Specifications include, but are not limited to: 3.2.1System Uptime RequirementsThe system shall be available 24/7/365. The anticipated level of service (downtime) should be provided as part of the response.3.2.2Security Credential Management System SupportWork withtheFDOT’s Security Credential Management System (SCMS) provider on implementation issues and security certificatesfor V2X applications and the platform.3.2.3Cybersecurity and Data Protection: The data broadcast from the proposed system shall not contain personally identifiable information (PII).DSRC and C-V2X communications standards require that encryption, certificate management, and other security controls be implemented. All datastored within the V2X data exchange shall be protected by the vendor through due diligence and appliedbest practices,which align with the FDOT’s policies and the Florida Administrative Code 60GG-2Florida Cybersecurity Standards. The protection should include the following main elements: a.Intrusion Detection System (IDS):This element is implemented on the cloud storage and all communication links between the V2X data exchange platform (i.e., the data exchange platformand FDOT networks). It may be part of the vendor’s overall system if it provides discreet monitoring and response of the Department’s system. It shall:i.Monitor -Constantly analyze network traffic accessing the V2X data exchange. Identify changes, scans, and abnormal commands. Flag the aforementioned observationsfor investigation and conduct passive monitoring. ii.Detect -Determine if someone is trying to access the V2X data exchangeor an adversary is scanning the V2X data exchange. Determine if unusual traffic or an unwanted command is being sent to the V2X data exchange. Analyze the data for consistency. iii.Report -a monthly report shall be provided to the FDOT documentingeventsincluding:intrusions, anomalous traffic, breaches, and data corruption.Daily reports shall be provided to the FDOT as part of the overall system dashboard. All “successful” breaches shall be reported to the FDOT within six (6)hours of their occurrence.iv.Security Plan-The vendor shall provide a security plan outlining a description of security policiesand procedures applied to the data cloud.b.Provide, as part of the data warehouse solution, additional security capabilities and services to increaseprivacy and control network access, as follows:i.Network firewalls (virtual or physical as part of a cloud solution) tocontrol access to the data exchangeii.Encryption, as needed,for dataiii.The option to provide private, or dedicated, connections for each user, as required3.2.4Device DriversDevelop device driversfor detector typesfor ingesting data if the existing devicedoes not have a driveror a mechanism to acquireitsdata.3.2.5Application Program Interface (API)Develop APIs to ingest data for the V2X data exchangeplatform.This requirement applies to existing and future data.
