Vulnerability Management Platform

The Vendor is required to provide comprehensive vulnerability management platform, focused on the detection of vulnerabilities and collection of related asset information.
- Functional requirements
1. Deploy and configure cloud environment components
• Service provider is responsible for deploying and configuring an enterprise level, cloud-based SaaS solution for any cloud environment components.
• Service provider must configure the platform to meet the needs of the functional requirements
2. Deploy endpoint client software
• Service provider is responsible for assisting the university project team with deploying and configuring application deployments.
• Service provider is responsible for working with the university project team to identify and remediate deployment issues.
3. Integrations
• Service provider must set up the platform to integrate with third-party components.
4. Testing
• In conjunction with the university project team, the service provider must provide resources to support the university team in testing.
• Service provider will make complete the required actions to facilitate 100% accuracy of testing compared to specifications.
• This includes making required updates to the platform should any scenario testing fail.
- Technical requirements
• The platform must include agent-based vulnerability scanning support for all versions of the following operating systems that are actively supported by their respective OS vendors, scalable to at least 10,000 endpoints.
o Windows (x64 and arm64 architectures)
o Macos (x64 and arm64 architectures)
o Common Linux distributions (x64 architecture), including, at minimum, Ubuntu, red hat enterprise Linux, and Debian
• The platform must include unauthenticated network range scanning capabilities able to scan the following public and private network sizes (all together) at a minimum of weekly frequency:
o /16 public ipv4 network
o All RFC 1918 private ipv4 ranges
o Ad hoc scans of ipv6 addresses
• The platform must include external attack surface management (EASM) scanning capable of discovering and monitoring assets associated with a /16 ipv4 allocation, some ipv6 assets, and cloud hosted assets associated with our domain.
• The platform must include an API with feature parity to the application GUI that can be used to download data collected by, and interact with, the vulnerability management application.
• Must be compatible with the latest version of web browsers and at least one previous version including but not limited to:
o Mozilla Firefox
o Google chrome
o Microsoft edge
o Apple safari
• The platform must be compliant with the accessibility for with act and other regulations and legislation.
• It is preferred that the system complies with international accessibility requirements
o Web content accessibility guidelines (WCAG) 2.0 level AA.