Specifications include, but are not limited to: perform monthly external scanning as follows: • Automatically scan the list of external IP addresses and/or domains for known vulnerabilities and configuration issues; • Provide an executive and technical compliance report; • Provide a detailed findings report that shall include, compliance status, prioritized vulnerabilities, policy weaknesses, and remediation recommendations; • Provide a secure web portal that allows each agency to review its findings and reports as well as consolidate all agency scans at a State level; • Ability for the State to download all detailed findings in a CSV or Excel spreadsheet format to use for internal remediation efforts. Individual findings shall be listed in its own row; and • All DAS and staff designated by DAS, the ability to set-up and modify scan schedules and set-up, modify, and disable users.
