Specifications include, but are not limited to: Discovery and Assessment: • Analyze the AGO’s current O365 Tenant design and configuration to establish a baseline of the AGO’s current configuration. • Conduct interviews, whiteboard sessions, and design sessions with key stakeholders to understand current and required future designs. • Perform identification and information gathering related to the AGO’s existing tools, incident management, response, and recovery. Planning and Design: • Gather requirements and use cases for O365 Tenant security and compliance implementation. • Develop and provide the AGO design, configuration, and implementation plans for updating the AGO’s O365 Tenant to meet IRS Publication 1075, CJIS Control Mapping, and NIST 800.53. • Assist the AGO team in identifying and defining role-based access controls for AGO ITS support staff who will be responsible for supporting and maintaining the O365 Tenant into the future. Deployment, Configuration, and Documentation: • Perform the deployment and configuration of O365 Tenant to meet NIST 800.53, IRS Publication 1075, and CJIS Control Mapping as identified in the planning and design phase. • Provide validation and testing that all controls have been successfully implemented and meet NIST 800.53, IRS Publication 1075, and CJIS Control Mapping. • Review and provide improvement suggestions of AGO technical and acceptable use policies.
