Security Information and Event Management (SIEM) Hardware & Software RFP #15-109309



Similar documents
REQUEST FOR PROPOSALS FOR INTERNAL CONNECTIONS. INCLUDING EQUIPMENT and. VoIP TELEPHONE SYSTEM FOR THE ALTERNATE HIGH SCHOOL BUILDING

INVITATION TO RFP. Oneida County Central Services Professional Services for Implementation of Enterprise Content Management System RFP- #

REQUEST FOR INFORMATION FLORIDA AGENCY FOR STATE TECHNOLOGY CLOUD SERVICES AND SOLUTIONS RFI NO.:

INCIDENT RESPONSE CHECKLIST

City of Richmond Business and Financial Services Department. Contract 4595P. Security Information Event Management System

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

Request for Proposal MDM Offeror s Questions for RFP for Virtual Private Network Solution (VPN)

Response to Questions CML Managed Information Security

DCADLEC RFP Clarifications

APPENDIX 8 TO SCHEDULE 3.3

Security Design.

APPENDIX 8 TO SCHEDULE 3.3

Sagari Ltd. Service Catalogue and Service Level Agreement For Outsource IT Services

Request for Proposal Managed IT Services 7 December 2009

Client Security Risk Assessment Questionnaire

Request for Information RFI #15/ for Enterprise Password Management Software

JOHNSON COUNTY COMMUNITY COLLEGE College Blvd., Overland Park, KS Ph Fax

Service. Strategic Technology Solutions for DNA Technology Solutions and Services That Help You Optimize System Performance, Security and Availability

REQUEST FOR PROPOSALS INFORMATION TECHNOLOGY SUPPORT SERVICES. Bid Packets are Due:

Request for Resume (RFR) CATS II Master Contract. Section 1 General Information R00B

QUESTIONS & RESPONSES #2

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

Independent School District No. 9 (Union Public Schools) Tulsa County, Oklahoma

Local Area Networks (LANs) Blueprint (May 2012 Release)

Request for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon

Addendum 03. This is the Final Extension in response and due to the above received request:

Lackawanna County Earned Income Tax Collection Committee c/o Louise Brzuchalski 200 E. Grove Street Clarks Summit, PA 18411

Critical Controls for Cyber Security.

Infrastructure Technical Support Services. Request for Proposal

Ovation Security Center Data Sheet

C. La Plata County is exempt from all state taxation including state sales and use tax.

REQUEST FOR PROPOSAL

1 OPPORTUNITY SUMMARY

III. Services Required The following details the services to be provided to the Town of North Haven in the area of information services:

Region 7 Education Service Center Request for Proposal (RFP) For Data Center services

APPLICATION FOR THE E911 RURAL COUNTY GRANT PROGRAM

Hosted VoIP RFP. Throughout this document, the word System refers to The Jackson Hinds Library System

KIPP MEMPHIS COLLEGIATE SCHOOLS

For windows erver, Which edition of Windows server 2008 is required ( i. e. Web / Standard / Enterprise )?? Kindly suggest.

Payment Card Industry Self-Assessment Questionnaire

Request for Proposal RFP No. IT Phone System Replacement

Information Technology Support Services. Request for Proposals

HIPAA RISK ASSESSMENT

Disaster Recovery Checklist Disaster Recovery Plan for <System One>

Cyber Security for NERC CIP Version 5 Compliance

REQUEST FOR PROPOSAL

Request for Proposal. St. Andrew's Parish Parks & Playground Commission Bid Deadline: July 17, 2015 at 12 Noon

RFP No C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST

DISASTER RECOVERY WITH AWS

IT Discovery / Assessment Report Conducted on: DATE (MM/DD/YYY) HERE On-site Discovery By: AOS ENGINEER NAME Assessment Document By: AOS ENGINEER NAME

H.I.P.A.A. Compliance Made Easy Products and Services

Request for Pre- Qualification

Spokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Addendum #1 - Q&A

MINNEAPOLIS PARK AND RECREATION BOARD JOB DESCRIPTION JOB TITLE: Network & Operations Coordinator

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Information Security Network Connectivity Process

