguards selected for IG1 should be implementable with limited cybersecurity expertise and aimed to thwart general, non-targeted attacks. These Safeguards will also typically be designed to work in conjunction with small or home office commercial off-the-shelf (COTS) hardware and software. But no matter the size or complexity of your business, we recommend that all organizations begin with IG1. We also refer to IG1 as Essential Cyber Hygiene because it provides the actions necessary for an organization to defend itself against the major attack types being used by cybercriminals. IG1 is not just another list of good things to do; it's an essential set of steps that helps all enterprises defend against real-world threats. And it provides a strong foundation for your cyber maturity growth, or as your security needs change. This is a strong claim, but we back it up with our use of the best-available summaries of attacks (like the Verizon DBIR), and an open, shared methodology (the CIS Community Defense Model v2.0,Again, there is that refocusing thing we keep talking about. 2022 DBIR, Appendix B: VERIS and Standards, p. 96,And this never really hurts, does it? If you are already a Verizon customer, we have several options to help you get the support you need. Choose your country to view contact details. Existing customers, to your business account or . These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. We use both third party and first party cookies for this purpose. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. These cookies may be set through our site by Verizon and third parties. They are used to present Verizon advertising on third party sites that you may visit. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising from Verizon. BackClear Filters,All Consent Allowed
Learn more5G Edge Application Tutorial
Have you just launched your first application on AWS Wavelength and are unsure what to do next? This tutorial covers popular techniques using open-source and AWS-developed techniques to monitor your application latency on Verizon's 5G Ultra Wideband (UWB) network. After launching your first instance, you might be questioning what the latency characteristics are from the application to the client. Moreover, you might be asking, How do I ping a remote endpoint from a mobile device? In this tutorial, you'll learn how to run a lightweight Linux® distribution on the mobile device, with the appropriate configuration, to take advantage of all the network performance tools you may encounter from a laptop, virtual machine (VM) or container. More specifically, we'll cover two prominent measurement techniques and tools:,httpstat: To view the components that make up your E2E latency—from DNS and underlying TCP connection to the content transfer itself—consider using httpstat, a Python® script that reflects cURL statistics in a simple and well-defined way,iPerf3: To measure uplink and downlink bandwidth, consider using iPerf3, an open source tool to measure the maximum achievable bandwidth on IP networks for both TCP and UDP connections,Beyond the absolute end-to-end latency (ms) and bandwidth (Mbps) measurements, consider using these tools to benchmark performance to the parent region. Said differently, as you measure performance of your mobile UE to your 5G Edge infrastructure, make sure to also compare the performance of the same UE to the parent region. As a practical example, consider if you live in the Boston metropolitan area and launch an iPerf instance in us-east-1-wl1-bos-wlz-1 (Boston Wavelength Zone). After recording performance characteristics in the Wavelength Zone, consider launching an additional iPerf instance in the parent region, us-east-1 (North Virginia), to understand the comparative benefits in 5G Edge vs. the parent region. Navigate to the Google Play® Store and search for the app Termux. Termux is an Android® terminal emulator and Linux environment app that works directly with no rooting or setup required. To learn more, visit . Next, to install cURL and python, there are a couple of simple commands. Note that you may not have root (sudo) privileges on your device, especially on the Nova platform: Simply download the TestFlight app from the Apple® App Store®. Then open a browser and go to http://ish.app. Scroll down and click to join the TestFlight beta. Once iSH is installed on your iPhone®, install Python and cURL using the Alpine package manager using the following commands: For your first performance testing, consider using iPerf3. iPerf3 is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, SCTP