Specifications include, but are not limited to: 3.4.1.1 Provide an executive summary of your managed security solution. 3.4.1.2 Describe your approach to supporting 24x7x365 remote security event monitoring and device/agent management. 3.4.1.3 Describe the architecture of your Managed Security Service delivery capability, including elements in your SOC, data center (on your premise, colocations, and private and public cloud services), network and our premises, as well as the centrally delivered log management, analytics and portal tiers, and capabilities for collecting event logs and data from other locations (e.g., software as a service [SaaS], platform as a service [PaaS] and infrastructure as a service [IaaS]). Provide example architectural diagrams and descriptions. Indicate where there are any regional differences in architectures or technologies used. Finally, include and identify any elements that are delivered by third-party partners. 3.4.1.4 Describe and list the primary tools used to deliver the proposed solution. Also describe and list any 3rd party tools that will be utilized. 3.4.1.5 Describe how your proposed solution and any supporting products will use or interface with products the State and the selected county has in place for enterprise monitoring and incident response. Ensure that you include details on how you can support connections to external partners such as the state and/or county infrastructure to provide support. 3.4.1.6 Describe if your services require the use of proprietary technology that the state and/or county must purchase or install. If so, list all pertinent information related to this technology. 3.4.1.7 Describe how your company’s services could be implemented to allow for graceful transition away from services if funding is not available for selected county and/or state decides to not renew the contract. 3.4.1.8 Describe how you use external data (e.g., threat intelligence feeds) to analyze potential threats and describe what access to this data the state and selected agencies will have. 3.4.1.9 Describe integration capabilities with enterprise directories, and configuration management databases (CMDBs) should a county have a solution in place. Explain how these integrations support the delivery of your services. 3.4.1.10 Describe how your services will scale to meet the needs of the selected agencies and identify the related variable costs. 3.4.1.11 Describe how you will complete an initial assessment, and how you will establish a baseline security level. Include specifics on your implementation timeline; infrastructure requirements; data transfer, data storage and segregation, and backup systems; and encryption standards.