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

RuggedCom Solutions for

CITY OF MILTON REQUEST FOR PROPOSAL # ITS

SERVICE LEVEL AGREEMENT

NETWORK SYSTEMS ENGINEER II

PavelComm s Pro-Tech Lite Fact Sheet

Request for Proposal No. CCAD TECHNICAL/IT Services REQUEST FOR PROPOSAL FOR TECHNICAL/IT SERVICES CESAR CHAVEZ ACADEMY DENVER

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

Statement of Work Security Information & Event Management (SIEM) December 20, 2012 Request for Proposal No

Prepared by: OIC OF SOUTH FLORIDA. May 2013

City of Yakima/Yakima County Purchasing

State Health Society, Bihar Pariwar Kalyan Bhawan, Sheikhpura, Patna-14

GE Measurement & Control. Cyber Security for Industrial Controls

Ovation Security Center Data Sheet

Wherever there is a conflict, the Addenda to the RFP document and the RFP document (in that order) override the explanations that are provided here.

1.0 Purpose of Solicitation

Request for Proposal. Contract Management Software

SERVICE LEVEL AGREEMENT

OUTAGAMIE COUNTY REQUEST FOR INFORMATION / PROPOSAL FOR ENTERPRISE BACKUP SOLUTION FOR MIS DEPARTMENT

The 5 Most Commonly Used Disaster Recovery Process

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

Dell Advanced Network Monitoring Services Service Description

Transcription:

CITY OF FARMINGTON 800 Municipal Drive Farmington, NM 87401-2663 (505) 599-1373 Fax (505) 599-1377 http://www.fmtn.org REQUEST FOR PROPOSALS FOR Security Information and Event Management (SIEM) Hardware & Software RFP #15-109309 IMMEDIATE ATTENTION ADDENDUM ONE June 30, 2015 Notice to Offerors: The above referenced Request for Proposal (RFP) is hereby amended as follows: Question 1: Will you accept proposals by email? Answer 1: No, this is a formal RFP, proposals must be received in a sealed envelope. Question 2: What are your estimated events per second? Answer 2: Estimated events per second = Between 1000-1500 EPS Question 3: What is your estimated count of unique log sources? Answer 3: Estimated number of log sources = 50 total sources Question 4: What are your estimated Flows per second? Answer 4: This information is not available. Question 5: What are your estimated counts of event log sources for the following (Only what will be logging)? Answer 5: See Below - AD/Auth, DHCP, DNS, ESX? AD/Auth=2, DHCP=0, DNS=2, ESX=N/A - Web & Mail Servers? None - Windows General Purpose Servers? 11 MS Windows Servers running Windows 2008 R2 x64 - Linux/Unix General Purpose Servers? 1 PURCHASING

- Antivirus, Anti-Malware servers? 11-servers, 15-Workstations - Database Servers? 3 SQL Server 2012 - Proxy Servers, Edge/Small Firewall Servers? 0 - Core/Large Firewalls? 2-Cisco ASA 5510 - IDS, IPS, VPN, DAM, DLP, LB? IDS=2, IPS=2, VPN=0, DAM=0, DLP=0, LB=0 - Router, Switches, Wireless? Routers=4 Cisco 2910 Terminal Servers, 8=Dell Powerconnect Network Switches Question 6: What does your event environment look like? Answer 6: Two locations (Electronic Security Perimeters), each containing similar devices and systems. Each location must have the ability to function independently for all SIEM requirements in the RFP, and shall log events and alerts for the devices within its location. The two locations are connected by a firewalled, dedicated Gigabit fiber optic connection. See Exhibit F desired SIEM environment for a basic network diagram depicting the current monitored environment. - Is it distributed? Yes -Is it split into independently managed and supported systems? Yes, two locations (Electronic Security Perimeters), each containing similar devices and systems. Each location must have the ability to function independently for all SIEM requirements in the RFP, and shall log events and alerts for the devices within its location. -Is it designed to provide high availability? Current SIEM no. New system it is desirable. See paragraph 2 section e. page 8 of the RFP document. It is desirable that fault tolerance be built in to the solution that would allow for event logging, monitoring, and alerting to continue uninterrupted in the event of equipment failure at either one of the two SIEM locations. For example, if the SIEM at the BCC were to fail, all of the devices at the BCC would be able to either automatically begin sending events to the SIEM at the PCC or quickly be configured to do so. 8 Each SIEM must have the ability to send email notifications of alerts, threshold violations, etc., to responsible system administrators. -Is it designed to provide disaster recovery? Current SIEM no. New SIEM it is desirable for the solution to provide disaster recovery process. -Is it designed to store and archive log files? Yes Question 7: What is the total number of servers? Answer 7: 11 MS Windows Servers running Windows 2008 R2 x64

