The proposed solution should include the following components and capabilities: A. Managed Detection and Response (MDR)- Deployment of an on-premises MDR appliance inside the district network to monitor all internal network traffic. Continuous inspection of network traffic for anomalies, malicious activity, or unauthorized access. Alerts sent to designated district IT staff and a qualified Security Operations Center (SOC) when threats are detected. SOC review of alerts and provision of actionable recommendations. Capacity to process traffic from approximately 450 endpoints and 15 servers without performance degradation. B. Endpoint Detection and Response (EDR)- EDR coverage for all 450 endpoints and 15 servers. Integration with SOC to allow detailed investigation of any device exhibiting suspicious behavior. Capability to remotely isolate compromised devices from the network when necessary. Ability to correlate endpoint data with MDR traffic data for a unified view of potential threats. C. Internal Network Vulnerability Assessment- Monthly vulnerability scans of internal systems with limited penetration testing to validate severity and exploitability of identified vulnerabilities. Quarterly reports summarizing findings, remediation efforts, and risk trends. Assessment activities to include: Scanning and penetration testing of the server environment. Review of Active Directory (AD) accounts, including recently created accounts and domain administrator accounts. Examination of AD “Description Fields” for irregularities. Review of file share permissions to identify inappropriate access to sensitive data. Privilege escalation testing to simulate potential compromise paths. Enumeration and testing of network services (e.g., FTP, Telnet, VNC, SSH, RDP, SMTP, HTTP, HTTPS) for weak or default credentials. Investigation of any anomalous scan results. D. Continuous Compliance Monitoring- Incorporation of NIST 800-53 security objectives into a compliance tracking platform. Ability to generate on-demand reports detailing the district’s security posture and maturity against NIST benchmarks. Tools to document and track vulnerabilities, remediation progress, and compliance status. Capability for district personnel to update information on critical systems and departments. E. Policy Development, Documentation, and Training- Development or review of policies necessary for NIST 800-53 compliance. Assistance with creation or revision of the district’s Incident Response Handbook. Conduct tabletop exercises with IT staff to rehearse incident handling procedures. Maintenance of an up-to-date disaster recovery plan with supporting documentation and dashboards. Inclusion of pre-allocated incident response hours to be used in the event of a real incident. 4. Deliverables- The selected provider will be responsible for: Installation, configuration, and integration of MDR appliance and EDR agents for approximately 450 endpoints and 15 servers. Ongoing monitoring and SOC engagement. Monthly vulnerability scanning and limited penetration testing. Quarterly reporting and compliance tracking. Policy and documentation updates. Staff training and incident simulation exercises. Technical support for all deployed systems and services.
