Gov't Security Requirements

Having to deal with both desktop/web app certification AND e-learning development, this really doesn't apply to a Captivate generated product, even if generated as an executable. I don't know what Government agency you're bidding on, but that reference is for Enterprise level Information Systems, any Captivate output would be considered neither enterprise level nor an information system.  At least from the US Air Force perspective, Captivate or any other web-based training product, executable or not, is considered training materials, not an information system OR application, since other than storing scripted variable, it doesn't actually generate any product of its own with an exe. or other proprietary file extension. You might get into some issue if you have an executable and you create an installer for it, but again, then you would be dealing with desktop application certification, and NOT enterprise level certification with all the additional security verification and source checking. All you really need to worry about is SCORM compliance and ADA Section 508/W3C Accessibility conformance. (Retired USAF MSgt. with 25+ years experience in IT/Training development)

Keep in mind that the output is your deliverable, so you're building "HTML5 or Flash based pages" for web delivery.

If they require delivery of .exe files, that would greatly change the dynamic.

From what I can see in this 462 page document, you're likely an external service provider, so focus on section 2.5.

Keep in mind, I'm not a lawyer, and this isn't legal advice, just a posting in a public forum.

So, have you asked the person bidding how they reviewed these requirements?

Or, are you preparing a bid?