Identity and Access Management Services

The Vendor is required to provide a vast and intricate educational system, there is a pressing need for a cutting-edge, user-friendly, and highly secure identity and access management (IAM) and administration solution.
- IAM Solution that aligns with modern administration standards to empower our students, our educators, and our support staff to interact with our digital ecosystem securely and seamlessly.
- The IAM Solution will be at the forefront of technological innovation, providing a foundation of trust, accessibility, and compliance that underpins our digital endeavors.
- IAM Solution should to:
• Establish robust identity governance across all digital assets.
• Centralize and automate user provisioning, access requests, and de provisioning workflows.
• Strengthen security protocols and mitigate potential risks associated with unauthorized access.
• Enhance user experience through seamless, yet secure, access to resources.
• Ensure adherence to industry-specific compliance regulations (specify if applicable, e.g., PII, HIPAA, SOPPA, GDPR FERPA and ISSRA etc.).
• Provide a single/configurable (configurable by cps) SSO portal for admins, leadership, help desk, and to the end users, which is compatible with platform SSO on ChromeOS, windows, macOS, iOS & iPadOS, android devices.
- Servers/Appliance:
• Virtualization standards:
○ Use of hypervisors like VMware, Hyper-V, KVM or virtual/physical appliances.
○ must support the latest Microsoft (minimum windows server 2019) or red hat enterprise Linux operating systems for any on-premises servers, and must include ongoing support for the Microsoft / red hat operating system product lifecycle; must include streamlined migration steps for OS upgrade scenarios.
○ Support for containerization (e.g., Docker, kubernetes).
• Compute capacity:
○ Scalability options (vertical and horizontal scaling).
○ provisioning speed for new instances.
• Resource allocation and management:
○ Static (minimum), dynamic and on-demand CPU, memory, and storage allocation mechanisms.
○ Monitoring tools for server health and performance.
- Storage:
• Data Redundancy and Durability:
○ Implementation of RAID or erasure coding for data protection.
○ Multiple data replication across USA dispersed locations (As per CPS data sharing policy, data cannot be stored outside of USA boundaries).
• Scalable Storage Solutions:
○ Ability to scale storage capacity based on demand.
○ Support for various storage types (block, file, and object).
• Data Encryption and Access Control:
○ Encryption at rest and in transit.
○ Access controls and permission mechanisms for data storage.
- Network:
• Security and Firewall Standards:
○ Implementation of firewalls and network security groups.
○ Network segmentation and isolation.
• Load Balancing and Traffic Distribution:
○ Load balancers for distributing incoming traffic.
○ Redundancy and failover mechanisms for network components.
• Network Monitoring and Management:
○ Tools for monitoring network performance and traffic.
○ Automated scaling of network resources based on demand.
Compliance and Standards:
• Compliance with Industry Regulations and Security Measures:
○ Adherence to industry-specific regulations (HIPAA, SOPA, GDPR, etc.).
○ Compliance and Adherence to NIST Privacy Framework and Cybersecurity
- Framework
○ Encryption protocols, e.g., TLS 1.2+.
○ Data backup and disaster recovery plans.
○ Regular audits and compliance checks.
- Service Level Agreements (SLAs):
○ Minimum uptime percentage (e.g., 99.999%).
○ Response time for support requests within one (1) hour.
○ Bandwidth and latency expectations.
○ Response time for different types of support tickets.
○ Escalation process for critical issues.
○ Measures for penalties or compensation in case of SLA breaches.
- Support/Communication Channels:
○ Availability of support channels (email, phone, live chat, etc.).
○ 24/7 support availability.
- Performance Metrics and Reporting:
○ Required weekly and monthly Metrics report to measure support performance.
○ Regular reporting on support activities and issue resolution.
- Interoperability and Compatibility:
○ Compatibility with various operating systems and software.
○ Open standards for APIs and interoperability with third-party services.
- Integrations Standards:
• Compatibility:
○ Compatibility with existing systems/software.
