The California Department of Technology (CDT) is asking vendors for their ideas on managed security services with an eye toward future contract opportunities.
Two entities within CDT — the California Network and Telecommunications (CALNET) program and the Office of Information Security (OIS) — are seeking the input in a request for information that was published last week. Responses are due by 5 p.m. Dec. 2.
The RFI says its purpose is to “solicit product descriptions, constraints, limitations, and considerations that the State may use in developing future bidding opportunities around cybersecurity solutions to support State and local government entities.” Typically, managed services refers to outsourcing.
Proposed solutions and services should align with the five phases outlined in Cal-Secure, the state’s cybersecurity strategic plan. As spelled out in the RFI package, those five phases include:
- Phase 1: Anti-malware protection, anti-phishing program, multifactor authentication, continuous vulnerability management.
- Phase 2: Asset management; incident response; continuous patch management; privileged access management; security and privacy awareness training; security continuous monitoring 24×7; and cloud security monitoring.
- Phase 3: Threat intelligence platform, application security, log management, network threat detection, and operational technology security.
- Phase 4: Disaster recovery, enterprise sign-on, mobile device management, application development security, application whitelisting, and software supply chain management.
- Phase 5: Identity life cycle management, insider threat detection, network access control, enterprise encryption, and mobile threat defense.
The RFI includes a checklist where vendors can respond in detail to each specific element in the phases.
“The goal of this RFI is to collect detailed information from the vendor community around security service offerings,” the document says. “The data collected is intended to be used in developing requirements for future statewide managed security service contracting opportunities. This is not a solicitation.”
The document adds a word to vendors: “Please do not provide traditional marketing materials, as the State would like to understand how your solution meets the requirements identified, or how the requirements create issues or limitations for your service delivery. The CALNET Program and OIS will compile all responses and determine the best approach for the State to achieve cyber security compliance in accordance with the five phases outlined in the Cal-Secure strategic plan.”
Questions should be submitted by email to the procurement officer, Amrit Dhillon, by 10 a.m. Oct. 21. The state’s responses to questions will be published by 5 p.m. Oct 28. Submissions from vendors, including the completed workbook, must be emailed to Dhillon by 10 a.m. Nov. 8.
link