Comprehensive/integrated cybersecurity solutions providing protection

Agency: State Government of North Carolina
State: North Carolina
Type of Government: State & Local
NAICS Category:
  • 541512 - Computer Systems Design Services
  • 541513 - Computer Facilities Management Services
  • 541519 - Other Computer Related Services
Posted Date: Jul 21, 2020
Due Date: Aug 11, 2020
Solicitation No: 40-Cybersecurity
Bid Source: Please Login to View Page
Contact information: Please Login to View Page
Bid Documents: Please Login to View Page
Bid Number Description Date Issued Bid Opening Date Bid Opening Time Help
40-Cybersecurity Comprehensive/integrated cybersecurity solutions providing protection
ELECTRONIC BID RESPONSES ONLY!
7/21/2020 8/11/2020 02:00 PM ET
40-

Attachment Preview

STATE OF NORTH CAROLINA
NC Dept of Public Instruction
(NCDPI)
Refer ALL Inquiries to: Mike Beaver
Telephone No. 984-236-2366
Michael.Beaver@dpi.nc.gov
REQUEST FOR INFORMATION NO. 40-Cybersecurity
Due Date and Bid Opening Date: August 11, 2020
Issue Date: July 21, 2020
Commodity: Cybersecurity Solution
Using Agency Name: Department of Public Instruction
DELIVERY INSTRUCTIONS:
Deliver one (1) signed original executed offer. The files must not be password-protected and must be capable
of being copied to other media. Only offers submitted via electronically (email) in response to this will be
accepted.
It is the responsibility of the Vendor to deliver the offer in this office by the specified time and date of opening.
DELIVER TO:
40-Cybersecurity RFI
NCDPI
Attn: Mike Beaver
Michael.Beaver@dpi.nc.gov
Responses shall be emailed to Michael.Beaver@dpi.nc.gov no later than the specified time and date of
opening.
NOTICE TO VENDOR
Request for Information (RFI) will be received electronically or at this office at Education Building 301 N.
Wilmington St., Room B04, Raleigh, NC 27601 until 2:00pm ET on the day of opening and then opened.
QUESTIONS
Submit written questions to Michael Beaver until 12pm EDT (noon) on July 28, 2020. Questions may be
submitted by e-mail, fax or mail to: Mike Beaver.
EXECUTION
VENDOR NAME:
STREET ADDRESS:
CITY & STATE:
E-MAIL:
P.O. BOX:
ZIP:
TELEPHONE NUMBER: TOLL FREE TEL. NO:
TYPE OR PRINT NAME & TITLE OF PERSON SIGNING:
AUTHORIZED SIGNATURE:
FAX NUMBER:
DATE:
1
Rev 2017/02/27
1.0 EXECUTIVE SUMMARY
The COVID-19 pandemic has forced North Carolina schools to shift to a remote, online instruction delivery
model. This significant use of, and reliance on, internet technology makes potential cybersecurity lapses
and failures more damaging. To this, end the NC Department of Public Instruction (NCDPI) is seeking
information on comprehensive, integrated cybersecurity solutions that will provide end-to-end protection of
NCDPI, 115 local education agencies (LEAs), and nearly 200 charter schools. Proposed solutions must
include all necessary components including hardware, software, licenses, maintenance, monitoring,
training, etc. Solutions must all comply with all relevant state and federal laws and with all NC Department
of Information Technology (NCDIT) administrative rules and security policies. The State prefers solutions
that adhere to relevant National Institute of Standards and Technology (NIST) guidelines and frameworks.
The State requests detailed point-by-point responses showing how your vendor would address the items
in the following sections of this RFI:
Section: 3.0 Service Specifications
2.0 RFI PROCEDURES
A. Schedule
Respondents will have four weeks to prepare their submissions to this RFI. Responses must be
received by the date, time and the location specified on the cover sheet of this RFI. Respondents may
be required to come to Raleigh, NC or meet virtually to present and discuss their submissions.
Respondents will be notified of the specific date and time at least two weeks in advance of any required
presentations.
B. Clarification Questions
Clarification questions will be accepted until 12pm EDT on July 28, 2020 as specified on the cover
sheet of this RFI. All questions must be submitted in writing. An addendum containing any general
clarification questions and their answers will be issued as an addendum to this RFI.
C. Response
The State recognizes that considerable effort will be required in preparing a response to this RFI.
However, please note this is a request for information only, and not a request for services. The
Vendor shall bear all costs for preparing this RFI. This RFI is not a request for offer and no award will
result.
1. Content and Format
The State expects concise, detailed, point-by-point responses to each of the RFI response items
