Specifications include, but are not limited to: apacity, Scalability and Disaster Recovery The system or solution should be capable of providing the initial properly sized capacity of service to meet runtime requirements. The system or solution should also be capable of providing monitoring and alerting as to capacity, security and performance alarms into standard monitoring systems approaches. The system or solution should be flexible and scalable to expansion of services and resources as needed, when the solution requires additional resources for proper runtime operation in its service life. Remote / Cloud Based providers as asked to deliver a full and comprehensive manifest of their current disaster recovery, availability and multi-site recovery models in practice as of the contact, to meet a 24x7x365 operational runtime expectation, given our obligations to the communities we serve. General Network and Connectivity Microsoft© Active Directory compatibility and extensibility is a major requirement. The systems or solution must support standard and up to date networking protocols for local area networking, wide area networking and storage networking. RFP-1559051 /Event # 522 Name Pronunciation Software Exhibit C – IT Security Requirements Page 2 of 2 Technology & Security Requirements for RFP/Request (v7/09/2023) The systems or solution must support standard TCP/IP services and associated protocols and subsystems, such as DNS, DHCP, NTP, SNMP, etc. The vendor’s solution should be compatible with Windows 2016 Server or higher, Active Directory Services domain functional level “Windows Server 2008“ or higher environment, including networking using DNS/IP and NOT relying on legacy windows protocols such as NetBIOS. The systems or solution must support IPv4 and IPv6 addressing methods. The systems or solution must support networking load balancing modalities, proxy server methods and standard security equipment and filtering techniques, such as proxy services forward and reverse configurations. Security and Authorization/Authentication The system or solution is required to adhere to current security and information protection best practices as outlined in major frameworks such as HIPAA, HITRUST, NIST and PCI. The system or solution should be flexible and compatible with standard Role Based Access Control frameworks (RBAC) and be fully compatible with Microsoft© Active Directory Services. The system or solution, if integrated with windows, should not require its services to run as a privileged user (in a domain group such as ‘administrators’) and should not be required to run any services on a domain controller. The system or solution is required to allow for complex password configurations and policies and not allow blank or NULL passwords. Password data MUST be protected and not sent or stored in the clear. The system or solution is required to support common and current 2FA/MFA approaches for user- based authentication security. Must support Parkland’s SAML/SSO based systems approach. A current system or device certificate for NIST or other framework certification, as applicable should be presented to verify proof of compliance. Examples would be NIST certificate of compliance for specialized security equipment such as Hardware Security Modules, Specialized Cryptographic hardware or other specialized security or cryptographic hardware or software that are required to be certified by NIST or other body. A flexible and extensible logging facilities engine capable of being routed to common log aggregation solutions or other standard SIEM approaches. The logging should be discreet and flexible and allow for enhanced security and protections if stored and hosted on the solution. A flexible and capable method of alerting and reporting on common access, system and security events that take place within the system, with proper tamper protections.