with IPv4 and IPv6). For each test, it reports the bandwidth, loss and other parameters:To run your own iPerf3 server on an EC2 instance, please follow the steps below: --client,Run iPerf in client mode, connecting to an iPerf server running on . --udp,Use UDP rather than TCP. See also the option. --bandwidth,Set target bandwidth to n bits/sec (default 1 Mbit/sec for UDP, unlimited for TCP). If there are multiple streams (-P flag), the bandwidth limit is applied separately to each stream. You can also add a / and a number to the bandwidth specifier. This is called burst mode. It will send the given number of packets without pausing, even if that temporarily exceeds the specified bandwidth limit. , --time,The time in seconds to transmit for. iPerf normally works by repeatedly sending an array of bytes for seconds. Default is 10 seconds. See also the , and options. , --num,The number of buffers to transmit. Normally, iPerf sends for 10 seconds. The -n option overrides this and sends an array of bytes times, no matter how long that takes. See also the , and options. --length,The length of buffers to read or write. iPerf works by writing an array of bytes a number of times. Default is 128 KB for TCP, 8 KB for UDP. See also the , and options. --parallel,The number of simultaneous connections to make to the server. Default is 1. --reverse,Run in reverse mode (server sends, client receives). --set-mss,Attempt to set the TCP maximum segment size (MSS). The MSS is usually the MTU—40 bytes for the TCP/IP header. For Ethernet, the MSS is 1460 bytes (1500-byte MTU). Prefix every output line with this string. --linux-congestion,Set the (Linux only for iPerf 3.0, Linux and FreeBSD® for iPerf 3.1). To get started, for all mobile OS types, download the httpstat script by running the following command:Now you're all set! Just run the script, and be sure to include the IPv4 address (i.e. Carrier IP) of your web server. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. We use both third party and first party cookies for this purpose. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. These cookies may be set through our site by Verizon and third parties. They are used to present Verizon advertising on third party sites that you may visit. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising from Verizon. BackClear Filters,All Consent Allowed
Learn moreNetworx Contract Modifications
Contract ModificationsAs specified in the Networx Enterprise contract between Verizon and the General Services Administration in accordance with Section H.11, entitled Electronic Access to Contract, Verizon is posting the Networx Enterprise Contract in redacted format to remove proprietary information and is in conformance with the requirements of the Freedom of Information Act (FOIA). 10/27/21 To add FAR 52.223-99 clause in Section I of the contract as follow: FAR 52.223-99 ENSURING ADEQUATE COVID-19 SAFETY PROTOCOLS FOR FEDERAL CONTRACTORS (OCT 2021) (DEVIATION) (a) Definition. As used in this clause - United States or its outlying areas means— (1) The fifty States; (2) The District of Columbia; (3) The commonwealths of Puerto Rico and the Northern Mariana Islands; (4) The territories of American Samoa, Guam, and the United States Virgin Islands; and (5) The minor outlying islands of Baker Island, Howland Island, Jarvis Island, Johnston Atoll, Kingman Reef, Midway Islands, Navassa Island, Palmyra Atoll, and Wake Atoll. (b) Authority. This clause implements Executive Order 14042, Ensuring Adequate COVID Safety Protocols for Federal Contractors, dated September 9, 2021 (published in the Federal Register on September 14, 2021, 86 FR 50985). (c) Compliance. The Contractor shall comply with all guidance, including guidance conveyed through Frequently Asked Questions, as amended during the performance of this contract, for contractor or subcontractor workplace locations published by the Safer Federal Workforce Task Force (Task Force Guidance) at https:/www.saferfederalworkforce.gov/contractors/. (d) Subcontracts. The Contractor shall include the substance of this clause, including this paragraph (d), in subcontracts at any tier that exceed the simplified acquisition threshold, as defined in Federal Acquisition Regulation 2.101 on the date of subcontract award, and are for services, including construction, performed in whole or in part within the United States or its outlying areas. 