The vendor is required to provide content management solution (CMS) for the college’s primary and secondary website.
- Primary consideration will be given to security, accessibility, integration, intuitiveness, customization and support.
- Security and technical specifications
1. Security
• Must be compliant to family educational rights and privacy act guidelines for student data.
2. Caching:
• Must incorporate high-performance caching capability, to accommodate unexpected or sudden spikes in traffic, as well as a way to bypass the caching for immediate review of changes made to any given site
3. Scalable architecture:
• Must include a flexible infrastructure with the ability to scale during high demand time periods, or system performance degradation
4. Resilient architecture:
• Must include a fault tolerant infrastructure with no single point of failure
5. Monitoring:
• Must include secure cloud/web-based monitoring dashboards with service-level statistics viewable by personnel on demand
- Disaster recovery.
1. Distributed denial of service protection:
• Must be resilient to DDoS attacks, with a capability of no less than 50gbps throughout.
• Ability to block IP addresses quickly
2. Vulnerability management:
• Any service should have a vulnerability management practice and regularly scan for network level and service level vulnerabilities
3. Patch management:
• Any service should have a patch management practice and immediately patch for all critically categorized vulnerabilities
4. SSL/TLS requirements:
• All sites must support and force the use of TLS 1.2 or greater
5. Change management:
• Any service should have a change management practice that includes the concepts of maintenance windows, impact and risk assessments, quality control and customer communications.
6. SSL/TLS requirements:
• All sites must support and force the use of TLS 1.2 or greater, as well as the use of the “advanced” cipher suite category as recommended by OWASP in the TLS cipher string cheat sheet
7. Encryption:
• System must utilize best practices to encrypt all data while in-transit, and at-rest to allow legal safe-harbor should any sensitive/restricted data be stored or processed in the environment
8. Audit logs:
• System must support a mechanism to create event logs for client activity to the website, administrative activity and related security audit trail, and those logs must be ingestible into the institutional SIEM (security information and event management) system
9. Web security headers:
• System must implement the best practices of web security headers, which include http strict transport security (HSTS), x-frame-options, content-security-policy, referrer-policy, x-content-type-options and permissions-policy.
- Accessibility
1. WCAG 2.1 aa:
• Meets WCAG 2.1 aa accessibility standards.
2. Responsive theme:
• Responsive design templates across multiple devices (desktop, laptop, mobile, tablet, etc.)
- Cloud-based platform
1. Uptime:
• Maintain a 99.99% fully accessible uptime, including patching with no degradation of service and uptime details and penalties for SLA breaches
- Customization
• Ability to automatically display dynamic content based on visitors who meet preset criteria
• Ability to prepare different types of dynamic content: text swap, content blocks and page forwarding based on user behavior and actions on site.
• Availability of attributes such as number of page visits, visits to specific pages, and geolocation to enhance personalization.
• Robust roadmap of personalization features for future expandability.
• A content repository to share common elements across websites
• Detailed tagging capabilities for content grouping and news feeds
• Blog functionality for storytelling and content sharing
• Turnkey and customizable campus map
- Integration
• The ideal CMS will offer connectivity for elements that include but are not limited to: banner (student information system) SIS/SaaS, slate (CRM), housing cloud (residence hall), vector (HR training), Cognos (sis reporting), Yuja (video hosting), canvas LMS, smartsheet, past perfect (museum software).
