The Contractor shall provide: 1. Insert Line Items listing product / equipment offerings, price per each, and quantity ordered, as applicable. 2. INSTALLATION AND TRAINING (REMOVE IF NOT APPLICABLE) 3. SOFTWARE (REMOVE IF NOT APPLICABLE) 3.1 Information Security Requirements In cases where the State is not permitted to manage/modify the automation equipment (server/computer/other) that controls testing or monitoring devices, the Contractor agrees to update and provide patches for the automation equipment and any installed operating systems or applications on a quarterly basis (at minimum). The Contractor will submit a report to the State of updates installed within 30 days of the installation as well as a Plan of Actions and Milestones (POA&M) to remediate any vulnerabilities ranging from Critical to Low. The contractor will provide an upgrade path or compensatory security controls for any operating systems and applications listed as beyond “end-oflife” or EOL, within 90 days of the EOL and complete the EOL system’s upgrade within 90 days of the approved plan