Question 8: What is the total number of workstations? Answer 8: 15 MS Windows 7 Workstations Question 9: Internet bandwidth? Answer 9: N/A no Internet is in the environment. Network Bandwidth is GigaBit. Question 10: What is the number of collection locations (DC's)? Answer 10: The two locations are connected by a firewalled, dedicated Gigabit fiber optic connection. Question 11: What is the average available WAN bandwidth? Answer: 11 GigaBit Question 12: Total number of Users expected to be using the SIEM tool? Answer 12: 4 Question 13: What are the log retention requirements (i.e. 90 days, months, 1YR online)? Answer 13: Differentiate between long term storage and short term storage for analysis and reporting. Long term raw storage format is preferred, short term DB storage is acceptable. Raw logs should not be lost during analysis. Event logs must be retained online for at least 90 calendar days. Ability to archive and store three (3) years worth of event logs on offline media is also required. Question 14: Do you by chance have this RFP document in word format and if so can you please forward? Answer 14: No, the document is not available in Word format. Question 15: What vendor and product is in use today? Answer 15: RSA envision Question 16: What version is the product on that is in use today? Answer 16: RSA envision 4.1 Question 17: Does the City of Farmington / FEUS have a preferred reseller they would like utilize for this procurement process? Answer 17: No.

Question 18: What does the environment it supports look like and what systems is it integrated with? Answer 18: There are two locations and are connected by a firewalled, dedicated Gigabit fiber optic connection. See Exhibit F desired SIEM environment for a basic network diagram depicting the current monitored environment. Question 19: How many reports are being actively used and maintained and what formats are the reports being consumed in? Answer 19: 15 reports are actively used and maintained. Reports are consumed in Adobe PDF format. Question 20: How many dashboards are being actively used and maintained? Answer 20: One (1) main status dashboard, with five (5) alerts dashboards. Question 21: How many alerts are being actively used and maintained? Answer 21: 32 alerts are actively used and maintained. -How many people do the alerts notify? 4 -Are there escalation schemes? No -What formats are the alerts provided in? Alerts are view-able on the Web interface of the current SIEM. Alerts can also be printed in PDF format. It is desirable for alerts to be sent to administrators via email. Question 22: What are the total number of devices that will need to be monitored firewalls, laptops, servers etc.? Answer 22: Initially - 11 MS Windows Servers running Windows 2008 R2 x64, 15 MS Windows 7 Workstations, 3 SQL Server 2012, 1 Linux Server, 2-Cisco ASA 5510, Routers-4 Cisco 2910 Terminal Servers, 8-Dell Powerconnect Network Switches. It is desirable to easily expand the number of devices monitored by approximately 10% per year depending on FEUS system growth. Question 23: Does Farmington want the solution to be inward facing, outward facing or both? Answer 23: The solution should be inward facing. Question 24: Does Farmington want a quarterly, semi-annual or annual pricing solution? Answer 24: Annual Pricing, see Exhibit A, Cost of Proposal.

