Specifications include, but are not limited to: Charleston County School District has used the following frameworks and best practices to protect against threats: CIS 7.1/8.0 - The CIS Controls are internationally recognized cybersecurity best practices for defense against common threats. NIST Zero Trust - Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network- based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows Cyber Security Foundational Assessment (CSFA) - A technical assessment focusing on Active Directory, vulnerability management, permissions, and common technical flaws that can be exploited by threat actors. Vendor must have personnel with the following qualifications and certifications. At least one person on staff with the following: ● Certified Information System Security Professional (CISSP) ● Certified Penetration Testing Engineer (CPTE) ● Certified Information Systems Security Officer (CISSO) Additionally, vendor must have the following authorization and certifications: ● ISO 27001 Certified ● Palo Alto Networks Innovator Partner OR Cisco Premier Partner OR Aruba Gold Partner The following goals for the testing have been defined by Charleston County Schools: • Identify and determine critical IT assets as they relate to (1) data compromise including unauthorized access and/or modification/integrity loss and/or (2) data loss and availability • Review the existing security architecture and toolsets in place • Optionally, discover key vulnerabilities within the on-premise environment • Develop a short and long term plan to address key deficiencies of digital asset protection based on risk and impact to the organization