identified in Sections 3.0 Service Specifications of this RFI. The State is not interested in brochures
or “boilerplate” responses. Instead, responses should clearly define how the vendor’s proposed
solution(s) would meet the State’s business requirements. Any issues or exceptions to the State’s
requirements should also be identified and explained.
2
Rev 2017/02/27
The response should also include annotated network drawings showing where each of the pieces of
equipment in the proposed solution would be located and how those devices would be
interconnected.
A comprehensive, detailed equipment list including devices and software required for the proposed
solution should be provided. All equipment identified in the response must be commercially
available and in general distribution on or before the pilot go-live date.
The response should define all services that would be required by the proposed solution. The
response should also include:
The vendor’s understanding of the project and services by addressing the State’s business
requirements.
An estimated total cost of ownership to provide the solution to NCDPI and all public school
units, (as defined by N.C. Gen. Stat. 115C-5(7a), including continued compliance with emerging
industry standards.
The proposed solution’s ability to expand and evolve to serve other sites either inside the
Raleigh area or in other county locations, which also meets all the service and performance
requirements identified in this RFI.
2. Multiple Responses
Multiple responses will be accepted from a single vendor provided that each response is
comprehensive, meets all the state’s requirements, and is truly unique. Please place in separate
envelopes and clearly mark responses as “Response #1, Response #2, etc.
3.0 SERVICE SPECIFICATIONS
A. Business Specifications
1) Describe how the solution will provide the following cybersecurity services:
Identify Threats
o Asset Management
o Business Environment
o Active Risk Assessment
o Governance
Prevention
o Access Control
o Awareness and Training
o Data Security
o Email Security
o Endpoint Security
o Information Protection Protocols
o Network Firewall
o Security Filtering
o Virtual Meeting Security
o Web Security
Detection
o Active Vulnerability Analysis
3
Rev 2017/02/27
o Anomaly Detection
o Detection Protocols
o Security Monitoring
Response
o Communication
o Event Analysis
o Mitigation
o Response Planning
Recovery
o After Action Review
o Data Backup (Immutable and/or cloud based)
o Recovery Planning
2) Describe how the solution will secure all Personally Identifiable Information and other confidential
information as required by state and federal law.
3) Describe how the solution will enable and secure access from multiple entry points with varying
levels of security (homes, offices, etc.)
4) Describe how the solution will integrate with existing NCDPI and LEA network infrastructure and
systems.
5) Describe how the solution adheres to relevant National Institute of Standards and Technology
(NIST) Special Publication (SP) 800-53 revision 4 guidelines (available at
https://files.nc.gov/ncdit/documents/Statewide_Policies/State_Adoption_of_NIST_Risk_Management_Frame
work.pdf).
6) Describe how the solution complies with all NCDIT rules and security policies (available at
https://it.nc.gov/resources/cybersecurity-risk-management/esrmo-initiatives/statewide-information-security-
policies).
7) Describe the proposed timeline for fully implementing the solution.
8) Describe any part of the solution that will be performed by a third-party. Please identify all such
parties.
9) Describe any part of the solution that will be performed outside of the United States. Please identify
all foreign countries where work will be performed.
10) Describe the solution’s pricing model and any alternative pricing models or options.
4
Rev 2017/02/27

Sign-up for a Free Trial, Government Bid Alerts

With Free Trial, you can:

You will have a full access to bids, website, and receive daily bid report via email and web.

Try One Week FREE Now

See Also

Title Type Category Bid Due Date Unspecified Real Estate Legal Services Request for

City of Charlotte

Bid Due: 10/03/2020

Title Type Category Bid Due Date Unspecified Real Estate Appraisal & Appraisal Review

City of Charlotte

Bid Due: 10/10/2020

Bid Number Description Date Issued Bid Opening Date Bid Opening Time Help 269-RFP2020-472

State Government of North Carolina

Bid Due: 10/09/2020

Bid Number Description Date Issued Bid Opening Date Bid Opening Time Help 06-2021-001

State Government of North Carolina

Bid Due: 9/23/2020