Specifications include, but are not limited to: 1. IT Deliverables a. Design of IT Solution (likely hosted in an PaaS model) that will comply with the stated standards in the areas of: i. 800-171 cloud architecture recommendations ii. System and communications protection: involves use of secure design principles in system architecture and software development life cycle iii. System and information security: involves monitoring for an alerting on system flaws and vulnerabilities iv. Security assessment: involves assessing effectiveness of security controls and addressing deficiencies to limit vulnerabilities v. Media protection: involves the sanitization and destruction of media containing CUI vi. Assist in the development of KSU interpretation of 800-1741 requirements, to make best-practice recommendations 2. General NIST 800-171 Implementation Requirement Deliverables a. Processes to ensure compliance of future grants/contracts potentially in scope for 800-171 requirements b. Specification of business practices and controls to ensure the identification of, and compliance with, CUI Data guidelines c. Specification of physical access controls which are compliant with NIST standards d. Training plan for IT Staff covering architecture and configuration management processes for required environments e. Training plan for university staff in the management of projects which collect, use, or store data considered to be CUI f. Risk assessment: involves assessing the operational risk associated with processing, storage, and transmission of CUI g. Business/Funding consultation – work with the KSU teams to recommend future funding and cost allocation models for 800-171 technical and administrative support 3. Additional Information: a. Describe your ability to deliver effective, full featured services b. Description of your company’s methodology c. Summary of phases to this approach (methodology) and the timelines and deliverables for each phase d. If applicable, provide references of similar size and scope projects, with a focus on universities with a Carnegie classification of “Doctoral Universities; Highest Research Activity”.