The Vendor is required to maintain and be responsible for the overall security posture for PBS NC Broadcast Network including: a) Network connectivity b) Demonstrate information security awareness c) maintain, support, and manage all security devices installed, including firewalls, network routers, switches, reverse proxies, and others as required. All software and devices shall be at all times patched to manufacturer supported firmware and patch levels. (Cisco ASA) d) An on-staff senior-level security person with CISO- or CSO-level experience in a 24x7 broadcast television facility. The vendor will be expected to provide CISO services. e) Provide ISO compliance where applicable to support business requirements. f) Recommendations on best security practices. This includes proactively informing PBS NC in written form on best security practices on at least an annual basis. g) Conduct vulnerability scanning at least every 15 days with authentication, where feasible. h) Patch defined set (in written form) of highest risk vulnerabilities no more than 30 days after detection and more frequently based on risk. i) Report incidents in keeping with the UNC System Office Incident Response Procedure. j) Support Broadcast IT infrastructure to promote CISO level security necessary for the organization. k) Technical components of change management...
