Specifications include, but are not limited to: Qualified consultants to replace and upgrade our network firewalls. The new firewalls will replace two redundant firewalls protecting the business network, and one firewall protecting a separate SCADA network. The business and SCADA networks must be kept securely segmented to comply with ICS/SCADA best practices. The following features are expected for any proposed Next-Generation Firewalls to replace our current devices: • Application Control • Deep Packet Inspection • SSH and SSL Inspection • Application and Data Inspection • Intrusion Detection and Prevention • Advanced Threat Detection • Protection Against Zero-Day Attacks • Sandbox Analysis • URL Filtering • Virus Detection • Client VPN Remote Access, (2-factor verification is not required, but will be a highly valued feature) o VPN client software must support Windows 7 and Windows 10 • Authentication via Microsoft Active Directory • High Availability • Reporting Capabilities • Adherence to NIST Cybersecurity Framework Industrial Control Systems (NIST SP 800-82)
