According to a draft solicitation document from the department, the county is open to implementing a cloud-based, proposer-hosted, on-premises or county-hosted solution.
Vendors can combine any of the architecture types listed above in their proposals as long as the solution is compatible with ITD’s current computing environment.
Other solution requirements include being able to integrate with existing tech products such as “Qualys, Microsoft Exchange, Office/Microsoft 365, Microsoft Entra ID, Active Directory, Fortinet firewalls, Mandiant, Trellix, various versions of *NIX operating systems and industry-standard network switches currently in production within the county network.”
As for the potential contract’s scope of services, the draft document lists the following:
- The selected proposer must provide enterprise-managed cybersecurity services via a proposer-provided security operations center. Potential services include information and event analysis, first-line analysis of security alerts and possible threats, and assistance with or performance of security audits for the county.
- The selected proposer will be expected to use artificial intelligence, county data and other external sources to pre-emptively detect security events 24 hours a day, seven days a week, 365 days a year.
- All data, reporting and dashboards on proposer-managed security services must be available to the county via a cloud-hosted web-based security information and event management portal.
- Lastly, the selected vendor must provide project management and implementation services and training for all proposer-managed cybersecurity services delivered under the contract.
More detailed information about the future solicitation can be found online.
