Cybersecurity and IT Support Services

The Vendor is required to provide comprehensive, proactive, and measurable IT and cybersecurity services that protect District systems, information, ensure business continuity, and maintain compliance with data protection and public records standards.
- Deliver and manage advanced cybersecurity protections across all District endpoints, servers, and networked devices.
- Services must proactively identify, prevent, and remediate threats through automated and human-assisted methods, ensuring rapid containment and recovery from security incidents while maintaining auditable records and reports.
- Maintain centralized policy management and 24×7 alerting integrated with a staffed Security Operations Center (SOC) or equivalent service.
- Required elements of the cybersecurity services being solicited include:
•    Endpoint Detection & Response (EDR) fully implemented on all District-owned devices
•    Multi-Factor Authentication (MFA) fully implemented on all District-owned devices
•    Continuously monitor and protect routers, switches, firewalls, and other managed devices
•    Ransomware protection
•    Vulnerability assessment & management
•    Autonomous protective responses
•    Email security & backup services
•    Spear Phishing and Forensic Incident Response
•    Notification and remediation of viruses or malware infections
•    Detection and remediation of malware infections, failed updates, and endpoint configuration issues
•    Notification and remediation of viruses or malware infections
•    Encrypted email messaging
- Remote Support and managed IT components that are desired, but not required include:
•    Remote support via remote access software
•    Employee training/social engineering
•    Automated Moving Target Defense (AMTD) capabilities
•    Automatic Anti-virus/Anti-malware scanning, updates, and virus quarantine
•    Advanced Endpoint Security for Windows Workstations to combat ransomware and targeted spear phishing
•    Notification and remediation of viruses or malware infections
•    Performance monitoring and reporting for managed network equipment including: routers, switches, firewalls, and internet bandwidth.
•    Administration of Microsoft Office updates and Microsoft operating system patching and updates
•    Management of antivirus and anti-malware solutions on all devices.
•    Compliance archiving and encryption
•    Backup for Microsoft Office systems to preserve all District email and Teams/SharePoint data for a minimum of seven years.
- The Cybersecurity services and managed IT services do not necessarily need to be from the same provider.