5/26/21 1. The purpose of this modification to Contract GS00T07NSD0038 is to exercise the first option period for the Networx Enterprise Extension 2. In accordance with FAR Clause 52.217-9 of the contract, the Government hereby elects to exercise the first option period and extend the term of the contract. - The period of performance is from June 1, 2021 to May 31, 2022. 10/27/21 The purpose of this modification is to change Section I to incorporate new FAR clause 52.223-99, Ensuring Adequate COVID-19 Safety Protocols for Federal Contractors, as mandated by Executive Order 14042: Ensuring Adequate COVID Safety Protocols for Federal Contractors. 6/30/20,10/01/19 1. To add GSAR clause 552.204-70 Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment (Aug 2019), pursuant to Class Deviation CD-2019-11, issued August 13, 2019 under Section I. 2. To add FAR clause 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment (AUG 2019), as prescribed in FAR 4.2105(b) under Section I. 11/26/18 1. Section I is deleted in its entirety and replaced with the attached New Section I. 10/16/17 To change Section J.12.3 Service Provisioning Intervals From: The provisioning interval for routine and Class B expedited orders shall be measured in calendar days from the service orderconfirmation date in the Service Order Confirmation to the completion date in the Service Order Completion Notice (SOCN)in accordance with Section C.3.5, Service ordering. For orders for which a provisioning interval is not defined in TableJ.12.3-1, the completion date shall be less than or equal to the firm order commitment date on the Firm Order CommitmentNotice. To: The provisioning interval for routine and Class B expedited orders shall be measured in calendar days from the service order confirmation date in the Service Order Confirmation to the completion date in the Service Order Completion Notice (SOCN) in accordance with Section C.3.5, Service ordering. For orders for which a provisioning interval is not defined in Table J.12.3-1, including services with originating or terminating SWCs that are either OCONUS or Non-Domestic, thecompletion date shall be less than or equal to the firm order commitment date on the Firm Order Commitment Notice. 6/8/17 1. The purpose of this modification to Contract GS00T07NSD0008 is to add the following language at Section B.6.5 to provide guidance for Telcordia SWC remappings as follows: When the coordinates of an NSC change, the SWC it is mapped to may change. As these changes occur to the mapping of NS Codes to SWCs, the Government will update Table B.6.5-9. The contractor will review Table B.6.5-9 on a monthly basis to update their Operational Support Systems (OSS) to reflect the new mapping. The new mapping will be effective on the first of the subsequent month and will apply to all new Service Orders and Service Orders in progress prior to the SOC notification. For example, NS Code A is mapped to SWC 1 with a last modified date of January 15, 2005. Due to the update NS Code A is now mapped to SWC 2 with a last modified date of February 15, 2008. For February, 2008, the NS Code A is mapped to SWC 1, but as of March 1, 2008, the mapping of NS Code A to SWC 2 is in effect; this change will be applied to rates returned on a Service Order SOC issued after March 1, 2008. SWC 1 mapping will remain in effect for all Service Orders with a SOC date prior to March 1, 2008. As a result the Government recognizes the potential for an invoice to reflect different rates for the same services at a single NSC based on the SWC mapping for each Service Order on the date of the SOC and it shall not be the basis of a billing dispute. In addition to these changes, the Government will also be performing a quarterly review and update of all NSC to SWC mappings in the beginning of February, May, August, and November. The Government will then post this update to the NHC. The update will change Table B.6.5-9 and result in the addition of new records showing the new last modified date. The contractor will update their respective Operational Support Systems in order to reflect the new mappings effective on the 1st of March, June, September, and December through the monthly updates These shall be applied in the same manner as described in the previous paragraph. 4/17/17 1. The purpose of this modification to Contract GS00T07NSD0038 is to remove the Service Outage (SLA) from the Verizon Networx Enterprise Contract. Specifically, changes are incorporated at J.13.1 Introduction, J.13.2 (Table J.13.2-2), J.13.3.18 Performance Objective for Service Outage SLA (Service Independent and Incident Based), J.13.4.2 Incident-Based Service Outage Credits, J.13.5.1 Notification Forms for Incident-Based Credits, and J.13.5.1.1 Form for Requesting Incident-Based Service Outage Credits. 