Specifications include, but are not limited to:he Office f Management and Enterprise Services is seeking bids for an auditing and compliance tool for the Security Department within OMES Information Services. The product will be able to do security audits, analysis, alerting and reporting on infrastructure changes; track changes and events, such as modifications to security configurations, systems, permissions and data. Mandatory requirements are the minimum capabilities, features, and/or technical standards that must be met by the proposed solution. The Bidder shall clearly state their ability to meet the Mandatory System (technical) requirements and will state how the requirements will be met, what assurances of success the proposed approach will provide. The bidder must provide details to ensures auditing of logon activities, including unsuccessful attempts; alerts and reports on account lockouts. C.4.1. Software System Functionality C.4.1.1. Demonstrate the system shall record auditing of logon activities, including unsuccessful attempts; alerts and reports on account lockouts C.4.1.2. The software solution must Identify and authenticate access to systems components C.4.1.3. The software solution must enables auditing of privileged user activity across various IT systems in the IT infrastructure; facilitates access control with reporting on successful and failed access attempts, logons and logoffs. C.4.1.4. The software solution must enables auditing of privileged function activity across various IT systems in the IT infrastructure; facilitates access control with reporting on successful and failed access attempts, logons and logoffs. C.4.1.5. Provides auditing of files and folders and their permissions across the entire IT infrastructure to enable early detection of unauthorized changes to security access settings (granting of new permissions, changes of user access rights, etc.) and ensure the adequacy of technical controls. C.4.1.6. Facilitates control over system configuration violations by reporting on changes to group and local policies, access permissions, the registry, and other configuration assets that can be critical for maintaining compliance. C.4.1.7. Reports on user account creation and deletion, password resets, and changes to group memberships, accounts, and privileges. C.4.1.8. Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity; and include: I. the date of the system event II. the time of the system event III. the type of system event initiated; and IV. the user account, system account, service or process responsible for initiating the system event, V. Identify if non-standard account access occurs based on a defined set of alerting or login requirements that can be defined by the State for specific file or folder monitoring C.4.1.9. Must capture modifications to administrator account(s) and administrator group account(s) including I. Escalation of user account privileges commensurate with administrator-equivalent account(s). II. Adding or deleting users from the administrator group account(s) C.4.1.10. The solution must capture the enabling or disabling of a set of state defined system services by any user, service, and object C.4.1.11. The solution Must capture command line changes, batch file changes and queries made to the system (e.g., operating system, application, and database). C.4.1.12. The solution Ensures consolidation and archiving of all audit trails while enabling continued quick access to audit records. The audit trail must be protected from unauthorized access, use, deletion or modification. C.4.1.13. The solution must be able to run on 500 and up to 2500 servers. C.4.1.14. Analyze suspicious user actions for sensitive content and critical resources. C.4.1.15. Provide alerts about patterns that violate the State security policies by email or SMS. C.4.1.16. Must be able to support multiple Active Directory domains. C.4.1.17. Must be able to support transaction logging of databases systems for capture and review of transactions occurring within database activities that are specified to be logged by the State. This would be a specific subset of transactions that would be identified to log by the State and based on the logging alerting could be identified through rules or workflows.
