1. IPv6 Product Acquisitions by United States (US) Federal departments and agencies
From July, 2010, until November, 2020, all US Federal departments and agencies could only acquire IP compliant products that were known to meet the requirements contained in the National Institute of Standards and Technology (NIST) Special Publication (SP) 500-267 A Profile for IPv6 in the US Government (USG) Version 1.0 (USGv6).
As of November, 2020, when NIST published SP500-267Ar1 (NIST IPv6 profile) and SP500-267Br1 (USGv6 Profile), all US Federal departments and agencies can only acquire IP compliant products that meet the requirements set forth in SP500-267Br1s (USGv6 Capabilities Table) (i.e., using the USGv6-r1 Capability Templates in Appendix A of SP500-267Br1) and whose vendors have documented their product’s support of those IPv6 capabilities, through USGv6 Test Programs using the USGv6 "Suppliers Declaration of Conformity" or SDOC). (Note: Additional information about the USGv6 Capabilities Table and USGv6 Test Programs is available here. NIST also published a USGv6 Test Program Guide.)
In July, 2011, the Assistant Secretary of Defense (Networks and Information Integration)/Department of Defense (DoD) Chief Information Officer (CIO) issued a DoD IPv6 Standard Profiles For IPv6 Capable Products Version 6.0. This document identified those IPv6 Request for Comments (RFCs) documents published by the Internet Engineering Task Force (IETF) described in the IPv6 and IoT Networking Standards article in the General Information section that are applicable for equipment purchased by the DoD.
Expanding on the DoD IPv6 Standard Profiles For IPv6 Capable Products and NIST USGv6 Profile, the Department of Veterans Affairs adds device classes for applications and services to their IPv6 & USGv6 Compliance Test Capability draft document.
Although not focused solely on IPv6, the DoD Enterprise Software Initiative (ESI) may sometimes be a useful resource when acquiring, distributing, or managing IPv6-capable commercial software, as briefly described here.
2. IPv6 Information Systems and Services Acquisition by US Federal departments and agencies
The US General Services Administration (GSA) Acquisition Manual (GSAM) describes GSA rules for the acquisition of goods and services. Section 511.170 Information Technology Coordination and Standards Part (d) specifically addresses rules that apply to IPv6.
The GSA offers detailed Guidance For Program Management of Agency Transition to an IPv6-only Environment (authentication required), along with IPv6-compliant equipment, applications, transition support and in-place integrated solutions contracts on their Internet Protocol version 6 (IPv6) page. An SOW template to purchase services to deploy IPv6 under the Connections II contract administered by the GSA is available. (Note: The scope of this SOW is limited to deployment of IPv6 on a network that is currently IPv4-only or partially dual-stacked.) This template includes evaluation criteria, offeror instructions, past performance form, a sample work breakdown structure, a sample project management plan template, pricing language and template, a deliverables chart, and a sample warranty spreadsheet. GSA has also provided answers to Networx IPv6 Frequently Asked Questions.
(Note: The GSA is in the midst of an Enterprise Infrastructure Solutions (EIS) acquisition. The Networx contract (and others) are transitioning to EIS. See this GSA web page describing the on-going multi-year transition.)
Acquisition best practices applicable to the development of DoD information systems are provided by the Defense Acquisition University (DAU) in their Defense Acquisition Guidebook CH 6-3.9.3.
Recommended Acquisition Best Practices based on the FAR and USGv6 IPv6 profiles are available here.
3. IPv6 Equipment and Service Acquisitions by European countries
The Réseaux IP Européens (RIPE) Network Coordination Centre (NCC) is one of five Regional Internet Registries (RIRs). In Jun, 2012, the RIPE NCC IPv6 Working Group issued a Requirements For IPv6 in ICT Equipment RIPE-554 document. It identifies IPv6 technical standards that are applicable for equipment and services purchased by European public sector and large enterprise network operators.