2. The contract is modified as follows: Remove wording in Section J.13.1 Introduction, under "1. Service Outage SLA". A Service Level Agreement (SLA) is an agreement between the General Services Administration (GSA) and the contractor to provide a service at a performance level that meets or exceeds the specified performance objective(s). Seventeen of the SLAs are for technical services specified in Attachment J.13.3, SLA Performance Objectives. These SLAs are service specific. If awarded the service cited in the SLA, the contractor shall comply with the SLA. Three SLAs apply to all services awarded, except where otherwise indicated, and are termed service-independent. The contractor shall comply with each service-independent SLA for all awarded services. 6/2/15 1. The purpose of this modification is to incorporate language regarding Trade Act Agreements and Service Enabling Devices. 2. The contract is modified as follows: Section B. This section is modified to add the following language to B.4.1: "SEDs may or may not be domestic end products or end products of a designated country. SEDs are not available through this contract apart from ordering the telecommunications network service. Telecommunications network services is one of several services excluded from the World Trade Organization Government Procurement Agreement and the other Free Trade Agreements executed by the United States Government. See FAR 25.401(b). The telecommunications network service offered under this contract has been determined by the GSA Contracting Officer to be domestic in origin. See FAR 25.402(a)(2). As telecommunications network service is excluded from Trade Act Agreements coverage, GSA has used the group offer analysis provided by FAR 25.503(c)(1) to determine that the value of the domestic end product exceeds 50% of the total proposed price of the group; therefore, the bundled telecommunications network service and SEDS group offer is evaluated as domestic." Section I. This section is modified to add FAR 52.225-5 Trade Agreements (NOV 2013) in full text. 10/23/14 The purpose of this modification is to incorporate changes to Sections B, C, G, H and J that allow the GSA contracting officer (CO) to issue Delegations of Procurement Authority (DPA) to agency warranted COs and appoint them as Ordering Contracting Officers (OCO). The modification allows OCOs to issue task order solicitations that contain non-standard requirements, such as: - Agency Unique CLINs and prices that will not be incorporated into the Networx contract - End-to-end bundled unit pricing - Unit pricing that includes all applicable taxes, fees and surcharges - Taxes, fees and surcharges may be included in the calculation of the GMS fee and will be considered billed eligible revenue - Additional billing elements - Additional deliverables The following sub-sections are modified: B.1.2; B.1.3.1.2; C.3.6.1.2.5; G.1.1.1; G.1.1.2; G.1.1.2.1; G.4.5; G.5.2; G.6.2; G.7; H.18; H.28; J.4 ;J (Appendix A),9/11/14 1. The purpose of this modification is to incorporate a change to Section C.2.1.12 Compliance with National Policy Directives. The contract is modified as follows: Section C.2.1.12: The following is added as paragraph d): Starting on October 1, 2014 (Federal Government fiscal year 2015) all Internet Protocol (IP)- Based services and Service Enabling Devices (SEDs) procured via the Networx acquisition program which make use of IP-Based Services or provide support for IP-Based Services must comply with the following standards and policies and directives to the greatest extent that they are applicable to the IP-Based service or Service Enabling Device, with the following allowable exceptions; 1. If the procuring department/Agency's Chief Information Officer determine the need for and provides an explicit written waiver: (For example; the procuring Agency CIO provides an explicit written waiver if the agency requests SEDs that do not have commercially available IPv6 functionality). 