Vendor Questions and Answers
Total Page:16
File Type:pdf, Size:1020Kb
COMMUNITY COLLEGE OF ALLEGHENY COUNTY PURCHASING DEPARTMENT 800 ALLEGHENY AVENUE, PITTSBURGH, PA 15233 ADDENDUM 1 REQUEST FOR PROPOSAL 3104 NETWORK ACCESS CONTROL SOLUTION APRIL 10, 2018 The following additional information is hereby made a part of this RFP: **************************************************************************** See the accompanying vendor compliance matrix. See accompanying “Addendum A” (partial listing of network devices and protocols/services/applications that NAC solution must support). The protocols include listing from the current RFPs’ appendixes. It should be noted this is not an all-inclusive list, the chosen NAC solution should support all standard protocols or provide explanation of non- support. See accompanying Addendum B - Partial listing existing desktop and server software applciartions (referred to in questions 27 on page 9 of the RFP). “Addendum C” – listing of existing college network equipment Vendor Questions and Answers: 1. What is the VPN Gateway technology being used? (sec 2.1) Fortinet FortiGate 2. Can further clarifications be made regarding "specific settings to the endpoint to operate." be identified? Is the provisioning of administrative accounts per host impacted by this function? (Section 3.1 statement 7) It is desired that the proposed NAC solution should not require or expect any specific setting or component on the end-user system to be exist or configured in order the NAC solution to provide all its functionality. If the NAC solution requires certain software component(s) to exist on the end user systems, the vendors must provide detailed information about their proposed system and how it would function in the college’s environment. 3. Please elaborate on what "relevant information" refers to, respective to information being shared with other college systems. (sec 2.3 statement 7) The college expects the proposed solution to collect and store information about network connected college and end-user devices, user activities, and the health of these connected systems. This information can be very valuable to resolve security related and operational issues. For this reason, college desires to have this information shared with other tools. ADDENDUM 1 REQUEST FOR PROPOSAL 3104 NETWORK ACCESS CONTROL SOLUTION APRIL 10, 2018 4. Is the requirement regarding copper interfaces related to CCAC's options for the placement of the NAC solution, or assumed performance requirements to satisfy CCAC's objectives? (sec 3.1 statement 32) Please refer to the RFP. 5. Please elaborate on specific expectations with an Active/Active High Availability options. (section 3.1 statement 34) In Active/Active High Availability mode the participating NAC components would handle the workloads simultaneously and load-sharing manner instead of waiting to take-over the workload as a standby. 6. Please elaborate section 3.1 statement 40. Specifically what are the open standards the vendor must consider and how does it relate to in reference to "network", "security" and leading "applications"? Can specific identification to "Leading network and security platforms and leading applications" be made? Please refer to attachment A for the network protocols that the college would like proposed NAC solution to support. If your solution does not fully support some of these network protocols, please clearly mark them as “Not Supported”. For the applications, please refer to attachment B. 7. Can further detail regarding the CCAC's network and system automation and orchestration tools be disclosed? (sec 3.1 statement 43). Are the Information Security Policies available for review? The college automation and orchestration will use industry standards. “Support of new generation of incident management systems is highly desired (i.e. Demisto, Phantom, Swimlanes, etc.” 8. How many total devices are will need to be authorized? Second are you going to have a matrix for vendors to fill out? Since the college does not track the number of endpoints that connect to its network through wired, wireless and VPN network, it desires to the NAC solution to provide an unlimited licensing model. The solutions that provide unlimited licensing model will be desired. Our estimation is about 13,000 endpoint devices. 9. Can you please provide the Addendums referenced in the RFP by the end of this week? Attached. ADDENDUM 1 REQUEST FOR PROPOSAL 3104 NETWORK ACCESS CONTROL SOLUTION APRIL 10, 2018 10. For license sizing purposes, can we find out the peak number of concurrent devices that are on the network in a 10 minute timeframe? Of those concurrent devices, what % are Windows, OSx machines? Please refer to answer 8 above. 11. Is there a compliance matrix that should be included with this? Also, can you send me the Word version of both for me to copy into my response and add comments. Attached. 12. Also, I see the schedule of events in the document, but I am curious if this will be implemented before the Edge switching would be installed? Due to fiscal yearend closings, the published schedule of events will be strictly followed. 13. Is the Windows supplicant considered an agentless deployment? In the context of this RFP, “Agentless” means the solution does not depend on configuration and/or existence of any software components on the target device. End of Addendum 1. *************************************************************************** Sign addendum and submit to the College with your proposal. ___________________________________ ____________________________________ Company Name Bidder’s Signature (Vendor contact person) ATTACHMENT 1 – Vendor Compliance Matrix RFP 3104 CCAC Network Access Control Solution Vendor must indicate at what level its proposed solution will meet the College’s requirements as delineated in the referenced sections of the RFP: Meet Fully Meet with Meet with Cannot Section Requirement with 3rd Other Comments meet Configuration Customizations Meet Party 1.0 Purpose The selected NAC solution is expected to improve information security, assure responsible governance, comply with various mandates, provide visibility and reduce operational costs associated with the detection, mitigation and management of college owned devices, end‐user owned devices (BYOD) and college owned Internet of Things (IoT). The selected NAC solution will be fully implemented and integrated with the college’s information technology systems by the vendor’s authorized professional services team on provided schedule in this RFP. To be considered responsive, vendors must submit a complete bid that satisfies all requirements as stated in this RFP and its addenda. This RFP also contains all major terms and conditions that the successful vendor will be expected to accept. The department of Information Technology Services (ITS) intends to implement the procured solutions starting in April and completed by the end of June 2018. 2.0 Project Background The network access control solution the college chooses through this RFP must be a centrally managed redundant system. The new solution will be deployed at the college’s Network Operations Centers at the Office of College Services and South Campus 1 | Page Company Name: Signed by: 1 ATTACHMENT 1 – Vendor Compliance Matrix RFP 3104 CCAC Network Access Control Solution Meet Fully Meet with Meet with Cannot Section Requirement with 3rd Other Comments meet Configuration Customizations Meet Party disaster recovery site that are connected through a high speed network over a leased fiber from a service provider to maintain operations during extended outage. The proposed systems must be scalable to the enterprise level with commensurate reliability. The proposed solution must be scalable to accommodate the college’s current and near future workloads without requiring costly upgrades. Please explain how your solution will improve its scalability and availability without being cost prohibitive. The procured network access control system is expected to be rolled out as a Greenfield system in successive phases. The integration and cut‐overs to the new solution will be phased in to minimally impact college’s operations The new solution is expected to be completed by the end of June 2018. Since the possible implementation period coincides with the preparations for the start of the Summer Term, the vendor of the selected solution is required to work with the college IT staff to fully implement the chosen solution without impacting college operations. The college’s intention is to choose a solution that provides best price/performance ratio and partner(s) that will meet the college’s requirements and demonstrate the ability to grow with us for many years to come. 2.2 Business Objectives The college employees and students are using their personal devices on college premises to access the college networks and resources including web applications, email, calendar, 2 | Page Company Name: Signed by: 2 ATTACHMENT 1 – Vendor Compliance Matrix RFP 3104 CCAC Network Access Control Solution Meet Fully Meet with Meet with Cannot Section Requirement with 3rd Other Comments meet Configuration Customizations Meet Party databases. Additionally, operational support equipment such as IoT devices are being connected to college networks to improve college operations. The proposed NAC solution must equally support these use cases and the NAC features offered through the solution must be available to support all college use cases equally. Proposed NAC solution also need to monitor and control the college owned endpoints’ access to the college