Specifications include, but are not limited to: 4.1.1.Cybersecurity (Core) The Department requires a number of cyber security services. The Contractor shall provide a Security Operations Center service (SOC) and four (4) “embedded” personnel. Embedded means a person that is employed by the Contractor but is dedicated full time to working under the direction of the Department to fulfill a specific job role. Job role requirements are prescribed by the Department and must be met by the person assigned its duties. Embedded personnel must be senior engineers with a high level of skill, experience and expertise with the associated discipline (i.e., Firewall and Proxy administration, IT Security Risk Management, Security Information & Event Management (SIEM), and Cloud Security. A detailed listing of all cyber services required by the Department is provided in Managed Security Service Provider Statement of Work (MSSP SOW) Table 1 Requirements. The requirements for core cyber service roles include but are not limited to the following sections 4.1.1.1 through 4.1.1.6. The terms resources and support resources as mentioned below refer to personnel that are provided by the Contractor to support the core team. 4.1.1.1. Firewall management 4.1.1.1.1. Requires an embedded engineer dedicated to managing Palo Alto firewall pairs (x3), on premise and cloud based via Panorama. 4.1.1.1.2. Engineers must be experienced and skilled in supporting VPN and other capabilities within Palo Alto service offerings. 4.1.1.1.3. Engineers must be experienced and skilled in complex troubleshooting, networking, and routing, on premise and within cloud platforms. 4.1.1.1.4. Support resources must comply with firewall architecture, policy, and configuration that adhere to regulatory compliance requirements (e.g., IRS 1075, PCI, Social Security Administration). 4.1.1.1.5. Full time resources are required to complete ongoing customer service request tickets and project based service tickets. 4.1.1.1.6. Resources are required to attend internal IT support, coordination and project meetings. 4.1.1.1.7. Resources are required to immediately attend incident response and resolution conference calls 24x7 to address Production outages. 4.1.1.2. Cloud Proxy & Content Filter Management 4.1.1.2.1. Requires an embedded engineer dedicated to managing an agent based cloud proxy and content filter. 4.1.1.2.2. Engineers must be experienced and skilled in supporting agents on all Department endpoints and other capabilities within ZScaler service offerings. 4.1.1.2.3. Engineers must be experienced and skilled in complex troubleshooting and networking, on premise and within cloud platforms. 4.1.1.2.4. Support resources must comply with cloud proxy and agent based architecture, policy, and configuration that adhere to regulatory compliance requirements (e.g., IRS 1075, PCI, Social Security Administration). 4.1.1.2.5. Full time resources are required to complete ongoing customer service request tickets and project based service tickets. 4.1.1.2.6. Resources are required to attend internal IT support, coordination and project meetings. 4.1.1.2.7. Resources are required to immediately attend incident response and resolution conference calls 24x7 to address Production outages. 4.1.1.3. IT Security Risk Management 4.1.1.3.1. Requires an embedded engineer dedicated to attending project meetings and other coordination efforts to ensure security policy and standards are met for all new or changing technology deployments. 4.1.1.3.2. Resources must have experience and an in depth understanding of networking architectures and routing protocols. Experience and in depth understanding of application programming and scripting is required. 4.1.1.3.3. Experience with, and full understanding of, regulatory security frameworks and guidelines (e.g., NIST 800-53, PCI, IRS 1075, SSA, CIS) is required. 4.1.1.3.4. Resources are required to fully document system security plans (e.g., logical network diagrams, full data flow diagrams, and compliance documentation for authentication, access control, auditing, logging, etc.) for all new or changing technology deployments. 4.1.1.3.5. Resources are required to fully document risk analysis templates to identify each IT security risk (in detail), impact of each risk, likelihood rating, and appropriate countermeasures (for each technology implementation or change). 4.1.1.3.6. Support resources must complete ongoing service tickets for software, plugin and application requests via policy compliance review. 4.1.1.3.7. Full time resources are required to complete ongoing customer service request tickets and project based service tickets. 4.1.1.3.8. Resources are required to attend internal IT support meetings.