○ API availability and documentation.
• Data Exchange Protocols:
○ Standard formats for data exchange (JSON, XML, etc.).
○ Handling of data transformation and synchronization.
• Testing and Deployment Procedures:
○ Procedures for testing integrations.
○ Guidelines for deployment and rollback.
- Solution must include:
• Empower secure digital interactions: we aim to create an environment where our students, our educators, and our support staff can access our systems and data securely from anywhere, at any time.
• We envision a future where identities are the keys to our digital world, offering a frictionless yet highly secure experience.
• User self-service: we want to empower our students, educators and support staff to take control of their identities and access privileges, reducing administrative burdens and fostering a sense of ownership.
• Multi-factor authentication (MFA): security is paramount. The IAM solution should incorporate robust MFA options, enhancing security by requiring multiple forms of identity verification for critical systems and data access.
• Evolving threat detection: the IAM solution should enhance our cyberattack preparedness through identity threat detection and response (ITDR).
• It is crucial in safeguarding our organization against evolving cyber threats; investing in cutting-edge technologies and fostering a culture of proactive cybersecurity measures, we envision incorporating cutting-edge threat detection mechanisms, including AI and machine learning, to detect and respond to security incidents in real-time.
• Adaptability and scalability: we envision a solution that can grow with our district's needs.
• Whether we expand our students/workforce, adopt new technologies, or collaborate with new partners, the IAM solution should be flexible and scalable to accommodate these changes seamlessly.
• Integration and collaboration: the IAM solution should seamlessly integrate with our existing and future technology stack, enabling interoperability and collaboration with external partners and services.
• Granular access control: we want to implement fine-grained access control mechanisms, ensuring that users have the right level of access to resources based on their roles and responsibilities.
• This not only enhances security but also streamlines workflows.
• Seamless user experience: the IAM solution should provide a user-friendly experience.
• We want a unified and intuitive interface for our students, our educators, and our support staff to manage their identities, access privileges, and preferences easily.
• Compliance and governance: the IAM solution provider should commit to adhering to industry regulations and internal policies.
• The IAM solution should facilitate audit trails, reporting, and compliance management, making it easier to ensure that we meet all regulatory requirements and internal standards.
• Identity lifecycle management: comprehensive management of user identities throughout their lifecycle - from onboarding to off boarding - ensuring efficient provisioning and de provisioning processes in as near to real-time as feasible.
• Compliance and auditability: robust audit trails, compliance reporting capabilities, and support for regulatory standards, enabling comprehensive oversight and adherence to compliance mandates.
• Availability/uptime: ensure continuous service availability with a 99.99% uptime, incorporating inherent disaster recovery capabilities.
• Single sign-on/SSO portal: the IAM solution should provide a portal for all SSO integrated applications.
• The solution should provide a centralized authentication and access control system that enables users to access multiple applications and services using a single set of login credentials.
• Automated and near real-time management of identity lifecycles.
• automated and near real-time management of identity lifecycles revolutionizes the efficiency and security of organizational systems.
• Streamlines the entire spectrum of identity management, from user onboarding to off boarding.
• Automated workflows ensure swift provisioning of access rights aligned with roles and responsibilities, minimizing manual errors and enhancing operational agility.
• Provisioning of accounts for active directory and google workspace.
• Automated provisioning of accounts within five minutes in agency on-prem active directory and google workspace infrastructures ensures near real-time access setup.
• Role-based and policy-driven access control.
• Comprehensive and configurable reporting on all IAM processes.
• An intuitive and user-friendly interface with self-service capabilities for end-users.
• Strong privileged access management (pam) to restrict elevated privileges in an automated / governed manner, and to audit and report on any and all access elevations.
• Integration with major board applications, including the student information system and other board applications/databases.
- Contract Period/Term: 3 years
- A Pre-Submittal Conference Date: April 14, 2025
- Questions/Inquires Deadline: April 07, 2025