2. If the IP-Based service does not sit on the agencies' network but is instead provided on the Contractor's network, or is not provided on the public Internet. IP-Based Service is defined in Networx Section C.2.1.1, figure C.2-1 to include the following; Premises-Based IP VPN, Network-Based IP VPN, Voice Over IP Transport, Content Delivery Network, Converged IP, IP Telephony, Internet Protocol, IP Video Transport, and Layer 2 VPN Service. Standards and policies and directives; - Federal Acquisition Regulation (FAR) requires acquisitions to adhere to U.S. National Institute of Standards and Technology (NIST) Special Publication 500-267, A Profile for IPv6 in the U.S. Government - Federal Acquisition Regulation (FAR) requires acquisitions to adhere to declarations of conformance as defined in the USGv6 Test Program associated with U.S. National Institute of Standards and Technology (NIST) Special Publication 500-267, A Profile for IPv6 in the U.S. Government (reference NIST Special Publication (SP) 500-273, USGv6 Test Methods: General Description and Validation) - The September 28, 2010 memorandum from the U.S. Chief Information Officer with subject: "Transition to IPv6" - Office of Management and Budget Memorandum M-05-22, dated August 2, 2005 with subject: "Transition Planning for Internet Protocol Version 6 (IPv6) - Federal Chief Information Officers Council Planning Guide/Roadmap Toward IPv6 Adoption within the U.S. Government,6/9/14 1. The purpose of this modification is to incorporate changes to Section C related to Operational Support Systems (OSS) Security Requirements and Personnel Background Investigation Requirements. 2. The following sub-sections are modified: C.2.1.11.3 C.2.7.4.1.2 C.2.7.4.1.5 C.2.11.10.1.4 C.3.3.2.2.8 C.3.9.1.1 C.3.9.2.1 C.3.9.5,5/19/14 1. The purpose of this modification is to incorporate a change to Section B.3.2.2 providing an exception only for Broadband Ethernet Access to the rule that there must be a Serving Wire Center (SWC) price in order for a Network Site Code (NSC) price to be established on the contract. 2. The contract is modified as follows: Section B.3.2.2 b) The following is added to paragraph b): The sentence that immediately follows is the only allowable exception to the requirement that access prices for a SWC shall be established on this contract prior to adding any prices for NSCs served by that SWC. In cases where a domestic Broadband Ethernet Access price for a SWC is not on the contract, prices for up to two NSCs served by that SWC may be added to the contract. Thereafter, prices for additional NSCs may be added only after the price for the SWC that serves those NSCs is established on the contract. If necessary, NSC prices established under this exception shall be reduced to be no higher than the corresponding SWC price if and when the SWC price is added to the contract. 11/19/09 The purpose of this Modification to Contract GS00T07NSD0038 is to incorporate the following changes: 1. Section B.3.2.2 is modified to change the price structure for Broadband Ethernet Access; Table B.3.2.2-1 is uReserved; and Table B.3.2.2-7 is added. As specified in the Networx Universal contract between Verizon and the General Services Administration in accordance with Section H.11, entitled Electronic Access to Contract, Verizon is posting the Networx Universal Contract in redacted format to remove proprietary information and is in conformance with the requirements of the Freedom of Information Act (FOIA). 10/27/21 The purpose of this modification is to change Section I to incorporate new FAR clause 52.223-99, Ensuring Adequate COVID-19 Safety Protocols for Federal Contractors, as mandated by Executive Order 14042: Ensuring Adequate COVID Safety Protocols for Federal Contractors. 1. To add FAR 52.223-99 clause in Section I of the contract as follow: FAR 52.223-99 ENSURING ADEQUATE COVID-19 SAFETY PROTOCOLS FOR FEDERAL CONTRACTORS (OCT 2021) (DEVIATION) (a) Definition. As used in this clause - United States or its outlying areas means— (1) The fifty States; (2) The District of Columbia; (3) The commonwealths of Puerto Rico and the Northern Mariana Islands; (4) The territories of American Samoa, Guam, and the United States Virgin Islands; and (5) The minor outlying islands of Baker Island, Howland Island, Jarvis Island, Johnston Atoll, Kingman Reef, Midway Islands, Navassa Island, Palmyra Atoll, and Wake Atoll. (b) Authority. This clause implements Executive Order 14042, Ensuring Adequate COVID Safety Protocols for Federal Contractors, dated September 9, 2021 (published in the Federal Register on September 14, 2021, 86 FR 50985). (c) Compliance. The Contractor shall comply with all guidance, including guidance conveyed through Frequently Asked Questions, as amended during the performance of this contract, for contractor or subcontractor workplace locations published by the Safer Federal Workforce Task Force (Task Force Guidance) at https:/www.saferfederalworkforce.gov/contractors/. (d) Subcontracts. The Contractor shall include the substance of this clause, including this paragraph (d), in subcontracts at any tier that exceed the simplified acquisition threshold, as defined in Federal Acquisition Regulation 2.101 on the date of subcontract award, and are for services, including construction, performed in whole or in part within the United States or its outlying areas. 