In Apr, 2018, the last European IPv6 project IPv6 Framework for European Governments which completed in 2018 published an overview of the IPv6 profiles developed by RIPE, NIST, and DoD in a report Technical Profiles IPv6 for Public Administrations in Europe. (Previous European IPv6 projects include the 6NET project completed Jun 2005, followed by the 6DISS project that completed Sept 2007; followed by 6DEPLOY and 6DEPLOY-2 (www.6deploy.eu) which completed Feb 2013. Governments Enabled with IPv6 (GEN6) completed May 2015. Deliverables and Presentations under the Publications tab of the GEN6 website provide additional material.)
4. Sample IPv6 Contractual Clauses
- Section 511.170 Information Technology Coordination and Standards Part (d) of the GSAM mentioned at the beginning of paragraph (2) above provides sample SOW language and a sample waiver request.
- The Chief Information Officers (CIO) Council Federal IPv6 Task Force website provides sample waivers for various Federal organizations in the Procurement Templates and Best Practices section Acquisitions IPv6 Compliance Resources subsection under Agency CIO Waivers. See this IPv6 Points of Contact article in the General Information section for the address of the CIO Council Federal IPv6 Task Force website.
- In Oct, 2010, the DoD IPv6 Transition Office (which was disestablished in July 2011) provided this summary of sample contractual clauses. Examples of suggested warranty clauses and guidance for DoD Services/Agencies seeking a waiver for acquisitions of non-IPv6 capable items are included. (Note: Since this document was written, some of the referenced memoranda have been rescinded.)
- An excerpt from the Feb, 2017, Internet Corporation for Assigned Names and Numbers (ICANN) IPv6 Initiative on the ICANN website: Scope 1.d IPv6 Specification Compliance:
To the extent the Services and/or Deliverables include development or provision of (i) website design, hosting, implementation and/or programming, and/or (ii) software and/or devices that support network or Internet connectivity, Contractor warrants and represents that all such Services and Deliverables will be fully compliant with the Internet Engineering Task Force (IETF) Internet Protocol, Version 6 Specification, sometimes referred to as the IPv6 Specification and, in addition, will be fully backward-compatible with the Internet Engineering Task Force Internet Protocol, Version 4 Specification, sometimes referred to as the IPv4 Specification, including without limitation having the capabilities: (a) to create or receive, process, and send or forward (as appropriate) IPv6 packets in mixed IPv4/IPv6 environments, and (b) to interoperate with other iPv6 compliant software, devices and websites on networks supporting only IPv4, only IPv6, or both IPv4 and IPv6. The expectation is that any networked application or service developed for ICANN would operate irrespective of whether such services were accessed using IPv4 or IPv6.
- This excerpt from a Dec 2016 Army Contract W52P1J-17-D-0006:
3.12 IPV6 CAPABLE ASSETS
The Contractor shall warrant that each item delivered under the Contract shall accurately transmit, receive, process, and function correctly using the Internet Protocol Version 6 (IPv6). Specifically, the Contractor warrants that:
a. each item delivered complies with the current DISR developed IPv6 standards profile;
b. each item delivered maintains interoperability with IPv4 (specifically, shall operate on/coexist on a network supporting IPv4 only, IPv6 only, or a hybrid of IPv4 and IPv6); and
c. each item delivered is supported by the Contractors IPv6 technical support.
Additionally, as IPv6 evolves, the Contractor shall upgrade or provide an appropriate migration path for each item delivered. The duration of this warranty and the remedies available to the Government for breach of this warranty shall be as defined in, and subject to, the terms and limitations of the Contractors standard commercial warranty or warranties contained in this Contract, provided that notwithstanding any provision(s) to the contrary in such commercial warranty or warranties, the remedies available to the Government under this warranty shall include repair or replacement of any product whose non-compliance is discovered and made known to the Contractor no later than one year after acceptance. Nothing in this warranty shall be construed to limit any rights or remedies the Government shall otherwise have under this Contract with respect to defects other than IPv6 performance.
5. Sample IPv6 Acquisition Contracts
- A Performance Work Statement (PWS), Apr 2021, for the Defense Research and Engineering Network (DREN) 4 and a PWS, July, 2011, for the DREN III are both available here. (Authentication is required for both documents.) A draft of the DREN 4 PWS is available here. (Authentication is not required for this document.)