Specifications include, but are not limited to: Support State IT security policies and standards, which includes the development, maintenance, updates, and implementation of security procedures with the State’s review and approval, including physical access strategies and standards, User ID approval procedures, and a security incident action plan. 1.1.2. Support the implementation and compliance monitoring as per State IT security policies and standards. 1.1.3. If the Contractor identifies a potential issue with maintaining an “as provided” State infrastructure element in accordance with a more stringent State level security policy, the Contractor shall identify and communicate the nature of the issue to the State, and, if possible, outline potential remedies for consideration by the State. 1.1.4. Support intrusion detection and prevention, including prompt State notification of such events and reporting, monitoring, and assessing security events. 1.1.5. Provide vulnerability management services for the Contractor’s internal secure network connection, including supporting remediation for identified vulnerabilities as agreed. At a minimum, the Contractor shall provide vulnerability scan results to the State monthly.