5/26/21 The purpose of this modification to Contract GS00T07NSD0008 is to exercise the second option period for the Networx Universal Extension 2. In accordance with FAR Clause 52.217-9 of the contract, the Government hereby elects to exercise the second option period and extend the term of the contract. The period of performance is from June 1, 2021 to May 31, 2022. 8/14/20 The purpose of this Modification is to incorporate revised Federal Acquisition Regulation (FAR) clause 52.204-25 Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment (Aug 2020). This supersedes any previous version(s) of the clause included in the contract. 52.204-25 Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment. More on Mod. 6/30/20 1. To add GSA Task-Order and Delivery Order Ombudsman Guide in Section G. a. In accordance with GSAM 516.505 (b): The GSA Task-Order and Delivery Order Ombudsman shall review and resolve complaints from contractors concerning all task and delivery order actions made by GSA. Complaints regarding task and delivery order actions of other agencies using GSA contract vehicles shall be directed to the ordering agency's Task-Order and Delivery-Order Ombudsman. For orders issued by GSA, see https://www.gsa.gov/policy\-regulations/policy/acquisitionpolicy/gsa\-ombudsman b. GSA TASK & DELIVERY ORDER OMBUDSMAN CONTACT INFORMATION GSA Task & Delivery Order Ombudsman, 1800 F Street NW, Washington, DC. 20405 Email: [email protected] 2. To add GSAR 516.505 Task-Order and Delivery-Order Ombudsman, 516.506 Solicitation provisions and contract clauses and 552.216-76 Ordering Agency Task-Order and Delivery-Order Ombudsman by reference in Section I. 3. To add FAR clause 52.216-32 Task- Order and Delivery-Order Ombudsman (Sept 2019) and Alternate I (Sept 2019) in Section I. 3/12/20 The purpose of this modification to Contract GS00T07NSD0008 is to exercise the first option period for the Networx Universal Extension 2. In accordance with FAR Clause 52.217-9 of the contract, the Government hereby elects to exercise the first option period and extend the term of the contract. The period of performance is from June 1, 2020 to May 31, 2021. 2/5/20 1. To add FAR clause 52.204-23 Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities (July, 2018) by Incorporate by reference (IBR) in Section I. 2. To add FAR provision 52.204-24 Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment (Dec 2019) to the contract. 10/1/19 1. To add GSAR clause 552.204-70 Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment (Aug 2019), pursuant to Class Deviation CD-2019-11, issued August 13, 2019 under Section I. 2. To add FAR clause 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment (AUG 2019), as prescribed in FAR 4.2105(b) under Section I. 11/26/18 The purpose of this Modification is to incorporate the following: 1. Section I is deleted in its entirety and replaced with the attached New Section I. 11/16/18 To add 12 months DMRC term to the Networx Contract in Section B. The following sections are affected by this change: a. Paragraph B.4.8.2.b Payment Methods for SEDs - (page B-241) b. Table B.4.8.2-1 Monthly Payment Factor - (page B-241) c. Table B.4.9.1-8 Wireline SED CLIN DMRC Relationships footnote** - (page B-249) d. Table B.4.9.2-8 Wireless SED CLIN DMRC Relationships footnote** - (page B-252) e. Table B.4.9.3-8 Satellite SED CLIN DMRC Relationships footnote** - (page B-255) f. Table B.4.9.4-8 Management, Applications, and Security SED CLIN DMRC Relationships footnote** - (page B-258). 3/7/18 The purpose of this modification to Contract GS00T07NSD0008 is to exercise the second option period for the Networx Universal Extension. In accordance with FAR Clause 52.217-9 of the contract, the Government hereby elects to exercise the second option period and extend the term of the contract. The period of performance is from March 29, 2018 to March 28, 2019. 2/27/18 To remove Sensitive Compartmented Information Facility (SCIF) requirement for MTIPS from the Networx Contract in Section C. The following sections affected by this change: a. Paragraph C.2.4.1.5.1.1 (1)d. - Function Definition - (page C-69) b. Figure C.2.4.1.5-3 - The TIC Portal Security Operation Center Architecture - (page C-80) c. Paragraph C.2.4.1.5.1.4.1 4 - TIC Portal Capabilities - ICD 705 Sensitive Compartmented Information Facility (SCIF) (page C-90 & C-91) d. Paragraph C.2.4.1.5.5.2.2 1.c. - MTIPS Global Response Loop (page C-107) e. Table C.2.4.1.5-2 - MTIPS Security Domain Overview (page C-109). 