SecureSD Secure Email Solution

The Vendor is required to provide to enhance the cybersecurity of communication and collaboration of our cities, counties, and municipalities in state by establishing a unified, scalable solution for a secured email solution.
- This specific proposal is aimed at protecting state cities, counties, and municipalities from email-borne attacks while ensuring operational integrity, data confidentiality, and compliance with best practices.
- Cities and counties across state rely on email infrastructure for essential government communications, public service coordination, and interagency collaboration.
- The rise in targeted phishing campaigns, email spoofing, malware delivery, and spam necessitates a unified, secure, and scalable solution that can be implemented for entities of varying size and technical capacity.
- Currently, state cities and counties are using multiple public platforms (Gmail, Hotmail, yahoo, personal email, etc.), making it difficult to identify the entity, secure, and protect them from cybersecurity attacks.
- This solution will have employees on the same system so internal emails remain encrypted within the same email system and never go to the public internet or another email system.
- the anticipated clients for these services include city & county law enforcement, auditors, treasurers, finance officers, municipal utility, street & highway, elected officials, other employees or accounts deemed necessary, etc.
- Secure Email Solution – Microsoft Exchange Online & Defender for Office 365
• The email solution will require the creation/management of Microsoft 365 Government Community Cloud (GCC) tenants utilizing a minimum of Microsoft 365 Government G3 licenses with added security provided by Microsoft Defender for Office 365 Plan 2.
• The Secure Email Solution will be built using the minimum of a Microsoft 365 G3 license.
○ Utilize the comprehensive suite designed for enterprise-level organizations, particularly government entities, offering a robust set of productivity, collaboration, and security features.
• Configure a Microsoft 365 government community cloud (GCC) tenant for each entity.
○ Tenant provisioning and email policy setup in GCC.
○ Integrate with participating entities Microsoft suite of applications currently being used.
• Procure & deploy required licensing:
○ Avoid duplicate purchases of any licenses.
▪ Work with participating entities to balance any existing Microsoft licensing so SecureSD can append onto the expiration of existing licenses.
○ Collaborate as needed with SecureSD on required licensing.
• Security Requirements:
○ Microsoft Defender for Office 365 Plan 2 Security Controls:
▪ Anti-phishing and impersonation detection.
▪ Real-time scanning.
▪ Automated Anti-Phishing policies, and automated threat investigation, quarantine and response.
▪ Configure system for phishing simulations.
• Create simulated phishing campaigns with link-based, attachment-based, and credential-based threats.
○ Threat Explorer and detailed incident reports.
○ Adhere to industry standards and best practices for any DNS operations for email domain names.
○ Use Microsoft and CISA best practices for productivity and security.
○ Align with NIST CSF, CIS Controls, and CISA guidance for municipal cybersecurity Email Encryption
▪ Office Message Encryption for sensitive data.
▪ Implement authenticated and encrypted email channels (SPF, DKIM, DMARC).
• Archiving & Retention: (Aligned with policies of the entity)
○ Policy-aligned record retention.
○ Compliance with electronic discovery policies of the entity.
• User Experience Requirements:
○ Must allow for integration with various end user access methods
▪ Outlook desktop client, web based access, mobile devices, and etc.
○ Configure Multi-factor Authentication (MFA).
- Implementation & Onboarding:
• Migration/Transition of existing entities email to new system.
○ Utilize best efforts to transfer existing email.
○ If tools exist to easily migrate old/past/existing email/contacts we will accept funding it.
○ If tools do not exist, and it will take many (mutually agreed between contractor and SecureSD) hours we will not fund that.
• Testing, validation, proper handoff in full coordination with the entity.
• Provide your plan/ideas/proposal for assisting the end-user client during the onboarding.
• Provide training on how to effectively use the new Email Solution.
○ Quick start guides/help/support for end users and entity point of contact/administrator.
- Monitoring, Management, and Ongoing Support
• System/Entity Operational Management:
○ Ongoing configuration and security updates and optimization post-deployment.
○ Change management process/system:
▪ Account Additions, Deletions, Modifications
▪ Creation/updates of email efficiencies capabilities.
• Distribution lists (i.e. ALL Police Department, ALL Water Dept. employees)
• Shared Email Accounts 
• Shared calendars, Public Folders, etc.
▪ Configure/update Multi-factor Authentication (MFA).
○ Phishing simulator
▪ Create simulated phishing campaigns with link-based, attachment-based, and credential based threats.
○ Trouble shooting / tiered escalation plan.
• Ongoing end-user support.
○ Support Services:
▪ Helpdesk availability with tiered escalation.
▪ Provide the hours support services are available.
▪ Provide your plan for after-hours support.
○ Response to end-user assistance
○ Support Materials as necessary/needed (i.e. Step by step instructions or FAQs).
○ Contact matrix.
▪ How & who does an entity local Point of Contact/administrator contact for support if they have issues.
▪ How & who does an end-user contact for support if they have issues.
▪ List any options if the larger cities/counties have the ability to use their own IT support.
- Contract Period/Term: 1 year
- Explanation Meeting Date: June 26, 2025
- Questions/Inquires Deadline: July 01, 2025