Question 25: Are all devices in a single location (address) or in multiple locations? Answer 25: Two locations (Electronic Security Perimeters), each containing similar devices and systems. Each location must have the ability to function independently for all SIEM requirements in the RFP, and shall log events and alerts for the devices within its location. The two locations are connected by a firewalled, dedicated Gigabit fiber optic connection. Question 26: Is there a current NERC CIP solution in place? If yes, who is the solution provider? Answer 26: No Question 27: Does Farmington want the required training to be instructor based or provided for electronically? Answer 27: Instructor based Question 28: Does Farmington want the training to be SCORM compliant? Answer 28: No Question 29: Does Farmington require the data to be encrypted while at rest and/or in motion? Answer 29: No Question 30: Our organization utilizes an electronic signature program and considers these to be original and valid signatures for signatures on RFP s, etc. Is this is acceptable to the City? Answer 30: An electronic signature is acceptable for your proposal, however, proposals will not be received electronically. Question 31: How much time should a proponent allow for delivery of a common carrier (e.g., FedEx) package from the City Receiving location to the procurement office? Answer 31: Mail delivered to the City s receiving location is normally delivered the same day it is received. Offerors are encouraged to send in proposals earlier than necessary to ensure timely delivery. Packages received after 2:00 p.m. on July 14, 2015, will not be considered. Question 32: Please confirm that proposals should be organized page by page in the manner as instructed on Page 16, Section III Proposal Format Requirements, Paragraph 2, Section a, whereby the Table of Contents should be in the 3 rd position of the response. Answer 32: Confirmed see instructions on page 16 section 2 subsection a. -Further, should the documents noted in lines 1-2 of this requirement be included in the table of contents as they precede it? Offeror does not need to include those items in the table of contents.

Question 33: Please confirm what information is required as part of the Technical Response Narrative as noted on Page 16, Section III Proposal Format Requirements, Paragraph 2, Section A, Line 5, Item 2. Answer 33: The information required is addressed on page 8 section d. Technical Response Requirements. Question 34: Should a document, such as the Resident Veterans Preference Certification not be applicable to a proponent, please confirm this can be returned uncomplete/un-signed, with N/A or similar across the page, and still be considered in compliance with submission requirements. Answer 34: Yes, if resident s preference is not applicable, please mark the form N/A and return it with your proposal. Question 35: Are proponents required to complete Schedule D at the time of proposal submission to be considered in compliance with submission requirements? Answer 35: Yes, please provide an estimated implementation timeline with the RFP. Question 36: In reference to Schedule E, how many individuals from the City of Farmington should proponents estimate training costs for? Are proponents require to complete Schedule E at the time of proposal submission to be considered in compliance with submission requirements? Answer 36: Training for Four (4) SIEM administrators should be included in training costs. Yes, please provide an estimated training schedule with the RFP. Question 37: Please note that in reference to Schedule F, et. Al, Our Company does not provide for acceptance testing as indicated therein. We license our software in accordance with our terms and conditions, and, from time to time, may include provisions on the request of our customers. Answer 37: Exception(s) to specifications must be clearly noted and included in your RFP. Exceptions to specifications may result in the rejection of your RFP. Question 38: Please note that in reference to Schedule G, et. Al, our company provides support agreements, terms and conditions, etc., in accordance with our terms and conditions, and, from time to time, may include provisions on the request of our customers. Answer 38: Any exception(s) to the terms of this RFP or added terms must be reviewed by the City of Farmington for acceptance and may result in the rejection of your RFP. Question 39: Does the City of Farmington / FEUS have a preference for appliance or software based solutions? Answer 39: FEUS has no preference.

Question 40: If a proponent does not have a New Mexico CRS at this time, how should the proponent proceed, and will this be considered in any way during the proposal evaluation process? Answer 40: Anyone who engages in business in New Mexico must register with the Taxation and Revenue Department (TRD). Here is the link to register: http://www.tax.newmexico.gov/businesses/register-your-business.aspx. Having a New Mexico CRS is not part of the evaluation criteria and will not be considered in the scoring of proposals. If your request for proposal has already been submitted to this office, and this addendum will affect your proposal, please contact this office and we will return your proposal. Any proposals that have been received, and are not requested to be returned will remain in this office unopened until July 14, 2015 at 2:00 p.m. Receipt of this addendum shall be noted on page 4 in the Request for Proposal documents for the above referenced RFP. Sharron Dunn, CPPB Buyer I Phone: (505) 599-1376 Fax: (505) 599-1377 Email: sdunn@fmtn.org

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information