6/8/17 1. The purpose of this modification to Contract GS00T07NSD0008 is to add the following language at Section B.6.5 to provide guidance for Telcordia SWC remapping's as follows: When the coordinates of an NSC change, the SWC it is mapped to may change. As these changes occur to the mapping of NS Codes to SWCs, the Government will update Table B.6.5-9. The contractor will review Table B.6.5-9 on a monthly basis to update their Operational Support Systems (OSS) to reflect the new mapping. The new mapping will be effective on the first of the subsequent month and will apply to all new Service Orders and Service Orders in progress prior to the SOC notification. For example, NS Code A is mapped to SWC 1 with a last modified date of January 15, 2005. Due to the update NS Code A is now mapped to SWC 2 with a last modified date of February 15, 2008. For February, 2008, the NS Code A is mapped to SWC 1, but as of March 1, 2008, the mapping of NS Code A to SWC 2 is in effect; this change will be applied to rates returned on a Service Order SOC issued after March 1, 2008. SWC 1 mapping will remain in effect for all Service Orders with a SOC date prior to March 1, 2008. As a result the Government recognizes the potential for an invoice to reflect different rates for the same services at a single NSC based on the SWC mapping for each Service Order on the date of the SOC and it shall not be the basis of a billing dispute. In addition to these changes, the Government will also be performing a quarterly review and update of all NSC to SWC mappings in the beginning of February, May, August, and November. The Government will then post this update to the NHC. The update will change Table B.6.5-9 and result in the addition of new records showing the new last modified date. The contractor will update their respective Operational Support Systems in order to reflect the new mappings effective on the 1st of March, June, September, and December through the monthly updates These shall be applied in the same manner as described in the previous paragraph. 4/17/17 1. The purpose of this modification to Contract GS00T07NSD0008 is to remove the Service Outage (SLA) from the Verizon Networx Universal Contract. Specifically, changes are incorporated at J.13.1 Introduction, J.13.2 (Table J.13.2-2), J.13.3.17 Performance Objective for Service Outage SLA (Service Independent and Incident Based), J.13.4.2 Incident-Based Service Outage Credits, J.13.5.1 Notification Forms for Incident-Based Credits, and J.13.5.1.1 Form for Requesting Incident-Based Service Outage Credits. 2. The contract is modified as follows: Remove wording in Section J.13.1 Introduction, under "1. Service Outage SLA". A Service Level Agreement (SLA) is an agreement between the General Services Administration (GSA) and the contractor to provide a service at a performance level that meets or exceeds the specified performance objective(s). Seventeen of the SLAs are for technical services specified in Attachment J.13.3, SLA Performance Objectives. These SLAs are service specific. If awarded the service cited in the SLA, the contractor shall comply with the SLA. Three SLAs apply to all services awarded, except where otherwise indicated, and are termed service-independent. The contractor shall comply with each service-independent SLA for all awarded services. 6/2/15 1. The purpose of this modification is to incorporate language regarding Trade Act Agreements and Service Enabling Devices. 2. The contract is modified as follows: Section B. This section is modified to add the following language to B.4.1: "SEDs may or may not be domestic end products or end products of a designated country. SEDs are not available through this contract apart from ordering the telecommunications network service. Telecommunications network services is one of several services excluded from the World Trade Organization Government Procurement Agreement and the other Free Trade Agreements executed by the United States Government. See FAR 25.401(b). The telecommunications network service offered under this contract has been determined by the GSA Contracting Officer to be domestic in origin. See FAR 25.402(a)(2). As telecommunications network service is excluded from Trade Act Agreements coverage, GSA has used the group offer analysis provided by FAR 25.503(c)(1) to determine that the value of the domestic end product exceeds 50% of the total proposed price of the group; therefore, the bundled telecommunications network service and SEDS group offer is evaluated as domestic." Section I. This section is modified to add FAR 52.225-5 Trade Agreements (NOV 2013) in full text. 9/11/14 The purpose of this modification is to incorporate a change to Section C.2.1.12 Compliance with National Policy Directives. The contract is modified as follows: Section C.2.1.12: The following is added as paragraph d): Starting on October 1, 2014 (Federal Government fiscal year 2015) all Internet Protocol (IP)- Based services and Service Enabling Devices (SEDs) procured via the Networx acquisition program which make use of IP-Based Services or provide support for IP-Based Services must comply with the following standards and policies and directives to the greatest extent that they are applicable to the IP-Based service or Service Enabling Device, with the following allowable exceptions; 1. If the procuring department/Agency's Chief Information Officer determine the need for and provides an explicit written waiver: (For example; the procuring Agency CIO provides an explicit written waiver if the agency requests SEDs that do not have commercially available IPv6 functionality). 2. If the IP-Based service does not sit on the agencies' network but is instead provided on the Contractor's network, or is not provided on the public Internet. IP-Based Service is defined in Networx Section C.2.1.1, figure C.2-1 to include the following; Premises-Based IP VPN, Network-Based IP VPN, Voice Over IP Transport, Content Delivery Network, Converged IP, IP Telephony, Internet Protocol, IP Video Transport, and Layer 2 VPN Service. Standards and policies and directives; x Federal Acquisition Regulation (FAR) requires acquisitions to adhere to U.S. National Institute of Standards and Technology (NIST) Special Publication 500-267, A Profile for IPv6 in the U.S. Government x Federal Acquisition Regulation (FAR) requires acquisitions to adhere to declarations of conformance as defined in the USGv6 Test Program associated with U.S. National Institute of Standards and Technology (NIST) Special Publication 500-267, A Profile for IPv6 in the U.S. Government (reference NIST Special Publication (SP) 500-273, USGv6 Test Methods: General Description and Validation) x The September 28, 2010 memorandum from the U.S. Chief Information Officer with subject: "Transition to IPv6" x Office of Management and Budget Memorandum M-05-22, dated August 2, 2005 with subject: "Transition Planning for Internet Protocol Version 6 (IPv6) x Federal Chief Information Officers Council Planning Guide/Roadmap Toward IPv6 Adoption within the U.S. Government,6/9/14 1. The purpose of this modification is to incorporate changes to Section C related to Operational Support Systems (OSS) Security Requirements and Personnel Background Investigation Requirements. 2. The following sub-sections are modified: C.2.1.11.3 C.2.7.4.1.2 C.2.7.4.1.5 C.2.11.10.1.4 C.3.3.2.2.8 C.3.9.1.1 C.3.9.2.1 C.3.9.5. 5/19/14 1. The purpose of this modification is to incorporate a change to Section B.3.2.2 providing an exception only for Broadband Ethernet Access to the rule that there must be a Serving Wire Center (SWC) price in order for a Network Site Code (NSC) price to be established on the contract. 2. The contract is modified as follows: Section B.3.2.2 b) The following is added to paragraph b): The sentence that immediately follows is the only allowable exception to the requirement that access prices for a SWC shall be established on this contract prior to adding any prices for NSCs served by that SWC. In cases where a domestic Broadband Ethernet Access price for a SWC is not on the contract, prices for up to two NSCs served by that SWC may be added to the contract. Thereafter, prices for additional NSCs may be added only after the price for the SWC that serves those NSCs is established on the contract. If necessary, NSC prices established under this exception shall be reduced to be no higher than the corresponding SWC price if and when the SWC price is added to the contract. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. We use both third party and first party cookies for this purpose. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. These cookies may be set through our site by Verizon and third parties. They are used to present Verizon advertising on third party sites that you may visit. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising from Verizon. BackClear Filters,All Consent Allowed
Learn moreLos Angeles, California, United States(based on your internet address)